Your SlideShare is downloading. ×
0
!"#$%&&(#$%)*+,(+-*&.&(#$%-/01(+-*&      2/(3)4-/5&2-/&6789&":;<&   =/0(*&>(3?@)AA&.&:(#A&B(C<)*&           :0*D&;C)*+$E&
F-D0<+,<&•  9%)&(??/-?/0($)&2-/3&-2&(CC/)<<&2-/&$%)&<?)(5)/<&0<&G80/G&•  "@<$/(,$&$%0*50*D&($&)A)H(+-*&,(*&@)&C(*D)/-#<I&J...
"     8)*0-/&9),%*0,(A&"/,%0$),$&40$%0*&$%)&![,)&-2&     $%)&>9!&($&:0*D&;C)*+$E&        " ?3(C<)*?0*D0C)*+$EI,-3&        ...
=/0(*&>(3?@)AA&•  F)(C<&:0*D&7*D0*))/0*D&$)(3&(CC0*D&!"#$%&$-&   ?/-C#,$&A0*)&•  =),(3)&<-i4(/)&C)H)A-?)/&(i)/&/)(A010*D&,...
"D)*C(&•    !"#$%&C/0H)/<&•    8,/))*<%-$&C)3-&•    !"#$%&%0<$-/E&•    !"#$%&U&•    !"#$%&0*&,-*$)P$&•    o)E&#<)&,(<)<&• ...
"#$%)*+,(+-*&2-/&8!":&•  9%)&8!":&4-/AC&%(<&A-*D&%(C&<$(*C(/C<&/)A($)C&$-&   (#$%)*+,(+-*&.&(#$%-/01(+-*&-2&4)@&<)/H0,)<&•...
=#$&pII&
ka&6789&(#$%)*+,(+-*&•  6789&4-/AC&%(<&*-$&%(C&,-3?(/(@A)&<$(*C(/C<&•  W-$%0*D&,-3?(/(@A)&$-&N8O8),#/0$E&O&30<%3(<%&-2&   ...
Ua&:(<<4-/C&(*+O?(])/*&&80$)<&(<5<&d!c&2-/&E-#/&S!!SF7&?(<<4-/C&<-&0$&,(*&(,,)<<&E-#/&S--DA)&<$#eI&
9<5&$<5l&•  >A0)*$&3#<$&<$-/)&?(<<4-/C<&•  9)(,%)<&#<)/<&$-&@)&0*C0<,/030*($)&   40$%&$%)0/&?(<<4-/C<&•  B-/)&C0[,#A$&$-&3...
;3?-/$(*,)&-2&/)H-,(+-*&  9%0<&0<&<%0*Elllll&              ;&<%-#AC&#<)&$%($&3-/)&                                        ...
Ya&>A-#C&":;<&•  N0$%0*&3-H)&$-4(/C<&8((8&&$/)*C&$-4(/C<&":;&(,,)<<&   $-&C($(_<)/H0,)<&$-&<#??A)3)*$_/)?A(,)&@/-4<)/&   (...
>A-#C&,#/)<&)H)/E$%0*D&
Ra&W(+H)&3-@0A)&(??<&?(#A3(C<)*&                           4))c*L#0)$B0*C&
"<0C)&O&W(+H)&H<&4)@&•  W-$&D-0*D&$-&$/E&$-&?/)C0,$&40**)/&&)P?),$&@-$%&•  W(+H)G<&,#//)*$&?-?#A(/0$E&A05)AE&@(A(*,)C&@E& ...
J/0H)/<&                    :(<<4-/C&F(,5&-2&            (*+O<$(*C(/C<&          ?(])/*&             !"#$%&               ...
7*$)/&!"#$%l&•  "*&-?)*&?/-$-,-A&$-&(AA-4&<),#/)&":;&(#$%-/01(+-*&0*&(&   <03?A)&(*C&<$(*C(/C&3)$%-C&2/-3&C)<5$-?K&3-@0A)&...
"*&!H)/#<)C&"*(A-DE&OAuth is your valet key to the InterwebsIt’s going happen one way or the other so mayas well tax and r...
"D)*C(&•    !"#$%&C/0H)/<&•    8,/))*<%-$&C)3-&•    !"#$%&%0<$-/E&•    !"#$%&U&•    !"#$%&0*&,-*$)P$&•    o)E&#<)&,(<)<&• ...
Real World Demo ->brizzly.com accesses the twitters &
Real World Demo ->brizzly.com accesses the twitters &
Real World Demo ->brizzly.com accesses the twitters &
Real World Demo ->brizzly.com accesses the twitters &
Real World Demo ->brizzly.com accesses the twitters &
Real World Demo ->brizzly.com accesses the twitters &
Real World Demo ->brizzly.com accesses the twitters &
Real World Demo ->brizzly.com accesses the twitters &
"D)*C(&•    !"#$%&C/0H)/<&•    8,/))*<%-$&C)3-&•    !"#$%&%0<$-/E&•    !"#$%&U&•    !"#$%&0*&,-*$)P$&•    o)E&#<)&,(<)<&• ...
A [confusing] Little History&•  First was the Emergence of Proprietary Solutions    –  Google AuthSub, AOL OpenAuth, Yahoo...
!"#$%&903)A0*)&                                          N6":&                                                            ...
B-/)&b0<$-/EK&8+AA&>-*2#<0*D&•  !"#$%&N6":&`N)@&6)<-#/,)&"#$%-/01(+-*&   :/-hA)<a [v(*&UZkZ]  –  Better Support for non-we...
b-*)<$AE&8(AAEll&;&,(*G$&@)A0)H)&E-#&2)AA&2-/&$%)&G;&C-*f$&%(H)&3E&$-5)*x<),/)$&40$%&3)G&A0*)ll&>A0)*$<&%(H)&@))*&$)AA0*D&...
"D)*C(&•    !"#$%&C/0H)/<&•    8,/))*<%-$&C)3-&•    !"#$%&%0<$-/E&•    !"#$%&U&•    !"#$%&0*&,-*$)P$&•    o)E&#<)&,(<)<&• ...
OAuth 2.0•  >-*,)?$#(AAE&<030A(/&$-&N6":&•  N0$%&@#0A$&0*&)P$)*<0@0A0$E&•  >A)(/&<)?(/(+-*&-2&D)y*D&(&$-5)*&(*C&#<0*D&(&$-...
!"#$%&UIZ&9)/30*-A-DE^&6-A)<&•  !"#$%!&"$()"!^&(*&)*+$E&   `#<#(AAE&(*&)*CO#<)/_?)/<-*a   ,(?(@A)&-2&D/(*+*D&(,,)<<&$-&(& ...
B-/)&9)/30*-A-DE^&9-5)*<&•  ",,)<<&9-5)*&   –    ,/)C)*+(A&#<)C&@E&,A0)*$&$-&(,,)<<&?/-$),$)C&/)<-#/,)<&($&$%)&68&   –    ...
",,)<<&9-5)*&9E?)<&•  ",,)<<&$-5)*<&,(*&%(H)&C0e)/)*$&  –  2-/3($<&  –  <$/#,$#/)<&  –  3)$%-C<&-2&#+A01(+-*&`)IDI&,/E?$-D...
=)(/)/&",,)<<&9-5)*<&•  "*E&?(/$E&0*&?-<<)<<0-*&-2&$%)&$-5)*&`(&   z@)(/)/za&,(*&#<)&$%)&$-5)*&0*&(*E&4(E&$%($&   (*E&-$%)...
B">&",,)<<&9-5)*<&•  "I5I(I&:/--2&-2&?-<<)<<0-*&$-5)*K&?/--2&$-5)*K&b-o&$-5)*&•  J)h*)<&(*&b99:&B">&(,,)<<&(#$%)*+,(+-*&<,...
B-/)&9)/30*-A-DE^&7*C?-0*$<&•  "8&7*C?-0*$<&   –  4%,1$!+203$)")56$+),&      •  #<)CK&H0(&#<)/O(D)*$&/)C0/),+-*K&$-&(#$%)*...
9)/30*-A-DE^&"#$%-/01(+-*&S/(*$&•  S)*)/(A&$)/3&#<)C&$-&C)<,/0@)&$%)&0*$)/3)C0($)&   ,/)C)*+(A<&/)?/)<)*+*D&$%)&/)<-#/,)&-...
9)/30*-A-DE^&8,-?)&•  9%)&C)h*0+-*&-2&<,-?)&0<&`3-<$AEa&-#$&-2&<,-?)&   –  8))&4%($&;&C0C&$%)/)g&   –  9%)&<,-?)&-2&$%)&(,...
"@<$/(,$&VA-4&•  >A0)*$&-@$(0*<&(#$%-/01(+-*&D/(*$&2/-3&/)<-#/,)&   -4*)/n&•  >A0)*$&,(AA<&$%)&(#$%-/01(+-*&<)/H)/&$-&)P,%...
"#$%-/01(+-*&S/(*$&9E?)<&•    (#$%-/01(+-*&,-C)&•    03?A0,0$n&•    /)<-#/,)&-4*)/&?(<<4-/C&,/)C)*+(A<&•    ,A0)*$&,/)C)*+...
S/(*$&9E?)^&"#$%-/01(+-*&>-C)&•  >A0)*$&<)*C<&/)<-#/,)&-4*)/K&H0(&@/-4<)/K&$-&$%)&   (#$%-/01(+-*&)*C?-0*$&($&$%)&"8&&   –...
S)y*D&(*&"#$%-/01(+-*&>-C)&                             4%,1$!+203$).";%"#,S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}(,A0)*$.&...
7P,%(*D)&"#$%-/01(+-*&>-C)&2-/&",,)<<&9-5)*&                              4&&"##7$8").";%"#,:!89&_(<_$-5)*I-(#$%U&b99:_kIk...
=/0)2&;*$)/A#C)^&c<0*D&$%)&",,)<<&9-5)*&                      E!$,"&,"5."#$%!&".";%"#,(+,10F"0!"!7$8") S79&_C-#@A)_<),/)$_...
S/(*$&9E?)^&;3?A0,0$&•  8030A(/&$-&$%)&(#$%-/01(+-*&,-C)&Q-4&)P,)?$p&&•  "i)/&/)<-#/,)&-4*)/&(#$%)*+,(+-*&(*C&   (#$%-/01(...
S)y*D&(&9-5)*&40$%&;3?A0,0$&                           4%,1$!+203$).";%"#,S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}(,A0)*$.& ...
S/(*$&9E?)^&&  6)<-#/,)&!4*)/&:(<<4-/C&>/)C)*+(A<&•  >A0)*$&-@$(0*<&/)<-#/,)&-4*)/f<&#<)/*(3)&(*C&   ?(<<4-/C&C0/),$AE&2/-...
7P,%(*D)&6!&>/)C<&2-/&",,)<<&9-5)*&                             4&&"##7$8").";%"#,:!89&_(<_$-5)*I-(#$%U&b99:_kIk&b-<$^&(<I...
S/(*$&9E?)^&>A0)*$&>/)C)*+(A<&•  >A0)*$&,(*&/)L#)<$&(*&(,,)<<&$-5)*&#<0*D&-*AE&0$<&-4*&   ,/)C)*+(A<&•  V-/&/)<-#/,)<&#*C)...
S/(*$&9E?)^&6)2/)<%&9-5)*&•  ;2&(&/)2/)<%&$-5)*&4(<&0<<#)C&$-&$%)&,A0)*$&C#/0*D&$%)&   )P,%(*D)&-2&(&?/0-/&D/(*$K&0$&,(*&@...
6)2/)<%0*D&(*&",,)<<&9-5)*&                                4&&"##7$8").";%"#,:!89&_(<_$-5)*I-(#$%U&b99:_kIk&b-<$^&(<I)P(3?...
7P$)*<0-*&S/(*$&9E?)<&•  7P$)*<0-*&(#$%-/01(+-*&D/(*$&$E?)<&,(*&@)&   C)h*)C&@E&(<<0D*0*D&$%)3&(&#*0L#)&(@<-A#$)&c6;&   2-...
:(/+(A&8?),0h,(+-*&F(*C<,(?)&H"I)?07$8")                                                                           9#+)?07...
"D)*C(&•    !"#$%&C/0H)/<&•    8,/))*<%-$&C)3-&•    !"#$%&%0<$-/E&•    !"#$%&U&•    !"#$%&0*&,-*$)P$&•    o)E&#<)&,(<)<&• ...
>-*$/(<$&.&>-3?-<)&
d";Ä&`d)$&"*-$%)/&;C)*+$E&Ä)**a&                                             !"#$%&   8"BF&                          • 88!...
!"#$%&/)A(+-*<%0?&$-&!?)*;J&•  ;*&-*)&<)*<)K&!"#$%&.&!?)*;J&(/)&-/$%-D-*(AK&   0)&!?)*;J&,-#AC&@)&#<)C&$-&(#$%)*+,($)&#<)/...
:/-@A)3<&40$%&!?)*;J&UIZ&•  F-*D&c6F&A030$(+-*<&   –  B(*E&3-@0A)&@/-4<)/&(*C&<-3)&:>&@/-4<)/<&,%-5)&($&      A-*D&c6F<&,(...
!?)*;J&>-**),$&•  J)<0D*)C&$-&(CC/)<<&?/)H0-#<AE&<$($)C&   A030$(+-*<&-2&!?)*;J&UIZ&•  6)Q),$<&(&%(/3-*01(+-*&-2&3#A+?A)& ...
!?)*;J&>-**),$&V(30AE&$/))&V(,)=--5&>-**),$&                        vN9&
Z&
!?)*;J&>-**),$&/)A(+-*&$-&!"#$%&•  N%)/)(<&!"#$%&0<&(&D)*)/(A&3),%(*0<3&$-&   (#$%-/01)&":;&(,,)<<K&!?)*;J&>-**),$&?/-hA)<...
8"BF&.&!"#$%&    8"BF&                  GbE@/0CG&&,(//E&!"#$%&$-5)*&             !"#$%&&                          0*&8"BF&...
8)L#)*,0*D&  ;C)*+$E&?/-H0C)/&                 8)/H0,)&?/-H0C)/&                         8"BF&                         &  ...
9/(C0*D&Use SAML assertion( or JWT) forOAuth client authentication and/or OAuth grant type:!89&_$-5)*&b99:_kIk&b-<$^&<)/H)...
9/(C0*D&&    8"BF&                       vN9&                       :/-hA)<&(<<)/+-*&?/-hA)&                              ...
!"#$%&/)A(+-*<%0?&$-&q">BF&                   9%-#D%&@-$%&2-,#<)C&-*&                   r(#$%-/01(+-*fK&!"#$%&.&          ...
!"#$%&0<&(#$%-/01(+-*g&•  J)?)*C<&-*&4%($&?(/$&-2&$%)&   (#$%1&)A)?%(*$&E-#&(/)&   A--50*D&($&   –    :-A0,E&`q">BFa&   – ...
cB"&.&!"#$%&•      User Managed Access extends OAuth 2.0 to allow for a user to manage       access to multiple (and distr...
cB"&.&!"#$%&               ST9#"!+),!$5%&"#               U$#,,$4G               WTU$#,-"!+X"#,$8")               0,4G    ...
"D)*C(&•    !"#$%&C/0H)/<&•    8,/))*<%-$&C)3-&•    !"#$%&%0<$-/E&•    !"#$%&U&•    !"#$%&0*&,-*$)P$&•    o)E&#<)&,(<)<&• ...
!"#$%&c<)&,(<)<&
c<)&,(<)&$(P-*-3E&                    >A-#C&                B-@0A)&      J0e)/)*$&     @#<0*)<<&             4-/52-/,)&   ...
J0<+*D#0<%0*D&2)($#/)<&•    W($#/)&-2&$%)&,A0)*$K&0)&3-@0A)&-/&4)@&(??&•    N%)$%)/K&(*C&%-4K&#<)/&(#$%)*+,($)<&$-&"8&•   ...
!"#$%&c<)&>(<)^&B-@0A)&>-*<#3)/& •  "&>-*<#3)/&>A-#C&=#<0*)<<&`)IDI&B(//0-]a&@#0AC0*D&    B-@0A)&"??<& •  :/-H0C)&88!&(,,)...
B-@0A)&>-*<#3)/^&&8?),0h,<&                                             ka&B-@0A)&(??A0,(+-*&A(#*,%)<&S                   ...
B-@0A)&>-*<#3)/<^&;*A0*)&-?+-*&                                           ka&B-@0A)&(??A0,(+-*&,-AA),$<&#<)/&             ...
J0<,#<<0-*&•  B-@0A)&,A0)*$<&(/)&D)*)/(AAE&*-$&0<<#)C&#*0L#)&,A0)*$&   ,/)C)*+(A<&&/($%)/&(AA&,-?0)<&<%(/)&$%)&<(3)&   –  ...
!"#$%&c<)&>(<)^&B-@0A)&>A-#C_8((<&&•  "&>A-#C&=#<0*)<<_8((8&@#0AC0*D&B-@0A)&"??A0,(+-*<&•  8#??-/$<&4-/52-/,)&(,,)<<&H0(&H...
B-@0A)&>A-#C&                                                                   ka&B-@0A)&(??A0,(+-*&A(#*,%)<&;C:&        ...
c>&&;*$)/*(A&8)/H)/&>A0)*$<&•  7*$)/?/0<)&,-**),$<&0*$)/*(A&(??A0,(+-*<&   $%/-#D%&6789&":;<&2-/&0*$)D/(+-*&•  >A0)*$<&3(E...
;*$)/*(A&":;<^&O&"#$-*-3-#<&                                              kI    ;*$)/*(A&,A0)*$&(#$%)*+,($)<&$-&          ...
;*$)/*(A&":;<^&&O&J)A)D($)C&                                                   kI    >A0)*$&(??A0,(+-*&A(#*,%)<&          ...
>A-#C&=#<0*)<<_8((8&•    "&>A-#C&=#<0*)<<_8((8&?/-H0C)<&C($(&(,,)<<&$%/-#D%&6789&":;<&•    ":;&,A0)*$<&(/)&4)@&(??A0,(+-*<...
VA-4&        kI    >A0)*$&(??A0,(+-*&/)$/0)H)<&8"BF&              (<<)/+-*&2/-3&A-,(A&;C:&        UI    >A0)*$&<)*C<&8"BF&...
"D)*C(&•    !"#$%&C/0H)/<&•    8,/))*<%-$&C)3-&•    !"#$%&%0<$-/E&•    !"#$%&U&•    !"#$%&0*&,-*$)P$&•    o)E&#<)&,(<)<&• ...
!"#$%&U&8),#/0$E&B-C)A&•  N)AAK&0$&<-/$&-2&C)?)*C<p&  –  9-5)*&$E?)&  –  S/(*$&$E?)&  –  >A0)*$&$E?)&•  "A<-K&0$f<&50*C&-2...
8)<<0-*&>--50)&"*(A-DE&&•  !"#$%&#<0*D&@)(/)/&$-5)*<&0<&<-/$&-2&A05)&<)<<0-*&   ,--50)<&2-/&":;_/)<-#/,)&(,,)<<&&•  S)*)/(...
N%($&(@-#$&B">g&•  b)A?<&40$%&$%)&C0<,-H)/E&?/-@A)3&•  8+AA&50*C&-2&<030A(/&$-&<)<<0-*&,--50)<&   –  ;*&2(,$K&$%)&B">&<?),...
9-5)*<&.&80D*0*D&&•  80D*)C&9-5)*<&  –  9-5)*&0<&<0D*)C&@E&$%)&0<<#)/&`"8a&  –  vN9K&8N9K&8"BFK&)$,I&  –  9-5)*&0<&<)A2O,-...
N%E&(/)*f$&9-5)*<&J)h*)Cg&•  ;$f<&-5(EK&0$&/)(AAE&0<&•  ;&C-*f$&5*-4&4%E&)P(,$AEK&@#$&;fH)&D/-4*&$-&   (,,)?$&(*C&)H)*&A05...
!$%)/&8),#/0$E&8$#e&•    6)2)/)*,)&<$EA)&$-5)*<&*))C&(&A-$&-2&)*$/-?E&•    6)H-,(+-*&0<&D--C&$-&?/-H0C)&•    9F8&•    >A0)...
"D)*C(&•    !"#$%&C/0H)/<&•    8,/))*<%-$&C)3-&•    !"#$%&%0<$-/E&•    !"#$%&U&•    !"#$%&0*&,-*$)P$&•    o)E&#<)&,(<)<&• ...
N(A5&$%/-#D%&•  N(A5&$%/-#D%&<,)*(/0-&-2&(*&)3?A-E))&#<0*D&(&   *(+H)&(??&-*&$%)0/&?%-*)_$(@A)$&$-&0*$)/(,$&   40$%&(&8((8...
N(A5&$%/-#D%&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&!"#$%&                    &                    &&&&...
F-(C&(#$%1&?(D)&
F-(C&(#$%1&?(D)&
F-(C&(#$%1&?(D)&S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}3-@0A)(??.<$($)}%-<)/./)C0/),$x#/0}3-@0A)(??^__/)C0/),$x%)/)./)<?-*<...
;C:&J0<,-H)/E&
;C:&J0<,-H)/E&
;C:&C0<,-H)/E&
88!&6)L#)<$&
88!&/)L#)<$&
88!&6)L#)<$&                     à2-/3&3)$%-C}z?-<$z&(,+-*}z%]?<^__0C?I)P(3?A)I-/D_8"BFU_88!_:!89z&â&                     ...
c<)/&(#$%)*+,(+-*&
c<)/&(#$%)*+,(+-*&
c<)/&(#$%)*+,(+-*&
88!&/)<?-*<)&
88!&6)<?-*<)&
88!&6)<?-*<)&à<(3A^"<<)/+-*â&à<(3A^;<<#)/â%]?<^__0C?I)P(3?A)I-/D_8"BFUà_<(3A^;<<#)/â&àC<^80D*($#/)&P3A*<^C<}z%]?^__444I4YI...
6)<?-*<)&40$%&,-C)&
6)<?-*<)&40$%&,-C)&
6)<?-*<)&40$%&,-C)&b99:_kIk&YZU&V-#*C&F-,(+-*^&3-@0A)(??^__/)C0/),$x%)/)g&  &<$($)}%-<)/.&  &,-C)}401v3(89:"2Z4L8)=YH3JPU3...
9/(C)&,-C)&2-/&$-5)*&
9/(C)&,-C)&2-/&$-5)*&
9/(C)&,-C)&2-/&$-5)*&:!89&_(<_$-5)*I-(#$%U&b-<$^&(<I,-3&,A0)*$x0C}(./)C0/),$x#/0}3-@0A)(??^__     /)C0/),$%)/).D/(*$x$E?)}...
>A0)*$&,(AA<&":;&
>A0)*$&,(AA<&":;&
>A0)*$&,(AA<&":;&%]?<^__D/(?%I2(,)@--5I,-3_?(#AI)I3(C<)*_  2/0)*C<_g  (,,)<<x$-5)*}A8=@,0RvDtB<w08LÅF=/17qDCR3o  cW%!5EV&&...
Ä)/02E&$-5)*&
Ä)/02E&$-5)*&
Ä)/02E&$-5)*&S79&_(<_$-5)*I-(#$%Ug      ,A0)*$x0C}@.,A0)*$x<),/)$}?4C.D/(*$x$E?)}#/*^?0*D^H(A0C($).$-5)*}A8=@,0RvDtB<w08LÅ...
6)$#/*&J($(&
6)$#/*&J($(&
6)$#/*&C($(&b99:_kIk&UZZ&!o&>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&
&903)&?(<<)<&&&&
6)2/)<%&$-5)*&
6)2/)<%&$-5)*&
6)2/)<%&$-5)*&/)L#)<$&:!89&_(<_$-5)*I-(#$%U&b99:_kIk&b-<$^&A-,(A%-<$^sZYk&&,A0)*$x0C}(.D/(*$x$E?)}/)2/)<%x$-5)*.&&/)2/)<%x...
S)$&2/)<%&(]/0@#$)<&
S)$&2/)<%&(]/0@#$)<&
S)$&2/)<%&(]/0@#$)<&8>;B&-/&8"BFgg&
6)$#/*&(,,)<<&$-5)*&
6)$#/*&(,,)<<&$-5)*&
6)$#/*&(,,)<<&$-5)*&b99:_kIk&UZZ&!o&>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&z$-5)*x$E?)z^z=)(/)/zKz)P?0/)<x0*z^zÇZzK...
&60*<)&.&/)?)($&p&&&&
&(/,%0H)&&&
B-@0A)&(??&;CB&(/,%0$),$#/)&&
W(+H)&H<&4)@&(??<&•  W-$&D-0*D&$-&$/E&$-&?/)C0,$&40**)/&&)P?),$&@-$%&•  "#$%)*+,(+-*&.&(#$%-/01(+-*&<%-#AC&@)&,-*<0<$)*$& ...
V)C)/(+-*&•  V)C)/(+-*&(@<$/(,$<&(4(E&2/-3&(??A0,(+-*<&   <?),0h,<&-2&(#$%)*+,(+-*&.&(#$%-/01(+-*&&   -#$<-#/,)C&$-&<?),0(...
9-5)*<&•  V)C)/($)C&(#$%)*+,(+-*&2-/&@-$%&4)@&(*C&   *(+H)&3-@0A)&(??A0,(+-*<&0<&@(<)C&-*&)P,%(*D)&   (*C&C)A0H)/E&-2&&(")...
V)C)/(+-*&$(5)<&C0e)/)*$&2-/3<&   V-/&4)@&(??<K&$-5)*<&,(//E&     =/-4<)/&                                      (??&      ...
9-5)*<&2-/&3-@0A)&4)@&(??A0,(+-*<&•  V)C)/(+-*&2-/&4)@&(??A0,(+-*<&3(*02)<$<&(<&   88!&2/-3&<-3)&;C:&$-&$%)&(??A0,(+-*&?/-...
9-5)*<&2-/&4)@&(??A0,(+-*<&;C)*+$E&?/-H0C)/&              8)/H0,)&?/-H0C)/&   kI  c<)/&$/(C)<&                            ...
=)<$&?/(,+,)<&•  8$(*C(/C<&   –  !?)*;J&UIZ&2-/&,-*<#3)/&<,)*(/0-<&   –  8"BF&UIZ&2-/&)*$)/?/0<)&.&,A-#C&   –  N8OV)C)/(+-...
9-5)*<&2-/&*(+H)&(??A0,(+-*<&•  W(+H)&(??A0,(+-*<&(#$%)*+,($)&$-&6789&":;<&@E&   ?/)<)*+*D&(&$-5)*&-*&$%)&,(AA&•  9%)&?/),...
B-@0A)&(#$%*&-?+-*<&                                           • E(5#10!"5(+,1W!560!,D_C>"55"5>!$(#"!                :)*+)...
9-5)*<&2-/&*(+H)&(??A0,(+-*<&8)/H0,)&?/-H0C)/&                     kI  c<)/&$/(C)<&,/)C)*+(A<&2-/&(&$-5)*&                ...
=)<$&?/(,+,)<&•  c<)&$%)&@/-4<)/&$-&(#$%)*+,($)&$%)&#<)/&$-&$%)&"8K&   C-*f$&,-AA),$&#<)/&?(<<4-/C<&40$%0*&*(+H)&(??A0,(+-...
OAuth 101 & Secure API's - Paul Madsen and Brian Campbell, Ping Identity
OAuth 101 & Secure API's - Paul Madsen and Brian Campbell, Ping Identity
Upcoming SlideShare
Loading in...5
×

OAuth 101 & Secure API's - Paul Madsen and Brian Campbell, Ping Identity

3,133

Published on

A key technical underpinning of the Cloud are Application Programming Interfaces (API) - consistent methods for applications to interface with services in the cloud. More and more it will be through APIs that cloud data moves. The security of consumer APIs was threatened by the so-called 'password anti-pattern' – a model in which a client would collect and replay the password for a user at an API in order to access information on behalf of that user. OAuth not only defeats the password anti-pattern, but does much more. OAuth 2.0 defines a consistent, flexible identity and policy architecture for web applications, web services, devices, and desktop clients attempting to communicate with Cloud APIs. We'll discuss what OAuth provides, where it came from, and where its going.



About Paul Madsen
Paul Madsen is a Senior Technical Architect within the Office of the CTO at Ping Identity. He has served in various design, chairing, editing, and education roles for a number of federation standards, including OASIS Security Assertion Markup Language (SAML), OASIS Service Provisioning Markup Language (SPML), and Liberty Identity Web Services Framework (ID-WSF). He participates in a number of the Kantara Initiative's activities, as well as various other cloud identity initiatives. He holds an M.Sc. in Applied Mathematics and a Ph.D. in Theoretical Physics from Carleton University and the University of Western


About Brian Campbell
As Principal Architect for Ping Identity, Brian Campbell aspires to one day know what a Principal Architect actually does for a living. In the meantime, he tries to make himself useful by ideating, designing and building software systems such as Ping’s flagship product PingFederate. When not making himself useful, he contributes to various identity and security standards including a two-year stint as co-chair of the OASIS Security Services Technical Committee and a current focus on OAuth 2.0 within the IETF. He holds a B.A., magna cum laude, in Computer Science from Amherst College in Massachusetts. Despite spending four years in the state, he has to look up how to spell "Massachusetts" every time he writes it.

Published in: Technology, Spiritual
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,133
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
104
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Transcript of "OAuth 101 & Secure API's - Paul Madsen and Brian Campbell, Ping Identity"

  1. 1. !"#$%&&(#$%)*+,(+-*&.&(#$%-/01(+-*& 2/(3)4-/5&2-/&6789&":;<& =/0(*&>(3?@)AA&.&:(#A&B(C<)*& :0*D&;C)*+$E&
  2. 2. F-D0<+,<&•  9%)&(??/-?/0($)&2-/3&-2&(CC/)<<&2-/&$%)&<?)(5)/<&0<&G80/G&•  "@<$/(,$&$%0*50*D&($&)A)H(+-*&,(*&@)&C(*D)/-#<I&J/0*5&?A)*$E&-2& 4($)/I&&•  6)A($)C&$-&?/)H0-#<K&$%)/)&40AA&@)&*-&@0-&@/)(5<K&?A)(<)&3(5)&*-$)&-2& A-,(+-*&-2&@#,5)$&0*&@(,5&-2&/--3I&&•  ;2&E-#&40<%&$-&(<5&(&L#)<+-*K&?A)(<)&$4))$&0$&40$%&$%)&$(D& GM?(#A(*C@/0(*<(4)<-3)-(#$%4-/5<%-?G&•  N)&40AA&@)&C-0*D&(&/-A)O?A(E0*D&)P)/,0<)&$-&<03#A($)&$%)&!"#$%&Q-4I& 8$(/$&$%0*50*D&(@-#$&4%-&E-#&4(*$&0*&E-#/&D/-#?<&-2&R&(*CK& 03?-/$(*$AEK&4%-&40AA&?A(E&$%)&/-A)&-2&$%)&GC#3@G&,A0)*$I&•  9%)/)&40AA&@)&(*&!"#$%&L#01&($&$%)&)*CI&9%)&%0D%)<$&<,-/)&40AA&/),)0H)& (&S--DA)T&0*H0$)I&9%)&U*C&%0D%)<$&<,-/)&40AA&/),)0H)&U&0*H0$)<&)$,&•  V-/&B-*C(E&C0**)/K&& –  850&90?&/)<$(#/(*$&O&W-$&($&$-?&-2&3-#*$(0*& –  =#<)<&,-AA),$&($&XIYZ& –  W-&<?-#<)<&$-*0$)&&<?(,)&,-*<$/(0*)C&
  3. 3. "   8)*0-/&9),%*0,(A&"/,%0$),$&40$%0*&$%)&![,)&-2& $%)&>9!&($&:0*D&;C)*+$E& " ?3(C<)*?0*D0C)*+$EI,-3& " %]?^__444IA0*5)C0*I,-3_0*_?(#A3(C<)*&"   8)/H)C&0*&H(/0-#<&C)<0D*K&,%(0/0*DK&)C0+*DK&(*C& )C#,(+-*&/-A)<&2-/&(&*#3@)/&-2&2)C)/(+-*& <$(*C(/C<K&0*,A#C0*D&8:BFK&;JON8V&.& ;*2-/3(+-*&>(/C<&"   N-/5)C&40$%&<#,,)<<2#A&<$(*C(/C<&$--K&A05)& 8"BF&.&`%-?)2#AAEa&!"#$%&.&8>;B&"   b-AC<&(*&BI8,I&0*&"??A0)C&B($%)3(+,<&(*C&(&:%IJI&0*&9%)-/)+,(A&:%E<0,<&2/-3&>(/A)$-*& c*0H)/<0$E&(*C&$%)&c*0H)/<0$E&-2&N)<$)/*&!*$(/0-&/)<?),+H)AEI& "   ;&5*-4K&3E&@-EG<&40,5)C&<3(%$I& "   d)$K&?/-2)<<0-*(AAEK&%)&0<&)e),+H)AE&3E&?))/I& "   8-&4%-f<&<-&<3(/$&*-4K&)%g&"   8)A2&(<<)/$)C&B-<$&;*$)/)<+*D&B(*&0*&;C)*+$E&& "   J-)<*f$&(A4(E<&C/0*5&@)2-/)&*--*K&@#$&4%)*&%)&C-)<&`E-#&5*-4K&02&$%)/)&4(<&(&A-*D& 3))+*D&-/&<-3)$%0*DaK&%)&?/)2)/<&(&S.9& "   !/&<0P&"   :/-A0h,&$4))$)/&40$%&4)AA&-H)/&%(A2&(&$%-#<(*C&2-AA-4)/<&O&?(#A3(C<)*&"   8+AA&@A-D<&`%-4&L#(0*$a&($&,-**),+CI@A-D<?-$I,-3&.&?(#A3(C<)*I?-<$)/-#<I,-3&"   8+AA&4(0+*D&2-/&(&S--DA)T&0*H0$)&
  4. 4. =/0(*&>(3?@)AA&•  F)(C<&:0*D&7*D0*))/0*D&$)(3&(CC0*D&!"#$%&$-& ?/-C#,$&A0*)&•  =),(3)&<-i4(/)&C)H)A-?)/&(i)/&/)(A010*D&,%-<)*& ,(/))/&-2&A02)&,-(,%&0*H-AH)C&$(A50*D&$-&?)-?A)&•  N0$%0*&<$(*C(/C<&4-/AC&&%(<&(,%0)H)C&*-$-/0)$E& 2-/&%(@0$&-2&4-/50*D&?/-2(*0$E&0*$-&*(3)<?(,)& c6;<&•  N%0A)&,%(0/0*D&!"8;8&8"BF&9>K&9>&/)H)*#)<& 0*,/)(<)C&2/-3&jZ&$-&jkIXZ&C#)&$-&%0<&0C)(&2-/&(& GS0H)&3)&jkllG&,(3?(0D*&•  N0$%0*&:0*DK&/#*<&N)A,-3)&N(D-*&2-/&*)4& )3?A-E))<&•  "H0C&?%-$-D/(?%)/&&?%-$-<&%(H)&D/(,)C&$%)&2/0D<& -2&3(*E&-2&%0<&2(30AE&•  >#//)*$AE&,-O)C0+*D&$%)&8"BF&"<<)/+-*&?/-hA)& 2-/&!"#$%I&;*&$%($&,-*$)P$K&?/-?-<0*D&(&G6)(C&$%)& mjM.n&<?),G&)//-/&/)<?-*<)&,-C)&•  b(<&(A3-<$&-@<)<<0H)&0*$)/)<$&0*&>(*(C(&•  4))#*L#0)$30*C&
  5. 5. "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  6. 6. "#$%)*+,(+-*&2-/&8!":&•  9%)&8!":&4-/AC&%(<&A-*D&%(C&<$(*C(/C<&/)A($)C&$-& (#$%)*+,(+-*&.&(#$%-/01(+-*&-2&4)@&<)/H0,)<&•  N8O9/#<$&C)h*)<&(&?/-$-,-A&@E&4%0,%&(&8!":&,A0)*$& ,(*&-@$(0*&(&<),#/0$E&$-5)*&`$E?0,(AAE&(&8"BF& (<<)/+-*a&•  N8O8),#/0$E&<+?#A($)<&%-4&$-&(](,%&$%)&$-5)*& `8"BF&(<<)/+-*a&$-&(&8!":&/)L#)<$&
  7. 7. =#$&pII&
  8. 8. ka&6789&(#$%)*+,(+-*&•  6789&4-/AC&%(<&*-$&%(C&,-3?(/(@A)&<$(*C(/C<&•  W-$%0*D&,-3?(/(@A)&$-&N8O8),#/0$E&O&30<%3(<%&-2& b99:&=(<0,K&b99:&J0D)<$K&?/-?/0)$(/E&3),%(*0<3<K& (*C&3#$#(A&88F&2-/&,A0)*$&(#$%)*+,(+-*&&•  W-$%0*D&,-3?(/(@A)&$-&N8O9/#<$&&,-*<)L#)*$AE& ,A0)*$&@)(/<&@#/C)*&-2&3(*(D0*D&,/)C)*+(A<&.&$/#<$&
  9. 9. Ua&:(<<4-/C&(*+O?(])/*&&80$)<&(<5<&d!c&2-/&E-#/&S!!SF7&?(<<4-/C&<-&0$&,(*&(,,)<<&E-#/&S--DA)&<$#eI&
  10. 10. 9<5&$<5l&•  >A0)*$&3#<$&<$-/)&?(<<4-/C<&•  9)(,%)<&#<)/<&$-&@)&0*C0<,/030*($)& 40$%&$%)0/&?(<<4-/C<&•  B-/)&C0[,#A$&$-&3-H)&$-&3#A+O2(,$-/& (*C&2)C)/($)C&(#$%)*+,(+-*&•  J-)<*f$&<#??-/$&D/(*#A(/&?)/30<<0-*<K& )IDI&q&,(*&/)(C&@#$&*-$&4/0$)&•  J-)<*f$&<#??-/$&5*-4A)CD)_ C0e)/)*+(+-*&-2&$%)&(,,)<<&D/(*$)C&•  J-)<*f$&<#??-/$&`)(<Ea&/)H-,(+-*&&$-& @)&<#/)&-2&$#/*0*D&-e&(,,)<<&#<)/<& 3#<$&,%(*D)&?(<<4-/C&&
  11. 11. ;3?-/$(*,)&-2&/)H-,(+-*& 9%0<&0<&<%0*Elllll& ;&<%-#AC&#<)&$%($&3-/)& N9V&0<&$%0<&$%0*Dg&
  12. 12. Ya&>A-#C&":;<&•  N0$%0*&3-H)&$-4(/C<&8((8&&$/)*C&$-4(/C<&":;&(,,)<<& $-&C($(_<)/H0,)<&$-&<#??A)3)*$_/)?A(,)&@/-4<)/& (,,)<<&•  Salesforce.com expects that within the next year – only 1/3 of access will be via browser&•  ":;<&-2&:((8&-e)/0*D<&(AA-4&$%)&,#<$-3)/&$-&)P?-<)&0$<& -4*&,A-#C&<)/H0,)<&•  >A)(/&$/)*C&2-/&$%)<)&":;<&0<&$-4(/C<&6789&
  13. 13. >A-#C&,#/)<&)H)/E$%0*D&
  14. 14. Ra&W(+H)&3-@0A)&(??<&?(#A3(C<)*& 4))c*L#0)$B0*C&
  15. 15. "<0C)&O&W(+H)&H<&4)@&•  W-$&D-0*D&$-&$/E&$-&?/)C0,$&40**)/&&)P?),$&@-$%&•  W(+H)G<&,#//)*$&?-?#A(/0$E&A05)AE&@(A(*,)C&@E& b9BFX&2)($#/)<&•  "#$%)*+,(+-*&.&(#$%-/01(+-*&<%-#AC&@)&,-*<0<$)*$& (,/-<<&@-$%&3-C)A<K&<-&$%($& –  c<)/<&(/)&*-$&,-*2#<)CK&)D&#<)&C0e)/)*$& ,/)C)*+(A<&(*C_-/&(#$%)*+,(+-*&,)/)3-*E&2-/& $%)&$4-&3-C)A<K&)H)*&02&(,,)<<0*D&$%)&<(3)& (??A0,(+-*& –  8)/H0,)&:/-H0C)/<&(/)*f$&2-/,)C&$-&03?A)3)*$& C#?A0,($)&.&0*,-3?(+@A)&<),#/0$E&2/(3)4-/5<& 2-/&$%)&$4-&3-C)A<&
  16. 16. J/0H)/<& :(<<4-/C&F(,5&-2& (*+O<$(*C(/C<& ?(])/*& !"#$%& & W(+H)& & 3-@0A)& >A-#C&":;<& "??A0,(+-*<&
  17. 17. 7*$)/&!"#$%l&•  "*&-?)*&?/-$-,-A&$-&(AA-4&<),#/)&":;&(#$%-/01(+-*&0*&(& <03?A)&(*C&<$(*C(/C&3)$%-C&2/-3&C)<5$-?K&3-@0A)&(*C& 4)@&(??A0,(+-*<I&•  J)h*)<&(#$%-/01(+-*&.&(#$%)*+,(+-*&2/(3)4-/5&2-/& 67892#A&":;<&•  "??A0)C&$-&C)A)D($)C&(#$%-/01(+-*&&30+D($)<&?(<<4-/C& (*+O?(])/*&O&(/,%)$E?0,(A&#<)&,(<)&•  :/-H0C)<&(&<$(*C(/C&4(E&$-&D0H)&(&r5)Ef&$-&(&$%0/CO?(/$E& 4%0,%&(AA-4<&-*AE&A030$)C&(,,)<<&$-&?)/2-/3&<?),0h,& 2#*,+-*<& –  N0$%-#$&C0H#AD0*D&E-#/&,/)C)*+(A<&&
  18. 18. "*&!H)/#<)C&"*(A-DE&OAuth is your valet key to the InterwebsIt’s going happen one way or the other so mayas well tax and regulate!
  19. 19. "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  20. 20. Real World Demo ->brizzly.com accesses the twitters &
  21. 21. Real World Demo ->brizzly.com accesses the twitters &
  22. 22. Real World Demo ->brizzly.com accesses the twitters &
  23. 23. Real World Demo ->brizzly.com accesses the twitters &
  24. 24. Real World Demo ->brizzly.com accesses the twitters &
  25. 25. Real World Demo ->brizzly.com accesses the twitters &
  26. 26. Real World Demo ->brizzly.com accesses the twitters &
  27. 27. Real World Demo ->brizzly.com accesses the twitters &
  28. 28. "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  29. 29. A [confusing] Little History&•  First was the Emergence of Proprietary Solutions –  Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API, Flickr API, AWS API, and more•  OAuth Core 1.0 [Oct 2007] –  Open protocol to standardize what was already being done•  OAuth Core 1.0 Revision A [June 2009] –  Addresses a session fixation attack•  The OAuth 1.0 Protocol / RFC 5849 [April 2010] –  Move to the IETF as informational documentation of 1.0a with editorial clarifications and errata
  30. 30. !"#$%&903)A0*)& N6":& vN9& ;79V& !"#$%&UIZ& ;*2-&6V>&XtRs& & !"#$%&kIZ(& >-33#*0$E& !"#$%&kIZ&UZZu& UZZt& UZZs& UZkZ& UZkk&
  31. 31. B-/)&b0<$-/EK&8+AA&>-*2#<0*D&•  !"#$%&N6":&`N)@&6)<-#/,)&"#$%-/01(+-*& :/-hA)<a [v(*&UZkZ] –  Better Support for non-web applications –  Simplify the Client –  Short lived, opaque, bearer access tokens with long lived refresh tokens –  Cleaner separation of roles •  Server handling authorization requests •  Server handling protected resource access •  Client –  Simple Web Token (SWT) •  Attempt to standardize an access token format•  Oauth 2.0 [in progress]
  32. 32. b-*)<$AE&8(AAEll&;&,(*G$&@)A0)H)&E-#&2)AA&2-/&$%)&G;&C-*f$&%(H)&3E&$-5)*x<),/)$&40$%&3)G&A0*)ll&>A0)*$<&%(H)&@))*&$)AA0*D&#<&68<&$%($&-*)&2-/&E)(/<ll& =#$&%)&)P?A(0*)C&$%($&%)&%(C&2-/D-])*&0$&($&%-3)I& "*C&(*E4(E<K&dH-**)&($&$%)&<(A-*&$-AC&3)&$%($& !"#$%&N6":&C-)<*f$&)H)*&/)L#0/)&,A0)*$& <0D*($#/)<&<-&;&C-*G$&5*-4&4%E&E-#&(/)&@)0*D&<-& w#CD)3)*$(A&p&&
  33. 33. "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  34. 34. OAuth 2.0•  >-*,)?$#(AAE&<030A(/&$-&N6":&•  N0$%&@#0A$&0*&)P$)*<0@0A0$E&•  >A)(/&<)?(/(+-*&-2&D)y*D&(&$-5)*&(*C&#<0*D&(&$-5)*& –  7(/AE&C/(i<&%(C&(*&-?+-*&2-/&$-5)*&<0D*($#/)<&@#$&$%($&4(<& C/-??)C& –  z!"#$%&UIZ&0<&=(C&2-/&$%)&N)@{&&<?),&(#$%-/_)C0$-/& –  =)(/)/&$-5)*<& –  6)$#/*&-2&$%)&B">&•  "??/-(,%0*D&h*(A&<$(*C(/C01(+-*&0*&;79V& –  6)(AAEg&& –  >#//)*$AE&($&C/(i&Okt&&•  "??A0,(@A)&$-&3(*E&-$%)/&<,)*(/0-<&&)H)*&$%-<)&40$%&*-&#<)/<&•  W-$(@A)&2-/&0$<&-?+301(+-*<&2-/&3-@0A)& –  !%&E)(%g&
  35. 35. !"#$%&UIZ&9)/30*-A-DE^&6-A)<&•  !"#$%!&"$()"!^&(*&)*+$E& `#<#(AAE&(*&)*CO#<)/_?)/<-*a ,(?(@A)&-2&D/(*+*D&(,,)<<&$-&(& ?/-$),$)C&/)<-#/,)&I&•  &*+"),^&(*&(??A0,(+-*&-@$(0*0*D& (#$%-/01(+-*&(*C&3(50*D& ?/-$),$)C&/)<-#/,)&/)L#)<$<& `-*&@)%(A2&-2&$%)&/)<-#/,)& -4*)/aI&&•  !"#$%!&"#"!-"!`./a^&$%)& <)/H)/&%-<+*D&?/-$),$)C& /)<-#/,)<&•  0%,1$!+203$)#"!-"!`4/a^&(& <)/H)/&,(?(@A)&-2&0<<#0*D& $-5)*<K&-@$(0*0*D& (#$%-/01(+-*K&(*C& (#$%)*+,(+*D&/)<-#/,)& -4*)/<I&
  36. 36. B-/)&9)/30*-A-DE^&9-5)*<&•  ",,)<<&9-5)*& –  ,/)C)*+(A&#<)C&@E&,A0)*$&$-&(,,)<<&?/-$),$)C&/)<-#/,)<&($&$%)&68& –  ?)/30<<0-*<&(e-/C)C&@E&$%)&$-5)*&,(*&@)&<,-?)C& –  0<<#)C&@E&$%)&"8&& –  <$/#,$#/)&0<&#*C)h*)C&@E&$%)&<?),`<a& –  #<#(AAE&-?(L#)&$-&$%)&,A0)*$& –  D)*)/(AAE&<%-/$&A0H)C& –  ,(*&@)&<)A2&,-*$(0*)C&-/&(&/)2)/)*,)& –  <%0i<&,-3?A)P0$E&2/-3&$%)&68&$-&$%)&"8&•  6)2/)<%&9-5)*& –  #<)C&@E&,A0)*$&$-&-@$(0*&(&*)4&(,,)<<&$-5)*&4%)*&$%)&-AC&-*)& )P?0/)<& –  ,A0)*$&-*AE&<)*C<&$-&"8K&*)H)/&$-&68& –  D)*)/(AAE&A-*D&A0H)C&&
  37. 37. ",,)<<&9-5)*&9E?)<&•  ",,)<<&$-5)*<&,(*&%(H)&C0e)/)*$& –  2-/3($<& –  <$/#,$#/)<& –  3)$%-C<&-2&#+A01(+-*&`)IDI&,/E?$-D/(?%0,&?/-?)/+)<a&•  ",,)<<&$-5)*<&3#<$&@)&C)h*)C&@E&,-3?(*0-*& <?),0h,(+-*<& –  $-5)*x$E?)&& –  (CC0+-*(A&?(/(3)$)/<&(<&*))C)C& –  %-4&$-&#<)&($&68&
  38. 38. =)(/)/&",,)<<&9-5)*<&•  "*E&?(/$E&0*&?-<<)<<0-*&-2&$%)&$-5)*&`(& z@)(/)/za&,(*&#<)&$%)&$-5)*&0*&(*E&4(E&$%($& (*E&-$%)/&?(/$E&0*&?-<<)<<0-*&-2&0$&,(*I&•  $-5)*x$E?)^&=)(/)/&&•  9-5)*&,(*&@)&?/)<)*$)C&$-&$%)&68&0*&b99:& "#$%-/01(+-*&b)(C)/K&&=-CE&:(/(3)$)/K&-/& |#)/E&:(/(3)$)/&•  6)L#0/)<&9F8&•  9-5)*&<$/#,$#/)&<+AA&#*C)h*)C&
  39. 39. B">&",,)<<&9-5)*<&•  "I5I(I&:/--2&-2&?-<<)<<0-*&$-5)*K&?/--2&$-5)*K&b-o&$-5)*&•  J)h*)<&(*&b99:&B">&(,,)<<&(#$%)*+,(+-*&<,%)3)&`5)E&0CK& B">&5)E&.&(AD-/0$%3K&(*C&0<<#)&+3)a& –  ;C&0<&<)*$&40$%&/)L#)<$&& –  o)E&0<&<%(/)C&<E33)$/0,&<),/)$&@)$4))*&$%)&,A0)*$&(*C&$%)&<)/H)/& #<)C&$-&r<0D*f&/)L#)<$<&`$%)/)@E&?/-H0*D&?-<<)<<0-*&-2&$%)&<),/)$a&•  !"#$%&UIZ&@0*C0*D&2-/&#<)&(<&(*&(,,)<<O$-5)*&$E?)&& –  $-5)*x$E?)^&3(,& –  o)E&0C&0<&$%)&(,,)<<x$-5)*& •  V-/3($&.&<$/#,$#/)&0<&<+AA&#*C)h*)C& –  3(,x5)E&.&3(,x(AD-/0$%3&(<&(CC0+-*(A&?(/(3)$)/<&•  :/-$),$<&(D(0*<$&$-5)*&A)(5(D)&•  o0*C(&<+AA&*))C<&9F8&0*&<-3)&,(<)<&
  40. 40. B-/)&9)/30*-A-DE^&7*C?-0*$<&•  "8&7*C?-0*$<& –  4%,1$!+203$)")56$+),& •  #<)CK&H0(&#<)/O(D)*$&/)C0/),+-*K&$-&(#$%)*+,($)&(*C&-@$(0*& (#$%-/01(+-*&2/-3&$%)&/)<-#/,)&-4*)/I&& •  7*C&#<)/&-*&$%)&2/-*$&,%(**)AI& –  7$8")")56$+), •  c<)C&$-&)P,%(*D)&(*&(#$%-/01(+-*&D/(*$&2-/&(*&(,,)<<&$-5)*I& •  >A0)*$&-*&$%)&@(,5&,%(**)AI&•  >A0)*$&7*C?-0*$& –  ."5+!"&3$)9.: •  "i)/&,-3?A)+*D&0$<&0*$)/(,+-*&40$%&$%)&/)<-#/,)&-4*)/K&$%)&"8& C0/),$<&$%)&/)<-#/,)&-4*)/G<&#<)/O(D)*$&@(,5&$-&$%)&,A0)*$&($&$%)& ,A0)*$f<&/)C0/),+-*&c6;I& •  V/-*$&,%(**)A&,(AA@(,5&&
  41. 41. 9)/30*-A-DE^&"#$%-/01(+-*&S/(*$&•  S)*)/(A&$)/3&#<)C&$-&C)<,/0@)&$%)&0*$)/3)C0($)& ,/)C)*+(A<&/)?/)<)*+*D&$%)&/)<-#/,)&-4*)/& (#$%-/01(+-*&•  8)/H)<&(<&(*&(@<$/(,+-*&A(E)/& –  *-$&$%)&,A)(*)<$&(@<$/(,+-*&•  c<)C&@E&$%)&,A0)*$&$-&-@$(0*&(*&(,,)<<&$-5)*&•  "AA&$-5)*&)*C?-0*$&,(AA<&0*H-AH)&)P,%(*D0*D&<-3)& D/(*$&2-/&(*&(,,)<<&$-5)*&•  8?),&C)h*)<&<)H)/(A&$E?)<&(<&4)AA&(<&(*& )P$)*<0@0A0$E&3),%(*0<3&
  42. 42. 9)/30*-A-DE^&8,-?)&•  9%)&C)h*0+-*&-2&<,-?)&0<&`3-<$AEa&-#$&-2&<,-?)& –  8))&4%($&;&C0C&$%)/)g& –  9%)&<,-?)&-2&$%)&(,,)<<&/)L#)<$&0<&)P?/)<<)C&(<&(&A0<$&-2& <?(,)OC)A030$)CK&,(<)&<)*<0+H)&<$/0*D<I& –  !/C)/&C-)<*f$&3(])/I& –  9%)&H(A#)&(*C&3)(*0*D&-2&<,-?)&<$/0*D<&(/)&C)h*)C&@E&$%)& (#$%-/01(+-*&<)/H)/I&•  6)L#)<+*D_D/(*+*D&<?),0h,&<,-?)`<a&(AA-4<&$%)&(,,)<<& /0D%$<&(<<-,0($)C&40$%&(&$-5)*&$-&@)&A030$)C& –  7*(@A)<&$%)&?/0*,0?A)&-2&A)(<$&?/0H0A)D)&`-/&A)<<&?/0H0A)D)& (*E4(Ea& –  !*AE&(<5&2-/&4%($&0<&*))C)C&
  43. 43. "@<$/(,$&VA-4&•  >A0)*$&-@$(0*<&(#$%-/01(+-*&D/(*$&2/-3&/)<-#/,)& -4*)/n&•  >A0)*$&,(AA<&$%)&(#$%-/01(+-*&<)/H)/&$-&)P,%(*D)& $%)&D/(*$&2-/&(*&(,,)<<&$-5)*nn&•  >A0)*$&#<)<&$%)&(,,)<<&$-5)*&$-&(,,)<<&?/-$),$)C& /),-#/<)<&($&$%)&/)<-#/,)&<)/H)/nnn&n<-3)+3)<&nn#<#(AAE&nnn?/-@(@AE&
  44. 44. "#$%-/01(+-*&S/(*$&9E?)<&•  (#$%-/01(+-*&,-C)&•  03?A0,0$n&•  /)<-#/,)&-4*)/&?(<<4-/C&,/)C)*+(A<&•  ,A0)*$&,/)C)*+(A<&•  /)2/)<%&$-5)*&•  7P$)*<0-*<&n&-*)&-2&$%)<)&$%0*D<&0<&*-$&A05)&$%)&-$%)/<p&
  45. 45. S/(*$&9E?)^&"#$%-/01(+-*&>-C)&•  >A0)*$&<)*C<&/)<-#/,)&-4*)/K&H0(&@/-4<)/K&$-&$%)& (#$%-/01(+-*&)*C?-0*$&($&$%)&"8&& –  7*CO#<)/&(#$%)*+,($)<& –  7*CO#<)/&(??/-H)<&/)L#)<$)C&(,,)<<&•  "8&<)*C<&$%)&)*CO#<)/&$-&$%)&,A0)*$f<&/)C0/),$&c6;&(*C& 0*,A#C)<&$%)&,-C)&(<&(&L#)/E&?(/(3)$)/&•  >A0)*$&/),)0H)<&$%)&/)C0/),+-*&,(AA@(,5K&)P$/(,$<&$%)&,-C)K& (*C&<)*C<&0$&$-&$%)&"8&0*&)P,%(*D)&2-/&(*&(,,)<<&$-5)*&(*C& ?/-@(@AE&(&/)2/)<%&$-5)*&•  S/)($&2-/&4)@&(??&,A0)*$<& –  >A0)*$&(#$%)*+,(+-*& –  7(<E&$-&%(*CA)&$%)&/)C0/),$&•  !5(E&2-/&3-@0A)&,A0)*$<& –  N0$%-#$&,A0)*$&(#$%)*+,(+-*& –  W))C&$/0,5<&$-&%(*CA)&$%)&/)C0/),$&
  46. 46. S)y*D&(*&"#$%-/01(+-*&>-C)& 4%,1$!+203$).";%"#,S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}(,A0)*$.& &/)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_,@.& /%6"!<%$%#=0)050>0#1+)?@A+!#,&&&&&&&&&/)<?-*<)x$E?)},-C).<,-?)}@))/T%-,5)ETC-*#$<&b99:_kIk&& $BC0)Db-<$^&<)/H)/I)P(3?A)I,-3&& 4%,1$!+203$)."#6$)#" b99:_kIk&YZU&V-#*C& F-,(+-*^&%]?<^__,A0)*$I)P(3?A)I,-3_,@g,-C)}S),B7C0P8o6v!tP2?>qbDsVDUb1)&
  47. 47. 7P,%(*D)&"#$%-/01(+-*&>-C)&2-/&",,)<<&9-5)*& 4&&"##7$8").";%"#,:!89&_(<_$-5)*I-(#$%U&b99:_kIk&b-<$^&(<I)P(3?A)I,-3&>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt&&,A0)*$x0C}(,A0)*$.,A0)*$x<),/)$}%-<)/./)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_,@.D/(*$x$E?)}(#$%-/01(+-*x,-C).,-C)}S),B7C0P8o6v!tP2?>qbDsVDUb1)& 4&&"##7$8")."#6$)#" b99:_kIk&UZZ&!o& >(,%)O>-*$/-A^&*-O<$-/)& :/(D3(^&*-O,(,%)& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& && & &z$-5)*x$E?)z^z=)(/)/zK& &z(,,)<<x$-5)*z^z(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6{K&& &z)P?0/)<x0*z^YÇZZK &z/)2/)<%x$-5)*z^z389=?L|,8567>W2J,A26Jw67*3L)NÄ(?ZJ<)BÇ(q50P;q{& É&
  48. 48. =/0)2&;*$)/A#C)^&c<0*D&$%)&",,)<<&9-5)*& E!$,"&,"5."#$%!&".";%"#,(+,10F"0!"!7$8") S79&_C-#@A)_<),/)$_?/-@(+-*_/)<-#/,)&b99:_kIk&& b-<$^&/<I)P(3?A)I,-3&& "#$%-/01(+-*^&=)(/)/&(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6& G4=7$8")0F+,G$!"=$C6*+&0,"5&&&&&&:!89&_$(5)_-e_)%&b99:_kIk&&&&&&b-<$^&/<I)P(3?A)I,-3&&&&&&>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C&&&&&&"#$%-/01(+-*^&B">&0C}zwCsYC%sC%YsJzK&&&&&&&&&&&&&&&&&&&&&&&&&*-*,)}zUuYkXÇ^C0Y%HC2tzK&&&&&&&&&&&&&&&&&&&&&&&&&@-CE%(<%}z5s5@$>;EZ>5;Y_V72?8_-;Jw5Ç5}zK&&&&&&&&&&&&&&&&&&&&&&&&&3(,}zNu@CBÅ@HscN!9(C"8;|b(DÅE0/"}z&
  49. 49. S/(*$&9E?)^&;3?A0,0$&•  8030A(/&$-&$%)&(#$%-/01(+-*&,-C)&Q-4&)P,)?$p&&•  "i)/&/)<-#/,)&-4*)/&(#$%)*+,(+-*&(*C& (#$%-/01(+-*K&$%)&"8&<)*C<&$%)&)*CO#<)/&$-&$%)& ,A0)*$f<&/)C0/),$&c6;&(*C&0*,A#C)<&$%)&(,,)<<& $-5)*&-*&2/(D3)*$&&•  W-&$-5)*&)*C?-0*$&,(AA&<-&*-$&n/)(AAEn&(&D/(*$& $E?)&•  !?+301)C&2-/&r40CD)$f&,A0)*$<&-/&0*O@/-4<)/& v(H(8,/0?$&(??A0,(+-*<&•  >-#AC&(A<-&4-/5&2-/&*(+H)_3-@0A)&,A0)*$<&
  50. 50. S)y*D&(&9-5)*&40$%&;3?A0,0$& 4%,1$!+203$).";%"#,S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}(,A0)*$.& &/)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_,@./)<?-*<)x$E?)}$-5)*&b99:_kIk&&b-<$^&<)/H)/I)P(3?A)I,-3&& 4%,1$!+203$)."#6$)#" b99:_kIk&YZU&V-#*C& F-,(+-*^&%]?<^__,A0)*$I)P(3?A)I,-3_,@M)P?0/)<x0*}YÇZZ & &.$-5)*x$E?)}=)(/)/.(,,)<<x$-5)*}D=w""2u;-ZV;24Å(qJ96|DZCuS94"!FuSÇ)& E!$,"&,"5."#$%!&".";%"#,S79&_C-#@A)_<),/)$_?/-@(+-*_/)<-#/,)&b99:_kIk&&b-<$^&/<I)P(3?A)I,-3&&"#$%-/01(+-*^&=)(/)/&D=w""2u;-ZV;24Å(qJ96|DZCuS94"!FuSÇ)&
  51. 51. S/(*$&9E?)^&& 6)<-#/,)&!4*)/&:(<<4-/C&>/)C)*+(A<&•  >A0)*$&-@$(0*<&/)<-#/,)&-4*)/f<&#<)/*(3)&(*C& ?(<<4-/C&C0/),$AE&2/-3&$%)&/)<-#/,)&-4*)/&(*C& <)*C<&$%)3&C0/),$AE&$-&$%)&"8&(<&(&D/(*$I&•  6)L#0/)<&$/#<$&0*&$%)&,A0)*$I&•  6)2/)<%&$-5)*&)A030*($)<&$%)&*))C&2-/&$%)&,A0)*$&$-& <$-/)&$%)&?(<<4-/CI&•  ;*$)*C)C&(<&(&30D/(+-*&3),%(*0<3&&
  52. 52. 7P,%(*D)&6!&>/)C<&2-/&",,)<<&9-5)*& 4&&"##7$8").";%"#,:!89&_(<_$-5)*I-(#$%U&b99:_kIk&b-<$^&(<I)P(3?A)I,-3&"#$%-/01(+-*^&=(<0,&,Us$ÅNW<(NÄ#CJ?=@NÄE(NW%vYW;dq|}&>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt&&,A0)*$x0C}<-3),A0)*$.D/(*$x$E?)}?(<<4-/C.#<)/*(3)}3(C<)*.?(<<4-/C}#<)A)<<$(P-*-3E& 4&&"##7$8")."#6$)#" b99:_kIk&UZZ&!o& /%6"!<%$%#=0)05+0)>0#1+)?@ >(,%)O>-*$/-A^&*-O<$-/)& :/(D3(^&*-O,(,%)& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& && & &z$-5)*x$E?)z^z=)(/)/zK& &z(,,)<<x$-5)*z^z(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6{K&& &z)P?0/)<x0*z^YÇZZK &z/)2/)<%x$-5)*z^z389=?L|,8567>W2J,A26Jw67*3L)NÄ(?ZJ<)BÇ(q50P;q{& É&
  53. 53. S/(*$&9E?)^&>A0)*$&>/)C)*+(A<&•  >A0)*$&,(*&/)L#)<$&(*&(,,)<<&$-5)*&#<0*D&-*AE&0$<&-4*& ,/)C)*+(A<&•  V-/&/)<-#/,)<&#*C)/&$%)&,A0)*$f<&,-*$/-A&-/&-$%)/& /)<-#/,)<&(<&?-A0,E&C0,$($)<&•  Bc89&-*AE&@)&#<)C&@E&Ñ?/0H($){&,A0)*$<&`,A0)*$<&$%($&,(*& (#$%)*+,($)&<),#/)AEa&•  W-&/)2/)<%&$-5)*&•  >A0)*$&"#$%)*+,(+-*&B),%(*0<3<& –  ,A0)*$x0C&.&,A0)*$x<),/)$&?(/(3)$)/<&& –  b99:&=(<0,& –  Ñ9%)&(#$%-/01(+-*&<)/H)/&B"d&<#??-/$&(*E&<#0$(@A)&b99:& (#$%)*+,(+-*&<,%)3)&3($,%0*D&0$<&<),#/0$E&/)L#0/)3)*$<{& –  B#$#(A&9F8& –  ,A0)*$x(<<)/+-*&.&,A0)*$x(<<)/+-*x$E?)&?(/(3)$)/<&
  54. 54. S/(*$&9E?)^&6)2/)<%&9-5)*&•  ;2&(&/)2/)<%&$-5)*&4(<&0<<#)C&$-&$%)&,A0)*$&C#/0*D&$%)& )P,%(*D)&-2&(&?/0-/&D/(*$K&0$&,(*&@)&#<)C&(<&(*& (#$%-/01(+-*&D/(*$&$-&D)$&(&*)4&(,,)<<&$-5)*& –  c*A)<<&/)H-5)C&-/&-$%)/40<)&0*H(A0C&•  6)2/)<%&(*&)P?0/)C&(,,)<<&$-5)*&40$%-#$&0*H-AH0*D& #<)/&(#$%-/01(+-*&•  9%)&"8&3(E&0<<#)&(&*)4&/)2/)<%&$-5)*& –  S--C&<),#/0$E&%ED0)*)&
  55. 55. 6)2/)<%0*D&(*&",,)<<&9-5)*& 4&&"##7$8").";%"#,:!89&_(<_$-5)*I-(#$%U&b99:_kIk&b-<$^&(<I)P(3?A)I,-3&"#$%-/01(+-*^&=(<0,&,Us$ÅNW<(NÄ#CJ?=@NÄE(NW%vYW;dq|}&>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt&&,A0)*$x0C}<-3),A0)*$.D/(*$x$E?)}/)2/)<%x$-5)*./)2/)<%x$-5)*}389=?L|,8567>W2J,A26Jw67*3L)NÄ(?ZJ<)BÇ(q50P;q& 4&&"##7$8")."#6$)#" b99:_kIk&UZZ&!o& >(,%)O>-*$/-A^&*-O<$-/)& :/(D3(^&*-O,(,%)& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& && & &z$-5)*x$E?)z^z=)(/)/zK& &z(,,)<<x$-5)*z^zBCL=#)PqdAB8-D@/"40::Ru)SPSLÅ(w#vW({K&& &z)P?0/)<x0*z^YÇZZK &z/)2/)<%x$-5)*z^z%AE7!!s:qD3H:0d;tDÇto87<Ub|%D/50c|S<,sqP<5C{& É&
  56. 56. 7P$)*<0-*&S/(*$&9E?)<&•  7P$)*<0-*&(#$%-/01(+-*&D/(*$&$E?)<&,(*&@)& C)h*)C&@E&(<<0D*0*D&$%)3&(&#*0L#)&(@<-A#$)&c6;& 2-/&#<)&40$%&$%)&zD/(*$x$E?)z&?(/(3)$)/I&•  7P$)*<0-*<&,(*&C)h*)&(CC0+-*(A&?(/(3)$)/<& *))C)CI&•  7*(@A)<&@/0CD0*D&@)$4))*&!"#$%&(*C&-$%)/& ?/-$-,-A<I& –  8"BF&UIZ& –  vN9&kIZ&•  7*(@A)<&-$%)/&<$#e&$--& –  =)(/)/&(,,)<<&$-5)*&H(A0C(+-*& –  898&<$EA)&$-5)*&)P,%(*D)&
  57. 57. :(/+(A&8?),0h,(+-*&F(*C<,(?)&H"I)?07$8") 9#+)?07$8") 9%)&!"#$%&UIZ&"#$%-/01(+-*&:/-$-,-A& 9%)&!"#$%&UIZ&:/-$-,-A^&=)(/)/&9-5)*<& C/(iO0)ÖO-(#$%OHU& C/(iO0)ÖO-(#$%OHUO@)(/)/& b99:&"#$%)*+,(+-*^&B">&",,)<<&"#$%)*+,(+-*& C/(iO0)ÖO-(#$%OHUO%]?O3(,& 7P$)*<0-*&S/(*$<&& .& !"#$%&UIZ&"<<)/+-*&:/-hA)&&&&&&&&&&&&&&&&&&&&&& &>A0)*$&"#$%)*+,(+-*& C/(iO0)ÖO-(#$%O(<<)/+-*<& 7$8")# "<<)/+-*<&(*C&:/-$-,-A<&2-/&8"BF&ÄUIZ& <(3AO,-/)OUIZO-<& 8"BF&UIZ&=)(/)/&"<<)/+-*&S/(*$&& 9E?)&:/-hA)&2-/&!"#$%&UIZ& C/(iO0)ÖO-(#$%O<(3AUO@)(/)/& JKLMN v8!W&N)@&9-5)*&`vN9a&& v8!W&N)@&9-5)*&`vN9a&=)(/)/& C/(iOw-*)<Ow<-*O4)@O$-5)*& :/-hA)&2-/&!"#$%&UIZ& &C/(iOw-*)<O-(#$%Ow4$O@)(/)/& v8!W&N)@&80D*($#/)&`vN8a& C/(iOw-*)<Ow<-*O4)@O<0D*($#/)&O,1"!E!$,$&$*# c<)/OB(*(D)C&",,)<<&`cB"a& v8!W&N)@&80D*($#/)&`vN7a& >-/)&:/-$-,-A& C/(iOw-*)<Ow<-*O4)@O)*,/E?+-*& !?)*;J&>-**),$&>-/)&kIZ& C/(iO%(/Cw-*-O-(#$%O#3(,-/)&
  58. 58. "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  59. 59. >-*$/(<$&.&>-3?-<)&
  60. 60. d";Ä&`d)$&"*-$%)/&;C)*+$E&Ä)**a& !"#$%& 8"BF& • 88!&?/-hA)& • ;>"B& • "#$%*&2-/&8!":&":;<& • "#$%*&2-/&6789&":;<& • 9-5)*&2-/3($& • "]/0@#$)&<%(/0*D& & • >A-#C&"#$%1& • "#$%1&C),0<0-*<& • "#$%1&|#)/En& • :-A0,E&<E*$(P& q">BF&
  61. 61. !"#$%&/)A(+-*<%0?&$-&!?)*;J&•  ;*&-*)&<)*<)K&!"#$%&.&!?)*;J&(/)&-/$%-D-*(AK& 0)&!?)*;J&,-#AC&@)&#<)C&$-&(#$%)*+,($)&#<)/& ($&"8&2-/&-@$(0*0*D&,-*<)*$&•  =#$&$%)&<030A(/0+)<&@)$4))*&!?)*;J&UIZ&(*C& $%)&!"#$%&UIZ&(,,)<<&$-5)*&/)$/0)H(A&?0),)& %(H)&3-+H($)C&?/-?-<(A<&2-/&@(<0*D&*)P$& H)/<0-*&-2&!?)*;J&r-*&$-?&-2f&!"#$%&&!?)*;J& >-**),$&
  62. 62. :/-@A)3<&40$%&!?)*;J&UIZ&•  F-*D&c6F&A030$(+-*<& –  B(*E&3-@0A)&@/-4<)/&(*C&<-3)&:>&@/-4<)/<&,%-5)&($& A-*D&c6F<&,(#<)C&@E&"qK&:":7K&(*C&-$%)/&)P$)*<0-*<I&•  F!"&,)0A0*D& –  ,(**-$&(](0*&F!"U&@),(#<)&-2&(<<)/+-*&C0<,A-<#/)&($& @/-4<)/&•  ;3?A)3)*$(+-*&,-3?A)P0$E& –  J0[)Ob)A3(*&5)E&)P,%(*D)K&>(*-*0,(A01(+-*&(*C& 80D*($#/)&%(/C&$-&03?A)3)*$&•  J($(&8%(/0*D&F030$(+-*<& –  !*AE&?(0/O40<)&C($(&<%(/0*D&@)$4))*&$%)&!:&(*C&6:&0<& ?-<<0@A)I&
  63. 63. !?)*;J&>-**),$&•  J)<0D*)C&$-&(CC/)<<&?/)H0-#<AE&<$($)C& A030$(+-*<&-2&!?)*;J&UIZ&•  6)Q),$<&(&%(/3-*01(+-*&-2&3#A+?A)& ,-3?)+*D&H0<0-*<&2-/&)H-A#+-*&-2&!?)*;J&UIZ&•  "CC<&(&$%0*&G0C)*+$E&A(E)/G&-*$-&!"#$%&UIZ&•  J)<0D*)C&$-&<#??-/$&%0D%)/&F!"&
  64. 64. !?)*;J&>-**),$&V(30AE&$/))&V(,)=--5&>-**),$& vN9&
  65. 65. Z&
  66. 66. !?)*;J&>-**),$&/)A(+-*&$-&!"#$%&•  N%)/)(<&!"#$%&0<&(&D)*)/(A&3),%(*0<3&$-& (#$%-/01)&":;&(,,)<<K&!?)*;J&>-**),$&?/-hA)<& $%)&D)*)/0,&2-/&?#/?-<)<&-2&<%(/0*D&?/-hA)& 0*2-/3(+-*&•  c<)<&$%)&(#$%1&,-C)&.&03?A0,0$&D/(*$&$E?)<&&$%)& ?0),)<&-2&!"#$%&-?+301)C&2-/&#<)/O,-*<)*$& <,)*(/0-<&•  F)H)/(D)<&$%)&(#$%-/01(+-*&.&$-5)*&)*C?-0*$<&.& (CC<&0C)*+$EO@(<)C&?(/(3<&$-&,-/)&!"#$%& 3)<<(D)<&
  67. 67. 8"BF&.&!"#$%& 8"BF& GbE@/0CG&&,(//E&!"#$%&$-5)*& !"#$%&& 0*&8"BF&88!&3)<<(D)<& G"<<)/+-*&?/-hA)G&#<)& !"#$%& 8"BF&(<<)/+-*<&40$%0*&& 8"BF& !"#$%&Q-4& 8"BF& !"#$%& G8)L#)*,0*DG&&#<)&8"BF&88!& $-&(#$%)*+,($)&#<)/&$-&"8&
  68. 68. 8)L#)*,0*D& ;C)*+$E&?/-H0C)/& 8)/H0,)&?/-H0C)/& 8"BF& & "??A0,(+-*& !"#$%& :4C& 9-5)*& 9-5)*&J)H0,)& =/-4<)/& v8!W_qBF& "??A0,(+-*&
  69. 69. 9/(C0*D&Use SAML assertion( or JWT) forOAuth client authentication and/or OAuth grant type:!89&_$-5)*&b99:_kIk&b-<$^&<)/H)/I)P(3?A)I,-3&>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C&&D/(*$x$E?)}(#$%-/01(+-*x,-C).&,-C)}0kN<6*k#=k.&,A0)*$x0C}<Ç=%C65L$Y.&,A0)*$x(<<)/+-*x$E?)}#/*mY"-(<0<mY"*(3)<m<"$,mY"8"BFmY"UIZmY"(<<)/+-*.&,A0)*$x(<<)/+-*}:bW%@NP4!AIIIÜ-30])C&2-/&@/)H0$EáIIIÅ9&&&&&&
  70. 70. 9/(C0*D&& 8"BF& vN9& :/-hA)<&(<<)/+-*&?/-hA)& V-/&<?),0h,&(<<)/+-*& V-/3($<&ÜUá&.&ÜYá& "<<)/+-*&?/-hA)& b-4&$-&#<)&(<<)/+-*<&& 2-/&,A0)*$&(#$%)*+,(+-*&& (*C&(<&(&D/(*$&$E?)&Üká&& !"#$%& >-/)&?/-$-,-A&Üká&O&%]?^__$--A<I0)ÖI-/D_%$3A_C/(iO0)ÖO-(#$%O(<<)/+-*<&ÜUá&O&C/(iO0)ÖO-(#$%O<(3AUO@)(/)/&ÜYáO&C/(iO0)ÖO-(#$%Ow4$O@)(/)/&&&
  71. 71. !"#$%&/)A(+-*<%0?&$-&q">BF& 9%-#D%&@-$%&2-,#<)C&-*& r(#$%-/01(+-*fK&!"#$%&.& q">BF&(/)&*0,)AE& ,-3?-<)(@A)&
  72. 72. !"#$%&0<&(#$%-/01(+-*g&•  J)?)*C<&-*&4%($&?(/$&-2&$%)& (#$%1&)A)?%(*$&E-#&(/)& A--50*D&($& –  :-A0,E&`q">BFa& –  |#)/E&`q">BF_8"BF&?/-hA)a& –  >A(03<&`8"BF&.&N8OV)C&88!a& –  c<)/&,-*<)*$&`!"#$%a& –  :)/30<<0-*<&`!"#$%a& F%,+BD$%!%#"&0#"#5$)P, +)-$*-"%#"!Q&$)#"),R,1") O4%,1#,0!,#,$*$$8C$!" *+8"0%,1")3&03$) &
  73. 73. cB"&.&!"#$%&•  User Managed Access extends OAuth 2.0 to allow for a user to manage access to multiple (and distributed) resources through centralized Authorization Manager•  Leverages separation between AS & RS introduced by WRAP& O4%,1 9G4 9%)&/)<-#/,)&<)/H)/&/)<?),$<&(,,)<<&$-5)*<& 9%)&%-<$&-#$<-#/,)<&(#$%-/01(+-*&w-@<&$-& 2/-3&Ñ0$<{&(#$%-/01(+-*&<)/H)/& (*&(#$%-/01(+-*&3(*(D)/&,%-<)*&@E&$%)& #<)/& 9%)&(#$%-/01(+-*&<)/H)/&0<<#)<&$-5)*<& 9%)&(#$%-/01(+-*&3(*(D)/&0<<#)<&$-5)*<& @(<)C&-*&$%)&,A0)*$f<&(@0A0$E&$-&(#$%)*+,($)I& @(<)C&-*&#<)/&?-A0,E&(*C&Ñ,A(03<{&,-*H)E)C& @E&$%)&/)L#)<$)/I& 9%)&/)<-#/,)&<)/H)/&H(A0C($)<&$-5)*<&0*&(*& 9%)&%-<$&,(*&(<5&$%)&(#$%-/01(+-*&3(*(D)/& #*<?),0h)C&3(**)/K&(<<#3)C&A-,(AAE& $-&H(A0C($)&$-5)*<&0*&/)(A&+3)I& 8$(+,&,A0)*$&/)D0<$/(+-*&<$)?&& B-/)&CE*(30,&3-C)A&
  74. 74. cB"&.&!"#$%& ST9#"!+),!$5%&"# U$#,,$4G WTU$#,-"!+X"#,$8") 0,4G VT.";%"#,$!$>,0+)# ,$8")B!$C4G,$%#" 0,U$#,
  75. 75. "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  76. 76. !"#$%&c<)&,(<)<&
  77. 77. c<)&,(<)&$(P-*-3E& >A-#C& B-@0A)& J0e)/)*$& @#<0*)<<& 4-/52-/,)& C-3(0*&4/Y9#"!!"*03$)#1+6 ;*$)/*(A& B-@0A)& ,-*<#3)/& 8(3)& C-3(0*& 8)/H)/& B-@0A)& =*+"),
  78. 78. J0<+*D#0<%0*D&2)($#/)<&•  W($#/)&-2&$%)&,A0)*$K&0)&3-@0A)&-/&4)@&(??&•  N%)$%)/K&(*C&%-4K&#<)/&(#$%)*+,($)<&$-&"8&•  N%)$%)/K&(*C&%-4K&,A0)*$&(#$%)*+,($)<&$-&"8&•  N%)$%)/K&(*C&%-4K&#<)/&*))C<&$-&D0H)&,-*<)*$&•  9/#<$&3-C)A&@)$4))*&>A0)*$&.&"8&•  9/#<$&3-C)A&@)$4))*&68&.&"8&
  79. 79. !"#$%&c<)&>(<)^&B-@0A)&>-*<#3)/& •  "&>-*<#3)/&>A-#C&=#<0*)<<&`)IDI&B(//0-]a&@#0AC0*D& B-@0A)&"??<& •  :/-H0C)&88!&(,,)<<&H0(&0:(CK&0:%-*)K&"*C/-0CK&)$,& •  9/#<$&/)A(+-*<%0?&0<&@)$4))*&)*$)/?/0<)&.& ,-*<#3)/&
  80. 80. B-@0A)&>-*<#3)/^&&8?),0h,<& ka&B-@0A)&(??A0,(+-*&A(#*,%)<&S "#$%Å& @/-4<)/K&0*&4%0,%&#<)/& V 7*C?-0*$& (#$%)*+,($)<&$-&:0*DV)C)/($)& `(*C&D/(*$<&,-*<)*$a&&& 9-5)*& 7*C?-0*$& Ua&:0*DV)C)/($)&/)$#/*<&,-C)&$-& 3-@0A)&(??A0,(+-*&$%/-#D%& Ä(A0C(+-*& @/-4<)/& W 7*C?-0*$& Ya&B-@0A)&(??A0,(+-*&)P,%(*D)<&,-C)& 2-/&(,,)<<&$-5)*& Ra&B-@0A)&(??A0,(+-*&(CC<&(,,)<<& [ $-5)*&$-&0$<&6789&/)L#)<$&-2& 6)<-#/,)&8)/H)/&`":;a& Xa&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-& H)/02E&$-5)*K&(*C&/)$/0)H)&C)<0/)C& 68& (]/0@#$)<& Ça&"<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&3-@0A)& (??A0,(+-*& Z
  81. 81. B-@0A)&>-*<#3)/<^&;*A0*)&-?+-*& ka&B-@0A)&(??A0,(+-*&,-AA),$<&#<)/& ?(<<4-/C&(*C&<)*C<&$-& "#$%Å& :0*DV)C)/($)&0*&/)L#)<$&2-/& 7*C?-0*$& (,,)<<&$-5)*a&&& S 9-5)*& Ua&:0*DV)C)/($)&/)$#/*<&(,,)<<&$-5)*& 7*C?-0*$& $-&3-@0A)&(??A0,(+-*& V Ya&B-@0A)&(??A0,(+-*&(CC<&(,,)<<& Ä(A0C(+-*& 7*C?-0*$& $-5)*&$-&0$<&6789&/)L#)<$&-2& 6)<-#/,)&8)/H)/&`":;a& Ra&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-& W Z H)/02E&$-5)*K&(*C&/)$/0)H)& C)<0/)C&(]/0@#$)<& Xa&"<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&3-@0A)& (??A0,(+-*& [ 68&
  82. 82. J0<,#<<0-*&•  B-@0A)&,A0)*$<&(/)&D)*)/(AAE&*-$&0<<#)C&#*0L#)&,A0)*$& ,/)C)*+(A<&&/($%)/&(AA&,-?0)<&<%(/)&$%)&<(3)& –  :/-H0C)<&-*AE&,-(/<)&r(#$%)*+,(+-*f&`-/&H(A0C(+-*a&•  J0e)/)*$&#<)/&(#$%)*+,(+-*&3),%(*0<3<&%(H)&?/-<_ ,-*<& –  =/-4<)/O@(<)C&3),%(*0<3<&3(E&@)&(CH(*$(D)-#<&2/-3& <),#/0$E&:-ÄI&"A<-&(AA-4<&2-/&h*)OD/(0*)C&,-*<)*$& ?-<<0@0A0+)<I&=/-4<)/&3(E&@)&)3@)CC)C& –  ;*A0*)&3),%(*0<3&3(E&-e)/&#<(@0A0$E&(CH(*$(D)<K&@#$&($&(& ,-<$& •  S/(*#A(/0$E&-H)/&,-*<)*$& •  6)A0(*,)&-*&?(<<4-/C<&
  83. 83. !"#$%&c<)&>(<)^&B-@0A)&>A-#C_8((<&&•  "&>A-#C&=#<0*)<<_8((8&@#0AC0*D&B-@0A)&"??A0,(+-*<&•  8#??-/$<&4-/52-/,)&(,,)<<&H0(&H0(&0:(CK&0:%-*)K& "*C/-0CK&)$,&$-&>A-#CO%-<$)C&":;<&•  9/#<$&/)A(+-*<%0?&0<&@)$4))*&$%)&)*$)/?/0<)&(*C& >A-#C&=#<0*)<<_8((8&
  84. 84. B-@0A)&>A-#C& ka&B-@0A)&(??A0,(+-*&A(#*,%)<&;C:& @/-4<)/&$-&:0*DV)C)/($)&(#$%*& V ?(D)& "#$%Å& V 7*C?-0*$& &Ua&:0*DV)C)/($)&<)*C<&)3?A-E))& S @/-4<)/&$-&)*$)/?/0<)&;C:&2-/&88!K& 9-5)*& /),)0H)<&8"BF&(<<)/+-*& 7*C?-0*$& W Ya&:0*DV)C)/($)&/)$#/*<&,-C)&$-& Ä(A0C(+-*& 3-@0A)&(??A0,(+-*&$%/-#D%& W Z 7*C?-0*$& @/-4<)/& Ra&B-@0A)&(??A0,(+-*&)P,%(*D)<&,-C)& 2-/&(,,)<<&$-5)*& Xa&B-@0A)&(??A0,(+-*&(CC<&(,,)<<& $-5)*&$-&0$<&6789&/)L#)<$&-2& ] 6)<-#/,)&8)/H)/&`":;a& Ça&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-& 68& H)/02E&$-5)*K&(*C&/)$/0)H)&C)<0/)C& (]/0@#$)<& ua&"<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&3-@0A)& [ (??A0,(+-*&
  85. 85. c>&&;*$)/*(A&8)/H)/&>A0)*$<&•  7*$)/?/0<)&,-**),$<&0*$)/*(A&(??A0,(+-*<& $%/-#D%&6789&":;<&2-/&0*$)D/(+-*&•  >A0)*$<&3(E&(,$&(#$-*-3-#<AEK&-/&(A$)/*(+H)AE& -*&@)%(A2&-2&(*&)3?A-E))&-/&/-A)&
  86. 86. ;*$)/*(A&":;<^&O&"#$-*-3-#<& kI  ;*$)/*(A&,A0)*$&(#$%)*+,($)<&$-& :0*DV)C)/($)&-*&/)L#)<$&2-/& "#$%Å& (,,)<<&$-5)*& 7*C?-0*$& UI  :0*DV)C)/($)&/)$#/*<&(,,)<<& S 9-5)*& $-5)*&$-&,A0)*$& 7*C?-0*$& YI  B-@0A)&(??A0,(+-*&(CC<&(,,)<<& V $-5)*&$-&0$<&6789&/)L#)<$&-2& Ä(A0C(+-*& 7*C?-0*$& 6)<-#/,)&8)/H)/&`":;a& RI  68&0*$)/(,$<&40$%&:0*DV)C)/($)& $-&H)/02E&$-5)*K&(*C&/)$/0)H)& W Z (??/-?/0($)&,A0)*$&(]/0@#$)<& XI  "<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&,A0)*$& (??A0,(+-*& [ 68&
  87. 87. ;*$)/*(A&":;<^&&O&J)A)D($)C& kI  >A0)*$&(??A0,(+-*&A(#*,%)<& S @/-4<)/&$-&:0*DV)C)/($)&(#$%*& "#$%Å& ?(D)& 7*C?-0*$& UI  &"i)/&A-D0*K&:0*DV)C)/($)& V 9-5)*& /)$#/*<&,-C)&$-&,A0)*$& 7*C?-0*$& (??A0,(+-*&$%/-#D%&@/-4<)/&V YI  >A0)*$&(??A0,(+-*&)P,%(*D)<& Ä(A0C(+-*& 7*C?-0*$& ,-C)&2-/&(,,)<<&$-5)*& RI  >A0)*$&(??A0,(+-*&(CC<&(,,)<<& $-5)*&$-&0$<&6789&/)L#)<$&-2& [ 6)<-#/,)&8)/H)/&`":;a& W XI  68&0*$)/(,$<&40$%&:0*DV)C)/($)& $-&H)/02E&$-5)*K&(*C&/)$/0)H)& C)<0/)C&(]/0@#$)<& Z 68& ÇI  "<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&,A0)*$& (??A0,(+-*&
  88. 88. >A-#C&=#<0*)<<_8((8&•  "&>A-#C&=#<0*)<<_8((8&?/-H0C)<&C($(&(,,)<<&$%/-#D%&6789&":;<&•  ":;&,A0)*$<&(/)&4)@&(??A0,(+-*<&`0I)I&-*&(&<)/H)/a&•  F(/D)&*#3@)/&-2&,A0)*$<&(,,)<<0*D&":;<&&)(<0)/&$-&3(*(D)&$/#<$&($&$%)& ?(/$*)/_,#<$-3)/&A)H)A&$%(*&0*C0H0C#(A&,A0)*$<&•  "#$%)*+,($)&,A0)*$&.&#<)/<&$%/-#D%&2)C)/(+-*K&/($%)/&$%(*&C0/),$AE&0<<#)C& ,/)C)*+(A<&
  89. 89. VA-4& kI  >A0)*$&(??A0,(+-*&/)$/0)H)<&8"BF& (<<)/+-*&2/-3&A-,(A&;C:& UI  >A0)*$&<)*C<&8"BF&(<<)/+-*&$-& :0*DV)C)/($)&($&8((8&:/-H0C)/_ ?(/$*)/&)$,& YI  :0*DV)C)/($)&/)$#/*<&(,,)<<& $-5)*&$-&,A0)*$& RI  >A0)*$&(??A0,(+-*&(CC<&(,,)<<& $-5)*&$-&0$<&6789&/)L#)<$&-2& 6)<-#/,)&8)/H)/&`":;a& XI  8((8&68&0*$)/(,$<&40$%& :0*DV)C)/($)&$-&H)/02E&$-5)*K& (*C&/)$/0)H)&C)<0/)C&(]/0@#$)<& ÇI  "<<#30*D&!oK&8((8&68&/)$#/*<& /)L#)<$)C&C($(&$-&,A0)*$& (??A0,(+-*&
  90. 90. "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  91. 91. !"#$%&U&8),#/0$E&B-C)A&•  N)AAK&0$&<-/$&-2&C)?)*C<p& –  9-5)*&$E?)& –  S/(*$&$E?)& –  >A0)*$&$E?)&•  "A<-K&0$f<&50*C&-2&,-3?A0,($)Cp&
  92. 92. 8)<<0-*&>--50)&"*(A-DE&&•  !"#$%&#<0*D&@)(/)/&$-5)*<&0<&<-/$&-2&A05)&<)<<0-*& ,--50)<&2-/&":;_/)<-#/,)&(,,)<<&&•  S)*)/(AAE&E-#&A-D0*&$-&(&4)@<0$)&(*C&(/)&0<<#)C&(& <)<<0-*&,--50)&2-/&<#@<)L#)*$&/)L#)<$<&•  S/(*$&0<&A05)&$%)&A-D0*&(*C&(,,)<<&$-5)*&0<&A05)&$%)& <)<<0-*&,--50)&&•  9F8&0<&/)L#0/)C&($&)H)/E&<$)?&•  >--50)<&/)AE&-*&<(3)&-/0D0*&?-A0,E&•  ",,)<<&$-5)*<&/)AE&-*&<$(+,&-/&4)AA&5*-4&<)/H)/<&•  W)0$%)/&0<&?)/2),$&•  J0<,-H)/E&,(**-$&@)&<(2)AE&C-*)&40$%&@)(/)/&$-5)*<&
  93. 93. N%($&(@-#$&B">g&•  b)A?<&40$%&$%)&C0<,-H)/E&?/-@A)3&•  8+AA&50*C&-2&<030A(/&$-&<)<<0-*&,--50)<& –  ;*&2(,$K&$%)&B">&<?),&C)h*)<&(*&)P$)*<0-*&$-&$%)& b99:&z8)$O>--50)&z&/)<?-*<)&%)(C)/&h)AC&•  :/)H)*$<&,/)C)*+(A&A)(5(D)&•  >(*&@)&#<)C&-H)/&0*<),#/)&,%(**)A<& –  "CC<&,-3?A)P0$E&`*-/3(A01(+-*K&,/E?$-D/(?%EK& <$($)&3(*(D)3)*$a& –  W-&,-*hC)*+(A0$E&`<+AA&*))C&9F8&2-/&$%($a&
  94. 94. 9-5)*<&.&80D*0*D&&•  80D*)C&9-5)*<& –  9-5)*&0<&<0D*)C&@E&$%)&0<<#)/&`"8a& –  vN9K&8N9K&8"BFK&)$,I& –  9-5)*&0<&<)A2O,-*$(0*)C&•  80D*0*D&40$%&9-5)*<&& –  >A0)*$&<0D*<&$%)&/)L#)<$&40$%&<-3)&<),/)$&0<<#)C& (A-*D&<0C)&$%)&$-5)*& –  B">& –  9-5)*&,(*&@)&<)A2O,-*$(0*)C&-/&/)2)/)*,)&&
  95. 95. N%E&(/)*f$&9-5)*<&J)h*)Cg&•  ;$f<&-5(EK&0$&/)(AAE&0<&•  ;&C-*f$&5*-4&4%E&)P(,$AEK&@#$&;fH)&D/-4*&$-& (,,)?$&(*C&)H)*&A05)&0$&•  ;$&C-)<&03?AE&<-3)&A)H)A&-2&,--/C0*(+-*& @)$4))*&$%)&"8&.&68&•  903)&40AA&$)AAp&
  96. 96. !$%)/&8),#/0$E&8$#e&•  6)2)/)*,)&<$EA)&$-5)*<&*))C&(&A-$&-2&)*$/-?E&•  6)H-,(+-*&0<&D--C&$-&?/-H0C)&•  9F8&•  >A0)*$&"#$%)*+,(+-*&(*C&@0*C0*D&$-&$-5)*<_,-C)<&•  =/#$)&2-/,)&,-#*$)/3)(<#/)<&•  9-5)*&<$-/(D)&•  9-5)*_,-C)&A)(5(D)&•  :%0<%0*D&•  J0C&;&3)*+-*&9F8g&•  8,-?)&
  97. 97. "D)*C(&•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  98. 98. N(A5&$%/-#D%&•  N(A5&$%/-#D%&<,)*(/0-&-2&(*&)3?A-E))&#<0*D&(& *(+H)&(??&-*&$%)0/&?%-*)_$(@A)$&$-&0*$)/(,$& 40$%&(&8((8&?/-H0C)/&•  8"BF&?/-H0C)<& –  "#$%)*+,(+-*&-2&)3?A-E))&$-&8((8&?/-H0C)/&•  !"#$%&?/-H0C)<& –  (#$%-/01(+-*&-2&*(+H)&(??&$-&(,,)<<&8((8&":;<& –  ;<<#(*,)&-2&$-5)*<&2/-3&8((8&$-&*(+H)&(??&
  99. 99. N(A5&$%/-#D%&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&!"#$%& & &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&8"BF&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&!"#$%&
  100. 100. F-(C&(#$%1&?(D)&
  101. 101. F-(C&(#$%1&?(D)&
  102. 102. F-(C&(#$%1&?(D)&S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}3-@0A)(??.<$($)}%-<)/./)C0/),$x#/0}3-@0A)(??^__/)C0/),$x%)/)./)<?-*<)x$E?)},-C)&b99:_kIk& ^$," O O&W-&,A0)*$&?4C& O O&,#<$-3&<,%)3)&-*&/)C0/),$&c6F& O O&/)<?-*<)&$E?)&-2&r,-C)f&
  103. 103. ;C:&J0<,-H)/E&
  104. 104. ;C:&J0<,-H)/E&
  105. 105. ;C:&C0<,-H)/E&
  106. 106. 88!&6)L#)<$&
  107. 107. 88!&/)L#)<$&
  108. 108. 88!&6)L#)<$& à2-/3&3)$%-C}z?-<$z&(,+-*}z%]?<^__0C?I)P(3?A)I-/D_8"BFU_88!_:!89z&â& à0*?#$&$E?)}z%0CC)*z&*(3)}z8"BF6)L#)<$z&H(A#)}z!"#$"%&z&_â& à0*?#$&$E?)}z<#@30$z&H(A#)}z8#@30$z&_â& à_2-/3â&&à<(3A?^"#$%*6)L#)<$& &P3A*<^<(3A?}z#/*^-(<0<^*(3)<^$,^8"BF^UIZ^?/-$-,-Az& P3A*<^<(3A}z#/*^-(<0<^*(3)<^$,^8"BF^UIZ^(<<)/+-*z&;J}z((2UYksÇOkuuYOUkkYORuR(O 2)kkRRkU(@uUz&Ä)/<0-*}zUIZz&;<<#);*<$(*$}zUZZROkUOZX9Zs^Uk^XsÅ{â& & &à<(3A^;<<#)/â%]?<^__<?I)P(3?A)I,-3_8"BFUà_<(3A^;<<#)/â&&à<(3A?^W(3);J:-A0,E& "AA-4>/)($)}z$/#)z& &V-/3($}z#/*^-(<0<^*(3)<^$,^8"BF^ UIZ^*(3)0C^2-/3($^?)/<0<$)*$z_â&à_<(3A?^"#$%*6)L#)<$â&
  109. 109. c<)/&(#$%)*+,(+-*&
  110. 110. c<)/&(#$%)*+,(+-*&
  111. 111. c<)/&(#$%)*+,(+-*&
  112. 112. 88!&/)<?-*<)&
  113. 113. 88!&6)<?-*<)&
  114. 114. 88!&6)<?-*<)&à<(3A^"<<)/+-*â&à<(3A^;<<#)/â%]?<^__0C?I)P(3?A)I-/D_8"BFUà_<(3A^;<<#)/â&àC<^80D*($#/)&P3A*<^C<}z%]?^__444I4YI-/D_UZZZ_Zs_P3AC<0DMzâIIIà_C<^80D*($#/)â&à<(3A^8#@w),$â&à<(3A^W(3);J&V-/3($}z#/*^-(<0<^*(3)<^$,^8"BF^UIZ^*(3)0CO2-/3($^?)/<0<$)*$zâ& Y2u@YC,2OkÇuROR),COsU,tOkXRR2YRÇ@(2t&à_<(3A^W(3);Jâà_<(3A^8#@w),$â&à<(3A^"]/0@#$)8$($)3)*$â&à<(3A^"]/0@#$)&W(3)}Ñ)3(0A{&â&à<(3A^"]/0@#$)Ä(A#)&P<0^$E?)}zP<^<$/0*Dzâ?3(C<)*?0*D0C)*+$EI,-3à_<(3A^"]/0@#$)Ä(A#)â&&à_<(3A^"]/0@#$)â&&à_<(3A^"]/0@#$)8$($)3)*$â&&à_<(3A^"<<)/+-*â&&
  115. 115. 6)<?-*<)&40$%&,-C)&
  116. 116. 6)<?-*<)&40$%&,-C)&
  117. 117. 6)<?-*<)&40$%&,-C)&b99:_kIk&YZU&V-#*C&F-,(+-*^&3-@0A)(??^__/)C0/),$x%)/)g& &<$($)}%-<)/.& &,-C)}401v3(89:"2Z4L8)=YH3JPU3W8ÅoÇD&>-*$)*$OF)*D$%^&Z&
  118. 118. 9/(C)&,-C)&2-/&$-5)*&
  119. 119. 9/(C)&,-C)&2-/&$-5)*&
  120. 120. 9/(C)&,-C)&2-/&$-5)*&:!89&_(<_$-5)*I-(#$%U&b-<$^&(<I,-3&,A0)*$x0C}(./)C0/),$x#/0}3-@0A)(??^__ /)C0/),$%)/).D/(*$x$E?)}(#$%-/01(+-*x,-C).,-C)}401v3(89:"2Z4L8)=YH3JPU 3W8ÅoÇD&b99:_kIk&&&b99:_kIk&UZZ&!o&>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&z$-5)*x$E?)z^z=)(/)/zKz)P?0/)<x0*z^zÇZZzKz/)2/)<%x$-5)*z^z-|NL4Bc;FU*C)Bb<N7 EV!ZSE(AHo8H,U|;Rd#StU6BS5BzKz(,,)<<x$-5)*z^zA8=@,0RvDtB<w08LÅF=/17qDCR 3ocW%!5EVzÉ&
  121. 121. >A0)*$&,(AA<&":;&
  122. 122. >A0)*$&,(AA<&":;&
  123. 123. >A0)*$&,(AA<&":;&%]?<^__D/(?%I2(,)@--5I,-3_?(#AI)I3(C<)*_ 2/0)*C<_g (,,)<<x$-5)*}A8=@,0RvDtB<w08LÅF=/17qDCR3o cW%!5EV&&&&&&
  124. 124. Ä)/02E&$-5)*&
  125. 125. Ä)/02E&$-5)*&
  126. 126. Ä)/02E&$-5)*&S79&_(<_$-5)*I-(#$%Ug ,A0)*$x0C}@.,A0)*$x<),/)$}?4C.D/(*$x$E?)}#/*^?0*D^H(A0C($).$-5)*}A8=@,0RvDtB<w08LÅF=/17qDCR3ocW%!5EV& b99:_kIk&b-<$^&(<I,-3&",,)?$^&n_n&&&b99:_kIk&UZZ&!o&>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&& ^$,O4%,15"X)"5
  127. 127. 6)$#/*&J($(&
  128. 128. 6)$#/*&J($(&
  129. 129. 6)$#/*&C($(&b99:_kIk&UZZ&!o&>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&
  130. 130. &903)&?(<<)<&&&&
  131. 131. 6)2/)<%&$-5)*&
  132. 132. 6)2/)<%&$-5)*&
  133. 133. 6)2/)<%&$-5)*&/)L#)<$&:!89&_(<_$-5)*I-(#$%U&b99:_kIk&b-<$^&A-,(A%-<$^sZYk&&,A0)*$x0C}(.D/(*$x$E?)}/)2/)<%x$-5)*.&&/)2/)<%x$-5)*}-|NL4Bc;FU*C)Bb<N7EV!ZSE(AHo8H,U|;Rd#StU6BS5B&&
  134. 134. S)$&2/)<%&(]/0@#$)<&
  135. 135. S)$&2/)<%&(]/0@#$)<&
  136. 136. S)$&2/)<%&(]/0@#$)<&8>;B&-/&8"BFgg&
  137. 137. 6)$#/*&(,,)<<&$-5)*&
  138. 138. 6)$#/*&(,,)<<&$-5)*&
  139. 139. 6)$#/*&(,,)<<&$-5)*&b99:_kIk&UZZ&!o&>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&z$-5)*x$E?)z^z=)(/)/zKz)P?0/)<x0*z^zÇZzKz/)2/)<%x$-5)*z^zvÅu|(REbX>t7Y>0 5H,ÅÅ<CRÅFcDÄEd*0)qLE@"Vw!@|?1zKz(,,)<<x$-5)*z^zRs=:;XF#WBYkZ-u %@=s3s,;1;39XBtD,6w7zÉ&
  140. 140. &60*<)&.&/)?)($&p&&&&
  141. 141. &(/,%0H)&&&
  142. 142. B-@0A)&(??&;CB&(/,%0$),$#/)&&
  143. 143. W(+H)&H<&4)@&(??<&•  W-$&D-0*D&$-&$/E&$-&?/)C0,$&40**)/&&)P?),$&@-$%&•  "#$%)*+,(+-*&.&(#$%-/01(+-*&<%-#AC&@)&,-*<0<$)*$& (,/-<<&@-$%&3-C)A<K&<-&$%($& –  c<)/<&(/)&*-$&,-*2#<)CK&)D&#<)&C0e)/)*$& ,/)C)*+(A<&(*C_-/&(#$%)*+,(+-*&,)/)3-*E&2-/& $%)&$4-&3-C)A<K&)H)*&02&(,,)<<0*D&$%)&<(3)& (??A0,(+-*& –  8)/H0,)&:/-H0C)/<&(/)*f$&2-/,)C&$-&03?A)3)*$& C#?A0,($)&.&0*,-3?(+@A)&<),#/0$E&2/(3)4-/5<& 2-/&$%)&$4-&3-C)A<&
  144. 144. V)C)/(+-*&•  V)C)/(+-*&(@<$/(,$<&(4(E&2/-3&(??A0,(+-*<& <?),0h,<&-2&(#$%)*+,(+-*&.&(#$%-/01(+-*&& -#$<-#/,)C&$-&<?),0(A01)C&?/-H0C)/<&•  >-3?A)P0$E&%0CC)*&@E&$-5)*&0<<#(*,)&.&H(A0C(+-*&•  V)C)/(+-*&<$(*C(/C<&C)h*)& –  9-5)*&2-/3($<& –  b-4&,A0)*$<&-@$(0*&$-5)*<& –  b-4&,A0)*$<&?/)<)*$&$-5)*<&$-&(??A0,(+-*& ?/-H0C)/<&&
  145. 145. 9-5)*<&•  V)C)/($)C&(#$%)*+,(+-*&2-/&@-$%&4)@&(*C& *(+H)&3-@0A)&(??A0,(+-*<&0<&@(<)C&-*&)P,%(*D)& (*C&C)A0H)/E&-2&&(")%*$-&$%)&(??A0,(+-*&•  9-5)*<&,(//E&`-/&?-0*$&$-a&<),#/0$E&0*2-/3(+-*& `A05)&(]/0@#$)<&-/&(#$%-/01(+-*<a&2-/&#<)/&$/E0*D& $-&(,,)<<&$%)&(??A0,(+-*I&&•  >A0)*$<&$E?0,(AAE&)P,%(*D)&,/)C)*+(A<&2-/&$-5)*<& O&)(<0)/_<(2)/&$-&<%(/)&$%)&$-5)*&(,/-<<&$%)& *)$4-/5&/($%)/&$%(*&$%)&-/0D0*(A&,/)C)*+(A<&•  N%)*&$-5)*&0<&<#@<)L#)*$AE&?/)<)*$)C&$-&(*& (??A0,(+-*&?/-H0C)/K&$%)E&<)/H)&$-&(#$%)*+,($)& (*C_-/&(#$%-/01)&$%)&/)L#)<$&
  146. 146. V)C)/(+-*&$(5)<&C0e)/)*$&2-/3<& V-/&4)@&(??<K&$-5)*<&,(//E& =/-4<)/& (??& "]/0@#$)<&2-/&(#$%)*+,(+-*& V-/&*(+H)&(??<K&$-5)*<&,(//E& (??& C($(& "#$%-/01(+-*&2-/&(]/0@#$)<&
  147. 147. 9-5)*<&2-/&3-@0A)&4)@&(??A0,(+-*<&•  V)C)/(+-*&2-/&4)@&(??A0,(+-*<&3(*02)<$<&(<& 88!&2/-3&<-3)&;C:&$-&$%)&(??A0,(+-*&?/-H0C)/&•  88!&)<?),0(AAE&/)A)H(*$&2-/&3-@0A)&•  9-5)*<&(])<+*D&$-&$%)&#<)/f<&0C)*+$E&(*C_-/& (#$%)*+,(+-*&<$($#<&C)A0H)/)C&&+!$,+*`(<& /)C0/),$<a&$%)&@/-4<)/&2/-3&;C:&$-&$%)& (??A0,(+-*&?/-H0C)/&•  "??A0,(+-*&?/-H0C)/&H(A0C($)<&$-5)*&(*C& )P$/(,$<&0C)*+$E&(]/0@#$)<&2/-3&40$%0*&0*&-/C)/& $-&,/)($)&A-,(A&<)<<0-*&&
  148. 148. 9-5)*<&2-/&4)@&(??A0,(+-*<&;C)*+$E&?/-H0C)/& 8)/H0,)&?/-H0C)/& kI  c<)/&$/(C)<& ,/)C)*+(A<&2-/&(& $-5)*&2/-3&;C:& 8"BF& UI  9-5)*&C)A0H)/)C& !?)*;J& "??A0,(+-*& $%/-#D%&$%)& @/-4<)/&$-&8:& YI  8:&H(A0C($)<&$-5)*K& (*C&C)A0H)/<& (??A0,(+-*&b9BF& :4C& b9BF& $-&@/-4<)/& 9-5)*&J)H0,)& =/-4<)/&
  149. 149. =)<$&?/(,+,)<&•  8$(*C(/C<& –  !?)*;J&UIZ&2-/&,-*<#3)/&<,)*(/0-<& –  8"BF&UIZ&2-/&)*$)/?/0<)&.&,A-#C& –  N8OV)C)/(+-*&2-/&%-3-D)*)-#<&B8V9&•  ;C:&J0<,-H)/E& –  ;*&,-*<#3)/&<?(,)K&,-*<0C)/&W(<,(/&40$%&)3(0AO @(<)C&<#??A)3)*$& –  ;*&,A-#C&<?(,)K&,-*<0C)/&)3(0AO@(<)C&•  =-$%&;C:&`?-/$(Aa&(*C&8:&`C))?OA0*50*Da&0*0+($)C& (/)&/)A)H(*$&•  B-@0A)&@/-4<)/&,-*<$/(0*$<&3(E&/),-33)*C& (/+2(,$&3-C)A&0*&8"BF&
  150. 150. 9-5)*<&2-/&*(+H)&(??A0,(+-*<&•  W(+H)&(??A0,(+-*<&(#$%)*+,($)&$-&6789&":;<&@E& ?/)<)*+*D&(&$-5)*&-*&$%)&,(AA&•  9%)&?/),#/<-/&(,$&-2&$%)&*(+H)&(??A0,(+-*&-@$(0*0*D&(& $-5)*&0<&-i)*&,(AA)C&r(#$%-/01(+-*f&`?(/+,#A(/AE&0*& $%-<)&,(<)<&4%)*&$%)&":;&2/-*$<&#<)/&0*2-K&)D&?/-hA)K& $4))$<K&)$,a&•  c<)/&(#$%-/01)<&`-/&,-*<)*$<a&$-&$%)&*(+H)&(??A0,(+-*& %(H0*D&(,,)<<&$-&$%)&":;&`(*C&$%)0/&C($(a&&$%)& (#$%-/01(+-*&0<&3(*02)<$)C&(<&$%)&0<<#(*,)&-2&(&$-5)*& $-&$%)&*(+H)&(??&•  !"#$%&UIZ&C-30*(*$&?/-$-,-A&@E&4%0,%&(&*(+H)&(??& -@$(0*<&$%)&C)<0/)C&(#$%-/01(+-*<&(*C&$%)& ,-//)<?-*C0*D&$-5)*&`(*C&$%)*&#<)<&(D(0*<$&":;a&
  151. 151. B-@0A)&(#$%*&-?+-*<& • E(5#10!"5(+,1W!560!,D_C>"55"5>!$(#"! :)*+)" • 466$()#9: • ^$)""5,$*"0-"066 • =%#,$C#&1"C" • _)0>*"#//O • _)0>*"##,!$)?0%,1) • 4/$()#9: • a+#%0*,!%#,&%"# • =0)*"-"!0?"#,$!"56(5# _`,"!)0*>!$(#"!
  152. 152. 9-5)*<&2-/&*(+H)&(??A0,(+-*<&8)/H0,)&?/-H0C)/& kI  c<)/&$/(C)<&,/)C)*+(A<&2-/&(&$-5)*& UI  9-5)*&C)A0H)/)C&$%/-#D%&$%)&@/-4<)/& $-&*(+H)&(??A0,(+-*& "??A0,(+-*& YI  W(+H)&(??A0,(+-*&?/)<)*$<&$-5)*&-*& ":;&,(AA<& RI  "??A0,(+-*&/)$#/*<&(??A0,(+-*&C($(& (<&v8!W& :4C& 9-5)*& v8!W_qBF&J)H0,)& =/-4<)/& "??A0,(+-*& !"#$%&
  153. 153. =)<$&?/(,+,)<&•  c<)&$%)&@/-4<)/&$-&(#$%)*+,($)&$%)&#<)/&$-&$%)&"8K& C-*f$&,-AA),$&#<)/&?(<<4-/C<&40$%0*&*(+H)&(??A0,(+-*& 0$<)A2&•  "&<)?(/($)&@/-4<)/&40*C-4&?/)2)//)C&$-&)3@)CC)C&& D0H)<&#<)/&$%)&H0<#(A&$/#<$&,#)<&$/(0*)C&$-&A--5&2-/&•  !"#$%&(#$%-/01(+-*&,-C)&D/(*$&$E?)&0<&/)A)H(*$&& (AA-4<&(&/)2/)<%&$-5)*&$-&@)&C)A0H)/)C&$-&$%)&*(+H)& (??A0,(+-*&`-@H0($)<&*))C&$-&,-*+*#(AAE&/)(#$%-/01)a&•  c<)&@/-4<)/&2-/&;C:&C0<,-H)/E&02&C-0*D&88!&`/($%)/&$%(*& 40$%0*&*(+H)&(??A0,(+-*&0$<)A2a&•  W(+H)&(??A0,(+-*&<%-#AC&/)D0<$)/&,#<$-3&<,%)3)&-*& 0*<$(AAK&$-&)*(@A)&<#@<)L#)*$&?(<<0*D&&-2&$-5)*&2/-3& @/-4<)/&-./(*$-&*(+H)&(??A0,(+-*&
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×