ࡱ> ;g89:~FDPފ+{pwSJFIFHH ^Photoshop 3.08BIMxHH(FG(HH(d'`8BIMHUHU8BIM x8BIM8BIM 8BIM' 8BIMH/fflff/ff2Z5-8BIMp8BIM@@8BIM8BIM Ip'P30 -JFIFHHAdobed            'p"?   3!1AQa"q2B#$Rb34rC%Scs5&DTdE£t6UeuF'Vfv7GWgw5!1AQaq"2B#R3$brCScs4%&5DTdEU6teuFVfv'7GWgw ?+m.{/"4c׸W ƋoC\_= g!=[{]ҪunroxmUK3kOAe~r臩gS?3-fLm{VjG%Yon711B%##6sz,9\x#2c(rq^?e?lj(~N^K=a_:}t}/'^2~eבҬ욍zV4VꬨGI }eV;m"`ztY=?Y-˫M~CqeN;7kvQ]sۋdb8#\w&_KFffE5v1mis-~wUÉpr}BƲp>S7W)P]W՜BYNS֨6K[}Y~S-`_3"̢_v^De:@=cR BcЦO3y]00ζְhvC3+so}Wg>V]⻭Ә22$frۉu{Yk? f%:w~7bj_C7kJiȩPensLmrz@{uvUk^ֶ7ZQ:OSQYݡlk[kƯKҮ  ֗n6sk]v"ǘh noFιzOnF&#&(t1Yu~2ֽgb}??zۘX̜W47v~fS_Zƴ at-]n*dl~#1tOnVNg;:p#UvEWmip N^xucѸK u~J|+`Q:>R.?uW%~}J?ƶ+F6GC''kZ̰+vo7Y'Rp$lȒOq>otS:OzZ\NsrԻ*[/)GKw՛$6nۉE~o_xW|l}lC,[cË{6Yһ!鞺>ScaXޛӝ]+ {.umuugoȁ*WG'H0gSc\}5UkSOt+̦s2yc6]67o4S}f4 ݸh72V7۳E_)XëJ\N{sv1k+c*e!]hTʩ$:+ʰC.mO=bMaѻhDM儐reXx˿k_*RKTSRKTSRKTSRKTS8BIM XICC_PROFILE HLinomntrRGB XYZ  1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmddvuedLview$lumimeas $tech0 rTRC< gTRC< bTRC< textCopyright (c) 1998 Hewlett-Packard CompanydescsRGB IEC61966-2.1sRGB IEC61966-2.1XYZ QXYZ XYZ o8XYZ bXYZ $descIEC http://www.iec.chIEC http://www.iec.chdesc.IEC 61966-2.1 Default RGB colour space - sRGB.IEC 61966-2.1 Default RGB colour space - sRGBdesc,Reference Viewing Condition in IEC61966-2.1,Reference Viewing Condition in IEC61966-2.1view_. \XYZ L VPWmeassig CRT curv #(-27;@EJOTY^chmrw| %+28>ELRY`gnu| &/8AKT]gqz !-8COZfr~ -;HUcq~ +:IXgw'7HYj{+=Oat 2FZn  % : O d y  ' = T j " 9 Q i  * C \ u & @ Z t .Id %A^z &Ca~1Om&Ed#Cc'Ij4Vx&IlAe@e Ek*Qw;c*R{Gp@j>i  A l !!H!u!!!"'"U"""# #8#f###$$M$|$$% %8%h%%%&'&W&&&''I'z''( (?(q(())8)k))**5*h**++6+i++,,9,n,,- -A-v--..L.../$/Z///050l0011J1112*2c223 3F3334+4e4455M555676r667$7`7788P8899B999:6:t::;-;k;;<' >`>>?!?a??@#@d@@A)AjAAB0BrBBC:C}CDDGDDEEUEEF"FgFFG5G{GHHKHHIIcIIJ7J}JK KSKKL*LrLMMJMMN%NnNOOIOOP'PqPQQPQQR1R|RSS_SSTBTTU(UuUVV\VVWDWWX/X}XYYiYZZVZZ[E[[\5\\]']x]^^l^__a_``W``aOaabIbbcCccd@dde=eef=ffg=ggh?hhiCiijHjjkOkklWlmm`mnnknooxop+ppq:qqrKrss]sttptu(uuv>vvwVwxxnxy*yyzFz{{c{|!||}A}~~b~#G k͂0WGrׇ;iΉ3dʋ0cʍ1fΏ6n֑?zM _ɖ4 uL$h՛BdҞ@iءG&vVǥ8nRĩ7u\ЭD-u`ֲK³8%yhYѹJº;.! zpg_XQKFAǿ=ȼ:ɹ8ʷ6˶5̵5͵6ζ7ϸ9к<Ѿ?DINU\dlvۀ܊ݖޢ)߯6DScs 2F[p(@Xr4Pm8Ww)KmAdobed@      .in  s!1AQa"q2B#R3b$r%C4Scs5D'6Tdt& EFVU(eufv7GWgw8HXhx)9IYiy*:JZjzm!1AQa"q2#BRbr3$4CS%cs5DT &6E'dtU7()󄔤euFVfvGWgw8HXhx9IYiy*:JZjz ?v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWv*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWv*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWv*UثWb]v*UثWb]v*U^vբм+zww)̪UZ4`{KMYt^}s费2#n!D0/?V.M_?Z{ȯ9k|kZۻfdFlO^nf2#8=<:&Lx@d !9xb]xߝ?!$/nw^VΖj#%T?(~tsY2Dg,c{I8Rt, McէqHH^WUO]ZDs]&heGi- 9oU?)yK>otnR 3B;|y9 #o=ܞ Ϻq0?dYkv*UثV!#u;yI򭤕$2"G`^ }F^I3N۲{;_'4>WQx< 7ԷiI =3U*,t>~}8ƈמL@3?9bg._N9ECy^ֿU𙝧-6ly"Ou_mv82i2#a\>שfk;v*UثWb]v*Uت PԴ&}GU4Us}w*C kHB ݧLc9B ȟp_Q.c(DܼJrqN{K-h<`u?8J򾟿RDr?e -I1D g r|{9E5Ķ>D_֥ zrYy;B!s,ARٴaj8rF'T}I<?՜fTQDw;jW~^//}Yys2ebڎ=ȉw!dGWjpg>ӏ'Iտ<(_b]sCLQ^7|ė~z򎅪̚huW jI;7b@W]sA574vm4g<bOs OͯΏ]95?%,;,gRi뉤y PhynFuY% 70^r__}~GQjXDd?!wr;dYgK{r Zq%KFG%={|eŎF'p;K\gg!>cp+״O-/Ggso;QY&OO4='_h1jx+ ԣ]:J'.Wg}H b>#9ȓt}cscoj;vO_t'ΟoZy7mybKT7 @992&??6?O2(_cΟϏ!C#6{~4jL(a8oiis2O┪/y_Af g,Ʒ3ҪS|6jzYnwz<wrMav0˚yde2I=K΃ݟ84yF F#?%ՙYX)XGB( EW}dխ*8[jnX6Q/dKK 2L}EFFǹm?)ؽO:HOtxer~^it7Ww@ma_$N@CF|Lɓ]W=^4ˊ15hג?IտOM/ٯy~nc3 ?Cߦ+YD20~wxgnd~aGU|hw@x"o7 _9WIjW>{/i~~I2X?5N?GMz^Tk7.'g>/NyM{7_Sf|e;Qw_:kk7+$S[ɗ~IJ&yjb#ez~s;6=t哋7BΟj1ڸ \LIտfvo|t;׾ʕw-QY""Fd燳W,wx/g/]Ն _0}#KU7UtgQ ըh( Ǵ=ݝ1 <[ח^O~9LKR f?W9r[4̯o^Mci$ i5mRF4Z$Gˋ,=Óv_F/4:koFU?Q^7|~?ǃww͏)!Lx;7>Q^7|~?ǃww͏)!Lx;7>Q^7|ĻN_憧7Ge?;TVHȭ+Q9&Ext'SCVvOWM/ߦ?6?O1dExtcscojvOWM/ߦ?6?O1dExtcscojvOWM/.|9*V矦$C|P 㓞΁,(_bccscoj!ٿ;Iտ<(_cLlԟMq [cٿ;Iտ<(_b]sCLQ^7|~?ǃww͏)!Lx;7>Q^7|{sRޒ/B5V]x {ci<M/kV/Μk{82(5+̐EyN#a?r(Oܾd|/O:YdqMwPy8^0 h ;-EH_ dў??rG$1 558Kd{J:~YFe9;Wb+Y"fSxԁgQ14E&;v*UثWb]v*v*UثWb^#9mM=3~rJ kWrH3sd*jvfԎ(#G7O.ay<+_/y_OrR0XVMR$4ڼↃw??su3G7ƃz50>jp><]>q)բbjQ㘹kS1!!>-bӬ--XA਀(!H6\bIbX7̍?T0uv*l5B++ > .o&`C J^IUTI22$xe)IIy,!n>0MXs-l% (i^USc_OruYYe`6}2nWcaݱ. Y62>a9O*E;J4M'ِ |=.#GnQ 7Af<ԓLG̑ŎYf!ry8n&4q㉔'7mm`=+e+4#fH)ZTY8{3zpB{YJQb:ҙdoNeo>PϝO5h֛0?~$c8xvd AY4Oq>߱;{_غ,O?)C2y>NW_珗<ռsR ̈́ZJ921\ h[/{S\w,^v?[_{G^'G'rt9C#\gB yGJ$Og5Cڛ^e1ѼMvXZܼ9X&J-"CH^HP+"[^ҤeC !Eݳcq.p˙>_O'sv~HhfG.@e;s$;9ܾ^Wko-yz&x4HVGXP2;|L4!DB7vHgH19&A24C)F;+:ցT̿?{Aƻ?xk^8\NYqcoJeWb?k2?f:v*Uث̏˿*K<.yju hu]Rn UgOݙe H Tqb' %k?g_m连>dt˿~G=;:m1᫹+S1^ L6 V"v*(=:+0uv*Uث2Y/f]v*Ƴ#ߡYcWb](QiVaUث3%-7ǖ.֚n5+6t(Rz&69Wx}y>]CqPՔfn^u^ċպTPt,/ɬZ^}>3g#kyU[ h¼R-EU=B3Od <ԅg0v*UثWb_v*UتM0S5?2ySFдhS[QDI=I'`I,ŊYd!d #Cr_zzխ|/Ge>KI~w |$Ez^.̏ ds\<Δ77NԴ =/J4>fbqHUU)F2$vO$e_'\T?c^n.]jm>/RRd"L8%hdRu%C2 b:Pخ?/?*鏅b:Pخ?/?*鏅Ƽɫ7~婬bX9Oz/.1 t-^l8*POJe^?%O䏑hAe35x  hvg* ӇgKh_N_=1.Yw_tKJQ.e&f/,J٪Y$?CK~W;#Xqx%22cR2us8qPٟo_4zA1zƵmiZbk#FݭhcPl2L_GV>M6b(>A^Zr$2++B+;(bDq/SASm˥!egWC^[I,Esex;o4rqz u}jx$R@O L?Kּu]?MN&qS,ǘGK:5QnxDժ5Mj Y>?7&'&٘1F3Txolv#|ֽp$ŗk7g럸? r±bI{hdβ$=2#ڔsjw{hةך;LofiC-iNb_?yu/$k[I53HέN3ǷtOCۦp>%fc@ -~y+^n?[N ӗ (zҮ3QQׄ|--gEFIf1z#?%k:L³"MetjV5)@H_'2K-_Vv > qzYrkMZe2I?/?*‡w1ԝqIPL|(?V5_Yk57C_xzXJNo 2_b:Ww1ԝqIPL|(?W?󝟓ͦcu樖 PM=wJmt=Y?joVmzMꇨEkAC%^4p$=919$?>j-5}03[T6V+u#i/KGo;Uث,򿟼~t׼r$[Q:0ki#59N]></xW־C] H4v4Z[jbJ=ˢ3QoA #&s^m6?&`cO~Rh@߉kfSP'C/sO<4ZǢkR<]qV423ۼ/h_' H ‡oN>?+Y|M#;4V֮H+9U'wu;t4 nG|oXe4ٖЂ=ͧ4Pm-Q}Ab "ZT@DrK*~zyGl}[rv Ut?1i!MY:ksv|yqď NcPؗ~I‡w1ԝqIPL|(?W~I‡c_ֿS}o??׏^>qkC0?/(*/1<ŦyK̺̐= ⱽ6`62Q<`=%Ah^;a+?/9_.˻8幧-b6"ʦNfBtxeBb:Gb:Pد?OƝ;owݴ|}^?J}Nʽa\A98q,py ˩IGX |i󙿐V?EiKi lmQf vAʥؚ^?6nA=,d9H4qyf CWb]v*UkF$47$ U)u9n&y#fZ۩r֭X7evjb}.e'y?c3~PQ[ĐA,pDEUU(|ܺL UQ-[x#KtVaUثWb?AeFUW>uה:izUR8֣9݈OY&j1ױ;U:Z-,x@ 6a|1 }J ; >&oB:}Er@t?wQR˵PFb{(f{=ز=G w˧| ^O Ae⏟d?хߜcȒ=q9ikak([ KX*Gvs*"3q0"og\3.INxLN$w/,g6$g4[?8~g(N>i?˿6"4oÖҵSZ5J-i"vs{{?{?&پ|RrdniE~yyl2:q^@y}tr:@Z?N~vYo}O,khz}2BK,M3K|s%)T]#><ֿGmOZPw 7?5O_?(d5w8^)s8GTmڴV&hO1L} Q<_E+Gk[TbjYxqaq?[GXA [f='\g*տ(x?3]AR?^*i?%8-?!ǻcs/qcr!׵~J~Oʮܖ~" c9K~B@G`G\}>Og[:G5 v*Uث~ ׼ґJ5+e:{g-+}|~m5zR'*_vB5~{obƁyy0Jh_M؝1=4ZNF/L>?Իwˆ@wwfH~ڪ=ͺIo*,)r>_]f)??u&,]C}\rr~tן^jHƝ# Dԭ'xV{cct?coh}ғ!?y*Ǟz:/vef9Ǒd +VM 5 k?'|dGΙ}MO,xT2LRU-gv*Ue}{C}^Oa{l-hJ D¿C?6:_i8 >8c, 5C@ʫ9cKxr1{yZ2̞TSK@Jj2FPj}y9#~lAKI~Lxֵo-:h?>Yۀ(=7PNH̪nH(g#|h9x3<T~9UثWbv*UW5>y󌟗gyekQtn;K44fb^Ab;D:}>\D@9yT-S̈́z^Ze#AԞjvbI6if͓Ĝ'dSbXտ24Ef]v*L_di___C[̓:}仧0MQ+QCVH՟pVY'kk' K:|߷' 5GSSb%~ ]TZ<^Y-M歬NZB6;EMɩXF}ίcMG;]>n_9ooXϯ6Ϋ̬췹6$g4[?8~g|/^էg]$W"dj歞!3#̒~oFK&{rUO0iI^4;ٛ#=̧#= B>ϭ׵?쬾u*̊ SA΋,`KϪ3Hb]9u?0|/QG^j7cϽůlGΚ.ya>&5`^nr~};`^$4{?LKy&XgLZQ#7.|}SH>\Y T(B]v*#mݠn5;KcGDR-T*я=/4r -i3%?]9}|d%kEf1d~Zhڕϯh_j~3qn[c*Xvpc??/#}_UG \0`]IqFkBWV4AMM+H ˲ÂD>p_ϺMxWywQiqUDo?}qYXG) Ɩ$cX1i{sMH`X {pv?L5 O×wQg&B_濛'MثoqVG妍]\?E7qV2ONElf;S(=2r?[_dn .qԗkzڂm_ixv(pf]v*UgGgg>b/-gKp./Ei[F#㔃N;DKs+>J_̷oWn|r hrNҭ-Dj(91%܎R36âWy|y0xg+WbsEmk70XmRzUHս^oEC6 1P۩t5028RTZS ~"7~=U(W?A_"mwwie4(W;ln*Ϛ8`g.A [?3?9("[?G5"1XsujČY1ݣ@GV/z_g2kQZV2j9T|ՂHqpY=y(]_PG|yVe ٚp:2n&$>w0fGBƱƉ&=//bĿ73C}48j+]:ŜC,3?I?/d+檖$vjC/k=僱Wٍ89,ua=;U$-{OD(6iGo.ƺsWGZ:Zf)m=̽D7~ seW8rw z??Ǟ$b~]Rhcd8AsEP%P(}!1jy,y=-h&~Yg-4eut`7R+CP mcLk%Z{=$E> i' BF2F”LMa2!ثWbv*Ƽ#ȾT:}ƣ~œv_E]⣻2e$ar43_2"zyV?07skM*(u|T&Cnn#(ьW.Vb81i7b]?%?di3]v*U99m-YU^Vn$hnȄ꠶By_i{dqNc(_άv?%\q>gGqڮ__O/:Ӈn a`dIhv!~1~g(r6~!ouI^#\c/8xǡ7-z;wo#Z'VBW i)8o!/,:G?/38qPٟo_4zA1zOڇi1:,_ϊ?hGbɫUz7Ɏ~)V=q}DkYohBGR21s{[JVYG@7Y~} v*UUj--:; HH 6[(]t{]ON򈿵:o-!/G`soBmTC|Bw`COBm!g#篣rgi|0>T~o T@zShEx5 fFͥyQ-[x/YcWbr[ZS<{?2X?F?!{WJo;z1~?O [1&uOsPb](GA25PKU=(lmI.NVd!ڢ#ɼpdCi_x6jB#-P#Ӯ 5;J{ncg^{!ڟ2zOOo Kr@bN(m%~? 'eu~Xk<&ojYTڀ$QAYIP=?_ϺMx]G?gɥ//yT܀AT9Zʹ?'9|%ԢzL;TDyBO#gvƋzTr?7{GZ}Y7 m+R[ܾQHŏC'/<Ƌcg^{!ڟH2zOOoq/}u8\yV? 'eu~,yC*Y(_#/'GKWb_;NG7qQoIZy7ʉ(UJ+}dVv_fd{R_oמ?;c~`y\*EZI"ıf>b>es)]>_bY.sTCV14粢v #&R4Uߩߒya<,}@$F$C*-AXAg-8L鯐(?,?+VG|D伵Wk9/79o$\ޑU 1ș̪p :]T+"_?g}v;tWYs#vrMh]kiq{_Cu=81Kz<~otb$;}8.nnI/lO1k74$ ΗIں}Nѕpv͊|Ϸ&SS٠WYGscY{c`?ibc8Y_B(G~NGm5ݭ)ҖiΟyjD_QM2IugF&d>戵-g~t}[ɍ(vX? 1+JKTv7h~oAsn'z(jVցQ C$4֔> _Pd9?t|Q8 Fˊ^(5~̀M|9mȥcX;+\k hi,Ks:d?}?6꿮,}>OJlmvP/5) Y,,5fZɔ({9sL+ZyK_.]}-CL)ߌB9|24}G 嶗}UbɒsvӣsOZ@"Ov/mbw{R-yC󃟞-ƠU!V)fNѻf4#S&Q~=w~o&5ku=Q69%YYVWvm톡s(xU)$nPH F$6A\~NdqZm$_r2hRq4s@ 5Xc?~7P^TR> (~pص_(iw{3ȺO$sA#y9GoI?RߊD(l gDq|.A6UNҷRk,.w'=I8FX OA~nW#9/OrlI{ia/q=wcM u=Y_A89Fo&kQ$3#I@kO{OKNR1kH]w?/x|e^Ši"x2.?܇ڙQHO'qWS&*Ww5O{{~kRUثW59 3P~ qF(%F]石gC=Ё9Hg4Ϣ?I? y9VANy/Ҥ(T>ҢM6*%~Ӂ=f}OFDo'̍/YcWbr[ZS<{?2X?F?!{T]4MX[.`$z(T'{/Il0\>nđyWE. Ev؇ɍFAG\l_#?=FaoS$Sϟ+K6k7v>j#HFAVFr>6=-f dHO{81CBA4'b?A{fFwguc6iyӜޚѦ#@ӯ,»*`\Yk_Zig{=_Z_P:E{dnfV)~.wCp6z7j^Ra$OXZ.?>M.G//yT+Wguc6iyӜޚѦ#@ӯ,»*{_:k3ib+ xs?p&$(̊I<-^MF-#\Rֵ9#,|Tx,",@y֧;=twoMVGLw܄%=.@o#yC`KګW~KJyyGvjYMw}-Bcf/"Z%3>ƸzW:.-e @UߘR)s)Mv*HJKȇ0}iX<~`Z?_.yǪK=]F{e+!R 3!9>ִ$Zy@̺ދ >s!޷viwFcjgAQ'=ǟjy|8897-2t,j^k->wImn*QH|vh.~!`(o6?6?v_~󅞌'wvߩ]=̡0g+`uc[t;m7~d#WGR 7;?Eڟ<Ѧb|y 4.ˆ_s=qH~/Tm/62 }Vv+)j5KƳ_GЗ[?Yָ??%"?Xt~Ϻm#\YC6}9g5^jRX;XXk̴)Q>r'9'C5Za:։yJt={M}Z[=KMIN9cumebb$!(!/Sr/̿}F:i2˴ӅzX{;W428o~`b2b35_Oou2\T#U4 "֗@ڏ4NisKJ1f.̿BJ_Nm0+Rєg38H?,ZS˟>T"u5:KqVf<;۱ 9G~nfC<ǣo-gE:G--.r(^%2FO/ݍZ+# Ö;OӈlijZ2#:ǧyӲ<GXiԲs;?'}}'G>oc{y?9b?hd}O)A_wqa_ޢssC? =˿ϵK~{SPՅwvW嬪9bJ:e$pJ"@-r Q 97yj!)n%6|I^ԕ&}.薶nGg2ӘpExpriq͐xk^__W3ygQ/Ȋ:yZ.ly %9Bn5NQkFOz/13D6vV}Z[b$3}ke##e,gA{eڏVaUثWb??i?Oə㢲Pv :o:&$?їR&|̜zÞ_U͖յ6/Fܝ=Tvxv~g0} 8;lvOs(sL3~o81Yuo6jI-tKYo@jLw.# Co}7jx&\ƒ5R>h3u)ܥfFWSŐå\ ä[Wk+ߡ/~q1ɧKKDX/t8Gl3?I?/?)sɶkWCԥ-gv*(חi&S<'}O_s_Ojs /~O,y/;y6KY/4Wc@>cq%2?"~SgZ7;-~NyKo*ImҿbPDZvs8iqp#/GˣS-H􈺶E|)(zag^隍]ZZH*2x2aFF$2Wz/7Ngտ$|C#\5֟p}Wp}x~^^iin!_:f붥ZF@r9 vܾl_Q^ѼQIa)FԮ1lAdGeU޷GcX{ʻh2lkyWz{-FMa*Ƽ/˺tO뽻dNGOd}R`7/~bg @m4>K-$QF %9Y&KFSMYFRF1I=?d!()<g\(k7pԁK7S=y-ޏ!/oi$i\qD6ϟ38c67zWLվ/]րQTO=FhI'G,Z?1+yK~;'Y5_W;{R3^ΎE7ΫS'3MC(O.eO/?X /?ҏԿ˽)k˖si6!GC⬪?,4hHJ8"/kܱ0| ASull_.Ld(r ڭ=[c6M/mt׮to=gRJuQ+9?M+%,Z?*=/;?&r+X{)nn$ii7H! L*~Sg'gf>|xW˟v7G{_?4>{ɇ_HdXh*7<Ld,<~~Af̏˽#]k=e~dU?cF=闼u>;g+ y"}?sѴemh*rܶ2 \Fh2la*[ţɱ=_ vL/$ӟMsvM#M>% ʐ DݳaN3c,|o?=]?t $2G,R4R VVSPALg&2D?l?6&|ՙ?zCK3̌i K{_gَ˥> x\ VݲԼZ[[ &&b;T&/ybG|/0ţh>T}fԔ480܈Uvl~d#hM\ e6<`8"T+*34h9DW`^{*U88gy^?1a t"Kk`M'"n2q>}hkz#!)>ݑ%+e_6xNJŗ*VFUQEQ$; w,Z?Uyn_6/]bz(0jW|0y2_[ţɲR[ţɱ=]yX65o=#&ưwbdk2|2Mz-|}laϺvzC $HX&,} 1#ye[ڽ/3ۢߤcБ6y=? =yҙ>Jq譪冴ux VԳ'EjֵGWCA~vHY=WŜ?gA-_:\pI{_M. ,tyT3p.H{Obdٯ=/+=ŃWFlO2>g.onaK=@hX}cvΤ7L,q_@,Z?1kyKk: ̖#36T FxDZc/,P\[-s@-UuWrCӎ^d}̇'goFӄ-uqKDmtbg W{-FMRMy?s/̖zVry T+hX.U7[^Dk/gDK>0 8N]xoΰoy^$ FvwLvT8xnicybizkK _FxcUo!{CzJ?^{dz|^_O8?=/3|]ȵ {V2Ř v*Uث>ө]pkLkB9p߯eә?@?aG>o̭54cڔCtLodYԈ_ZgMqr9~>'7/B{K?^z>oR,?jOǙ_㢳 Wb_D6xle5C3Zo7_ɛ|`% ?b?- 9,u7^X: T #ߨ4`H|)<,R?~o'z]*'jy;<,R?7YNvpYG[["BI&,w;'(cP .B Uk{y.K[yT2Ib4 G??>e}*ADn,D ?CSb < KUk{y.K[yT2Ib4 G??>e}*ADo?,ډ u='H}9z_ֿ4/Hvs꿛ݶ"+ l}xGbC!KIk8( ?/C=EWҟI._}gZAmsͨA*LjvV#gkj-v/<* <)9|bX/&OAf6Cmm$Q@P Il UC/LB Wb]aAKI~Lxf:|e? 7elwhb|,SY~`KtzTc"eēPk^932kRAW~]{vƛ!Kyg64iw!Q`z5_gaI|I$jOS/hWϟt'yv \_)68Y'zxƕ¤akb3>/*~G΅-٭(tQX^ c3N<.Yem%h6 :m^K<%ZN~1ˆ$ƳYGЗ[?Yָ??%"?Xt~Ϻm#\YC6}9g5^jRX;XXk̴)Q>r'9'C5Za깄'^8䴥ʞeQ$ r jXքgkW>랈W>ĖACPgxd Hߜ״,'N9tېi]C%ps.$y+ѥGOb s^ cOXV  zsu.QRiŒ>@|Ҹn]|9s%攱fxHjm^&; ir\ YYY㴆8Q۩PM;횉6lcA{eC0uv*UثZF1Յby˟M׼滿hO5)M!b$W!Wރ|ꡥ,4?:bcœ!YK1)m?74sϾeZ4=XVVQ >&,v9lYi?<-o;y ys[46w2CMۆxfplP;]S bC~'ꫩ~HjA/f5]I2J$faa?GM^UC,qO(ܟRVo[fZ6f.]~yhFbT y-vNxܠ8?nV3|+Y]v>O~/HD}/s~}8QnqM[@?[{;OaskP {Z7C<8L~hz:5i^@dS\Oh(XnIc J<$EdUث~Nomy럖]&xiW=r|m8O?}Yڣݱ./,1M(ygjZ.RF%dCQf8&H#7pKC_˦.a(K0b~=z\(/G*Piٕs|Y#`"fz\ÓicC;~fuϭy[˗7g ;w7$3*D~\b__/u /|٪ ŖI4OJlmvP/5) Y,,5fZɔ({9s}WWb!o0\K/c{Oꏽg1~ϱ?p?gߴGߠJhj!_`f/?*G}8ϨFiqovK%Gl>8jNf <8n]|9m%QSŤy0RE4`.fh~;K[ȃ,Wpѫ0Y0B8S5^ƙ~3]v*(_pd{WϫO?u4Fz,x?)Σ/}7:ϞͤW@ƥ"Id=52jG1rÙtuکVNɮԟTϦ=!>Q3r;3doж_^xz5Zf }Uثs~c_Cx[f?v/@7Ɩ~V?ٌW??>—'揕׮ l If?DAg{Ed;;Cm!V0q/F1a~/sH{sps+6*.$#MW瞛 <~"JvQGi3$/KmޫIc;`|__@f.]~RyyQȯʯ8Ĝ=9r{R9nqB9?*L?cwwj =џ؄ǿY$~hǯ09<+PpIAc(o7^/gӊzKW~kqD\"2"$|_]vd!pʳE%Eu0R(U政gsrs.FD:Ml`o3Nզ{aC̗!ث\L\z8y?@?a J%hd(HdMԆ@ss1o?%?]P>{*q/Ud,QWHQ$.8+LC`##ȎG&g:F,_ϖ噽-_wsdn[Ƅ4lѽ;jtc9r#~ _俘yW,- "F_k^UǓNe ,"E*@o_#wW[?Yָ??%"?Xt~Ϻm#\YC6}9g5^jRX;XXk̴)Q>r'9'C5Za깄rH޵ܹ5Ҕo 2!% }UݽSE?V_9i32+T1#lʊ{/?)s28>ZO@,Ńm9TΜ')yp݊x䶌<^E=FBbn쬜gCʲi|Me ]HvK8r~Tu9N${~ÒC̦P #ꆦaUثVDo'̍/_{H%hM;P4ͷ7ǧs zf[#nhs~_Hz?w?E+_z tL yS$I1W7^_3BtͨbIE.(X{3 }SK+&LO0>y\oRgb+4{[CePrkV+ rGO(ːQZ%_Kf.]~nTy P79{c/~,:G?߲8qPٟo_4zA1zGGc8xR_д&7o-kwvVRv5#\uwǘTV6d3@|Xo៩8~j4=eH&cE R1r1?o1$z [N~\8F\c9@pmx^cj8n3?sggXϹ}Cdb>pוg_yVLXԭ4}"&bcgbZPXA9FSf<dv&N\ffIwFR ; /u/5?/;qQΗu{Dk E=C1}g\cX!sI =?./x:3Ko4WHOʦ0L2cHH\H;ߔ~g_B!m} q/|T؝C0^RX!|} ቸciwHHt}+{`jVaٯW<3/&ZEeMR\JA4M#DEff4*Ib@YBb,c^K0|i)j+~{,5(lnP qn(c@dn&?CvFZ]\82DqrD> prVh%8-?!ǻcs/qcr!׵~䡺L!/ashocG:Gd6j/>:]v*MGdj?YcV*%RN)A~mkg.'yzΧJ7DJeu'R{)ɡ}(҄#f#~;Ie+{ i8ڟ Le`a٘A'"_,goju2pa]]GT[offZ= xۚiQY݂Yu$ 4˷ֹa_2rzg|׬zt~P]M4M}vQQq)H/駲,鲊,!(B1?hyb;㽤_M3M$8qV~r%x]!'OϿBsI3suv4A:*ق;7zx?,.maCm}"(5pfy'6_o6j(}_??-?gd~1 V@za%?֒3~Ayx43!Zҕ4ǯo@& 1+lK+;?^?ֺPS$_K*k;vGډ>2Q~Ӑ$3BXsyfkih~1în?ӤO#\>ز >ei\7b_@jmZEmfOC1BfF1jsWP5ֿ,cqݻӵ!1LvSC?]z{ߔ?4~6aUثW󔟛Z/..4v~UWw@( xF^C }PuڱG/9r5e+Q_jCIz}0ߙ|ǭy_<;5Ms^TI4YP( ٧fs7"l;;MM,qG@?;L{䖻u_9[],&gnMDb%ڇ ;Q]HK6O#;o;2Z.0rNr1#XƄ"zF3c޿9ߔ?B3>Q~_y?!^s3e!+R,;ow!/>;y=CU֚nm}Jm:H`ʟFӘF 6?Z^}veQbom*E>|_i<E~/66E>|_i<E~/66E>|_i<E~/66E>|_i< dSY|y]ERmN+x"h~I%H6L{Ax5c wbW>ohfkN327oq9?B=q'?.'?ߠiՏ4c=}/EqO}~V~r~TyRi}Zԝ mj]B;槵4CY.m]/opkU0?36?үtFK-CNK[9G")$nB#-I9ӵۘہqtW*Ev74&1CC  ~3I 2N#DH8D"8* }NV6-RoL[i^^uIdhGel^4S+kE>kuZ5Dz1Ӗ;P+u=/̿m[$7%2`Iӭo_*4?ݱ9Gq8g1kڿ@?;,?/.g|o7Wki+ۊ$p;x$M\_d{EKy̚#=eoAۃU(F 9)?-tMkneV ̓Ώ?(2YľO&KB?yܓ[ ^Tc/ԟ2^-UC8Cc{?SRɒPn_˟#~my}}4{\RGtMo6zMn-\8(r#k=ԍ.J?I t=mfS~t]~fy^u4}b2%G6= H`{[ˤLJ&#D|mzh5&9`J2J Đeߕ?6vw?~nK|MÁzÌ@9^=\iSl]MNN؎c/~;|1|KVҸzk8S޹~g ]xx8pKVѮmSkVU:2ZytqA"Q c8&')ywG/sp,XOd7?DTKpթח4C:&/[Q⳴MV ɩV'.|r{ˮ~z<⁜Ci_4mʿR,m-+ҶbJF} 4<dv'hj}yg)&G/?%2My>E$5{?0zr9s^#OB-AzܺLXrb4xnDu}=k4bx(ˎ(Kd;ǘ7Aߕ?6vw?~nK|MÁzÌ@9^=\vw}@)O̶e&'WGt>}vci+i\=Ob?)\?3W}|.e |x%ի~c_kz6[5G^-b,m,[F%بϡt1G"">̞yg)&G/r٭?"?9bf_z 2zepث%GYW4;iVΗ[~<au[<ཝ ^O'?5}'>H)|m?J_20~]~c[[5Mn8)znWqu6j|=lSlwgwO~^Eyigh6W7;pǥB?|}C2V:W-95-n+p?CS3Ê/b?~ƱƉ&=//bĿ73C}k $1&9_eRث^^eLQ7?!?U$#?d N2Uzxޠ?/ldpxz./ȟ~gPw~@BRO8yc_8lZQe\=ũl@?G膗5=: Wֺ:uNvfO_"X0榽pN#5۟)?ZWlK]\'_{}:a)}+Uثv*%?):Kί Zv/?M7٢eP,@PUO=L+]%zH=ثWb5C'v$F",obAs/@/SN?xyk'aeq'[L&AյkɔKnP#-y'˖ԚliҶ1DZSc:WE1_>AmKv$n}9ᨎpXyX8h x>Q}Ksr#zJ?ҁ=68yߔO~d'ѵv˕,RPGB A#ˊxa1R <5:i "?0v;[UثWWeƉ2[u꟥%]]irbUXXP oZg.(Wr?' mo{R]hou TxH!ڦ.s'߄_ilI*II[7s?㹿/ ]<_5jUثWbDMw]J<Ө(Ah k=G٘ ?CKD?M"ygGqR'ug4o_ϝ6;oesfI +*YLCg#ԯO>,:G?&3_v*"FDkCb򕔫GQI.L SqON/1̢yyYXk"xHryNўsNuԶvoC_E6ΫLb]H%g揙 :VR<6Ite`Rs@69yvh bUثWb5omƇirG79íq8{$Iy$;NEyaf33Ȥ?\/ ?)?qP7<ǛG9J;jgq Is\jbhb`:P 4p ~Ŀۭ6Ql' 9b`e ATUA]|:qK5h:QbsBL,Gɑ} Vھ-D nn[M=+0;x$"vWwo.9a[GsqtK S r mz'"ΑoOz8hϸ3<[ɶ)kO=Ȓ-Pg9 Cy?1k0{/+=ŃWFlO2>g.ongI-eP֬59e0#`}Ok#_>r7m7VӮu]j[ZFԦ犚; b&F^z7WpE<\gp 6UYQ  ?"<,'.$~慢[m^>yϼ3/y5]{Ng$wgyb<]Dj^ݏñ ({lSӭ^ՠFy 3(5<M>o:}cߙ/YIi;Y!` e(S6.'9I?揷\ѸN]v*rɳ~XB5xZ] j I)xfi 93Ō9>宣gj7 we}]\YDy$J:2An&& 8DV1ثWw7uz:`VP%+-h+Ok3Wu?__;oY1OdG1s~U{K,0D 'Ma&s"14'u_Bh< ?";RqwO_,?яW{'xRΫHS?~E;RqwO_,?яW{'xRΫHS?~E;RqwO_,?яW{'xRΫHS?~E;RqwO_,?яW{'xRΫHS?~E;RqA_hΙKi7|R7幂H.A9G!vU#9a27H q'?.'?ߠiՏ4c=}/EqOe $FE*;A)csp/ElWE5o*NtR `|F+'@Dz8=1~}a7kFZCa5DJdwO3~A~pyNk}S:*:t&-koSOڡ9j{_>2>qPk"-n(9/udlw0o>^~I׮Gۧeo!c$FCr'D{WcǓY1"=ɟ~i'Դ F^^^{ChjMxq~7}0:=?WLo#~T4)/oU}D(!UHؖ#bg/:n^O:~Z ]|5hx琏:;|2} o(_7xs_7}/\~,/KK󞞋Q:,,j7S\C?x}_&vY+0HܱH7妫qirihǛI? 6`!Ck8m_;${K}_=X).c iZ˒o.tH4:KXq<~v>HqYu`Gωk2ƖEԬr+yG> s_gP/y#*y=rq̏|Y{wo+ = {mcPА~:qpj*!w41=\G<ϻo~zZWĕD ?}]A}oo,v(HQUU@;B0EA.Y噜ɔllyO2^g)$}g`>tgguUQ3<`H=y/h=ͩɒJD~3 ~vob41bd<9Eh/CQ.;(Rv)]V@3ŏ??GKUdH?RsvG4sJHU Q;H>G:Gd6/'u*kZ>KFl$܈B#!CZQs}p Pw^{wC]-Vq' V.6%ec~[b~}y.i4OM 1*\=K;fOyޯ}fc˟~v@9irwdy˃F^yf6u׬S1ьgjx}/OOdjcNjWq ~g!tkv7]ڞf@S&'/!3ɿ+M̟[,^V&K8nu! *7. 3?b) ʑ7ᷙ?6ua,XbYI}{ C@@: 'Ln{}>9pnr3q?_bAYIE$E# X cp `|n>k8+}2̉%1?>4he&tY.BNG3'8 _'Ǘ?g8r.77m&3Xcoˢψ'^ڞǏ 2@9?(32CyY Ėon7<8qݳ#M:IX|>n=́[5LN_CgV է?35vYnLq8ZBA8Tn\g}~ Ru"9@n?=}o26~m2GXijKlF18@܀tOIj}seٽg1e_O E(j1q&yȡzOӝZK yG@?qRoٞt]_>HNw~N _g53[kGxshˣ~:m_DyqC3Zb](QiVaI3m?0ɛ }Xzv*U2ѿ㱥dqrO16?6?v睋9~pј3֜@f{ob)0ǞZi1b/6?h`^A857zY=[%jz;VAy>(ݿՓ'匯&21H35W?Yָ??{%"?P_!>qUqgg~~^Sem֯yKZy`UccQ/2LyFO˛O+-4rh\J#4;T5zLOO%!ig/pvo͟{O[ʾA/0W^Q1pl횻4UOTWGm?/ }R~ {(e',lF1~3GgyGro#KM#}7ek!ZEP,Q,"Kfr2=YNRثWv*Aՠ^Y- )RնAsG"ױ*ƇOIcv eG07q+Pryqw-'?*5FmyG: FdوӐo!~<ܽ\D,yK+4nWƟ_Ho2< ~ĺk*}9h;_Xx`y.^C߫x}QLd8sQc(IdyevYX9,jI'rI.&߼ ~#J~O̶8|i( YѦM緧{<F_[?x7x?c?.=ثWb]v*UWR,/~mW#YoorlI{ia/q=wcM u=_K#Qm#1|)eYBaP 25P5]guj=A, ^#蚮!QA)qU?~la3P劺88I4C&Iut3oTɫynU=1@2ωTf–eU'; ~_GZ|PNAx !i7nTZR͇UOڇȧwCXn?SLxzv,7)]Ym_&yEu֠Y?ʲت2m[f6LG?A=]ΏJu l].~[D<=CNc!:cz,ϧn1ܖQHQLLxB]v*MGdj?YcLu!:}I\Ē'`ҴFF<*I[?]y?e;J yk3!3yKwc_/iя.ETA OХyb5]3(ޗ 1Loi_\Ly͏e͏ybc?,f/ ?)?qP7<ǛG9K'38g4ڏ _|>Cby^4_򵼦 -3}qeoι/==WO9oZXNgk[^ ~C 'o-e?+'C6\=_gZXcDO_#2g__p>pfy'6_o6j(}_r?"ZO.|i AbGT.r3D=ݞ#Tˋ}γzN)](G= ͞sZk2`+#h*p?Y?%oS~A/?.d_ϟ?1o:}gm't0ru؅HٔNmCZHs|huF2:t`Qת V|㘢 8H ?G)|WY-ԏZmQ}E nLR>Cwϳh;CJ.y>N_шgOͿ<|MǫSImz$Hv5bInz>gc/C cYHSw6<1ɉ?45^ݿ^Z%\.Q١ʕMaste;38"q,q?]"D$XBT 3C`#"I6O2Zeֱo/)Eo`7bGXS@:UBZx#yffRw9yݔþ_H9?5wwc/?5bjѴ{8=}r8#^q>HQU4$x+z"4,~jǧ,_N>,~jǧ,_N>,~jǧ,_N>,~jze_$ӭl5y #bQ4%@8l)if_E7Ϋ\짹6$g4[?8~g(N>i?](QiVa굕]JVe"V#Ewn~?}k++0E6 j@dO2 %?&dj?3]v*ef|HMz%.}5f@hԨ$fNGVO?oYۿhv 2G*dثWb>Ñ0uv*UثVj? 3#Q? 3]:HFr#J~_Ǣ >U$sL*}U<(D]:*nc𫼻(l_4*ejUت MӯMo,-ό$g(4ΚcRKOGZ444̝>YK W*(DP(1v*r;4-m$]STu^_V?O^_5X@;G$R gQvU,}'?_z[?^qJy՘e揭y~N^AHQۘ|M$G-1H: kL'sM ~54O4{%"?P_!>qUqgg~~^Sem֯yKZy`UثW󌟛֋_+Yzgz= mɖf_!ۍ5Yg"/OǟO!=h71U ajބDjƴpݡyum~9r#yapTm,qn(s*$05F is!G`5]I 1] dː䑑YPUثWv*UPv ⯅Cʒ)G8s ~#vK;*;%;p&NDv -o8?[ C;3?#_GA7忒!jb6u aDb3}yy~/{x=Q8sۈľ2y&Y&^FMWP% 0> R+Dj$ k3G1r|2轥K]5 b묥0|v3@_˯*i^SУ&`%?in`33~8qyOsQ&.ˮԟ^Cϙܖd$*N <#`hVZJj :>N7%2v*L_diYcWb_B rߠE7Ϋ|짹6$g4[?8~g(N>i?](QiVaUثWb??i?Oə㢳 Wb]?%?di3]v*U)ِf]v*MGdj?YcWbR1?>M6Y돼+(l_4*ejUثVDo'̍/YcWbK~9b4GߚfO5yn@DNjm9#>k5P~_h,K|Uo?E*\K7ǛW</>V^]5-*㗧2"ʡvtc<Yb  _s8S8wHvD*L/4޶2Cdc,_~@ɿG Hf(B>Ӿ\;OS H#uf:N?Qa9xRo$yKZyʺ؈jsBd>ı] 1̎3m. m﹂/W/,-ֵ]6 XW"E5fu5ǒQ S3*O?g#Wϸ>\ݟ_돃>Ώ.j?~DPDXwH1 R;8J:|v+ Wwli8~{gN ]BOfKA| ?뿫i{(Dmu[8U 9ϊfdR?>\ݟ_x3*O?g#Wϸ򾽢[Anx9ȣoËzM] YO˟{r}])^j\|w˟{qgU.FqW|W?}X:mީmmqC$vڌRB@VS)^j\qW|W?}])^j\|w˟{qgUy^o|[Zj7>1Ȭdc@<](e?.F|w˟{qgU.FqW|W?}])^j\|bk(-qķ.%P|iRYO˟{r}])^j\|w˟{qgU.FqW|W?}XERkwsE~]klrؤxht >\ݟ_3*O?g#Wϸ>\ݟ_돃>sv5> Z4Mbu{If"eRY6^ᘘ4yvM Gm^)IciTeAW832h*|W?!ϸ>\ݟ_돃>sv5> S3*żhYԭ5Kk}NVf21W.rBO?g#W> S3*O?g#Wϸ?/+L~H_=;V˷5-{-9"wc5!Cnc7]ɠԉx%_-͵ŝť/muk#so"xBU"AWb͍KR|yf{SN4rJʊ Kl剒1 JHmv _̿$yOt_2׺^n6WP$7uu4a^<..9 O>\ݟ_3*O?g#Wϸ򾽢[Anx9ȣoËzM] YO˟{r}])^j\|w˟{qgU.FqW|W?}_ww?s'S6,S-;WA'!?oKF/ ;,Р?͛Ui~]i[i2yQs$).vk~H'n[V5m#ͩw,*PTubpLJhsnYM]OrC==k#E_)yIO;)=J[ۡ$$܂Nc=vcYݟ#0¥ͅTK5_̺Ω zmWZ֮d5)&f,ǦrK$ld-iDC8#+rGI^z'7*XWkYZXaj(oFفu9H)G|@\2M@3HgAϺ=v>w̺t]wz ynܖFFXOɊX!ExRY$VuqeE{;(wya@`- E44NU(Mے ?NiNY+Chj8*?ZDN>$ʻ6V?ӏ. ժDG4K^th]v9xDU7NG*?Chj9G. ժDG4KChj8*?ZDN>$ʿ9?V6^C{[(-( Q4%@?)+Y6u_~0眿e=q'?.'?ߠiՏ4c=}/L:TJy^f?a"NC!RChj9O. ժDG4K򦙦$i}-v8čj6C ?Chj9G. ժDG4KChj8*?ZDN>$ʻ6V?ӏ.Ofq}.k>y_,#1RA=_CGJ?Chj9G. ժDG4KChj8*?ZDN>$ʱ?$ʱ8t4cuNƔ;r?Chj9G. ժDG4KChj8*?ZDN>$ʻ6V?ӏ.Oʚf77^U/9+, ժDG4$ʻ6V?ӏ. ժDG4KChj8*NIi\:€16#'$Wh:N&&i$X[3B1)$7'$&w<ʦߡYȈ朇. ժDG4KChj8*?ZDN>$ʱ?WP"t#un]is'ćwv*UwNyf[o2yBNZߐ53iRCխI#5p8櫴#>LHs6 ><Ӯl?,<0Tʞi$m5pN $3{Cnqs|o}ܚFꮚe dw%R|i=m>_K].q#qEEZ2B?ZDNQKChj8*?ZDN>$ʭ}#EEg}2gv0I\|Iw|o98+ݾ+d  v1$D[@LEzV{`~33|m95_æ Y)Eg 3x 1MHyd2ѿ㱥dqrO1K &u,jMM`s]z*w3M7zr7:PnqR?Chj9G. ժDG4KChj8*?ZDN>$ʻ6V?ӏ.Of9o=I8s9q+M»/Я~mok9kkog:#@S E=+2N_Ε}t;',/?2΀rh懧Lip #`Ϡ~ygvzo6dc*D [_la0=;6V?Ә~$X46o'Kk$n((Q_r;VYGUiSqȺ .2ydCңpkmBr+P3h3)NhX1ӬS8 8cSfv*UثWb_v*U9 8q}K7Eѭ,6*j!no#ھ5C"DO#ǣ,Ւ|Q&<: O c.vHw_577~Ee;;P p7Wҵl/=7Pm.uWddVDd4Ji=)D$xzk?4 J<&Rle[09>t}3Cl4=*;-'LK[+$E kRw=Ӵ!xF"~S瑞L23"l.տ"u=;^3~F_4/u=7Y}BUoIiYʓ*FYXs%R|B4Q;v*U,|J Wb]7??*<h=A~nW#oOrlI{ia/q=wcM u=_K#Qm#1|)eYBaP 25P1ثWbX25_Ef]a~KV~<x?f:v*UثSc' r=3]v*UC/LB Wb]b\}lxWywQiqU8ثWb?jOǙ_㢳 Wb]8HRF2#Ju;7~D~L6yz),1KPHb~;ԮC;;v*U__ooq/i6n~&=UZ]Vq{r+1_{˻++Bp!Obkl=e&Q\h67A}%%|CӮ(=^Ǧb?Ϳ5?C~Aiv> N\;nUޔ=ؘ)?+o r|DeWZf%ʒ7bڕDqx3!/ymoO7濘apk6-AM oJto4ݙu 3-9]Z7v4N.BI&<֖yB^Y}Cc?Zf[rS7/oYcWb]o_#wW[?Yָ??%"?Xt~Ϻm#\YC6}9g5^jRMGdj?YcWϟ󓟕WgAmb_9W0y %4p5{Hl8:[rqi2dިwoa]A?+n hӉӨb|wTt=s0e迻6NpLJyWȟ^Zm 1Hk/=̀SչI+ՉPmV.|y%g8r!gٌUثWb]v*Uث+CL_\J$H%#wj{ |<<^;ӹҪOSU3e}zoZScFt9SաTMcڪH6>y IfΉyMM/UGUemFcc,g$:F&ϗ/=[#2goIwlQz(p=)D#y/5B!WYX?(7Lz|:4wc꼻vnR#8oO|pKWw'_nBGN.sn?Əȣw'⎶iCosU ii؊ ʴȞ֍,y37o6G[~c912^8捌S-noɾ+aZW.غ^3=GGs7d9u?Pl[~c9;/q.!ML_oo6?z3#srXd!~oχ?;>?)?5.~_y̺1{{k 1&xcp65ۮi< κw_g->L}2~Y?b=g3?50_.3=뫺ƭm*V5f5fa0F"ɗ/z~k@ci OyT3O>o*_7y{LѲa,FK-sY5#ֿ߹3ְ=Cɲ=o֟oo6?z3#s㍇hbN<[4:݋ c;~~G7~KC8Z&g?Z#srXd!~of˭aHzcS?19;/q.!ML_oo6?z3#s㎙:F =oV/59L7[b:.غL׼~~G7~KC8Z&g?Z#srXd!~of˭aHzcS?19;/q.!ML_oƼ9y8wQѱGҋ^3#˰v.35߹3ְ=Cɲ=o֟oo6?z3#srXd!~of˭aHzcS?19;/q.!ML_oƢq_6jGFYI ?oKȭ>^q]gnGs7d9u?Pl[~c9;/q.!ML_oo6?z3#srXd!~of˭aHzcS?191-^8~捌_\.o(žcJӡ.غp3GGs7d9u?Pl[~c9;/q.!ML_oo6?z3#srXd!~of98uֶv2Osg9&9u?PlL_oo6?z3#srXd!~of˭aHzcS?1917^8~]ll4lg׌v=8{Gs7d9u?Pl[~c9;/q.!ML_oo6?z3#srXd!~of˭aHzcS?191OZ6?Q__c?Vw)"<. z?#ss WpjmOCWD'-3X67蚼 蓵j̀Hze~/37~7j.^IcZdp 9FJ;8HXqb3R݊v*UثWb]bhN*ooۭ~fNui}WUyUpJ[#5:z5+0uz$B&gf%C-S" ࿒?Ge}9k8i?Vu/Wl{v6rc<_oܜrq?4lekus|8.M[ ҽ^G?ZG7~KC8Z&g?Z#srXd!~of˭aHzcS?19;/q.!ML_oo6?z3#sq~cU}9n_gzҙw.x9<͟_1G|4Zˬ_Xjm3C"4%aQEm'O}<81F=ֿ߹^g?2hwɣwQ>6ʇ\.FU 8q 7zO%鶶Zs54YZI>zג) 0]~b[FoHܞT@֏o;oKER3y*"L'vaiPxi'֑ 3>Xoi̟5-f?.LИ +$U5ۿ|ۏ&8P)Q7Ww?ݜC=kK= Օ~WAg`2}s ߞ_浦<hQCXMso|?ʘp:^fy޿/(?-?*lt-̗s(&Sͩ7F_w˓4Qf+SWb]v*UثWv*UثWb]v*Uت17q+sXECE@`EhN"9$@пaH9/]$~пaH8+{B-#E4Kw ӏ.Gߠ4/4_N>$/MӬ*%mi#+<1$dܚmS'M ? Oq'u_~2gdq(SēDwu c;fك]ߠi^뿫iOmV"?=ێ]{O$:y[H'F$&/NIxrG~пaH9G.#Yl?/]x{@h_eh|Iw=Ֆq%WV[Fiėy^#Yl?/]x{@h_eh|Iw=Ֆq%WV[Fiėy^#Yl?/]x{@h_eh|Iw=Ֆq%WV[Fiėy^#Yl?/]x{@h_eh|Iw=Ֆq%WV[Fiėy^#Yl?/]x{@h_eh|Iw=Ֆq%WV[Fiėy^#Yl?/]x{@h_eh|Iw=Ֆq%WV[Fiėy^#Yl?/]x{@h_eh|Iw=Ֆq%WV[Fiėy^#Yl?/]x{@h_eh|Iw=Ֆq%WV[Fiėy^#Yl?/]x{@h_eh|Iw=Ֆq%WV[Fiėy^#Yl?/]x{@h_eh|Iw=Ֆq%WV[Fiėy^#Yl?/]x{@h_eh|Iw=Ֆq%WGq[FҼPIԃ͜LԠj"fsiq>H/_ί凙g}Ԅ5wk xYHh}$~qy˗ƃqrᦗX5m6.Dk:E420$KQtz~0q|43[K$<eE*èe4 wR®]Ue xy`Cvc*p_Ay'qCr+[9dƕnPڽ釘P6k1~[}u>$x.50ൄ2"iu;7h:m&q>2CqC(OR 9ySAj ԡaqq^ f rYȈyOצJz=9"ۡ$C˽ߗMtyzKV(䷋ 7j7cjY̥{B-#E4/.#Yl?/]x{@h_eh|Iw=Ֆq%WV[Fiėy^#Yl?/]x{@h_eh|Iw=Ֆq%WǓ|lU,V\RGU8J`O22~-xzkTWE"ay"VQ@TR1ɭ8^#t>ə-#$xW1LPI(܊v*UثWb]v*Uثv*UثWb]v*UثWb]v*U?1Q/ G@!? WwlW;~{gN ]BOfKA| ?뿫i{_iSK*ثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWbPVm{oT|ǁ(Wk?9y;Dŕ%~K H?<ǭpC<;uZ??]dG>_AI@=fQd{ Y*aYn*l%}:)5c=Ӎ=gÖCzi:чV|z5~{CG;w*YϼY}[CRqNi֞w8h5gw=G3cХYl)4M@./Re?HiƮ| sIzyK'W]#O#Jɟ&OD+eejU<ӼM3'uzeS*/BVMgP:kQSƒS4-=/J4r(ӟCv:f|S]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*U?1Q/ G@!? WwlW;~{gN ]BOfKA| ?뿫i{_iSK*ثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]q1T^jn ږ5'cqUX2vP>Z9pLsJdEkp.X5_j)눫-?w0xw}H*mT_YAG gȝqo_-C0=IJL!rk&{YEM:Kפ?UYg.eS]v*UثWb]v*UثWb]v*UثWb]v*Uثv*UثWb]v*UثWb]v*U?1Q/ G@!? WwlW;~{gN ]BOfKA| ?뿫i{_iSK*ثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb_v*UثWb]v*UثWb]v*U?1Q/ G@!? WwlW;~{gN ]BOfKA| ?뿫i{_iSK*ثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb_v*UثWb]v*UثWb]v*U?1Q/ G@!? WwlW;~{gN ]BOfKA| ?뿫i{_iSK*ثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb_v*UثWb]v*UثWb]v*UW ^t^+^j,.nw8~p*B`+sKQLA} dv&40XhDB~Lд@o?R8CzWN_Z6vW3ͤ ;I7~vNq;aki92N1f 'aYe~}/EqOe UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWbv*UثWb]v*UثWb]v*UثWٿCWH[Ho'4 YVP]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*v*UثWb]v*UثWb]v*UثT?XmRLߣaI1zR4q"ƋQ@|ȓjv*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWv*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWb]v*UثWn5PU6G2_6PNG  IHDR<_sRGB@} pHYs+tEXtSoftwareMicrosoft Office5q4IDATxkpוH$5"i'NIB|(Yr,OLt&N6"%8K=k?v?u%,% ZF~fadΡ!W+Q0281{QP` ^DfNU1ku:׾*Vf>8[m7U[Sl:a%e45s :# BTG\Oo?5C'X܏cSf?1[Vư.&Pt]WOG&ț/KCnvϹSu(P ke4g/AEa"< yɘtߜ? 2n VBgjd)ylŮˢv3C? |dܳA`8bqzhX1|wOyйA`@ 4{/+ yZSv G`Ec߳JD@H>zwr8A8}( #_t#̕1@=SO} J]jY']nqӾM) /O:i~` A!<"iH'  W0U v%LA2,Mx6:lF$lOkQIC˰LQ%Xeu ZA0m7jöjw !*`iՂlBG 6Vߕ&`YQmb9,rsJ6!8g̃ưRWqۊ'=IH`aT1hZa`4KWBwl V01~|e`nyh|-!6(k8;H x bau1أ:AjH[@`lNa6::+'Pk M 9T퐫9ωp Po9,yҙ V{]21gXisdYo6 z{ij<@a7 H= 0hheG?IQ?`@-T/sdp0l VA`¦mSi̲5 ,YiH^ >4ķ a ^͡eEI!еc 8$ǰ0UDhU oEйwy" Mlİg $u>L̲dAAAAAAAA,Y^ (]K2 eAPF14AClb-Jyf]S8Oq|K~AP8в/ (|4.AP@B*<^ (| c(RCAfdAE%mVf]d`B8*5/P՚dA){ߺ@IA4׆Hqsj43O/9gk{#2J w>澆apg_DA0)?FxSB1f `D=5 k0t-`݈=#7`BLX >aFXJbAPO~}\Oз ֤ (d/(P"f@'z8χ qA<&ƒȭnO:Y+Q\cF<ķ|J}`фf !_WvlAP?ڠYUO焃;- (?7[~^3>+WU1Ww0 lv3mDnՂGEBȅ 5X_H^79F'2*$ D+=b鈨5]6vwJ A!HڂMnn̶@(y^Ed8\ XdsyUshǜ9&DsQ.JhiYXo-"IWyS#)M#kK=@ɨԂAar/Fe xr5ir1f\yr.w06 Y$SH "Z= wؠh.U>|=> $,pe (,k x14=N gSxs:*5uj^xо?11K)ʢTV6E,eeH I96f{0153333A[A `8CPm (e2 '  (e&nHz6i@à8hX>h90شv؆. ~+oFc/T f<Pgl{|POnd0l n/,Z CB@?\׽4W 򅡒 H֬|R$BD=;h+1_P]fkN< #)!*_-C!<=)al/|BaO)H2 wJL-pE:,%h w>澆"eE&| |ո ;T"0)?FoJ\Q좂G .n]UU__0jkRV)&:8dzG_3`%hE Pt@Ys+WOF9S!H<L;| )扣rϜ ', 4yz}EW5V&zߍQ+eJT%6Oз dfwoXhyYFtY{d$ax(]7Y}Xj/0V?'NNg^䥟ߏw%Km(9<||$~voh"ߝ'Ӿ`J {vktg{%lako$M%«|͓]$7wy|gx OzAgSN! : sp'Oݳ01D39C]X˘ Oxq @46Zj1><`٪Ua[BpCvV7zG\;x9bAsFU$Nԕo ?$XU@o)_N`֞`xA >%q l%4 jߟCC's|k)kߧ|s<'P oZ2Fsv(0I/Vf +c侴iNЄ'@&!>pmG]5!oR(v69*jac${eK`}8, zTA_@?^SsQOKVr@7<j"V\!L!|lIa!p-ݺB?*_Թ?xnڙ$BN~WH69v^rn] ~pA,_ q{񿐁Zo)9WH(S6L/߀?c"'wd.w׸i_?(ew/w= ؎ޑO/~:Ե}&X%y+;`j҇8]r1 ?q&~J~㔖)Q2!#@?_g2x-ep0U~C '+ *3 ڵ.o7c'kO3 8#@h@ A;"$nj֋#qD +l:jTN2"YpcLA frC"bYozB`ɬA9| ll Lr:NÏ*}L@"!r}~2*Z5ʸK(O c}̓KvGyZ~gff޺TMqJov Tl32h]Oĉ#^-v*E7 nԶuTC5}8oPJu O\:hZV])__ SmL6APX|_~eY خN7g 6@@NWBNAjrm[/jr Sopj7#p] ZzIܫ?zd_p r]y bFt+~.j3]O6^ pNo3TOW~|:$ l.%USC z e0mJ+|8ƚZd .rsʵY{"Ec@66W?C˜0J6B¤UXA ۪W&  6 R!3ǐЂ8S3Dz-1zp 9KHB+*&/DhwKʱtN8Q;[ 2_^9ﱐ]2!ݍ1W \mcc ͡^ (X(7zR,dIB#NbN^7|/eî6ۍRr5ӎG] ,9H{rx<_QϗƂ$*3 }d']s%5 ]4"ɡvtݎaWᖋW zrJveӃ?ANkBS3'+x iKW8\hG}6*l+p$I A2 K%u{@3> OHdaf^Gȯ ojo^`54c >ڶgM:̮Eɻ `GQ8 ޑB#2!& Ab!fFx.!9[:ؠ S"ImlkpB$E^Ap /S ߲L [o?Ai3Ȼ9aF?Hv"z(>lc1cy [a.4We4ṈMGW -v<#p(=3əcgS  >!=d_-Sr-<󹓜(R'}ܛu,&lbӲ9( x8N1t.3By;05R/J v:WwA *K ${KQW71NLH D{u0c(:Ny!EAy`]!e  ОvŸV랓@`"Ey:]uWO iQUsAg37Q ߜ?l`{MOB05$ CÐ=XVUp 튑kk9 @R@^B42p4xS!>x1D7$ pf8a.M۴KL۬ܞJݩo;x\ =(q_à[d$VàT*{A Pp6<-ad"o;٢ 8)UZɵ⚇F{q&\qHL*. ި54̹w ~*UZLxv,:i]w}`,@ҷsCY24x^ fy;:]֖Ae_cW暈ba3y^ !SGi"u__R ,6PE1tBcdyC&u!]w@{.0 vZ $b໡12xV"ݰ!Pp7H- Y5!g = ! e Alg{*}[ - } "'tW: _*AلoPoϘt`%31 IEIKW@O{O !9AI(8EBUqBΩٿBD!.12w@@ 6$02w@@CB C$BdzOGas{2|҄cUugcUпOn |x}Ӿa0=(\3"bX8(`, 3~׽1;Zk 2^`Cog{>}&G34|tAaN~Ϣčn* ig{NzK2Ȗ790ۄ?rAn0i&aRԘ_蓦 A੹a_x0 PtRy>=Lc (LʏޔPLR*훕ѵکfޘbChX Ӓ9T1χ JH! }2._u{&GP .xĽF|_3Q^ Hd?o҃3'%GaT=d}$٨ta`UJo%Rp|s82(ȽYK`A)xMJJs+23? xDl$<9UIϭŰ*7v$K## bnू~ȭy~*Ÿ>z+39JMCQç8 }pC}{#ډ'8INoȔo]a&/ef4సs$IW)Wܰk?oyoF8nL|"9L혆LgP&7UVŮB[B$wR0JrX'f'rq-6)/'=DN+dTH^ =NܬE}\=n+v!S"'tV`{,/Spv} 62>)d[H!4oR ] En 4͊Mӈ@#}$Si$k+U*jR<'?}7k:e/K_c KՂ)' [;dqMG7Udzϒ׬*W>PVU8R[*B$m:ڳ;qx T^SB9X#H<,pM6} @x`ڴD*/{3f!v6qTjY8tuk/q.(+ƀޠ WR5 ׅh.[98ޠu)!U.T[9SީKb]ES#>l!j#!pq JY(H5}24'^d\(t=6<&P.bfL:@8Q;ׇ MQ␳9+T Cn\0Pل'jV5a[;:eAwq3%WoAf6|UL _Vfg 2X8-ʓcԙBY>A^`bQxuCvHX4Sx\k98Sqbhs'yMQ;X&=î6C&RBI Xpmkz7f;CIzC>L PժP"F|Kcp2RwfĪk A!d/ Kąe5C&Ɲ!4";*r!ՐSL 3ef>[l])]xJ>|!g9FM}x` hQg9@ `O@TmY!p+J@`Y&ŮRLQ}mLu]`7|%P40pVHJk ~+KB"i7Fky>]zS] = 7矎DL j)$wRⰬ^d 8)I ˇf&{ \4! ` BF{ƬD>ii6ud0݋y?5l#_UWv/-_$ bTȡ?IO:e\+'ge蒮 E+;%e%C?2k}lΤLtr7ʆL=}mML$ҸAov&Tp}I*/S!L#B0,:QU3ʭf-=MLW }XjyZXm+MZ{q|K~aQV HAhCvLU݋80p򅡁z=|-Lmc=ULzcj M,C/KPl<9"1OE r5R&-]f>蹃 ZM w j%K!#պ)3AW&D=="rbJFJŀCfm!qsrVCzCMh )/ͬ{ f A `0 A `0 Abc씪cZc H;Pn7ƴ>R."'tcQ[)/ّ: l_7Բ6'抶xܼk#ٖc%]Q1=Q|VRϫ^ct(^\mQ@gԇ V_fJ%@?:!;?=MZP(qxļrgzu:QN8EBAZ%N qzD)23hDMP^Kc~mJ1TV5faZ4:b;.EZ*4Zx^SɰRg[_5(^:ɠEk^%\L2O`Y.wLtH6iY.'<wz܇ɷطsr#5ʬ-xTj^B,]Q-l;@O8Z?Zvt |;vk6/A׎NxBܮG{60H 9 $CHwx`fVH*/ɱuw {"Mžȅ愓5V'%!\ My OxBz7ʶ]_I:zM{z[ȃh°[6&$7!^ks{XV4 @v(d&c$a A/QO]m%pC[]謵.Pw9%vF5&-B+ze3*2FX `"CPȈ;,dl-5r B-0"܌iKƂ =Z˷NbI, JUg-3|, efլI1A&RƂ`efj]5UQkF&=:LoayA ART~E K7*57)R9@eӳڭxC K;7)x@h_9nhu7L 3oralV=!u@] tG/h0&ٔlճ^ [A2a nž&E5-ݣgoAfӂhSN4nZf!oR+_e4Fis "Y;Z1BOvL6Kw\{:Go\NMZ}A qi~g7h% B xOVͽ@ZA(/\z6h AG,zK\ d6Q?癔tfFC tsQX0{uJ2P&ӳ˞}/(Ic/zCUִBg23%|zS-յ˵S<.@M2$|yIpr.Xuebd2{ƁB><55Lfiy^$#X/|zт*i MxSB1!-Miz;ˋ*nÑ/t$pքRCv~OEP]K΂N4}Œp#A^>g}jIWN:̓3<|.NEM$_S3ߔ@M awy#Ny.wgu$ kȸtd4U 5wܛԀ#xUU;eA玻aU&53;i2U[T銹V a=l7d&yB74U1T@0OaIve e XP WqX8`(U?laX 5 j1u"ȗX> p]r U_R;hOէ]\`ip iOo`Z"s~$Mĺ%`duQ!ť%T':wR◐;AvIpG ʒGϫXŴ! R2^}TxTNA~ě8] ,ډjdzP3E\TP aE_.}뽻%E_WE5C2 y, -[RH,dOPƪL".+c*me4nbU\VY9!D[q  dUf2,DX"m̲H.{"ю`W.0!pΈ gk[v *l,rC%o=J`a Bʖi] Yu_4bԉo,,XIFZW])ʺ\R^2mYPo6B/ÂL-!la1+X 7gYB2Z`ٶ9+|1pۯY*tu`3.*,F66N,Vlܷ 1N:88ª`F ϵRXEUճ,saޘ# NXHբY/8+Ca!r1X 2չ L0' Xuj1VXav"^C,+z1g¨ taٛ`T!}$a.H?1On>( Bt2S-P-d֦ @rnװz";P.O)D ",j ]4 c'h;`'XX Sԗ ;U`@-%5e}%`seq}EK.X:XUi}RªXZXS,5z?,繋 rԡ*?.f>Iq3X|ݾ 47+7c_Ƥ ߾oӫ}~]>7cz9{ϿjX"_U@W֗Մ,`E$0JY`-j믍`M]6-zKim5WXQZ-`}Eamu1kłI`~h{}5߂B9'zf8tǏTZ6P,'rulI ıJ< `la k'HQ6P;``uku M.7_q+<+9݆"9?XI 95koAhYwHuaڸ ƚ5 /PYJkU?V쾁g|QYID)]-/Q"M .V,ua/-|} XQ `D1bWd?)݆S;e}%XniE\^Y?`i>{y]`].u1ݔgq]v cEqG h_g-m[ެ(Ҝ(+ ;i?6"77̴+Z[47g6R!Mjq kn~ k LRaݬlY0(f/}D2p }7v꽜6V{{ +ŽEVV|8-Y^k"oe߇5fop+CXGŠocs.Plv[}'R78:,WetXau nvosV >|ykKq#.'ǰЗIr5oQXx ~XY`tI-cl`ϗWC`XZ(aX˽ G~o㆔V wLǿGX R]\[G,;!PY ԛӵ`]/UULPTT|$j`VPhՍX)^) BJ+E˽ԓVL`XHkRZϔ1>ՒU!5v1j4̐ R1!/OɭX2H.!Svu *Zd—U ʫ FX$ NQuuii;׬TUVplQYzKޚ3{ѹK/ SR:eAS1z` =MU`]Yl iб  .5 L$`e ‚1yIMTV0p B i1<`Zj%rO7B^lkLj-,PXޙ5r- V.z[X;XpKt d,6YpopzglO׊Ӳqv#X7}h 6WZ8-[ۻ6XPZheGºK߇QEK^XװKf!BK:OS,j3Ơ-(fݍ氰 2 C\@Kp$.1i|Kr##XM Jf^,d]dnćEa=,DZiv+U+\,x^dfGMj]!,de,a5鈰$1-l\&c.=(rՊ2xO c'B2Az1A&-W~@XJ} j+j('ae!ǸiF\1cM;jp&ʛ "WJObS 3R~Q`OXYjB]HiK!P#<-?Dm7BYy4zLYvO e`a;Ѱ9-G ߥK,J/c{C~?V=pV.M0LVrʕNi|=JMS̍脙[rm: ++V&dtVNV.dtF_Ve]O}ǗY2>Mg9V>w.jV{~5m Jc3#S,ovJwVtXGgsq3ɗ] sX#[u>hb(.VX1l;0ݛ8+ N NQ\Y+`R(܉ >Xl-_ȪV\X$'w$.zaņ}j͕_[nE_g-+')ػ[4Zs'V,#nm7-]DTٟ8جՂajLEufQn \TTM0ț!EF+Y͢=\VUUW势7( Jİ>Oʕm7b4%)zxTzRZcy=0] qiHѝ2Ih#4%,NY8/6R`T Khv_԰`/VXN)9c5[^X&J7C`e G^V@V9+#g;*[=˪,mQX*e߲* :v} y!8`qXEІYh)so7]1FTG;JWqщÞ Jt;*3X-B+V#,7xZcXPY*Kܿp_&\ J[ְ߂H=bmxT]wh>YVxOz8g("F~5K =HRt?.d#P@V݃*s<3uGs|dw4j P40/F !3Gl/T|WIENDB`L( / 0DTimes New Roman4d 0 & 0DArialNew Roman4d 0 & 0" DTimesNew Roman4d 0 & 0 0DGill Sans MTan4d 0 & 0"@DCourier Newan4d 0 & 01PDMonotype Sorts4d 0 & 0`DSymbole Sorts4d 0 & 0c0.  @n?" dd@  @@`` h,#        !"#$%O$R$Pފ+{pwS Db$PU6G2_6"5 Db$({XKⲴ-y 0AAPf@8uʚ;2Nʚ;g4PdPdd 02ppp@ <4!d!dg? 0`5<4ddddg? 0`5<4BdBdg? 0`5 f^___PPT9@8 ? %O =MDAccess Grid Technology Overview $   Technological GoalsUtilize existing technology (protocols, tools, software) wherever possible Enable comprehensive security Low barrier of entry to & New developers Rapid development Adding third-party extensions 6??  Security: General goals Identification of users and services Authentication of the identity of these users and services Authorization for access to resources Privacy of data (files, streams, control, etc.) Public Key Infrastructure provides standards and mechanisms to fulfill these needs \ - | Security: IdentificationUsers and services identified with a public key identity certificate issued by a trusted certificate authority An identity certificate contains: Information about the subject of the certificate A public key representing the subject The digital signature of the CA issuing the certJ0" Identity CertificatesFor example, a Globus identity certificate: % openssl x509 -noout -text -in ~/.globus/usercert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 6060 (0x17ac) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, O=Globus, CN=Globus Certification Authority Validity Not Before: Jan 7 20:22:19 2002 GMT Not After : Jan 7 20:22:19 2003 GMT Subject: O=Grid, O=Globus, OU=mcs.anl.gov, CN=Bob Olson Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:cd:7d:bb:ae:30:bb:c1:74:2d:e4:6e:d4:30:6e: [etc] Exponent: 65537 (0x10001) X509v3 extensions: Netscape Cert Type: SSL Client, SSL Server Signature Algorithm: md5WithRSAEncryption 23:14:96:05:0d:db:ce:aa:70:17:03:5a:07:31:a0:81:e3:10: [etc]4,ZZ,C :QW* Security: AuthenticationAssumptions: Authentication takes place on a transaction between a client and a server Client and server each hold an identity cert Authentication is mutual: After completion, client and server have verified identity of the other party Secured communications in AG2 use Globus& & which uses SSL/TLS SSL/TLS defines protocol for a secure handshake with mutual authentication.H  PbSecurity: AuthorizationZAuthorization is the process of gating access to a resource based on some criteria. Many different approaches, few standards. Access control lists Role-based authorization Attribute certificates AG2 approach: provide building blocks for applications to define authorization. Reference implementation uses a basic role-based authentication scheme.H~E3CESecurity: Privacy^Usually what people think when they think security Straightforward, once authentication and authorization issues overcome Globus Security Infrastructure uses SSL/TLS mechanisms for privacy Typically, symmetric encryption with session keys negotiated at session startup. Media data uses AES encryption with session keys distributed by secure channels.zlGlobus Toolkit"! [Slides borrowed from Globus tutorial]& A software toolkit addressing key technical problems in the development of Grid enabled tools, services, and applications Offer a modular  bag of technologies Enable incremental development of grid-enabled tools and applications Implement standard Grid protocols and APIs Make available under liberal open source license:zz- General ApproachDefine Grid protocols & APIs Protocol-mediated access to remote resources Integrate and extend existing standards  On the Grid = speak  Intergrid protocols Develop a reference implementation Open source Globus Toolkit Client and server SDKs, services, tools, etc. Grid-enable wide variety of tools Globus Toolkit, FTP, SSH, Condor, SRB, MPI, & Learn through deployment and applicationsZZ#ZIZ"Z.Z*Z#I".* Four Key ProtocolsvThe Globus Toolkit"! centers around four key protocols Connectivity layer: Security: Grid Security Infrastructure (GSI) Resource layer: Resource Management: Grid Resource Allocation Management (GRAM) Information Services: Grid Resource Information Protocol (GRIP) Data Transfer: Grid File Transfer Protocol (GridFTP)6-6%  -   ,   ( 3Three Types of API/SDKPortability and convenience API/SDKs API/SDKs implementing the four key Connectivity and Resource layer protocols Collective layer API/SDKs This tutorial focuses primarily on the functionality available in #2 and #3 Developer tutorial included in depth API discussions of all three,lPortability and Convenience APIglobus_common Module activation/deactivation Threads, mutual exclusion, conditions Callback/event driver Libc wrappers Convenience modules (list, hash, etc).&$c1Connectivity APIsKglobus_io TCP, UDP, IP multicast, and file I/O Integrates GSI security Asynchronous and synchronous interfaces Attribute based control of behavior Nexus (Deprecated) Higher level, active message style comms Built on globus_io, but without security MPICH-G2 High level, MPI (send/receive) interface Built on globus_io and native MPI R K R K  ~ RX.509 Proxy CertificatexDefines how a short term, restricted credential can be created from a normal, long-term X.509 credential A  proxy certificate is a special type of X.509 certificate that is signed by the normal end entity cert, or by another proxy Supports single sign-on & delegation through  impersonation Currently an IETF draft&ii User ProxiesMinimize exposure of user s private key A temporary, X.509 proxy credential for use by our computations We call this a user proxy certificate Allows process to act on behalf of user User-signed user proxy cert stored in local file Created via  grid-proxy-init command Proxy s private key is not encrypted Rely on file system security, proxy certificate file must be readable only by the ownerhhZZ%ZXZh%F DelegationRemote creation of a user proxy Results in a new private key and X.509 proxy certificate, signed by the original key Allows remote process to act on behalf of the user Avoids sending passwords or private keys across the network Practical security issuesRIn AG2.0 Alpha, each user must have an identity certificate Obtained from Globus CA or AG developers CA Alternatives under consideration: NCSA MyProxy for online proxy store Username/password-based authentication with online CA Integration with Shibboleth or other single sign-on infrastructure 6,J?Other Technology RequirementsFRapid prototyping, low barrier to entry Python Modular design, standard network protocols SOAP Integration of the above with the Globus Toolkit pyGlobusf( + 1 (5E>PythonInterpreted, Object-oriented, High-level programming language With dynamic semantics Portable open source with a very active developer community (Windows + Linux + Mac + & ) Comprehensive standard library Integration with foreign code in C/C++  pyGlobus Python COG (Community ??? Grid) kit Developed at Berkeley Laboratory Provides complete binding of Globus API to Python, via a SWIG interface Provides the basis for secure communications in Python b] SOAP Standard web services protocol Provides remote procedure call functionality Standard XML-based message format Interface libraries available in multiple languages (Still some interoperability issues, but these are being resolved in the community)  Communication Layering AGTk Application ServicesThe Access Grid Toolkit is extensible by the addition of third-party services May rely on AGTk services for internal communication or be entirely self-sufficient Use the Venue as a means of coordination Application Services + Application Clients Distributed Application integrated with AG Examples covered Shared web browser Distributed presentation Z/ZZ-ZZ/,Z A Shared Web BrowserApplication task: Web browsing All users see the same page The Venue serves as a rendezvous mechanism Application state: webpage URL State is distributed; that is, there is no central server maintaining the state With each state change, an event is distributed to all interested clients  y!Venue requirementsHolds application descriptor Notifies the Venue clients that a shared web browsing session exists Defines the event type used for the shared session Distribution mechanism for events Venue defines API for registration for and generation of events rx"@x"@"Application logic[Pull the logic out of the prototype shared web browser, with example of the key parts of the code] [Do we describe the API currently used for venue events?] #Distributed Presentation'Application task: coordinated display of presentation material (PowerPoint is a common example, but would like to generalize) Application state A presentation (set of slides / images / pages) Current location within the presentation A presenter has control of progress through the presentation l + 2$ Distributed Presentation ServiceHolds state (presentation, location, presenter) Distributes state update events Enforces presenter-only generation of location updates Supports late-comers 6 $o $o% Venue responsibilitiesyDiscovery mechanism for clients to find presentation service Event distribution mechanism Centralized secure file storage&!Presentation Service /  ` ̙33` 3` 3333f` 999MMM` f` f3` 3>?" dd@$ h?" dd@ 3  h 33@ ` W"  n?" dd@   @@``PR    @ ` `(p>>   Z(     Zogֳgֳ ?"0  T Click to edit Master title style! !H  Tqgֳgֳ ?"0p  RClick to edit Master text styles Second level Third level Fourth level Fifth level!     S~B  H8c?"00  <w"& @ ! z  C DA,accessgrid-goodstudio"`;x  C BA*mcs-limegreen-onside"|  C FA.fl-logo-color-official"H  0޽h? ? ̙33380___PPT10.Š`E` GGF7-Judson<  @$<(  $ $ Zk9gֳgֳ ?"p 9 T Click to edit Master title style! !H $ 0޽h? ? ̙33380___PPT10.Š`E` 0 PP2(  P P 0\^ P   ^ Z*0#   P 0̸^    ^ \* 0#  d P c $ ?  ^ P 0п^  @ ^ RClick to edit Master text styles Second level Third level Fourth level Fifth level!     S P 6%^ `P  ^ Z*0#   P 6(-^ `  ^ \* 0#  H P 0޽h ? ̙33V 0 V(   ~  s *Xo9$p 9    6S9 "` `   9 H  0޽h ? ̙3380___PPT10.>"  P*(  r  S ,9 0  9 x  c $9 0 9 H  0޽h ? ̙333  `@*(  @r @ S |?^ 0  ^ x @ c $:^ 0p ^ H @ 0޽h ? ̙333  pD*(  Dr D S \ ^ 0  ^ x D c $^ 0 ^ H D 0޽h ? ̙333q  %   L(  L~ L s *9 0  9 r L S 9 0  9  L <,9T MSubject information0#^ L 6o @ ^  L 6o 5]   L <0v9   LSubject Public Key0#^  L 6o w  L <<0 d F CA Signature 0 #H L 0޽h ? ̙333  H6(  Hx H c $j^ 0  ^ ~ H s *|k^ 0 ^ H H 0޽h ? ̙333  T$(  Tr T S n^ 0  ^ r T S |o^ 0p ^ H T 0޽h ? ̙333  X$(  Xr X S tS^ 0  ^ r X S 0T^ 0p ^ H X 0޽h ? ̙333  l<(  l~ l s *^ 0  ^ ~ l s *^  ^ H l 0޽h ? ̙33  p6(  p~ p s *^ 0  ^ x p c $@^   ^ H p 0޽h ? f3̙33ff  t<(  t~ t s *p^ 0  ^ ~ t s *,^ 0p ^ H t 0޽h ? f3̙33ff*   xR(  x~ x s *,T9 0  9  x s *Y9 0p 9 "8@8XH x 0޽h ? f3̙33ff  |<(  |~ | s *d^ 0  ^ ~ | s *^ 0p ^ H | 0޽h ? f3̙33ff  6(  ~  s *^ 0  ^ x  c $^ 0  ^ H  0޽h ? f3̙33ff   \<(  \~ \ s *^ 0  ^ ~ \ s *^ 0p ^ H \ 0޽h ? f3̙33  0`6(  `~ ` s *o^ 0  ^ x ` c $^  ^ H ` 0޽h ? ̙33y___PPT10Y+D=' = @B +  `h<(  h~ h s * 0   ~ h s * 0p  H h 0޽h ? f3f3y___PPT10Y+D=' = @B +  p,*(  ,r , S ^ 0  ^ x , c $8[^ 0p ^ H , 0޽h ? ̙333  $(  r  S 8f 0   r  S  0p  H  0޽h ? ̙333  0*(  0r 0 S xU 0   x 0 c $4V 0p  H 0 0޽h ? ̙333  4*(  4r 4 S Z 0   x 4 c $d[ 0p  H 4 0޽h ? ̙333  8*(  8r 8 S ,E 0   x 8 c $E 0p  H 8 0޽h ? ̙333   S K <  (  <r < S tz^ 0  ^ x < c ${^  p ^ I8 `  < P  < 6|^`  d*Control Communication (Reliable transport)+0+#2  < BXJ^  D0# 2 < 6x9@  D0# 2  < <9P 0  D0# 2 < <d9f  ?TCP 0# < <Tw BSOAP"0' < <<w =GSI0# < <G^  ASSL/TLS0#P8  0  <% 5T   < 6P^ 0  c)Data Communication (Unreliable transport)*0*#2 < Bl^p   AAES/RTP0#2 < <Ћ^0p  =RTP0#2 < <Ċ^fp  ?UDP 0#H < 0޽h ? ̙333  $(  r  S B{ 0  { r  S z{ 0p { H  0޽h ? ̙333  $(  r  S <\{ 0  { r  S ؏- 0p - H  0޽h ? ̙333  $(  r  S { 0  { r  S { 0p { H  0޽h ? ̙333  $(  r  S F 0  F r  S "{ 0p { H  0޽h ? ̙333   $(  r  S vF 0  F r  S P{F 0p F H  0޽h ? ̙333  0$(  r  S cF 0  F r  S T1F 0p F H  0޽h ? ̙333  @$(  r  S \XF 0  F r  S F 0p F H  0޽h ? ̙333  P$(  r  S *!6&N    On-screen ShowMCS/FLeWW 2 (Times New RomanArialTimes Gill Sans MT Courier NewMonotype SortsSymbol GGF7-Judson Access Grid Technology OverviewTechnological GoalsSecurity: General goalsSecurity: IdentificationIdentity CertificatesSecurity: AuthenticationSecurity: AuthorizationSecurity: Privacy7Globus Toolkit [Slides borrowed from Globus tutorial]General ApproachFour Key ProtocolsThree Types of API/SDK Portability and Convenience APIConnectivity APIsX.509 Proxy Certificate User Proxies DelegationPractical security issuesOther Technology RequirementsPython pyGlobusSOAP Communication LayeringAGTk Application ServicesA Shared Web BrowserVenue requirementsApplication logicDistributed Presentation!Distributed Presentation ServiceVenue responsibilitiesPresentation ServiceVenue interaction  Fonts UsedDesign Template Slide Titles "System_3WolsonolsonTNPP &Monotype Sorts4d 0 & 0`DSymbole Sorts4d 0 & 0c0.  @n?" dd@  @@`` x.$        !"#%&'O$R$Pފ+{pwS Db$PU6G2_6"5 Db$({XKⲴ-y 0AAPf@8uʚ;2Nʚ;g4PdPdd 02ppp@ <4!d!dg? 0`5<4ddddg? 0`5<4BdBdg? 0`5 f^___PPT9@8 ? %O =HAccess Grid Technology Overview $   Technological GoalsUtilize existing technology (protocols, tools, software) wherever possible Enable comprehensive security Low barrier of entry to & New developers Rapid development Adding third-party extensions 6??  Security: General goals Identification of users and services Authentication of the identity of these users and services Authorization for access to resources Privacy of data (files, streams, control, etc.) Public Key Infrastructure provides standards and mechanisms to fulfill these needs \ - | Security: IdentificationUsers and services identified with a public key identity certificate issued by a trusted certificate authority An identity certificate contains: Information about the subject of the certificate A public key representing the subject The digital signature of the CA issuing the certJ0" Identity CertificatesFor example, a Globus identity certificate: % openssl x509 -noout -text -in ~/.globus/usercert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 6060 (0x17ac) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, O=Globus, CN=Globus Certification Authority Validity Not Before: Jan 7 20:22:19 2002 GMT Not After : Jan 7 20:22:19 2003 GMT Subject: O=Grid, O=Globus, OU=mcs.anl.gov, CN=Bob Olson Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:cd:7d:bb:ae:30:bb:c1:74:2d:e4:6e:d4:30:6e: [etc] Exponent: 65537 (0x10001) X509v3 extensions: Netscape Cert Type: SSL Client, SSL Server Signature Algorithm: md5WithRSAEncryption 23:14:96:05:0d:db:ce:aa:70:17:03:5a:07:31:a0:81:e3:10: [etc]4,ZZ,C :QW* Security: AuthenticationAssumptions: Authentication takes place on a transaction between a client and a server Client and server each hold an identity cert Authentication is mutual: After completion, client and server have verified identity of the other party Secured communications in AG2 use Globus& & which uses SSL/TLS SSL/TLS defines protocol for a secure handshake with mutual authentication.H  PbSecurity: AuthorizationZAuthorization is the process of gating access to a resource based on some criteria. Many different approaches, few standards. Access control lists Role-based authorization Attribute certificates AG2 approach: provide building blocks for applications to define authorization. Reference implementation uses a basic role-based authentication scheme.H~E3CESecurity: Privacy^Usually what people think when they think security Straightforward, once authentication and authorization issues overcome Globus Security Infrastructure uses SSL/TLS mechanisms for privacy Typically, symmetric encryption with session keys negotiated at session startup. Media data uses AES encryption with session keys distributed by secure channels.zlGlobus Toolkit"! [Slides borrowed from Globus tutorial]& A software toolkit addressing key technical problems in the development of Grid enabled tools, services, and applications Offer a modular  bag of technologies Enable incremental development of grid-enabled tools and applications Implement standard Grid protocols and APIs Make available under liberal open source license:zz- General ApproachDefine Grid protocols & APIs Protocol-mediated access to remote resources Integrate and extend existing standards  On the Grid = speak  Intergrid protocols Develop a reference implementation Open source Globus Toolkit Client and server SDKs, services, tools, etc. Grid-enable wide variety of tools Globus Toolkit, FTP, SSH, Condor, SRB, MPI, & Learn through deployment and applicationsZZ#ZIZ"Z.Z*Z#I".* Four Key ProtocolsvThe Globus Toolkit"! centers around four key protocols Connectivity layer: Security: Grid Security Infrastructure (GSI) Resource layer: Resource Management: Grid Resource Allocation Management (GRAM) Information Services: Grid Resource Information Protocol (GRIP) Data Transfer: Grid File Transfer Protocol (GridFTP)6-6%  -   ,   ( 3Three Types of API/SDKPortability and convenience API/SDKs API/SDKs implementing the four key Connectivity and Resource layer protocols Collective layer API/SDKs This tutorial focuses primarily on the functionality available in #2 and #3 Developer tutorial included in depth API discussions of all three,lPortability and Convenience APIglobus_common Module activation/deactivation Threads, mutual exclusion, conditions Callback/event driver Libc wrappers Convenience modules (list, hash, etc).&$c1Connectivity APIsKglobus_io TCP, UDP, IP multicast, and file I/O Integrates GSI security Asynchronous and synchronous interfaces Attribute based control of behavior Nexus (Deprecated) Higher level, active message style comms Built on globus_io, but without security MPICH-G2 High level, MPI (send/receive) interface Built on globus_io and native MPI R K   !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     =!"$%&'()*+,-./01234567k<>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef#ij lmnopqrstuvwxyz{|}Root EntrydO)P=Twh Pictures'Current User-/SummaryInformation(PowerPoint Document(WWDocumentSummaryInformation8d( / 0DTimes New Roman4d 0 & 0DArialNew Roman4d 0 & 0" DTimesNew Roman4d 0 & 0 0DGill Sans MTan4d 0 & 0"@DCourier Newan4d 0 & 01PDMonotype Sorts4d 0 & 0`DSymbole Sorts4d 0 & 0c0.  @n?" dd@  @@`` h,#        !"#$%O$R$Pފ+{pwS Db$PU6G2_6"5 Db$({XKⲴ-y 0AAPf@8uʚ;2Nʚ;g4PdPdd 02ppp@ <4!d!dg? 0`5<4ddddg? 0`5<4BdBdg? 0`5 f^___PPT9@8 ? %O =EAccess Grid Technology Overview $   Technological GoalsUtilize existing technology (protocols, tools, software) wherever possible Enable comprehensive security Low barrier of entry to & New developers Rapid development Adding third-party extensions 6??  Security: General goals Identification of users and services Authentication of the identity of these users and services Authorization for access to resources Privacy of data (files, streams, control, etc.) Public Key Infrastructure provides standards and mechanisms to fulfill these needs \ - | Security: IdentificationUsers and services identified with a public key identity certificate issued by a trusted certificate authority An identity certificate contains: Information about the subject of the certificate A public key representing the subject The digital signature of the CA issuing the certJ0" Identity CertificatesFor example, a Globus identity certificate: % openssl x509 -noout -text -in ~/.globus/usercert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 6060 (0x17ac) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, O=Globus, CN=Globus Certification Authority Validity Not Before: Jan 7 20:22:19 2002 GMT Not After : Jan 7 20:22:19 2003 GMT Subject: O=Grid, O=Globus, OU=mcs.anl.gov, CN=Bob Olson Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:cd:7d:bb:ae:30:bb:c1:74:2d:e4:6e:d4:30:6e: [etc] Exponent: 65537 (0x10001) X509v3 extensions: Netscape Cert Type: SSL Client, SSL Server Signature Algorithm: md5WithRSAEncryption 23:14:96:05:0d:db:ce:aa:70:17:03:5a:07:31:a0:81:e3:10: [etc]4,ZZ,C :QW* Security: AuthenticationAssumptions: Authentication takes place on a transaction between a client and a server Client and server each hold an identity cert Authentication is mutual: After completion, client and server have verified identity of the other party Secured communications in AG2 use Globus& & which uses SSL/TLS SSL/TLS defines protocol for a secure handshake with mutual authentication.H  PbSecurity: AuthorizationZAuthorization is the process of gating access to a resource based on some criteria. Many different approaches, few standards. Access control lists Role-based authorization Attribute certificates AG2 approach: provide building blocks for applications to define authorization. Reference implementation uses a basic role-based authentication scheme.H~E3CESecurity: Privacy^Usually what people think when they think security Straightforward, once authentication and authorization issues overcome Globus Security Infrastructure uses SSL/TLS mechanisms for privacy Typically, symmetric encryption with session keys negotiated at session startup. Media data uses AES encryption with session keys distributed by secure channels.zlGlobus Toolkit"! [Slides borrowed from Globus tutorial]& A software toolkit addressing key technical problems in the development of Grid enabled tools, services, and applications Offer a modular  bag of technologies Enable incremental development of grid-enabled tools and applications Implement standard Grid protocols and APIs Make available under liberal open source license:zz- General ApproachDefine Grid protocols & APIs Protocol-mediated access to remote resources Integrate and extend existing standards  On the Grid = speak  Intergrid protocols Develop a reference implementation Open source Globus Toolkit Client and server SDKs, services, tools, etc. Grid-enable wide variety of tools Globus Toolkit, FTP, SSH, Condor, SRB, MPI, & Learn through deployment and applicationsZZ#ZIZ"Z.Z*Z#I".* Four Key ProtocolsvThe Globus Toolkit"! centers around four key protocols Connectivity layer: Security: Grid Security Infrastructure (GSI) Resource layer: Resource Management: Grid Resource Allocation Management (GRAM) Information Services: Grid Resource Information Protocol (GRIP) Data Transfer: Grid File Transfer Protocol (GridFTP)6-6%  -   ,   ( 3Three Types of API/SDKPortability and convenience API/SDKs API/SDKs implementing the four key Connectivity and Resource layer protocols Collective layer API/SDKs This tutorial focuses primarily on the functionality available in #2 and #3 Developer tutorial included in depth API discussions of all three,lPortability and Convenience APIglobus_common Module activation/deactivation Threads, mutual exclusion, conditions Callback/event driver Libc wrappers Convenience modules (list, hash, etc).&$c1Connectivity APIsKglobus_io TCP, UDP, IP multicast, and file I/O Integrates GSI security Asynchronous and synchronous interfaces Attribute based control of behavior Nexus (Deprecated) Higher level, active message style comms Built on globus_io, but without security MPICH-G2 High level, MPI (send/receive) interface Built on globus_io and native MPI R K R K  ~ RX.509 Proxy CertificatexDefines how a short term, restricted credential can be created from a normal, long-term X.509 credential A  proxy certificate is a special type of X.509 certificate that is signed by the normal end entity cert, or by another proxy Supports single sign-on & delegation through  impersonation Currently an IETF draft&ii User ProxiesMinimize exposure of user s private key A temporary, X.509 proxy credential for use by our computations We call this a user proxy certificate Allows process to act on behalf of user User-signed user proxy cert stored in local file Created via  grid-proxy-init command Proxy s private key is not encrypted Rely on file system security, proxy certificate file must be readable only by the ownerhhZZ%ZXZh%F DelegationRemote creation of a user proxy Results in a new private key and X.509 proxy certificate, signed by the original key Allows remote process to act on behalf of the user Avoids sending passwords or private keys across the network Practical security issuesRIn AG2.0 Alpha, each user must have an identity certificate Obtained from Globus CA or AG developers CA Alternatives under consideration: NCSA MyProxy for online proxy store Username/password-based authentication with online CA Integration with Shibboleth or other single sign-on infrastructure 6,J?Other Technology RequirementsFRapid prototyping, low barrier to entry Python Modular design, standard network protocols SOAP Integration of the above with the Globus Toolkit pyGlobusf( + 1 (5E>PythonInterpreted, Object-oriented, High-level programming language With dynamic semantics Portable open source with a very active developer community (Windows + Linux + Mac + & ) Comprehensive standard library Integration with foreign code in C/C++  pyGlobus Python COG (Community ??? Grid) kit Developed at Berkeley Laboratory Provides complete binding of Globus API to Python, via a SWIG interface Provides the basis for secure communications in Python b] SOAP Standard web services protocol Provides remote procedure call functionality Standard XML-based message format Interface libraries available in multiple languages (Still some interoperability issues, but these are being resolved in the community)  Communication Layering AGTk Application ServicesThe Access Grid Toolkit is extensible by the addition of third-party services May rely on AGTk services for internal communication or be entirely self-sufficient Use the Venue as a means of coordination Application Services + Application Clients Distributed Application integrated with AG Examples covered Shared web browser Distributed presentation Z/ZZ-ZZ/,Z A Shared Web BrowserApplication task: Web browsing All users see the same page The Venue serves as a rendezvous mechanism Application state: webpage URL State is distributed; that is, there is no central server maintaining the state With each state change, an event is distributed to all interested clients  y!Venue requirementsHolds application descriptor Notifies the Venue clients that a shared web browsing session exists Defines the event type used for the shared session Distribution mechanism for events Venue defines API for registration for and generation of events rx"@x"@"Application logic[Pull the logic out of the prototype shared web browser, with example of the key parts of the code] [Do we describe the API currently used for venue events?] #Distributed Presentation'Application task: coordinated display of presentation material (PowerPoint is a common example, but would like to generalize) Application state A presentation (set of slides / images / pages) Current location within the presentation A presenter has control of progress through the presentation l + 2$ Distributed Presentation ServiceHolds state (presentation, location, presenter) Distributes state update events Enforces presenter-only generation of location updates Supports late-comers 6 $o $o% Venue responsibilitiesyDiscovery mechanism for clients to find presentation service Event distribution mechanism Centralized secure file storage&!Presentation ServiceSupports multiple active (or pending) presentations Presentation factory: Given a presentation file, create a new presentation session (psession) for the file. A psession maintains membership and access control for an individual presentation. @4@c, I/  0$(  r  S cF 0  F r  S T1F 0p F H  0޽h ? ̙333  P$(  r  S rAccess Grid Technology Overview  %  % !.&0P--- !---&  h--"System !)Bw-&TNPP &Ѣ՜.+,04R K  ~ RX.509 Proxy CertificatexDefines how a short term, restricted credential can be created from a normal, long-term X.509 credential A  proxy certificate is a special type of X.509 certificate that is signed by the normal end entity cert, or by another proxy Supports single sign-on & delegation through  impersonation Currently an IETF draft&ii User ProxiesMinimize exposure of user s private key A temporary, X.509 proxy credential for use by our computations We call this a user proxy certificate Allows process to act on behalf of user User-signed user proxy cert stored in local file Created via  grid-proxy-init command Proxy s private key is not encrypted Rely on file system security, proxy certificate file must be readable only by the ownerhhZZ%ZXZh%F DelegationRemote creation of a user proxy Results in a new private key and X.509 proxy certificate, signed by the original key Allows remote process to act on behalf of the user Avoids sending passwords or private keys across the network Practical security issuesRIn AG2.0 Alpha, each user must have an identity certificate Obtained from Globus CA or AG developers CA Alternatives under consideration: NCSA MyProxy for online proxy store Username/password-based authentication with online CA Integration with Shibboleth or other single sign-on infrastructure 6,J?Other Technology RequirementsFRapid prototyping, low barrier to entry Python Modular design, standard network protocols SOAP Integration of the above with the Globus Toolkit pyGlobusf( + 1 (5E>PythonInterpreted, Object-oriented, High-level programming language With dynamic semantics Portable open source with a very active developer community (Windows + Linux + Mac + & ) Comprehensive standard library Integration with foreign code in C/C++  pyGlobus Python COG (Community ??? Grid) kit Developed at Berkeley Laboratory Provides complete binding of Globus API to Python, via a SWIG interface Provides the basis for secure communications in Python b] SOAP Standard web services protocol Provides remote procedure call functionality Standard XML-based message format Interface libraries available in multiple languages (Still some interoperability issues, but these are being resolved in the community)  Communication Layering AGTk Application ServicesThe Access Grid Toolkit is extensible by the addition of third-party services May rely on AGTk services for internal communication or be entirely self-sufficient Use the Venue as a means of coordination Application Services + Application Clients Distributed Application integrated with AG Examples covered Shared web browser Distributed presentation Z/ZZ-ZZ/,Z A Shared Web BrowserApplication task: Web browsing All users see the same page The Venue serves as a rendezvous mechanism Application state: webpage URL State is distributed; that is, there is no central server maintaining the state With each state change, an event is distributed to all interested clients  y!Venue requirementsHolds application descriptor Notifies the Venue clients that a shared web browsing session exists Defines the event type used for the shared session Distribution mechanism for events Venue defines API for registration for and generation of events rx"@x"@"Application logic[Pull the logic out of the prototype shared web browser, with example of the key parts of the code] [Do we describe the API currently used for venue events?] #Distributed Presentation'Application task: coordinated display of presentation material (PowerPoint is a common example, but would like to generalize) Application state A presentation (set of slides / images / pages) Current location within the presentation A presenter has control of progress through the presentation l + 2$ Distributed Presentation ServiceHolds state (presentation, location, presenter) Distributes state update events Enforces presenter-only generation of location updates Supports late-comers6 $l $l'"Venue responsibilitiesyDiscovery mechanism for clients to find presentation service Event distribution mechanism Centralized secure file storage&!Presentation ServiceSupports multiple active (or pending) presentations Presentation factory: Given a presentation file, create a new presentation session (psession) for the file. A psession maintains membership and access control for an individual presentation. @4@c, I(#Venue interaction=In presentation service: service_descriptor = ServiceDescriptor(myURL, PresentationServiceID) Venue.RegisterService(service_descriptor) In psession [give current slide to latecomers, etc] In presenter app Venue.DistributeEvent(SlideChangeEvent(x)) In client Venue.RegisterEventHandler(SlideChangeEvent, handler) p ), 8pC  )G h +G h  8G h. B /  0$(  r  S cF 0  F r  S T1F 0p F H  0޽h ? ̙333  `$(  r  S XF 0  F r  S |`F 0p F H  0޽h ? ̙333  p$(  r  S F 0  F r  S Q{ 0p { H  0޽h ? ̙333r!$KQ' 7S#UW(