• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
OAuth 101 & Secure API's - Paul Madsen and Brian Campbell, Ping Identity
 

OAuth 101 & Secure API's - Paul Madsen and Brian Campbell, Ping Identity

on

  • 2,992 views

A key technical underpinning of the Cloud are Application Programming Interfaces (API) - consistent methods for applications to interface with services in the cloud. More and more it will be through ...

A key technical underpinning of the Cloud are Application Programming Interfaces (API) - consistent methods for applications to interface with services in the cloud. More and more it will be through APIs that cloud data moves. The security of consumer APIs was threatened by the so-called 'password anti-pattern' – a model in which a client would collect and replay the password for a user at an API in order to access information on behalf of that user. OAuth not only defeats the password anti-pattern, but does much more. OAuth 2.0 defines a consistent, flexible identity and policy architecture for web applications, web services, devices, and desktop clients attempting to communicate with Cloud APIs. We'll discuss what OAuth provides, where it came from, and where its going.



About Paul Madsen
Paul Madsen is a Senior Technical Architect within the Office of the CTO at Ping Identity. He has served in various design, chairing, editing, and education roles for a number of federation standards, including OASIS Security Assertion Markup Language (SAML), OASIS Service Provisioning Markup Language (SPML), and Liberty Identity Web Services Framework (ID-WSF). He participates in a number of the Kantara Initiative's activities, as well as various other cloud identity initiatives. He holds an M.Sc. in Applied Mathematics and a Ph.D. in Theoretical Physics from Carleton University and the University of Western


About Brian Campbell
As Principal Architect for Ping Identity, Brian Campbell aspires to one day know what a Principal Architect actually does for a living. In the meantime, he tries to make himself useful by ideating, designing and building software systems such as Ping’s flagship product PingFederate. When not making himself useful, he contributes to various identity and security standards including a two-year stint as co-chair of the OASIS Security Services Technical Committee and a current focus on OAuth 2.0 within the IETF. He holds a B.A., magna cum laude, in Computer Science from Amherst College in Massachusetts. Despite spending four years in the state, he has to look up how to spell "Massachusetts" every time he writes it.

Statistics

Views

Total Views
2,992
Views on SlideShare
2,971
Embed Views
21

Actions

Likes
4
Downloads
93
Comments
0

7 Embeds 21

https://twitter.com 12
http://www.tweetdeck.com 3
http://www.slashdocs.com 2
http://twitter.com 1
http://www.slideshare.net 1
http://www.docshut.com 1
https://tweetdeck.twitter.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    OAuth 101 & Secure API's - Paul Madsen and Brian Campbell, Ping Identity OAuth 101 & Secure API's - Paul Madsen and Brian Campbell, Ping Identity Presentation Transcript

    • !"#$%&&(#$%)*+,(+-*&.&(#$%-/01(+-*& 2/(3)4-/5&2-/&6789&":;<& =/0(*&>(3?@)AA&.&:(#A&B(C<)*& :0*D&;C)*+$E&
    • F-D0<+,<&•  9%)&(??/-?/0($)&2-/3&-2&(CC/)<<&2-/&$%)&<?)(5)/<&0<&G80/G&•  "@<$/(,$&$%0*50*D&($&)A)H(+-*&,(*&@)&C(*D)/-#<I&J/0*5&?A)*$E&-2& 4($)/I&&•  6)A($)C&$-&?/)H0-#<K&$%)/)&40AA&@)&*-&@0-&@/)(5<K&?A)(<)&3(5)&*-$)&-2& A-,(+-*&-2&@#,5)$&0*&@(,5&-2&/--3I&&•  ;2&E-#&40<%&$-&(<5&(&L#)<+-*K&?A)(<)&$4))$&0$&40$%&$%)&$(D& GM?(#A(*C@/0(*<(4)<-3)-(#$%4-/5<%-?G&•  N)&40AA&@)&C-0*D&(&/-A)O?A(E0*D&)P)/,0<)&$-&<03#A($)&$%)&!"#$%&Q-4I& 8$(/$&$%0*50*D&(@-#$&4%-&E-#&4(*$&0*&E-#/&D/-#?<&-2&R&(*CK& 03?-/$(*$AEK&4%-&40AA&?A(E&$%)&/-A)&-2&$%)&GC#3@G&,A0)*$I&•  9%)/)&40AA&@)&(*&!"#$%&L#01&($&$%)&)*CI&9%)&%0D%)<$&<,-/)&40AA&/),)0H)& (&S--DA)T&0*H0$)I&9%)&U*C&%0D%)<$&<,-/)&40AA&/),)0H)&U&0*H0$)<&)$,&•  V-/&B-*C(E&C0**)/K&& –  850&90?&/)<$(#/(*$&O&W-$&($&$-?&-2&3-#*$(0*& –  =#<)<&,-AA),$&($&XIYZ& –  W-&<?-#<)<&$-*0$)&&<?(,)&,-*<$/(0*)C&
    • "   8)*0-/&9),%*0,(A&"/,%0$),$&40$%0*&$%)&![,)&-2& $%)&>9!&($&:0*D&;C)*+$E& " ?3(C<)*?0*D0C)*+$EI,-3& " %]?^__444IA0*5)C0*I,-3_0*_?(#A3(C<)*&"   8)/H)C&0*&H(/0-#<&C)<0D*K&,%(0/0*DK&)C0+*DK&(*C& )C#,(+-*&/-A)<&2-/&(&*#3@)/&-2&2)C)/(+-*& <$(*C(/C<K&0*,A#C0*D&8:BFK&;JON8V&.& ;*2-/3(+-*&>(/C<&"   N-/5)C&40$%&<#,,)<<2#A&<$(*C(/C<&$--K&A05)& 8"BF&.&`%-?)2#AAEa&!"#$%&.&8>;B&"   b-AC<&(*&BI8,I&0*&"??A0)C&B($%)3(+,<&(*C&(&:%IJI&0*&9%)-/)+,(A&:%E<0,<&2/-3&>(/A)$-*& c*0H)/<0$E&(*C&$%)&c*0H)/<0$E&-2&N)<$)/*&!*$(/0-&/)<?),+H)AEI& "   ;&5*-4K&3E&@-EG<&40,5)C&<3(%$I& "   d)$K&?/-2)<<0-*(AAEK&%)&0<&)e),+H)AE&3E&?))/I& "   8-&4%-f<&<-&<3(/$&*-4K&)%g&"   8)A2&(<<)/$)C&B-<$&;*$)/)<+*D&B(*&0*&;C)*+$E&& "   J-)<*f$&(A4(E<&C/0*5&@)2-/)&*--*K&@#$&4%)*&%)&C-)<&`E-#&5*-4K&02&$%)/)&4(<&(&A-*D& 3))+*D&-/&<-3)$%0*DaK&%)&?/)2)/<&(&S.9& "   !/&<0P&"   :/-A0h,&$4))$)/&40$%&4)AA&-H)/&%(A2&(&$%-#<(*C&2-AA-4)/<&O&?(#A3(C<)*&"   8+AA&@A-D<&`%-4&L#(0*$a&($&,-**),+CI@A-D<?-$I,-3&.&?(#A3(C<)*I?-<$)/-#<I,-3&"   8+AA&4(0+*D&2-/&(&S--DA)T&0*H0$)&
    • =/0(*&>(3?@)AA&•  F)(C<&:0*D&7*D0*))/0*D&$)(3&(CC0*D&!"#$%&$-& ?/-C#,$&A0*)&•  =),(3)&<-i4(/)&C)H)A-?)/&(i)/&/)(A010*D&,%-<)*& ,(/))/&-2&A02)&,-(,%&0*H-AH)C&$(A50*D&$-&?)-?A)&•  N0$%0*&<$(*C(/C<&4-/AC&&%(<&(,%0)H)C&*-$-/0)$E& 2-/&%(@0$&-2&4-/50*D&?/-2(*0$E&0*$-&*(3)<?(,)& c6;<&•  N%0A)&,%(0/0*D&!"8;8&8"BF&9>K&9>&/)H)*#)<& 0*,/)(<)C&2/-3&jZ&$-&jkIXZ&C#)&$-&%0<&0C)(&2-/&(& GS0H)&3)&jkllG&,(3?(0D*&•  N0$%0*&:0*DK&/#*<&N)A,-3)&N(D-*&2-/&*)4& )3?A-E))<&•  "H0C&?%-$-D/(?%)/&&?%-$-<&%(H)&D/(,)C&$%)&2/0D<& -2&3(*E&-2&%0<&2(30AE&•  >#//)*$AE&,-O)C0+*D&$%)&8"BF&"<<)/+-*&?/-hA)& 2-/&!"#$%I&;*&$%($&,-*$)P$K&?/-?-<0*D&(&G6)(C&$%)& mjM.n&<?),G&)//-/&/)<?-*<)&,-C)&•  b(<&(A3-<$&-@<)<<0H)&0*$)/)<$&0*&>(*(C(&•  4))#*L#0)$30*C&
    • "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
    • "#$%)*+,(+-*&2-/&8!":&•  9%)&8!":&4-/AC&%(<&A-*D&%(C&<$(*C(/C<&/)A($)C&$-& (#$%)*+,(+-*&.&(#$%-/01(+-*&-2&4)@&<)/H0,)<&•  N8O9/#<$&C)h*)<&(&?/-$-,-A&@E&4%0,%&(&8!":&,A0)*$& ,(*&-@$(0*&(&<),#/0$E&$-5)*&`$E?0,(AAE&(&8"BF& (<<)/+-*a&•  N8O8),#/0$E&<+?#A($)<&%-4&$-&(](,%&$%)&$-5)*& `8"BF&(<<)/+-*a&$-&(&8!":&/)L#)<$&
    • =#$&pII&
    • ka&6789&(#$%)*+,(+-*&•  6789&4-/AC&%(<&*-$&%(C&,-3?(/(@A)&<$(*C(/C<&•  W-$%0*D&,-3?(/(@A)&$-&N8O8),#/0$E&O&30<%3(<%&-2& b99:&=(<0,K&b99:&J0D)<$K&?/-?/0)$(/E&3),%(*0<3<K& (*C&3#$#(A&88F&2-/&,A0)*$&(#$%)*+,(+-*&&•  W-$%0*D&,-3?(/(@A)&$-&N8O9/#<$&&,-*<)L#)*$AE& ,A0)*$&@)(/<&@#/C)*&-2&3(*(D0*D&,/)C)*+(A<&.&$/#<$&
    • Ua&:(<<4-/C&(*+O?(])/*&&80$)<&(<5<&d!c&2-/&E-#/&S!!SF7&?(<<4-/C&<-&0$&,(*&(,,)<<&E-#/&S--DA)&<$#eI&
    • 9<5&$<5l&•  >A0)*$&3#<$&<$-/)&?(<<4-/C<&•  9)(,%)<&#<)/<&$-&@)&0*C0<,/030*($)& 40$%&$%)0/&?(<<4-/C<&•  B-/)&C0[,#A$&$-&3-H)&$-&3#A+O2(,$-/& (*C&2)C)/($)C&(#$%)*+,(+-*&•  J-)<*f$&<#??-/$&D/(*#A(/&?)/30<<0-*<K& )IDI&q&,(*&/)(C&@#$&*-$&4/0$)&•  J-)<*f$&<#??-/$&5*-4A)CD)_ C0e)/)*+(+-*&-2&$%)&(,,)<<&D/(*$)C&•  J-)<*f$&<#??-/$&`)(<Ea&/)H-,(+-*&&$-& @)&<#/)&-2&$#/*0*D&-e&(,,)<<&#<)/<& 3#<$&,%(*D)&?(<<4-/C&&
    • ;3?-/$(*,)&-2&/)H-,(+-*& 9%0<&0<&<%0*Elllll& ;&<%-#AC&#<)&$%($&3-/)& N9V&0<&$%0<&$%0*Dg&
    • Ya&>A-#C&":;<&•  N0$%0*&3-H)&$-4(/C<&8((8&&$/)*C&$-4(/C<&":;&(,,)<<& $-&C($(_<)/H0,)<&$-&<#??A)3)*$_/)?A(,)&@/-4<)/& (,,)<<&•  Salesforce.com expects that within the next year – only 1/3 of access will be via browser&•  ":;<&-2&:((8&-e)/0*D<&(AA-4&$%)&,#<$-3)/&$-&)P?-<)&0$<& -4*&,A-#C&<)/H0,)<&•  >A)(/&$/)*C&2-/&$%)<)&":;<&0<&$-4(/C<&6789&
    • >A-#C&,#/)<&)H)/E$%0*D&
    • Ra&W(+H)&3-@0A)&(??<&?(#A3(C<)*& 4))c*L#0)$B0*C&
    • "<0C)&O&W(+H)&H<&4)@&•  W-$&D-0*D&$-&$/E&$-&?/)C0,$&40**)/&&)P?),$&@-$%&•  W(+H)G<&,#//)*$&?-?#A(/0$E&A05)AE&@(A(*,)C&@E& b9BFX&2)($#/)<&•  "#$%)*+,(+-*&.&(#$%-/01(+-*&<%-#AC&@)&,-*<0<$)*$& (,/-<<&@-$%&3-C)A<K&<-&$%($& –  c<)/<&(/)&*-$&,-*2#<)CK&)D&#<)&C0e)/)*$& ,/)C)*+(A<&(*C_-/&(#$%)*+,(+-*&,)/)3-*E&2-/& $%)&$4-&3-C)A<K&)H)*&02&(,,)<<0*D&$%)&<(3)& (??A0,(+-*& –  8)/H0,)&:/-H0C)/<&(/)*f$&2-/,)C&$-&03?A)3)*$& C#?A0,($)&.&0*,-3?(+@A)&<),#/0$E&2/(3)4-/5<& 2-/&$%)&$4-&3-C)A<&
    • J/0H)/<& :(<<4-/C&F(,5&-2& (*+O<$(*C(/C<& ?(])/*& !"#$%& & W(+H)& & 3-@0A)& >A-#C&":;<& "??A0,(+-*<&
    • 7*$)/&!"#$%l&•  "*&-?)*&?/-$-,-A&$-&(AA-4&<),#/)&":;&(#$%-/01(+-*&0*&(& <03?A)&(*C&<$(*C(/C&3)$%-C&2/-3&C)<5$-?K&3-@0A)&(*C& 4)@&(??A0,(+-*<I&•  J)h*)<&(#$%-/01(+-*&.&(#$%)*+,(+-*&2/(3)4-/5&2-/& 67892#A&":;<&•  "??A0)C&$-&C)A)D($)C&(#$%-/01(+-*&&30+D($)<&?(<<4-/C& (*+O?(])/*&O&(/,%)$E?0,(A&#<)&,(<)&•  :/-H0C)<&(&<$(*C(/C&4(E&$-&D0H)&(&r5)Ef&$-&(&$%0/CO?(/$E& 4%0,%&(AA-4<&-*AE&A030$)C&(,,)<<&$-&?)/2-/3&<?),0h,& 2#*,+-*<& –  N0$%-#$&C0H#AD0*D&E-#/&,/)C)*+(A<&&
    • "*&!H)/#<)C&"*(A-DE&OAuth is your valet key to the InterwebsIt’s going happen one way or the other so mayas well tax and regulate!
    • "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
    • Real World Demo ->brizzly.com accesses the twitters &
    • Real World Demo ->brizzly.com accesses the twitters &
    • Real World Demo ->brizzly.com accesses the twitters &
    • Real World Demo ->brizzly.com accesses the twitters &
    • Real World Demo ->brizzly.com accesses the twitters &
    • Real World Demo ->brizzly.com accesses the twitters &
    • Real World Demo ->brizzly.com accesses the twitters &
    • Real World Demo ->brizzly.com accesses the twitters &
    • "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
    • A [confusing] Little History&•  First was the Emergence of Proprietary Solutions –  Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API, Flickr API, AWS API, and more•  OAuth Core 1.0 [Oct 2007] –  Open protocol to standardize what was already being done•  OAuth Core 1.0 Revision A [June 2009] –  Addresses a session fixation attack•  The OAuth 1.0 Protocol / RFC 5849 [April 2010] –  Move to the IETF as informational documentation of 1.0a with editorial clarifications and errata
    • !"#$%&903)A0*)& N6":& vN9& ;79V& !"#$%&UIZ& ;*2-&6V>&XtRs& & !"#$%&kIZ(& >-33#*0$E& !"#$%&kIZ&UZZu& UZZt& UZZs& UZkZ& UZkk&
    • B-/)&b0<$-/EK&8+AA&>-*2#<0*D&•  !"#$%&N6":&`N)@&6)<-#/,)&"#$%-/01(+-*& :/-hA)<a [v(*&UZkZ] –  Better Support for non-web applications –  Simplify the Client –  Short lived, opaque, bearer access tokens with long lived refresh tokens –  Cleaner separation of roles •  Server handling authorization requests •  Server handling protected resource access •  Client –  Simple Web Token (SWT) •  Attempt to standardize an access token format•  Oauth 2.0 [in progress]
    • b-*)<$AE&8(AAEll&;&,(*G$&@)A0)H)&E-#&2)AA&2-/&$%)&G;&C-*f$&%(H)&3E&$-5)*x<),/)$&40$%&3)G&A0*)ll&>A0)*$<&%(H)&@))*&$)AA0*D&#<&68<&$%($&-*)&2-/&E)(/<ll& =#$&%)&)P?A(0*)C&$%($&%)&%(C&2-/D-])*&0$&($&%-3)I& "*C&(*E4(E<K&dH-**)&($&$%)&<(A-*&$-AC&3)&$%($& !"#$%&N6":&C-)<*f$&)H)*&/)L#0/)&,A0)*$& <0D*($#/)<&<-&;&C-*G$&5*-4&4%E&E-#&(/)&@)0*D&<-& w#CD)3)*$(A&p&&
    • "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
    • OAuth 2.0•  >-*,)?$#(AAE&<030A(/&$-&N6":&•  N0$%&@#0A$&0*&)P$)*<0@0A0$E&•  >A)(/&<)?(/(+-*&-2&D)y*D&(&$-5)*&(*C&#<0*D&(&$-5)*& –  7(/AE&C/(i<&%(C&(*&-?+-*&2-/&$-5)*&<0D*($#/)<&@#$&$%($&4(<& C/-??)C& –  z!"#$%&UIZ&0<&=(C&2-/&$%)&N)@{&&<?),&(#$%-/_)C0$-/& –  =)(/)/&$-5)*<& –  6)$#/*&-2&$%)&B">&•  "??/-(,%0*D&h*(A&<$(*C(/C01(+-*&0*&;79V& –  6)(AAEg&& –  >#//)*$AE&($&C/(i&Okt&&•  "??A0,(@A)&$-&3(*E&-$%)/&<,)*(/0-<&&)H)*&$%-<)&40$%&*-&#<)/<&•  W-$(@A)&2-/&0$<&-?+301(+-*<&2-/&3-@0A)& –  !%&E)(%g&
    • !"#$%&UIZ&9)/30*-A-DE^&6-A)<&•  !"#$%!&"$()"!^&(*&)*+$E& `#<#(AAE&(*&)*CO#<)/_?)/<-*a ,(?(@A)&-2&D/(*+*D&(,,)<<&$-&(& ?/-$),$)C&/)<-#/,)&I&•  &*+"),^&(*&(??A0,(+-*&-@$(0*0*D& (#$%-/01(+-*&(*C&3(50*D& ?/-$),$)C&/)<-#/,)&/)L#)<$<& `-*&@)%(A2&-2&$%)&/)<-#/,)& -4*)/aI&&•  !"#$%!&"#"!-"!`./a^&$%)& <)/H)/&%-<+*D&?/-$),$)C& /)<-#/,)<&•  0%,1$!+203$)#"!-"!`4/a^&(& <)/H)/&,(?(@A)&-2&0<<#0*D& $-5)*<K&-@$(0*0*D& (#$%-/01(+-*K&(*C& (#$%)*+,(+*D&/)<-#/,)& -4*)/<I&
    • B-/)&9)/30*-A-DE^&9-5)*<&•  ",,)<<&9-5)*& –  ,/)C)*+(A&#<)C&@E&,A0)*$&$-&(,,)<<&?/-$),$)C&/)<-#/,)<&($&$%)&68& –  ?)/30<<0-*<&(e-/C)C&@E&$%)&$-5)*&,(*&@)&<,-?)C& –  0<<#)C&@E&$%)&"8&& –  <$/#,$#/)&0<&#*C)h*)C&@E&$%)&<?),`<a& –  #<#(AAE&-?(L#)&$-&$%)&,A0)*$& –  D)*)/(AAE&<%-/$&A0H)C& –  ,(*&@)&<)A2&,-*$(0*)C&-/&(&/)2)/)*,)& –  <%0i<&,-3?A)P0$E&2/-3&$%)&68&$-&$%)&"8&•  6)2/)<%&9-5)*& –  #<)C&@E&,A0)*$&$-&-@$(0*&(&*)4&(,,)<<&$-5)*&4%)*&$%)&-AC&-*)& )P?0/)<& –  ,A0)*$&-*AE&<)*C<&$-&"8K&*)H)/&$-&68& –  D)*)/(AAE&A-*D&A0H)C&&
    • ",,)<<&9-5)*&9E?)<&•  ",,)<<&$-5)*<&,(*&%(H)&C0e)/)*$& –  2-/3($<& –  <$/#,$#/)<& –  3)$%-C<&-2&#+A01(+-*&`)IDI&,/E?$-D/(?%0,&?/-?)/+)<a&•  ",,)<<&$-5)*<&3#<$&@)&C)h*)C&@E&,-3?(*0-*& <?),0h,(+-*<& –  $-5)*x$E?)&& –  (CC0+-*(A&?(/(3)$)/<&(<&*))C)C& –  %-4&$-&#<)&($&68&
    • =)(/)/&",,)<<&9-5)*<&•  "*E&?(/$E&0*&?-<<)<<0-*&-2&$%)&$-5)*&`(& z@)(/)/za&,(*&#<)&$%)&$-5)*&0*&(*E&4(E&$%($& (*E&-$%)/&?(/$E&0*&?-<<)<<0-*&-2&0$&,(*I&•  $-5)*x$E?)^&=)(/)/&&•  9-5)*&,(*&@)&?/)<)*$)C&$-&$%)&68&0*&b99:& "#$%-/01(+-*&b)(C)/K&&=-CE&:(/(3)$)/K&-/& |#)/E&:(/(3)$)/&•  6)L#0/)<&9F8&•  9-5)*&<$/#,$#/)&<+AA&#*C)h*)C&
    • B">&",,)<<&9-5)*<&•  "I5I(I&:/--2&-2&?-<<)<<0-*&$-5)*K&?/--2&$-5)*K&b-o&$-5)*&•  J)h*)<&(*&b99:&B">&(,,)<<&(#$%)*+,(+-*&<,%)3)&`5)E&0CK& B">&5)E&.&(AD-/0$%3K&(*C&0<<#)&+3)a& –  ;C&0<&<)*$&40$%&/)L#)<$&& –  o)E&0<&<%(/)C&<E33)$/0,&<),/)$&@)$4))*&$%)&,A0)*$&(*C&$%)&<)/H)/& #<)C&$-&r<0D*f&/)L#)<$<&`$%)/)@E&?/-H0*D&?-<<)<<0-*&-2&$%)&<),/)$a&•  !"#$%&UIZ&@0*C0*D&2-/&#<)&(<&(*&(,,)<<O$-5)*&$E?)&& –  $-5)*x$E?)^&3(,& –  o)E&0C&0<&$%)&(,,)<<x$-5)*& •  V-/3($&.&<$/#,$#/)&0<&<+AA&#*C)h*)C& –  3(,x5)E&.&3(,x(AD-/0$%3&(<&(CC0+-*(A&?(/(3)$)/<&•  :/-$),$<&(D(0*<$&$-5)*&A)(5(D)&•  o0*C(&<+AA&*))C<&9F8&0*&<-3)&,(<)<&
    • B-/)&9)/30*-A-DE^&7*C?-0*$<&•  "8&7*C?-0*$<& –  4%,1$!+203$)")56$+),& •  #<)CK&H0(&#<)/O(D)*$&/)C0/),+-*K&$-&(#$%)*+,($)&(*C&-@$(0*& (#$%-/01(+-*&2/-3&$%)&/)<-#/,)&-4*)/I&& •  7*C&#<)/&-*&$%)&2/-*$&,%(**)AI& –  7$8")")56$+), •  c<)C&$-&)P,%(*D)&(*&(#$%-/01(+-*&D/(*$&2-/&(*&(,,)<<&$-5)*I& •  >A0)*$&-*&$%)&@(,5&,%(**)AI&•  >A0)*$&7*C?-0*$& –  ."5+!"&3$)9.: •  "i)/&,-3?A)+*D&0$<&0*$)/(,+-*&40$%&$%)&/)<-#/,)&-4*)/K&$%)&"8& C0/),$<&$%)&/)<-#/,)&-4*)/G<&#<)/O(D)*$&@(,5&$-&$%)&,A0)*$&($&$%)& ,A0)*$f<&/)C0/),+-*&c6;I& •  V/-*$&,%(**)A&,(AA@(,5&&
    • 9)/30*-A-DE^&"#$%-/01(+-*&S/(*$&•  S)*)/(A&$)/3&#<)C&$-&C)<,/0@)&$%)&0*$)/3)C0($)& ,/)C)*+(A<&/)?/)<)*+*D&$%)&/)<-#/,)&-4*)/& (#$%-/01(+-*&•  8)/H)<&(<&(*&(@<$/(,+-*&A(E)/& –  *-$&$%)&,A)(*)<$&(@<$/(,+-*&•  c<)C&@E&$%)&,A0)*$&$-&-@$(0*&(*&(,,)<<&$-5)*&•  "AA&$-5)*&)*C?-0*$&,(AA<&0*H-AH)&)P,%(*D0*D&<-3)& D/(*$&2-/&(*&(,,)<<&$-5)*&•  8?),&C)h*)<&<)H)/(A&$E?)<&(<&4)AA&(<&(*& )P$)*<0@0A0$E&3),%(*0<3&
    • 9)/30*-A-DE^&8,-?)&•  9%)&C)h*0+-*&-2&<,-?)&0<&`3-<$AEa&-#$&-2&<,-?)& –  8))&4%($&;&C0C&$%)/)g& –  9%)&<,-?)&-2&$%)&(,,)<<&/)L#)<$&0<&)P?/)<<)C&(<&(&A0<$&-2& <?(,)OC)A030$)CK&,(<)&<)*<0+H)&<$/0*D<I& –  !/C)/&C-)<*f$&3(])/I& –  9%)&H(A#)&(*C&3)(*0*D&-2&<,-?)&<$/0*D<&(/)&C)h*)C&@E&$%)& (#$%-/01(+-*&<)/H)/I&•  6)L#)<+*D_D/(*+*D&<?),0h,&<,-?)`<a&(AA-4<&$%)&(,,)<<& /0D%$<&(<<-,0($)C&40$%&(&$-5)*&$-&@)&A030$)C& –  7*(@A)<&$%)&?/0*,0?A)&-2&A)(<$&?/0H0A)D)&`-/&A)<<&?/0H0A)D)& (*E4(Ea& –  !*AE&(<5&2-/&4%($&0<&*))C)C&
    • "@<$/(,$&VA-4&•  >A0)*$&-@$(0*<&(#$%-/01(+-*&D/(*$&2/-3&/)<-#/,)& -4*)/n&•  >A0)*$&,(AA<&$%)&(#$%-/01(+-*&<)/H)/&$-&)P,%(*D)& $%)&D/(*$&2-/&(*&(,,)<<&$-5)*nn&•  >A0)*$&#<)<&$%)&(,,)<<&$-5)*&$-&(,,)<<&?/-$),$)C& /),-#/<)<&($&$%)&/)<-#/,)&<)/H)/nnn&n<-3)+3)<&nn#<#(AAE&nnn?/-@(@AE&
    • "#$%-/01(+-*&S/(*$&9E?)<&•  (#$%-/01(+-*&,-C)&•  03?A0,0$n&•  /)<-#/,)&-4*)/&?(<<4-/C&,/)C)*+(A<&•  ,A0)*$&,/)C)*+(A<&•  /)2/)<%&$-5)*&•  7P$)*<0-*<&n&-*)&-2&$%)<)&$%0*D<&0<&*-$&A05)&$%)&-$%)/<p&
    • S/(*$&9E?)^&"#$%-/01(+-*&>-C)&•  >A0)*$&<)*C<&/)<-#/,)&-4*)/K&H0(&@/-4<)/K&$-&$%)& (#$%-/01(+-*&)*C?-0*$&($&$%)&"8&& –  7*CO#<)/&(#$%)*+,($)<& –  7*CO#<)/&(??/-H)<&/)L#)<$)C&(,,)<<&•  "8&<)*C<&$%)&)*CO#<)/&$-&$%)&,A0)*$f<&/)C0/),$&c6;&(*C& 0*,A#C)<&$%)&,-C)&(<&(&L#)/E&?(/(3)$)/&•  >A0)*$&/),)0H)<&$%)&/)C0/),+-*&,(AA@(,5K&)P$/(,$<&$%)&,-C)K& (*C&<)*C<&0$&$-&$%)&"8&0*&)P,%(*D)&2-/&(*&(,,)<<&$-5)*&(*C& ?/-@(@AE&(&/)2/)<%&$-5)*&•  S/)($&2-/&4)@&(??&,A0)*$<& –  >A0)*$&(#$%)*+,(+-*& –  7(<E&$-&%(*CA)&$%)&/)C0/),$&•  !5(E&2-/&3-@0A)&,A0)*$<& –  N0$%-#$&,A0)*$&(#$%)*+,(+-*& –  W))C&$/0,5<&$-&%(*CA)&$%)&/)C0/),$&
    • S)y*D&(*&"#$%-/01(+-*&>-C)& 4%,1$!+203$).";%"#,S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}(,A0)*$.& &/)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_,@.& /%6"!<%$%#=0)050>0#1+)?@A+!#,&&&&&&&&&/)<?-*<)x$E?)},-C).<,-?)}@))/T%-,5)ETC-*#$<&b99:_kIk&& $BC0)Db-<$^&<)/H)/I)P(3?A)I,-3&& 4%,1$!+203$)."#6$)#" b99:_kIk&YZU&V-#*C& F-,(+-*^&%]?<^__,A0)*$I)P(3?A)I,-3_,@g,-C)}S),B7C0P8o6v!tP2?>qbDsVDUb1)&
    • 7P,%(*D)&"#$%-/01(+-*&>-C)&2-/&",,)<<&9-5)*& 4&&"##7$8").";%"#,:!89&_(<_$-5)*I-(#$%U&b99:_kIk&b-<$^&(<I)P(3?A)I,-3&>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt&&,A0)*$x0C}(,A0)*$.,A0)*$x<),/)$}%-<)/./)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_,@.D/(*$x$E?)}(#$%-/01(+-*x,-C).,-C)}S),B7C0P8o6v!tP2?>qbDsVDUb1)& 4&&"##7$8")."#6$)#" b99:_kIk&UZZ&!o& >(,%)O>-*$/-A^&*-O<$-/)& :/(D3(^&*-O,(,%)& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& && & &z$-5)*x$E?)z^z=)(/)/zK& &z(,,)<<x$-5)*z^z(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6{K&& &z)P?0/)<x0*z^YÇZZK &z/)2/)<%x$-5)*z^z389=?L|,8567>W2J,A26Jw67*3L)NÄ(?ZJ<)BÇ(q50P;q{& É&
    • =/0)2&;*$)/A#C)^&c<0*D&$%)&",,)<<&9-5)*& E!$,"&,"5."#$%!&".";%"#,(+,10F"0!"!7$8") S79&_C-#@A)_<),/)$_?/-@(+-*_/)<-#/,)&b99:_kIk&& b-<$^&/<I)P(3?A)I,-3&& "#$%-/01(+-*^&=)(/)/&(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6& G4=7$8")0F+,G$!"=$C6*+&0,"5&&&&&&:!89&_$(5)_-e_)%&b99:_kIk&&&&&&b-<$^&/<I)P(3?A)I,-3&&&&&&>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C&&&&&&"#$%-/01(+-*^&B">&0C}zwCsYC%sC%YsJzK&&&&&&&&&&&&&&&&&&&&&&&&&*-*,)}zUuYkXÇ^C0Y%HC2tzK&&&&&&&&&&&&&&&&&&&&&&&&&@-CE%(<%}z5s5@$>;EZ>5;Y_V72?8_-;Jw5Ç5}zK&&&&&&&&&&&&&&&&&&&&&&&&&3(,}zNu@CBÅ@HscN!9(C"8;|b(DÅE0/"}z&
    • S/(*$&9E?)^&;3?A0,0$&•  8030A(/&$-&$%)&(#$%-/01(+-*&,-C)&Q-4&)P,)?$p&&•  "i)/&/)<-#/,)&-4*)/&(#$%)*+,(+-*&(*C& (#$%-/01(+-*K&$%)&"8&<)*C<&$%)&)*CO#<)/&$-&$%)& ,A0)*$f<&/)C0/),$&c6;&(*C&0*,A#C)<&$%)&(,,)<<& $-5)*&-*&2/(D3)*$&&•  W-&$-5)*&)*C?-0*$&,(AA&<-&*-$&n/)(AAEn&(&D/(*$& $E?)&•  !?+301)C&2-/&r40CD)$f&,A0)*$<&-/&0*O@/-4<)/& v(H(8,/0?$&(??A0,(+-*<&•  >-#AC&(A<-&4-/5&2-/&*(+H)_3-@0A)&,A0)*$<&
    • S)y*D&(&9-5)*&40$%&;3?A0,0$& 4%,1$!+203$).";%"#,S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}(,A0)*$.& &/)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_,@./)<?-*<)x$E?)}$-5)*&b99:_kIk&&b-<$^&<)/H)/I)P(3?A)I,-3&& 4%,1$!+203$)."#6$)#" b99:_kIk&YZU&V-#*C& F-,(+-*^&%]?<^__,A0)*$I)P(3?A)I,-3_,@M)P?0/)<x0*}YÇZZ & &.$-5)*x$E?)}=)(/)/.(,,)<<x$-5)*}D=w""2u;-ZV;24Å(qJ96|DZCuS94"!FuSÇ)& E!$,"&,"5."#$%!&".";%"#,S79&_C-#@A)_<),/)$_?/-@(+-*_/)<-#/,)&b99:_kIk&&b-<$^&/<I)P(3?A)I,-3&&"#$%-/01(+-*^&=)(/)/&D=w""2u;-ZV;24Å(qJ96|DZCuS94"!FuSÇ)&
    • S/(*$&9E?)^&& 6)<-#/,)&!4*)/&:(<<4-/C&>/)C)*+(A<&•  >A0)*$&-@$(0*<&/)<-#/,)&-4*)/f<&#<)/*(3)&(*C& ?(<<4-/C&C0/),$AE&2/-3&$%)&/)<-#/,)&-4*)/&(*C& <)*C<&$%)3&C0/),$AE&$-&$%)&"8&(<&(&D/(*$I&•  6)L#0/)<&$/#<$&0*&$%)&,A0)*$I&•  6)2/)<%&$-5)*&)A030*($)<&$%)&*))C&2-/&$%)&,A0)*$&$-& <$-/)&$%)&?(<<4-/CI&•  ;*$)*C)C&(<&(&30D/(+-*&3),%(*0<3&&
    • 7P,%(*D)&6!&>/)C<&2-/&",,)<<&9-5)*& 4&&"##7$8").";%"#,:!89&_(<_$-5)*I-(#$%U&b99:_kIk&b-<$^&(<I)P(3?A)I,-3&"#$%-/01(+-*^&=(<0,&,Us$ÅNW<(NÄ#CJ?=@NÄE(NW%vYW;dq|}&>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt&&,A0)*$x0C}<-3),A0)*$.D/(*$x$E?)}?(<<4-/C.#<)/*(3)}3(C<)*.?(<<4-/C}#<)A)<<$(P-*-3E& 4&&"##7$8")."#6$)#" b99:_kIk&UZZ&!o& /%6"!<%$%#=0)05+0)>0#1+)?@ >(,%)O>-*$/-A^&*-O<$-/)& :/(D3(^&*-O,(,%)& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& && & &z$-5)*x$E?)z^z=)(/)/zK& &z(,,)<<x$-5)*z^z(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6{K&& &z)P?0/)<x0*z^YÇZZK &z/)2/)<%x$-5)*z^z389=?L|,8567>W2J,A26Jw67*3L)NÄ(?ZJ<)BÇ(q50P;q{& É&
    • S/(*$&9E?)^&>A0)*$&>/)C)*+(A<&•  >A0)*$&,(*&/)L#)<$&(*&(,,)<<&$-5)*&#<0*D&-*AE&0$<&-4*& ,/)C)*+(A<&•  V-/&/)<-#/,)<&#*C)/&$%)&,A0)*$f<&,-*$/-A&-/&-$%)/& /)<-#/,)<&(<&?-A0,E&C0,$($)<&•  Bc89&-*AE&@)&#<)C&@E&Ñ?/0H($){&,A0)*$<&`,A0)*$<&$%($&,(*& (#$%)*+,($)&<),#/)AEa&•  W-&/)2/)<%&$-5)*&•  >A0)*$&"#$%)*+,(+-*&B),%(*0<3<& –  ,A0)*$x0C&.&,A0)*$x<),/)$&?(/(3)$)/<&& –  b99:&=(<0,& –  Ñ9%)&(#$%-/01(+-*&<)/H)/&B"d&<#??-/$&(*E&<#0$(@A)&b99:& (#$%)*+,(+-*&<,%)3)&3($,%0*D&0$<&<),#/0$E&/)L#0/)3)*$<{& –  B#$#(A&9F8& –  ,A0)*$x(<<)/+-*&.&,A0)*$x(<<)/+-*x$E?)&?(/(3)$)/<&
    • S/(*$&9E?)^&6)2/)<%&9-5)*&•  ;2&(&/)2/)<%&$-5)*&4(<&0<<#)C&$-&$%)&,A0)*$&C#/0*D&$%)& )P,%(*D)&-2&(&?/0-/&D/(*$K&0$&,(*&@)&#<)C&(<&(*& (#$%-/01(+-*&D/(*$&$-&D)$&(&*)4&(,,)<<&$-5)*& –  c*A)<<&/)H-5)C&-/&-$%)/40<)&0*H(A0C&•  6)2/)<%&(*&)P?0/)C&(,,)<<&$-5)*&40$%-#$&0*H-AH0*D& #<)/&(#$%-/01(+-*&•  9%)&"8&3(E&0<<#)&(&*)4&/)2/)<%&$-5)*& –  S--C&<),#/0$E&%ED0)*)&
    • 6)2/)<%0*D&(*&",,)<<&9-5)*& 4&&"##7$8").";%"#,:!89&_(<_$-5)*I-(#$%U&b99:_kIk&b-<$^&(<I)P(3?A)I,-3&"#$%-/01(+-*^&=(<0,&,Us$ÅNW<(NÄ#CJ?=@NÄE(NW%vYW;dq|}&>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt&&,A0)*$x0C}<-3),A0)*$.D/(*$x$E?)}/)2/)<%x$-5)*./)2/)<%x$-5)*}389=?L|,8567>W2J,A26Jw67*3L)NÄ(?ZJ<)BÇ(q50P;q& 4&&"##7$8")."#6$)#" b99:_kIk&UZZ&!o& >(,%)O>-*$/-A^&*-O<$-/)& :/(D3(^&*-O,(,%)& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& && & &z$-5)*x$E?)z^z=)(/)/zK& &z(,,)<<x$-5)*z^zBCL=#)PqdAB8-D@/"40::Ru)SPSLÅ(w#vW({K&& &z)P?0/)<x0*z^YÇZZK &z/)2/)<%x$-5)*z^z%AE7!!s:qD3H:0d;tDÇto87<Ub|%D/50c|S<,sqP<5C{& É&
    • 7P$)*<0-*&S/(*$&9E?)<&•  7P$)*<0-*&(#$%-/01(+-*&D/(*$&$E?)<&,(*&@)& C)h*)C&@E&(<<0D*0*D&$%)3&(&#*0L#)&(@<-A#$)&c6;& 2-/&#<)&40$%&$%)&zD/(*$x$E?)z&?(/(3)$)/I&•  7P$)*<0-*<&,(*&C)h*)&(CC0+-*(A&?(/(3)$)/<& *))C)CI&•  7*(@A)<&@/0CD0*D&@)$4))*&!"#$%&(*C&-$%)/& ?/-$-,-A<I& –  8"BF&UIZ& –  vN9&kIZ&•  7*(@A)<&-$%)/&<$#e&$--& –  =)(/)/&(,,)<<&$-5)*&H(A0C(+-*& –  898&<$EA)&$-5)*&)P,%(*D)&
    • :(/+(A&8?),0h,(+-*&F(*C<,(?)&H"I)?07$8") 9#+)?07$8") 9%)&!"#$%&UIZ&"#$%-/01(+-*&:/-$-,-A& 9%)&!"#$%&UIZ&:/-$-,-A^&=)(/)/&9-5)*<& C/(iO0)ÖO-(#$%OHU& C/(iO0)ÖO-(#$%OHUO@)(/)/& b99:&"#$%)*+,(+-*^&B">&",,)<<&"#$%)*+,(+-*& C/(iO0)ÖO-(#$%OHUO%]?O3(,& 7P$)*<0-*&S/(*$<&& .& !"#$%&UIZ&"<<)/+-*&:/-hA)&&&&&&&&&&&&&&&&&&&&&& &>A0)*$&"#$%)*+,(+-*& C/(iO0)ÖO-(#$%O(<<)/+-*<& 7$8")# "<<)/+-*<&(*C&:/-$-,-A<&2-/&8"BF&ÄUIZ& <(3AO,-/)OUIZO-<& 8"BF&UIZ&=)(/)/&"<<)/+-*&S/(*$&& 9E?)&:/-hA)&2-/&!"#$%&UIZ& C/(iO0)ÖO-(#$%O<(3AUO@)(/)/& JKLMN v8!W&N)@&9-5)*&`vN9a&& v8!W&N)@&9-5)*&`vN9a&=)(/)/& C/(iOw-*)<Ow<-*O4)@O$-5)*& :/-hA)&2-/&!"#$%&UIZ& &C/(iOw-*)<O-(#$%Ow4$O@)(/)/& v8!W&N)@&80D*($#/)&`vN8a& C/(iOw-*)<Ow<-*O4)@O<0D*($#/)&O,1"!E!$,$&$*# c<)/OB(*(D)C&",,)<<&`cB"a& v8!W&N)@&80D*($#/)&`vN7a& >-/)&:/-$-,-A& C/(iOw-*)<Ow<-*O4)@O)*,/E?+-*& !?)*;J&>-**),$&>-/)&kIZ& C/(iO%(/Cw-*-O-(#$%O#3(,-/)&
    • "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
    • >-*$/(<$&.&>-3?-<)&
    • d";Ä&`d)$&"*-$%)/&;C)*+$E&Ä)**a& !"#$%& 8"BF& • 88!&?/-hA)& • ;>"B& • "#$%*&2-/&8!":&":;<& • "#$%*&2-/&6789&":;<& • 9-5)*&2-/3($& • "]/0@#$)&<%(/0*D& & • >A-#C&"#$%1& • "#$%1&C),0<0-*<& • "#$%1&|#)/En& • :-A0,E&<E*$(P& q">BF&
    • !"#$%&/)A(+-*<%0?&$-&!?)*;J&•  ;*&-*)&<)*<)K&!"#$%&.&!?)*;J&(/)&-/$%-D-*(AK& 0)&!?)*;J&,-#AC&@)&#<)C&$-&(#$%)*+,($)&#<)/& ($&"8&2-/&-@$(0*0*D&,-*<)*$&•  =#$&$%)&<030A(/0+)<&@)$4))*&!?)*;J&UIZ&(*C& $%)&!"#$%&UIZ&(,,)<<&$-5)*&/)$/0)H(A&?0),)& %(H)&3-+H($)C&?/-?-<(A<&2-/&@(<0*D&*)P$& H)/<0-*&-2&!?)*;J&r-*&$-?&-2f&!"#$%&&!?)*;J& >-**),$&
    • :/-@A)3<&40$%&!?)*;J&UIZ&•  F-*D&c6F&A030$(+-*<& –  B(*E&3-@0A)&@/-4<)/&(*C&<-3)&:>&@/-4<)/<&,%-5)&($& A-*D&c6F<&,(#<)C&@E&"qK&:":7K&(*C&-$%)/&)P$)*<0-*<I&•  F!"&,)0A0*D& –  ,(**-$&(](0*&F!"U&@),(#<)&-2&(<<)/+-*&C0<,A-<#/)&($& @/-4<)/&•  ;3?A)3)*$(+-*&,-3?A)P0$E& –  J0[)Ob)A3(*&5)E&)P,%(*D)K&>(*-*0,(A01(+-*&(*C& 80D*($#/)&%(/C&$-&03?A)3)*$&•  J($(&8%(/0*D&F030$(+-*<& –  !*AE&?(0/O40<)&C($(&<%(/0*D&@)$4))*&$%)&!:&(*C&6:&0<& ?-<<0@A)I&
    • !?)*;J&>-**),$&•  J)<0D*)C&$-&(CC/)<<&?/)H0-#<AE&<$($)C& A030$(+-*<&-2&!?)*;J&UIZ&•  6)Q),$<&(&%(/3-*01(+-*&-2&3#A+?A)& ,-3?)+*D&H0<0-*<&2-/&)H-A#+-*&-2&!?)*;J&UIZ&•  "CC<&(&$%0*&G0C)*+$E&A(E)/G&-*$-&!"#$%&UIZ&•  J)<0D*)C&$-&<#??-/$&%0D%)/&F!"&
    • !?)*;J&>-**),$&V(30AE&$/))&V(,)=--5&>-**),$& vN9&
    • Z&
    • !?)*;J&>-**),$&/)A(+-*&$-&!"#$%&•  N%)/)(<&!"#$%&0<&(&D)*)/(A&3),%(*0<3&$-& (#$%-/01)&":;&(,,)<<K&!?)*;J&>-**),$&?/-hA)<& $%)&D)*)/0,&2-/&?#/?-<)<&-2&<%(/0*D&?/-hA)& 0*2-/3(+-*&•  c<)<&$%)&(#$%1&,-C)&.&03?A0,0$&D/(*$&$E?)<&&$%)& ?0),)<&-2&!"#$%&-?+301)C&2-/&#<)/O,-*<)*$& <,)*(/0-<&•  F)H)/(D)<&$%)&(#$%-/01(+-*&.&$-5)*&)*C?-0*$<&.& (CC<&0C)*+$EO@(<)C&?(/(3<&$-&,-/)&!"#$%& 3)<<(D)<&
    • 8"BF&.&!"#$%& 8"BF& GbE@/0CG&&,(//E&!"#$%&$-5)*& !"#$%&& 0*&8"BF&88!&3)<<(D)<& G"<<)/+-*&?/-hA)G&#<)& !"#$%& 8"BF&(<<)/+-*<&40$%0*&& 8"BF& !"#$%&Q-4& 8"BF& !"#$%& G8)L#)*,0*DG&&#<)&8"BF&88!& $-&(#$%)*+,($)&#<)/&$-&"8&
    • 8)L#)*,0*D& ;C)*+$E&?/-H0C)/& 8)/H0,)&?/-H0C)/& 8"BF& & "??A0,(+-*& !"#$%& :4C& 9-5)*& 9-5)*&J)H0,)& =/-4<)/& v8!W_qBF& "??A0,(+-*&
    • 9/(C0*D&Use SAML assertion( or JWT) forOAuth client authentication and/or OAuth grant type:!89&_$-5)*&b99:_kIk&b-<$^&<)/H)/I)P(3?A)I,-3&>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C&&D/(*$x$E?)}(#$%-/01(+-*x,-C).&,-C)}0kN<6*k#=k.&,A0)*$x0C}<Ç=%C65L$Y.&,A0)*$x(<<)/+-*x$E?)}#/*mY"-(<0<mY"*(3)<m<"$,mY"8"BFmY"UIZmY"(<<)/+-*.&,A0)*$x(<<)/+-*}:bW%@NP4!AIIIÜ-30])C&2-/&@/)H0$EáIIIÅ9&&&&&&
    • 9/(C0*D&& 8"BF& vN9& :/-hA)<&(<<)/+-*&?/-hA)& V-/&<?),0h,&(<<)/+-*& V-/3($<&ÜUá&.&ÜYá& "<<)/+-*&?/-hA)& b-4&$-&#<)&(<<)/+-*<&& 2-/&,A0)*$&(#$%)*+,(+-*&& (*C&(<&(&D/(*$&$E?)&Üká&& !"#$%& >-/)&?/-$-,-A&Üká&O&%]?^__$--A<I0)ÖI-/D_%$3A_C/(iO0)ÖO-(#$%O(<<)/+-*<&ÜUá&O&C/(iO0)ÖO-(#$%O<(3AUO@)(/)/&ÜYáO&C/(iO0)ÖO-(#$%Ow4$O@)(/)/&&&
    • !"#$%&/)A(+-*<%0?&$-&q">BF& 9%-#D%&@-$%&2-,#<)C&-*& r(#$%-/01(+-*fK&!"#$%&.& q">BF&(/)&*0,)AE& ,-3?-<)(@A)&
    • !"#$%&0<&(#$%-/01(+-*g&•  J)?)*C<&-*&4%($&?(/$&-2&$%)& (#$%1&)A)?%(*$&E-#&(/)& A--50*D&($& –  :-A0,E&`q">BFa& –  |#)/E&`q">BF_8"BF&?/-hA)a& –  >A(03<&`8"BF&.&N8OV)C&88!a& –  c<)/&,-*<)*$&`!"#$%a& –  :)/30<<0-*<&`!"#$%a& F%,+BD$%!%#"&0#"#5$)P, +)-$*-"%#"!Q&$)#"),R,1") O4%,1#,0!,#,$*$$8C$!" *+8"0%,1")3&03$) &
    • cB"&.&!"#$%&•  User Managed Access extends OAuth 2.0 to allow for a user to manage access to multiple (and distributed) resources through centralized Authorization Manager•  Leverages separation between AS & RS introduced by WRAP& O4%,1 9G4 9%)&/)<-#/,)&<)/H)/&/)<?),$<&(,,)<<&$-5)*<& 9%)&%-<$&-#$<-#/,)<&(#$%-/01(+-*&w-@<&$-& 2/-3&Ñ0$<{&(#$%-/01(+-*&<)/H)/& (*&(#$%-/01(+-*&3(*(D)/&,%-<)*&@E&$%)& #<)/& 9%)&(#$%-/01(+-*&<)/H)/&0<<#)<&$-5)*<& 9%)&(#$%-/01(+-*&3(*(D)/&0<<#)<&$-5)*<& @(<)C&-*&$%)&,A0)*$f<&(@0A0$E&$-&(#$%)*+,($)I& @(<)C&-*&#<)/&?-A0,E&(*C&Ñ,A(03<{&,-*H)E)C& @E&$%)&/)L#)<$)/I& 9%)&/)<-#/,)&<)/H)/&H(A0C($)<&$-5)*<&0*&(*& 9%)&%-<$&,(*&(<5&$%)&(#$%-/01(+-*&3(*(D)/& #*<?),0h)C&3(**)/K&(<<#3)C&A-,(AAE& $-&H(A0C($)&$-5)*<&0*&/)(A&+3)I& 8$(+,&,A0)*$&/)D0<$/(+-*&<$)?&& B-/)&CE*(30,&3-C)A&
    • cB"&.&!"#$%& ST9#"!+),!$5%&"# U$#,,$4G WTU$#,-"!+X"#,$8") 0,4G VT.";%"#,$!$>,0+)# ,$8")B!$C4G,$%#" 0,U$#,
    • "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
    • !"#$%&c<)&,(<)<&
    • c<)&,(<)&$(P-*-3E& >A-#C& B-@0A)& J0e)/)*$& @#<0*)<<& 4-/52-/,)& C-3(0*&4/Y9#"!!"*03$)#1+6 ;*$)/*(A& B-@0A)& ,-*<#3)/& 8(3)& C-3(0*& 8)/H)/& B-@0A)& =*+"),
    • J0<+*D#0<%0*D&2)($#/)<&•  W($#/)&-2&$%)&,A0)*$K&0)&3-@0A)&-/&4)@&(??&•  N%)$%)/K&(*C&%-4K&#<)/&(#$%)*+,($)<&$-&"8&•  N%)$%)/K&(*C&%-4K&,A0)*$&(#$%)*+,($)<&$-&"8&•  N%)$%)/K&(*C&%-4K&#<)/&*))C<&$-&D0H)&,-*<)*$&•  9/#<$&3-C)A&@)$4))*&>A0)*$&.&"8&•  9/#<$&3-C)A&@)$4))*&68&.&"8&
    • !"#$%&c<)&>(<)^&B-@0A)&>-*<#3)/& •  "&>-*<#3)/&>A-#C&=#<0*)<<&`)IDI&B(//0-]a&@#0AC0*D& B-@0A)&"??<& •  :/-H0C)&88!&(,,)<<&H0(&0:(CK&0:%-*)K&"*C/-0CK&)$,& •  9/#<$&/)A(+-*<%0?&0<&@)$4))*&)*$)/?/0<)&.& ,-*<#3)/&
    • B-@0A)&>-*<#3)/^&&8?),0h,<& ka&B-@0A)&(??A0,(+-*&A(#*,%)<&S "#$%Å& @/-4<)/K&0*&4%0,%&#<)/& V 7*C?-0*$& (#$%)*+,($)<&$-&:0*DV)C)/($)& `(*C&D/(*$<&,-*<)*$a&&& 9-5)*& 7*C?-0*$& Ua&:0*DV)C)/($)&/)$#/*<&,-C)&$-& 3-@0A)&(??A0,(+-*&$%/-#D%& Ä(A0C(+-*& @/-4<)/& W 7*C?-0*$& Ya&B-@0A)&(??A0,(+-*&)P,%(*D)<&,-C)& 2-/&(,,)<<&$-5)*& Ra&B-@0A)&(??A0,(+-*&(CC<&(,,)<<& [ $-5)*&$-&0$<&6789&/)L#)<$&-2& 6)<-#/,)&8)/H)/&`":;a& Xa&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-& H)/02E&$-5)*K&(*C&/)$/0)H)&C)<0/)C& 68& (]/0@#$)<& Ça&"<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&3-@0A)& (??A0,(+-*& Z
    • B-@0A)&>-*<#3)/<^&;*A0*)&-?+-*& ka&B-@0A)&(??A0,(+-*&,-AA),$<&#<)/& ?(<<4-/C&(*C&<)*C<&$-& "#$%Å& :0*DV)C)/($)&0*&/)L#)<$&2-/& 7*C?-0*$& (,,)<<&$-5)*a&&& S 9-5)*& Ua&:0*DV)C)/($)&/)$#/*<&(,,)<<&$-5)*& 7*C?-0*$& $-&3-@0A)&(??A0,(+-*& V Ya&B-@0A)&(??A0,(+-*&(CC<&(,,)<<& Ä(A0C(+-*& 7*C?-0*$& $-5)*&$-&0$<&6789&/)L#)<$&-2& 6)<-#/,)&8)/H)/&`":;a& Ra&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-& W Z H)/02E&$-5)*K&(*C&/)$/0)H)& C)<0/)C&(]/0@#$)<& Xa&"<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&3-@0A)& (??A0,(+-*& [ 68&
    • J0<,#<<0-*&•  B-@0A)&,A0)*$<&(/)&D)*)/(AAE&*-$&0<<#)C&#*0L#)&,A0)*$& ,/)C)*+(A<&&/($%)/&(AA&,-?0)<&<%(/)&$%)&<(3)& –  :/-H0C)<&-*AE&,-(/<)&r(#$%)*+,(+-*f&`-/&H(A0C(+-*a&•  J0e)/)*$&#<)/&(#$%)*+,(+-*&3),%(*0<3<&%(H)&?/-<_ ,-*<& –  =/-4<)/O@(<)C&3),%(*0<3<&3(E&@)&(CH(*$(D)-#<&2/-3& <),#/0$E&:-ÄI&"A<-&(AA-4<&2-/&h*)OD/(0*)C&,-*<)*$& ?-<<0@0A0+)<I&=/-4<)/&3(E&@)&)3@)CC)C& –  ;*A0*)&3),%(*0<3&3(E&-e)/&#<(@0A0$E&(CH(*$(D)<K&@#$&($&(& ,-<$& •  S/(*#A(/0$E&-H)/&,-*<)*$& •  6)A0(*,)&-*&?(<<4-/C<&
    • !"#$%&c<)&>(<)^&B-@0A)&>A-#C_8((<&&•  "&>A-#C&=#<0*)<<_8((8&@#0AC0*D&B-@0A)&"??A0,(+-*<&•  8#??-/$<&4-/52-/,)&(,,)<<&H0(&H0(&0:(CK&0:%-*)K& "*C/-0CK&)$,&$-&>A-#CO%-<$)C&":;<&•  9/#<$&/)A(+-*<%0?&0<&@)$4))*&$%)&)*$)/?/0<)&(*C& >A-#C&=#<0*)<<_8((8&
    • B-@0A)&>A-#C& ka&B-@0A)&(??A0,(+-*&A(#*,%)<&;C:& @/-4<)/&$-&:0*DV)C)/($)&(#$%*& V ?(D)& "#$%Å& V 7*C?-0*$& &Ua&:0*DV)C)/($)&<)*C<&)3?A-E))& S @/-4<)/&$-&)*$)/?/0<)&;C:&2-/&88!K& 9-5)*& /),)0H)<&8"BF&(<<)/+-*& 7*C?-0*$& W Ya&:0*DV)C)/($)&/)$#/*<&,-C)&$-& Ä(A0C(+-*& 3-@0A)&(??A0,(+-*&$%/-#D%& W Z 7*C?-0*$& @/-4<)/& Ra&B-@0A)&(??A0,(+-*&)P,%(*D)<&,-C)& 2-/&(,,)<<&$-5)*& Xa&B-@0A)&(??A0,(+-*&(CC<&(,,)<<& $-5)*&$-&0$<&6789&/)L#)<$&-2& ] 6)<-#/,)&8)/H)/&`":;a& Ça&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-& 68& H)/02E&$-5)*K&(*C&/)$/0)H)&C)<0/)C& (]/0@#$)<& ua&"<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&3-@0A)& [ (??A0,(+-*&
    • c>&&;*$)/*(A&8)/H)/&>A0)*$<&•  7*$)/?/0<)&,-**),$<&0*$)/*(A&(??A0,(+-*<& $%/-#D%&6789&":;<&2-/&0*$)D/(+-*&•  >A0)*$<&3(E&(,$&(#$-*-3-#<AEK&-/&(A$)/*(+H)AE& -*&@)%(A2&-2&(*&)3?A-E))&-/&/-A)&
    • ;*$)/*(A&":;<^&O&"#$-*-3-#<& kI  ;*$)/*(A&,A0)*$&(#$%)*+,($)<&$-& :0*DV)C)/($)&-*&/)L#)<$&2-/& "#$%Å& (,,)<<&$-5)*& 7*C?-0*$& UI  :0*DV)C)/($)&/)$#/*<&(,,)<<& S 9-5)*& $-5)*&$-&,A0)*$& 7*C?-0*$& YI  B-@0A)&(??A0,(+-*&(CC<&(,,)<<& V $-5)*&$-&0$<&6789&/)L#)<$&-2& Ä(A0C(+-*& 7*C?-0*$& 6)<-#/,)&8)/H)/&`":;a& RI  68&0*$)/(,$<&40$%&:0*DV)C)/($)& $-&H)/02E&$-5)*K&(*C&/)$/0)H)& W Z (??/-?/0($)&,A0)*$&(]/0@#$)<& XI  "<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&,A0)*$& (??A0,(+-*& [ 68&
    • ;*$)/*(A&":;<^&&O&J)A)D($)C& kI  >A0)*$&(??A0,(+-*&A(#*,%)<& S @/-4<)/&$-&:0*DV)C)/($)&(#$%*& "#$%Å& ?(D)& 7*C?-0*$& UI  &"i)/&A-D0*K&:0*DV)C)/($)& V 9-5)*& /)$#/*<&,-C)&$-&,A0)*$& 7*C?-0*$& (??A0,(+-*&$%/-#D%&@/-4<)/&V YI  >A0)*$&(??A0,(+-*&)P,%(*D)<& Ä(A0C(+-*& 7*C?-0*$& ,-C)&2-/&(,,)<<&$-5)*& RI  >A0)*$&(??A0,(+-*&(CC<&(,,)<<& $-5)*&$-&0$<&6789&/)L#)<$&-2& [ 6)<-#/,)&8)/H)/&`":;a& W XI  68&0*$)/(,$<&40$%&:0*DV)C)/($)& $-&H)/02E&$-5)*K&(*C&/)$/0)H)& C)<0/)C&(]/0@#$)<& Z 68& ÇI  "<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&,A0)*$& (??A0,(+-*&
    • >A-#C&=#<0*)<<_8((8&•  "&>A-#C&=#<0*)<<_8((8&?/-H0C)<&C($(&(,,)<<&$%/-#D%&6789&":;<&•  ":;&,A0)*$<&(/)&4)@&(??A0,(+-*<&`0I)I&-*&(&<)/H)/a&•  F(/D)&*#3@)/&-2&,A0)*$<&(,,)<<0*D&":;<&&)(<0)/&$-&3(*(D)&$/#<$&($&$%)& ?(/$*)/_,#<$-3)/&A)H)A&$%(*&0*C0H0C#(A&,A0)*$<&•  "#$%)*+,($)&,A0)*$&.&#<)/<&$%/-#D%&2)C)/(+-*K&/($%)/&$%(*&C0/),$AE&0<<#)C& ,/)C)*+(A<&
    • VA-4& kI  >A0)*$&(??A0,(+-*&/)$/0)H)<&8"BF& (<<)/+-*&2/-3&A-,(A&;C:& UI  >A0)*$&<)*C<&8"BF&(<<)/+-*&$-& :0*DV)C)/($)&($&8((8&:/-H0C)/_ ?(/$*)/&)$,& YI  :0*DV)C)/($)&/)$#/*<&(,,)<<& $-5)*&$-&,A0)*$& RI  >A0)*$&(??A0,(+-*&(CC<&(,,)<<& $-5)*&$-&0$<&6789&/)L#)<$&-2& 6)<-#/,)&8)/H)/&`":;a& XI  8((8&68&0*$)/(,$<&40$%& :0*DV)C)/($)&$-&H)/02E&$-5)*K& (*C&/)$/0)H)&C)<0/)C&(]/0@#$)<& ÇI  "<<#30*D&!oK&8((8&68&/)$#/*<& /)L#)<$)C&C($(&$-&,A0)*$& (??A0,(+-*&
    • "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
    • !"#$%&U&8),#/0$E&B-C)A&•  N)AAK&0$&<-/$&-2&C)?)*C<p& –  9-5)*&$E?)& –  S/(*$&$E?)& –  >A0)*$&$E?)&•  "A<-K&0$f<&50*C&-2&,-3?A0,($)Cp&
    • 8)<<0-*&>--50)&"*(A-DE&&•  !"#$%&#<0*D&@)(/)/&$-5)*<&0<&<-/$&-2&A05)&<)<<0-*& ,--50)<&2-/&":;_/)<-#/,)&(,,)<<&&•  S)*)/(AAE&E-#&A-D0*&$-&(&4)@<0$)&(*C&(/)&0<<#)C&(& <)<<0-*&,--50)&2-/&<#@<)L#)*$&/)L#)<$<&•  S/(*$&0<&A05)&$%)&A-D0*&(*C&(,,)<<&$-5)*&0<&A05)&$%)& <)<<0-*&,--50)&&•  9F8&0<&/)L#0/)C&($&)H)/E&<$)?&•  >--50)<&/)AE&-*&<(3)&-/0D0*&?-A0,E&•  ",,)<<&$-5)*<&/)AE&-*&<$(+,&-/&4)AA&5*-4&<)/H)/<&•  W)0$%)/&0<&?)/2),$&•  J0<,-H)/E&,(**-$&@)&<(2)AE&C-*)&40$%&@)(/)/&$-5)*<&
    • N%($&(@-#$&B">g&•  b)A?<&40$%&$%)&C0<,-H)/E&?/-@A)3&•  8+AA&50*C&-2&<030A(/&$-&<)<<0-*&,--50)<& –  ;*&2(,$K&$%)&B">&<?),&C)h*)<&(*&)P$)*<0-*&$-&$%)& b99:&z8)$O>--50)&z&/)<?-*<)&%)(C)/&h)AC&•  :/)H)*$<&,/)C)*+(A&A)(5(D)&•  >(*&@)&#<)C&-H)/&0*<),#/)&,%(**)A<& –  "CC<&,-3?A)P0$E&`*-/3(A01(+-*K&,/E?$-D/(?%EK& <$($)&3(*(D)3)*$a& –  W-&,-*hC)*+(A0$E&`<+AA&*))C&9F8&2-/&$%($a&
    • 9-5)*<&.&80D*0*D&&•  80D*)C&9-5)*<& –  9-5)*&0<&<0D*)C&@E&$%)&0<<#)/&`"8a& –  vN9K&8N9K&8"BFK&)$,I& –  9-5)*&0<&<)A2O,-*$(0*)C&•  80D*0*D&40$%&9-5)*<&& –  >A0)*$&<0D*<&$%)&/)L#)<$&40$%&<-3)&<),/)$&0<<#)C& (A-*D&<0C)&$%)&$-5)*& –  B">& –  9-5)*&,(*&@)&<)A2O,-*$(0*)C&-/&/)2)/)*,)&&
    • N%E&(/)*f$&9-5)*<&J)h*)Cg&•  ;$f<&-5(EK&0$&/)(AAE&0<&•  ;&C-*f$&5*-4&4%E&)P(,$AEK&@#$&;fH)&D/-4*&$-& (,,)?$&(*C&)H)*&A05)&0$&•  ;$&C-)<&03?AE&<-3)&A)H)A&-2&,--/C0*(+-*& @)$4))*&$%)&"8&.&68&•  903)&40AA&$)AAp&
    • !$%)/&8),#/0$E&8$#e&•  6)2)/)*,)&<$EA)&$-5)*<&*))C&(&A-$&-2&)*$/-?E&•  6)H-,(+-*&0<&D--C&$-&?/-H0C)&•  9F8&•  >A0)*$&"#$%)*+,(+-*&(*C&@0*C0*D&$-&$-5)*<_,-C)<&•  =/#$)&2-/,)&,-#*$)/3)(<#/)<&•  9-5)*&<$-/(D)&•  9-5)*_,-C)&A)(5(D)&•  :%0<%0*D&•  J0C&;&3)*+-*&9F8g&•  8,-?)&
    • "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
    • N(A5&$%/-#D%&•  N(A5&$%/-#D%&<,)*(/0-&-2&(*&)3?A-E))&#<0*D&(& *(+H)&(??&-*&$%)0/&?%-*)_$(@A)$&$-&0*$)/(,$& 40$%&(&8((8&?/-H0C)/&•  8"BF&?/-H0C)<& –  "#$%)*+,(+-*&-2&)3?A-E))&$-&8((8&?/-H0C)/&•  !"#$%&?/-H0C)<& –  (#$%-/01(+-*&-2&*(+H)&(??&$-&(,,)<<&8((8&":;<& –  ;<<#(*,)&-2&$-5)*<&2/-3&8((8&$-&*(+H)&(??&
    • N(A5&$%/-#D%&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&!"#$%& & &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&8"BF&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&!"#$%&
    • F-(C&(#$%1&?(D)&
    • F-(C&(#$%1&?(D)&
    • F-(C&(#$%1&?(D)&S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}3-@0A)(??.<$($)}%-<)/./)C0/),$x#/0}3-@0A)(??^__/)C0/),$x%)/)./)<?-*<)x$E?)},-C)&b99:_kIk& ^$," O O&W-&,A0)*$&?4C& O O&,#<$-3&<,%)3)&-*&/)C0/),$&c6F& O O&/)<?-*<)&$E?)&-2&r,-C)f&
    • ;C:&J0<,-H)/E&
    • ;C:&J0<,-H)/E&
    • ;C:&C0<,-H)/E&
    • 88!&6)L#)<$&
    • 88!&/)L#)<$&
    • 88!&6)L#)<$& à2-/3&3)$%-C}z?-<$z&(,+-*}z%]?<^__0C?I)P(3?A)I-/D_8"BFU_88!_:!89z&â& à0*?#$&$E?)}z%0CC)*z&*(3)}z8"BF6)L#)<$z&H(A#)}z!"#$"%&z&_â& à0*?#$&$E?)}z<#@30$z&H(A#)}z8#@30$z&_â& à_2-/3â&&à<(3A?^"#$%*6)L#)<$& &P3A*<^<(3A?}z#/*^-(<0<^*(3)<^$,^8"BF^UIZ^?/-$-,-Az& P3A*<^<(3A}z#/*^-(<0<^*(3)<^$,^8"BF^UIZ^(<<)/+-*z&;J}z((2UYksÇOkuuYOUkkYORuR(O 2)kkRRkU(@uUz&Ä)/<0-*}zUIZz&;<<#);*<$(*$}zUZZROkUOZX9Zs^Uk^XsÅ{â& & &à<(3A^;<<#)/â%]?<^__<?I)P(3?A)I,-3_8"BFUà_<(3A^;<<#)/â&&à<(3A?^W(3);J:-A0,E& "AA-4>/)($)}z$/#)z& &V-/3($}z#/*^-(<0<^*(3)<^$,^8"BF^ UIZ^*(3)0C^2-/3($^?)/<0<$)*$z_â&à_<(3A?^"#$%*6)L#)<$â&
    • c<)/&(#$%)*+,(+-*&
    • c<)/&(#$%)*+,(+-*&
    • c<)/&(#$%)*+,(+-*&
    • 88!&/)<?-*<)&
    • 88!&6)<?-*<)&
    • 88!&6)<?-*<)&à<(3A^"<<)/+-*â&à<(3A^;<<#)/â%]?<^__0C?I)P(3?A)I-/D_8"BFUà_<(3A^;<<#)/â&àC<^80D*($#/)&P3A*<^C<}z%]?^__444I4YI-/D_UZZZ_Zs_P3AC<0DMzâIIIà_C<^80D*($#/)â&à<(3A^8#@w),$â&à<(3A^W(3);J&V-/3($}z#/*^-(<0<^*(3)<^$,^8"BF^UIZ^*(3)0CO2-/3($^?)/<0<$)*$zâ& Y2u@YC,2OkÇuROR),COsU,tOkXRR2YRÇ@(2t&à_<(3A^W(3);Jâà_<(3A^8#@w),$â&à<(3A^"]/0@#$)8$($)3)*$â&à<(3A^"]/0@#$)&W(3)}Ñ)3(0A{&â&à<(3A^"]/0@#$)Ä(A#)&P<0^$E?)}zP<^<$/0*Dzâ?3(C<)*?0*D0C)*+$EI,-3à_<(3A^"]/0@#$)Ä(A#)â&&à_<(3A^"]/0@#$)â&&à_<(3A^"]/0@#$)8$($)3)*$â&&à_<(3A^"<<)/+-*â&&
    • 6)<?-*<)&40$%&,-C)&
    • 6)<?-*<)&40$%&,-C)&
    • 6)<?-*<)&40$%&,-C)&b99:_kIk&YZU&V-#*C&F-,(+-*^&3-@0A)(??^__/)C0/),$x%)/)g& &<$($)}%-<)/.& &,-C)}401v3(89:"2Z4L8)=YH3JPU3W8ÅoÇD&>-*$)*$OF)*D$%^&Z&
    • 9/(C)&,-C)&2-/&$-5)*&
    • 9/(C)&,-C)&2-/&$-5)*&
    • 9/(C)&,-C)&2-/&$-5)*&:!89&_(<_$-5)*I-(#$%U&b-<$^&(<I,-3&,A0)*$x0C}(./)C0/),$x#/0}3-@0A)(??^__ /)C0/),$%)/).D/(*$x$E?)}(#$%-/01(+-*x,-C).,-C)}401v3(89:"2Z4L8)=YH3JPU 3W8ÅoÇD&b99:_kIk&&&b99:_kIk&UZZ&!o&>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&z$-5)*x$E?)z^z=)(/)/zKz)P?0/)<x0*z^zÇZZzKz/)2/)<%x$-5)*z^z-|NL4Bc;FU*C)Bb<N7 EV!ZSE(AHo8H,U|;Rd#StU6BS5BzKz(,,)<<x$-5)*z^zA8=@,0RvDtB<w08LÅF=/17qDCR 3ocW%!5EVzÉ&
    • >A0)*$&,(AA<&":;&
    • >A0)*$&,(AA<&":;&
    • >A0)*$&,(AA<&":;&%]?<^__D/(?%I2(,)@--5I,-3_?(#AI)I3(C<)*_ 2/0)*C<_g (,,)<<x$-5)*}A8=@,0RvDtB<w08LÅF=/17qDCR3o cW%!5EV&&&&&&
    • Ä)/02E&$-5)*&
    • Ä)/02E&$-5)*&
    • Ä)/02E&$-5)*&S79&_(<_$-5)*I-(#$%Ug ,A0)*$x0C}@.,A0)*$x<),/)$}?4C.D/(*$x$E?)}#/*^?0*D^H(A0C($).$-5)*}A8=@,0RvDtB<w08LÅF=/17qDCR3ocW%!5EV& b99:_kIk&b-<$^&(<I,-3&",,)?$^&n_n&&&b99:_kIk&UZZ&!o&>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&& ^$,O4%,15"X)"5
    • 6)$#/*&J($(&
    • 6)$#/*&J($(&
    • 6)$#/*&C($(&b99:_kIk&UZZ&!o&>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&
    • &903)&?(<<)<&&&&
    • 6)2/)<%&$-5)*&
    • 6)2/)<%&$-5)*&
    • 6)2/)<%&$-5)*&/)L#)<$&:!89&_(<_$-5)*I-(#$%U&b99:_kIk&b-<$^&A-,(A%-<$^sZYk&&,A0)*$x0C}(.D/(*$x$E?)}/)2/)<%x$-5)*.&&/)2/)<%x$-5)*}-|NL4Bc;FU*C)Bb<N7EV!ZSE(AHo8H,U|;Rd#StU6BS5B&&
    • S)$&2/)<%&(]/0@#$)<&
    • S)$&2/)<%&(]/0@#$)<&
    • S)$&2/)<%&(]/0@#$)<&8>;B&-/&8"BFgg&
    • 6)$#/*&(,,)<<&$-5)*&
    • 6)$#/*&(,,)<<&$-5)*&
    • 6)$#/*&(,,)<<&$-5)*&b99:_kIk&UZZ&!o&>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&z$-5)*x$E?)z^z=)(/)/zKz)P?0/)<x0*z^zÇZzKz/)2/)<%x$-5)*z^zvÅu|(REbX>t7Y>0 5H,ÅÅ<CRÅFcDÄEd*0)qLE@"Vw!@|?1zKz(,,)<<x$-5)*z^zRs=:;XF#WBYkZ-u %@=s3s,;1;39XBtD,6w7zÉ&
    • &60*<)&.&/)?)($&p&&&&
    • &(/,%0H)&&&
    • B-@0A)&(??&;CB&(/,%0$),$#/)&&
    • W(+H)&H<&4)@&(??<&•  W-$&D-0*D&$-&$/E&$-&?/)C0,$&40**)/&&)P?),$&@-$%&•  "#$%)*+,(+-*&.&(#$%-/01(+-*&<%-#AC&@)&,-*<0<$)*$& (,/-<<&@-$%&3-C)A<K&<-&$%($& –  c<)/<&(/)&*-$&,-*2#<)CK&)D&#<)&C0e)/)*$& ,/)C)*+(A<&(*C_-/&(#$%)*+,(+-*&,)/)3-*E&2-/& $%)&$4-&3-C)A<K&)H)*&02&(,,)<<0*D&$%)&<(3)& (??A0,(+-*& –  8)/H0,)&:/-H0C)/<&(/)*f$&2-/,)C&$-&03?A)3)*$& C#?A0,($)&.&0*,-3?(+@A)&<),#/0$E&2/(3)4-/5<& 2-/&$%)&$4-&3-C)A<&
    • V)C)/(+-*&•  V)C)/(+-*&(@<$/(,$<&(4(E&2/-3&(??A0,(+-*<& <?),0h,<&-2&(#$%)*+,(+-*&.&(#$%-/01(+-*&& -#$<-#/,)C&$-&<?),0(A01)C&?/-H0C)/<&•  >-3?A)P0$E&%0CC)*&@E&$-5)*&0<<#(*,)&.&H(A0C(+-*&•  V)C)/(+-*&<$(*C(/C<&C)h*)& –  9-5)*&2-/3($<& –  b-4&,A0)*$<&-@$(0*&$-5)*<& –  b-4&,A0)*$<&?/)<)*$&$-5)*<&$-&(??A0,(+-*& ?/-H0C)/<&&
    • 9-5)*<&•  V)C)/($)C&(#$%)*+,(+-*&2-/&@-$%&4)@&(*C& *(+H)&3-@0A)&(??A0,(+-*<&0<&@(<)C&-*&)P,%(*D)& (*C&C)A0H)/E&-2&&(")%*$-&$%)&(??A0,(+-*&•  9-5)*<&,(//E&`-/&?-0*$&$-a&<),#/0$E&0*2-/3(+-*& `A05)&(]/0@#$)<&-/&(#$%-/01(+-*<a&2-/&#<)/&$/E0*D& $-&(,,)<<&$%)&(??A0,(+-*I&&•  >A0)*$<&$E?0,(AAE&)P,%(*D)&,/)C)*+(A<&2-/&$-5)*<& O&)(<0)/_<(2)/&$-&<%(/)&$%)&$-5)*&(,/-<<&$%)& *)$4-/5&/($%)/&$%(*&$%)&-/0D0*(A&,/)C)*+(A<&•  N%)*&$-5)*&0<&<#@<)L#)*$AE&?/)<)*$)C&$-&(*& (??A0,(+-*&?/-H0C)/K&$%)E&<)/H)&$-&(#$%)*+,($)& (*C_-/&(#$%-/01)&$%)&/)L#)<$&
    • V)C)/(+-*&$(5)<&C0e)/)*$&2-/3<& V-/&4)@&(??<K&$-5)*<&,(//E& =/-4<)/& (??& "]/0@#$)<&2-/&(#$%)*+,(+-*& V-/&*(+H)&(??<K&$-5)*<&,(//E& (??& C($(& "#$%-/01(+-*&2-/&(]/0@#$)<&
    • 9-5)*<&2-/&3-@0A)&4)@&(??A0,(+-*<&•  V)C)/(+-*&2-/&4)@&(??A0,(+-*<&3(*02)<$<&(<& 88!&2/-3&<-3)&;C:&$-&$%)&(??A0,(+-*&?/-H0C)/&•  88!&)<?),0(AAE&/)A)H(*$&2-/&3-@0A)&•  9-5)*<&(])<+*D&$-&$%)&#<)/f<&0C)*+$E&(*C_-/& (#$%)*+,(+-*&<$($#<&C)A0H)/)C&&+!$,+*`(<& /)C0/),$<a&$%)&@/-4<)/&2/-3&;C:&$-&$%)& (??A0,(+-*&?/-H0C)/&•  "??A0,(+-*&?/-H0C)/&H(A0C($)<&$-5)*&(*C& )P$/(,$<&0C)*+$E&(]/0@#$)<&2/-3&40$%0*&0*&-/C)/& $-&,/)($)&A-,(A&<)<<0-*&&
    • 9-5)*<&2-/&4)@&(??A0,(+-*<&;C)*+$E&?/-H0C)/& 8)/H0,)&?/-H0C)/& kI  c<)/&$/(C)<& ,/)C)*+(A<&2-/&(& $-5)*&2/-3&;C:& 8"BF& UI  9-5)*&C)A0H)/)C& !?)*;J& "??A0,(+-*& $%/-#D%&$%)& @/-4<)/&$-&8:& YI  8:&H(A0C($)<&$-5)*K& (*C&C)A0H)/<& (??A0,(+-*&b9BF& :4C& b9BF& $-&@/-4<)/& 9-5)*&J)H0,)& =/-4<)/&
    • =)<$&?/(,+,)<&•  8$(*C(/C<& –  !?)*;J&UIZ&2-/&,-*<#3)/&<,)*(/0-<& –  8"BF&UIZ&2-/&)*$)/?/0<)&.&,A-#C& –  N8OV)C)/(+-*&2-/&%-3-D)*)-#<&B8V9&•  ;C:&J0<,-H)/E& –  ;*&,-*<#3)/&<?(,)K&,-*<0C)/&W(<,(/&40$%&)3(0AO @(<)C&<#??A)3)*$& –  ;*&,A-#C&<?(,)K&,-*<0C)/&)3(0AO@(<)C&•  =-$%&;C:&`?-/$(Aa&(*C&8:&`C))?OA0*50*Da&0*0+($)C& (/)&/)A)H(*$&•  B-@0A)&@/-4<)/&,-*<$/(0*$<&3(E&/),-33)*C& (/+2(,$&3-C)A&0*&8"BF&
    • 9-5)*<&2-/&*(+H)&(??A0,(+-*<&•  W(+H)&(??A0,(+-*<&(#$%)*+,($)&$-&6789&":;<&@E& ?/)<)*+*D&(&$-5)*&-*&$%)&,(AA&•  9%)&?/),#/<-/&(,$&-2&$%)&*(+H)&(??A0,(+-*&-@$(0*0*D&(& $-5)*&0<&-i)*&,(AA)C&r(#$%-/01(+-*f&`?(/+,#A(/AE&0*& $%-<)&,(<)<&4%)*&$%)&":;&2/-*$<&#<)/&0*2-K&)D&?/-hA)K& $4))$<K&)$,a&•  c<)/&(#$%-/01)<&`-/&,-*<)*$<a&$-&$%)&*(+H)&(??A0,(+-*& %(H0*D&(,,)<<&$-&$%)&":;&`(*C&$%)0/&C($(a&&$%)& (#$%-/01(+-*&0<&3(*02)<$)C&(<&$%)&0<<#(*,)&-2&(&$-5)*& $-&$%)&*(+H)&(??&•  !"#$%&UIZ&C-30*(*$&?/-$-,-A&@E&4%0,%&(&*(+H)&(??& -@$(0*<&$%)&C)<0/)C&(#$%-/01(+-*<&(*C&$%)& ,-//)<?-*C0*D&$-5)*&`(*C&$%)*&#<)<&(D(0*<$&":;a&
    • B-@0A)&(#$%*&-?+-*<& • E(5#10!"5(+,1W!560!,D_C>"55"5>!$(#"! :)*+)" • 466$()#9: • ^$)""5,$*"0-"066 • =%#,$C#&1"C" • _)0>*"#//O • _)0>*"##,!$)?0%,1) • 4/$()#9: • a+#%0*,!%#,&%"# • =0)*"-"!0?"#,$!"56(5# _`,"!)0*>!$(#"!
    • 9-5)*<&2-/&*(+H)&(??A0,(+-*<&8)/H0,)&?/-H0C)/& kI  c<)/&$/(C)<&,/)C)*+(A<&2-/&(&$-5)*& UI  9-5)*&C)A0H)/)C&$%/-#D%&$%)&@/-4<)/& $-&*(+H)&(??A0,(+-*& "??A0,(+-*& YI  W(+H)&(??A0,(+-*&?/)<)*$<&$-5)*&-*& ":;&,(AA<& RI  "??A0,(+-*&/)$#/*<&(??A0,(+-*&C($(& (<&v8!W& :4C& 9-5)*& v8!W_qBF&J)H0,)& =/-4<)/& "??A0,(+-*& !"#$%&
    • =)<$&?/(,+,)<&•  c<)&$%)&@/-4<)/&$-&(#$%)*+,($)&$%)&#<)/&$-&$%)&"8K& C-*f$&,-AA),$&#<)/&?(<<4-/C<&40$%0*&*(+H)&(??A0,(+-*& 0$<)A2&•  "&<)?(/($)&@/-4<)/&40*C-4&?/)2)//)C&$-&)3@)CC)C&& D0H)<&#<)/&$%)&H0<#(A&$/#<$&,#)<&$/(0*)C&$-&A--5&2-/&•  !"#$%&(#$%-/01(+-*&,-C)&D/(*$&$E?)&0<&/)A)H(*$&& (AA-4<&(&/)2/)<%&$-5)*&$-&@)&C)A0H)/)C&$-&$%)&*(+H)& (??A0,(+-*&`-@H0($)<&*))C&$-&,-*+*#(AAE&/)(#$%-/01)a&•  c<)&@/-4<)/&2-/&;C:&C0<,-H)/E&02&C-0*D&88!&`/($%)/&$%(*& 40$%0*&*(+H)&(??A0,(+-*&0$<)A2a&•  W(+H)&(??A0,(+-*&<%-#AC&/)D0<$)/&,#<$-3&<,%)3)&-*& 0*<$(AAK&$-&)*(@A)&<#@<)L#)*$&?(<<0*D&&-2&$-5)*&2/-3& @/-4<)/&-./(*$-&*(+H)&(??A0,(+-*&