diff --git a/refs/pull/201/merge/en/.buildinfo b/refs/pull/201/merge/en/.buildinfo new file mode 100644 index 000000000..2ad55caa3 --- /dev/null +++ b/refs/pull/201/merge/en/.buildinfo @@ -0,0 +1,4 @@ +# Sphinx build info version 1 +# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done. +config: 7debc0b241d55c8da06f75be8de0eb53 +tags: 645f666f9bcd5a90fca523b33c5a78b7 diff --git a/refs/pull/201/merge/en/.doctrees/algorithms.doctree b/refs/pull/201/merge/en/.doctrees/algorithms.doctree new file mode 100644 index 000000000..30721769d Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/algorithms.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/backup-restore.doctree b/refs/pull/201/merge/en/.doctrees/backup-restore.doctree new file mode 100644 index 000000000..c0f299996 Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/backup-restore.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/contribute.doctree b/refs/pull/201/merge/en/.doctrees/contribute.doctree new file mode 100644 index 000000000..48ffcfe18 Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/contribute.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/defined-terms.doctree b/refs/pull/201/merge/en/.doctrees/defined-terms.doctree new file mode 100644 index 000000000..55761ac67 Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/defined-terms.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/environment.pickle b/refs/pull/201/merge/en/.doctrees/environment.pickle new file mode 100644 index 000000000..62d9c0ae9 Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/environment.pickle differ diff --git a/refs/pull/201/merge/en/.doctrees/index.doctree b/refs/pull/201/merge/en/.doctrees/index.doctree new file mode 100644 index 000000000..0c59b343a Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/index.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/pid-eaa-data-model.doctree b/refs/pull/201/merge/en/.doctrees/pid-eaa-data-model.doctree new file mode 100644 index 000000000..04fc47073 Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/pid-eaa-data-model.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/pid-eaa-issuance.doctree b/refs/pull/201/merge/en/.doctrees/pid-eaa-issuance.doctree new file mode 100644 index 000000000..ac6d9053f Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/pid-eaa-issuance.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/proximity-flow.doctree b/refs/pull/201/merge/en/.doctrees/proximity-flow.doctree new file mode 100644 index 000000000..6b69952d5 Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/proximity-flow.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/pseudonyms.doctree b/refs/pull/201/merge/en/.doctrees/pseudonyms.doctree new file mode 100644 index 000000000..b3b239c79 Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/pseudonyms.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/relying-party-solution.doctree b/refs/pull/201/merge/en/.doctrees/relying-party-solution.doctree new file mode 100644 index 000000000..306b5c755 Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/relying-party-solution.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/remote-flow.doctree b/refs/pull/201/merge/en/.doctrees/remote-flow.doctree new file mode 100644 index 000000000..a701ce186 Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/remote-flow.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/revocation-lists.doctree b/refs/pull/201/merge/en/.doctrees/revocation-lists.doctree new file mode 100644 index 000000000..d16212f9f Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/revocation-lists.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/ssi-introduction.doctree b/refs/pull/201/merge/en/.doctrees/ssi-introduction.doctree new file mode 100644 index 000000000..93bd82a68 Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/ssi-introduction.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/standards.doctree b/refs/pull/201/merge/en/.doctrees/standards.doctree new file mode 100644 index 000000000..9e9c3a480 Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/standards.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/trust.doctree b/refs/pull/201/merge/en/.doctrees/trust.doctree new file mode 100644 index 000000000..d4c420317 Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/trust.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/wallet-attestation.doctree b/refs/pull/201/merge/en/.doctrees/wallet-attestation.doctree new file mode 100644 index 000000000..230480b3b Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/wallet-attestation.doctree differ diff --git a/refs/pull/201/merge/en/.doctrees/wallet-solution.doctree b/refs/pull/201/merge/en/.doctrees/wallet-solution.doctree new file mode 100644 index 000000000..79ed225ae Binary files /dev/null and b/refs/pull/201/merge/en/.doctrees/wallet-solution.doctree differ diff --git a/refs/pull/201/merge/en/_images/Eo_circle_green_checkmark.svg b/refs/pull/201/merge/en/_images/Eo_circle_green_checkmark.svg new file mode 100644 index 000000000..19e0bd7f0 --- /dev/null +++ b/refs/pull/201/merge/en/_images/Eo_circle_green_checkmark.svg @@ -0,0 +1,2 @@ + diff --git a/refs/pull/201/merge/en/_images/Eo_circle_red_letter-x.svg b/refs/pull/201/merge/en/_images/Eo_circle_red_letter-x.svg new file mode 100644 index 000000000..4c3c8e785 --- /dev/null +++ b/refs/pull/201/merge/en/_images/Eo_circle_red_letter-x.svg @@ -0,0 +1 @@ + diff --git a/refs/pull/201/merge/en/_images/High-Level-Flow-ITWallet-PID-Issuance.svg b/refs/pull/201/merge/en/_images/High-Level-Flow-ITWallet-PID-Issuance.svg new file mode 100644 index 000000000..112223018 --- /dev/null +++ b/refs/pull/201/merge/en/_images/High-Level-Flow-ITWallet-PID-Issuance.svg @@ -0,0 +1,3 @@ + + +
PID Provider
PID Provider
Wallet Solution
Wallet Solution
Wallet Instance
Wallet Instance
VCI Component (OIDC4VCI)
VCI Component (OIDC4VCI...
Issues PID
Issues PID
National eID Component
 (e.g. OIDC, SAML)
National eID Component...
Wallet Provider
Wallet Provider
Attestation Service
Attestation Service
Issues
Wallet Verifiable Attestation
Issues...
Authenticates the User
Authenticates the User
Requests PID
Requests PID
Develop and Maintains
Develop and Maintains
Federation API Services
Federation API Services
Federation API Services
Federation API Serv...
National IdP
National IdP
0
0
3
3
4
4
5
5
Trust Anchor - Accreditation Body
Trust Anchor - Accreditation Body
Federation API Services
Federation API Services
Requests for PID Provider identifier
Requests for PID Provider identifier
1
1
2
2
Requests for PID Provider Metadata
Requests for PID Provider MetadataViewer does not support full SVG 1.1 \ No newline at end of file diff --git a/refs/pull/201/merge/en/_images/High-Level-Flow-ITWallet-Presentation-ISO.svg b/refs/pull/201/merge/en/_images/High-Level-Flow-ITWallet-Presentation-ISO.svg new file mode 100644 index 000000000..6bcf4030f --- /dev/null +++ b/refs/pull/201/merge/en/_images/High-Level-Flow-ITWallet-Presentation-ISO.svg @@ -0,0 +1 @@ +User's SmartphoneVerifier's SmartphoneUserUserWallet InstanceWallet InstanceVerifier AppVerifier App1Open the Wallet Instance to present an mDoc CredentialDevice Engagement subphase -over QR-2Generate new ephemeral key pair3Show the QR Code for Device Engagement4Scan the QR Code5Generate newephemeral key pair6Compute session keySession establishment and Communication subphase -over BLE secure channel-7mDoc Request + public key of the Verifier App(Session establishment)8Compute session key9Prompt for consent to share the requested information10Grant consent11Retrieve mDoc from local storage12mDoc Response13Verify Response signatureand check mDoc validity \ No newline at end of file diff --git a/refs/pull/201/merge/en/_images/High-Level-Flow-ITWallet-QEAA-Issuance.svg b/refs/pull/201/merge/en/_images/High-Level-Flow-ITWallet-QEAA-Issuance.svg new file mode 100644 index 000000000..7a55b4792 --- /dev/null +++ b/refs/pull/201/merge/en/_images/High-Level-Flow-ITWallet-QEAA-Issuance.svg @@ -0,0 +1,3 @@ + + +
(Q)EAA Provider
(Q)EAA Provider
Wallet Solution
Wallet Solution
Wallet Instance
Wallet Instance
VCI Component (OpenID4VCI)
VCI Component (OpenID4V...
Issues (Q)EAA
Issues (Q)EAA
Requests (Q)EAA
Requests (Q)EAA
Federation API Services
Federation API Services
Trust Anchor - Accreditation Body
Trust Anchor - Accreditation Body
Federation API Services
Federation API Services
Requests for Issuer identifier
Requests for Issuer identifier
1
1
2
2
Register
Register
User Authentication with PID
User Authentication with PID
Requests for Issuer Metadata
Requests for Issuer Metadata
RP Component (OpenID4VP)
RP Component (OpenID4VP...
5
5
3
3
4
4Text is not SVG - cannot display \ No newline at end of file diff --git a/refs/pull/201/merge/en/_images/Low-Level-Flow-ITWallet-PID-QEAA-Issuance.svg b/refs/pull/201/merge/en/_images/Low-Level-Flow-ITWallet-PID-QEAA-Issuance.svg new file mode 100644 index 000000000..d4bacd980 --- /dev/null +++ b/refs/pull/201/merge/en/_images/Low-Level-Flow-ITWallet-PID-QEAA-Issuance.svg @@ -0,0 +1,2 @@ + +User's smartphoneUserUserBrowserBrowserWallet InstanceWallet InstancePID ProviderPID Provider1obtain your PID2yesobtain the list of the Trusted PID Providers3confirm the selection of PID Provider4okCheck PID Provider is part of the Federation and obtain its metadata5create PKCE code verifier and WIA-PoP6PAR Request (response_type,client_id,code_challenge,code_challenge_method,request,client_assertion_type,client_assertion=WIA~WIA-PoP)Check Wallet Provider is part of the FederationCheck signature of the Wallet Attestation and its validity7PAR Response (request_uri, expires_in)8Authorization Request (client_id, request_uri)9Authorization Request (client_id, request_uri)user authentication with eIDAS High and consent10Authorization Response (code, state, iss)11Authorization Response (code, state, iss)12generate DPoP key13generate DPoP proof and WIA-PoP for PID Provider token endpoint14Token Request with DPoP proof (client_id,grant_type,code,code_verifier,client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation,client_assertion=WIA~WIA-PoP,redirect_uri)15Token Response (access_token, token_type, expires_in, c_nonce, c_nonce_expires_in)16create proof of possession (c_nonce)17create DPoP proof for PID Provider credential endpoint18Credential Request with DPoP access_token and DPoP proof (credential_definition, format, proof)Register all the credential-relatedinformation for verification/revocation19Credential Response (format, credential, c_nonce, c_nonce_expires_in)20PID validity and status check21store credential \ No newline at end of file diff --git a/refs/pull/201/merge/en/_images/cross_device_auth_seq_diagram.svg b/refs/pull/201/merge/en/_images/cross_device_auth_seq_diagram.svg new file mode 100644 index 000000000..f495b1d91 --- /dev/null +++ b/refs/pull/201/merge/en/_images/cross_device_auth_seq_diagram.svg @@ -0,0 +1 @@ +User's DevicesUserUserWallet InstanceWallet Instanceuser-agentuser-agentRelying PartyRelying Party1Web Service navigation2Request Protected ResourceUser Authentication (Presentation Phase)3Create astatevaluebound to user-agent cookie4Create request_uri resource5QRCode OR HTTP Redirect (302) with client_id, request_uri, stateCross Device only6Show the QRCode page7Open the Wallet Instance app, local authentication8Scan QR Code9Extractclient_idrequest_uriand statefrom the QR Code10evaluates trust with the client_id11requests the signed request object from the request_uri endpoint12signed request objectalt[if request_uri_method is set with POST]13provides Wallet metadata to the request_uri endpoint14evaluates the Wallet tecnical capabilities15updated signed request object16evaluates Relying Party Metadata and policies17Verify signature of the signed Request Object18Validate Requested VP(s)19Request for consent20Confirmed21POST Authorization Responsewith vp_token22Evaluate the Verifiable Presentation token23Validate the Wallet Attestation.Attest the Wallet Provideris part of the Federationand the Wallet Instance is not revoked.24Attest Credential Issuer Trustand Validate JWT Signature25Process the credentialProcess the credential:Check Holder Key Binding and Proof of Possession:- using the public key bound in\n the Credential to verify the VP token. Then Extract the disclosed attributes: \n Check if all the required data are available26Update the User session (cookie updated)27HTTP/1.1 200 OK{"redirect_uri": https url with response_code }Same Device only28Use the redirect_uriCross Device only29QRCode JS: Check authentication state (HTTP request with cookie)30Authentication state given with HTTP codes, untill expired or successful \ No newline at end of file diff --git a/refs/pull/201/merge/en/_images/dynamic_view_sequence_wallet_instance_attestation.svg b/refs/pull/201/merge/en/_images/dynamic_view_sequence_wallet_instance_attestation.svg new file mode 100644 index 000000000..4ab9a713d --- /dev/null +++ b/refs/pull/201/merge/en/_images/dynamic_view_sequence_wallet_instance_attestation.svg @@ -0,0 +1 @@ +UserWallet InstanceWallet ProviderApp attestation serviceUserWallet InstanceWallet ProviderApp attestation service1Initialize Wallet Instanceor request/present credentials2Get Wallet Provider metadata3Metadata containing credential types, key requirements, endpoints4Validate Wallet Provider trust5Generate key pairs6Request nonce7nonce8Create Wallet Instance Attestation Request JWT9Get attestation (Wallet Instance Attestation Request)10Validate Wallet Instance genuineness (nonce)11Integrity check result12Validate signature13Generate and sign Wallet Instance Attestation14Wallet Instance Attestation15Validate Wallet Instance Attestation16Wallet Instance initializedready to obtain new credentials \ No newline at end of file diff --git a/refs/pull/201/merge/en/_images/static_view_wallet_instance_attestation.svg b/refs/pull/201/merge/en/_images/static_view_wallet_instance_attestation.svg new file mode 100644 index 000000000..aab862f78 --- /dev/null +++ b/refs/pull/201/merge/en/_images/static_view_wallet_instance_attestation.svg @@ -0,0 +1 @@ +UserWallet providerWallet solutionWallet instanceWallet backendIs part ofProvides wallet assertionscontrol / activateIs an instance ofProvide \ No newline at end of file diff --git a/refs/pull/201/merge/en/_images/trust-roles.svg b/refs/pull/201/merge/en/_images/trust-roles.svg new file mode 100644 index 000000000..a1e8dd823 --- /dev/null +++ b/refs/pull/201/merge/en/_images/trust-roles.svg @@ -0,0 +1,426 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/refs/pull/201/merge/en/_images/verifier_qr_code.svg b/refs/pull/201/merge/en/_images/verifier_qr_code.svg new file mode 100644 index 000000000..437ad39ca --- /dev/null +++ b/refs/pull/201/merge/en/_images/verifier_qr_code.svg @@ -0,0 +1,2 @@ + + diff --git a/refs/pull/201/merge/en/_sources/algorithms.rst.txt b/refs/pull/201/merge/en/_sources/algorithms.rst.txt new file mode 100644 index 000000000..7fae0ee7f --- /dev/null +++ b/refs/pull/201/merge/en/_sources/algorithms.rst.txt @@ -0,0 +1,98 @@ +.. include:: ../common/common_definitions.rst + +.. _supported_algs: + +Cryptographic algorithms +++++++++++++++++++++++++ + +The following algorithms MUST be supported: + +.. list-table:: + :widths: 20 20 20 + :header-rows: 1 + + * - **Algorithm** + - **Operations** + - **References** + * - **RS256** + - Signature + - :rfc:`7518`. + * - **RS512** + - Signature + - :rfc:`7518`. + * - **RSA-OAEP** + - Key Encryption + - :rfc:`7518`. + * - **RSA-OAEP-256** + - Key Encryption + - :rfc:`7516`. + * - **A128CBC-HS256** + - Content Encryption + - :rfc:`7516`. + * - **A256CBC-HS512** + - Content Encryption + - :rfc:`7516`. + +The following algorithms are RECOMMENDED to be supported: + +.. list-table:: + :widths: 20 20 20 + :header-rows: 1 + + * - **Algorithm** + - **Operations** + - **References** + * - **ES256** + - Signature + - :rfc:`7518`. + * - **ES512** + - Signature + - :rfc:`7518`. + * - **PS256** + - Signature + - :rfc:`7518`. + * - **PS512** + - Signature + - :rfc:`7518`. + * - **ECDH-ES** + - Key Encryption + - :rfc:`7518`. + * - **ECDH-ES+A128KW** + - Key Encryption + - :rfc:`7518`. + * - **ECDH-ES+A256KW** + - Key Encryption + - :rfc:`7518`. + +The following algorithms MUST NOT be supported: + +.. list-table:: + :widths: 20 20 20 + :header-rows: 1 + + * - **Algorithm** + - **Operations** + - **References** + * - **none** + - Signature + - :rfc:`7518`. + * - **RSA_1_5** + - Key Encryption + - :rfc:`7516`. + * - **HS256** + - Signature + - :rfc:`7518`. + * - **HS384** + - Signature + - :rfc:`7518`. + * - **HS512** + - Signature + - :rfc:`7518`. + +.. warning:: + + The length of the RSA keys MUST be equal to or greater than 2048 bits. + A length of 4096 bits is RECOMMENDED. + + + diff --git a/refs/pull/201/merge/en/_sources/backup-restore.rst.txt b/refs/pull/201/merge/en/_sources/backup-restore.rst.txt new file mode 100644 index 000000000..186042348 --- /dev/null +++ b/refs/pull/201/merge/en/_sources/backup-restore.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _backup-restore.rst: + +backup-restore.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/en/_sources/contribute.rst.txt b/refs/pull/201/merge/en/_sources/contribute.rst.txt new file mode 100644 index 000000000..60fc0b3d0 --- /dev/null +++ b/refs/pull/201/merge/en/_sources/contribute.rst.txt @@ -0,0 +1,61 @@ +.. include:: ../common/common_definitions.rst + +.. _contribute.rst: + +How to contribute ++++++++++++++++++++++++++++ + +The IT Wallet project, including this document, follows an **open development process**. This approach ensures the development process is accessible to all, inviting all interested parties to participate. + +Consequently, stakeholders, national and international community members are not only encouraged but also heartily welcomed to contribute to the refinement of these technical rules. + +Below are several methods available for contributing to this project: + +- **GitHub issues**. By opening an issue, you can seek clarification, propose enhancements, or report editorial typos. If you are working on an issue, we encourage you to open a draft pull request and link it. +- **Pull requests**. Pull requests represent active contributions to the project, typically, but not always following issue-based discussions. Once a pull request is initiated, it facilitates discussion and review of the proposed changes before they are merged into the main branch (`versione-corrente`). +- **Developers Italia Slack channel**. Slack is a messaging application designed for businesses, connecting people to the information they need. *Developers Italia* is an open community based on contributions and participation from public administrations, developers, technicians, students, and citizens. *Developers Italia* has initiated a Slack channel that [everyone can join for free](https://slack.developers.italia.it/), where you can learn about all their activities and partake in discussions. + + +Acknowledgements +---------------- + +We would like to thank the following individuals for their comments, +concerns, ideas, contributions, some of which substantial, to this +implementation profile and to the initial set of implementations. + +- Alen Horvat +- Amir Sharif +- Andrea Prosseda +- Emanuele De Cupis +- Emiliano Vernini +- Francesco Grauso +- Francesco Marino +- Francesco Ventola +- Giada Sciarretta +- Giuseppe De Marco +- Klaas Wierenga +- Kristina Yasuda +- Leif Johansson +- Lorenzo Cerini +- Marta Sciunnach +- Michele Silletti +- Nicola Saitto +- Niels van Dijk +- Paul Bastien +- Pasquale De Rose +- Peter Altmann +- Riccardo Iaconelli +- Roland Hedberg +- Salvatore Laiso +- Salvatore Manfredi +- Stefano Alifuoco +- Takahiko Kawasaki +- Torsten Lodderstedt +- Vladimir Duzhinov + + +If anyone has been forgotten, please accept our apologies with the +request to propose the modification of this page via a [Pull Request](https://github.com/italia/eudi-wallet-it-docs) +with a brief description of the contribution offered, during which +event or channel, and during which period. We will then have the opportunity +to apologize again and make amends as soon as possible, including you in the list. diff --git a/refs/pull/201/merge/en/_sources/defined-terms.rst.txt b/refs/pull/201/merge/en/_sources/defined-terms.rst.txt new file mode 100644 index 000000000..a6004323c --- /dev/null +++ b/refs/pull/201/merge/en/_sources/defined-terms.rst.txt @@ -0,0 +1,83 @@ +.. include:: ../common/common_definitions.rst + +.. _defined-terms.rst: + + +Normative Language and Conventions +++++++++++++++++++++++++++++++++++ + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. + + +Defined Terms ++++++++++++++ + +The terms *User*, *Trust Service*, *Trust Model*, *Trusted List*, *Trust Framework*, *Attribute*, *Electronic Attestations of Attributes Provider* or *Trust Service Provider (TSP)*, *Person Identification Data (PID)*, *Revocation List*, *Qualified Electronic Attestations of Attributes Provider* or *Qualified Trust Service Provider (QTSP)*, *Electronic Attestation of Attributes (EAA)*, are defined in the `EIDAS-ARF`_. + +Below are the description of acronyms and definitions which are useful for further insights into topics that complement the it-wallet and the interacting components. + + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - Accreditation Body + - An entity accredited by the Federation Authority, responsible for managing the process of verification and certification of accreditation requirements for ecosystem roles. + * - Digital Identity Provider + - An entity, recognized and accredited by the State, responsible for identifying citizens for the issuance of an Electronic Identity Certificate. + * - Electronic Attestation of Identity + - Electronic attestation of attributes referring to master data already present in Italian digital identity systems. + * - Digital Credential + - An signed Credential whose integrity can be cryptographically verified using the public keys of its Issuer. It is also known as Credential. + * - Federation Authority + - A public governance entity that issues guidelines and technical rules, and administers - directly or through its intermediary - Trusted Lists, services, and accreditation processes, the status of participants, and their eligibility evaluation. It also performs oversight functions. + * - Wallet Instance + - An instance of the Wallet Solution, installed on a personal mobile device and controlled by a specific User who is its sole owner. It is the application that enables citizens to fully and autonomously manage their digital identity and EAAs. + * - Wallet Provider + - All public and/or private entities, conforming to a technical profile and accredited by the Federation Authority, that provide citizens with an IT Wallet Instance. + * - Wallet Attestation + - Verifiable Attestation, issued by the Wallet Provider, that proves the security compliace of the Wallet Instance. + * - Wallet Attestation Service + - Device manufacturer service that allows you to certify the authenticity of the mobile app (Wallet Instance). + * - Qualified Electronic Attestation of Attributes (QEAA) + - A digitally verifiable attestation in electronic form, issued by a QTSP, that substantiates a person's possession of attributes. + * - Qualified Electronic Signature Provider + - The Electronic Trust Service Provider responsible for the issuing of Qualified Electronic Signature certificates to the User. + * - Relying Party + - A natural or legal person that implements an authentication system requiring electronic attribute attestation submissions as an authentication mechanism. + * - Verifier + - See Relying Party. + * - Trust Attestation + - Electronic attestation of an entity's compliance with the national regulatory framework, which is cryptographically verifiable and cannot be repudiated over time by the entity that issued it. A Trust Attestation is always related to a particular Trust Framework. + * - Trust Layer + - An architectural component that enables IT Wallet system participants to establish trust, in terms of reliability and compliance of all participants with the regulatory framework governing the digital identity system. + * - Trust Model + - System defining how the participants of the ecosystem establish and maintain trust in their interactions. The Trust Model outlines the rules and the procedures for the entities (like users, systems, or applications) should validate each other's identities, authenticate, and establish the level of trust before exchanging information. + * - Level of Assurance + - The degree of confidence in the vetting process used to establish the identity of the User and the degree of confidence that the User who presents the credential is the same User to whom the Digital Credential was issued. + * - Holder Key Binding + - Ability of the Holder to prove legitimate possession of the private part, related to the public part attested by a Trusted Third Party. + +Acronyms +-------- + +.. list-table:: + :widths: 20 80 + :header-rows: 1 + + * - **Acronym** + - **Description** + * - **OID4VP** + - OpenID for Verifiable Presentation + * - **PID** + - Person Identification Data + * - **VC** + - Verifiable Credential + * - **VP** + - Verifiable Presentation + * - **API** + - Application Programming Interface + * - **LoA** + - Level of Assurance diff --git a/refs/pull/201/merge/en/_sources/index.rst.txt b/refs/pull/201/merge/en/_sources/index.rst.txt new file mode 100644 index 000000000..a25387a11 --- /dev/null +++ b/refs/pull/201/merge/en/_sources/index.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +============================================== +The Italian EUDI Wallet implementation profile +============================================== + +Introduction +------------ + +The European Council requested the update of the +eIDAS Regulation on electronic identification and trust services by +implementing a new tool: the `European Digital Identity Wallet `_. + +Italy responded to the input received from the European community by creating the National digital identity Wallet solution, called IT Wallet, to be fully interoperable with all the other solutions made available by other European Member States and in full compliance to the European regulation. + +The current Italian scenario counts 3 coexisting digital identity tools that are partially overlapping, sometimes competing, and based on different technologies. This points to a highly fragmented system which yields difficulties for users and service providers. Therefore, the IT Wallet proposes to rationalise the digital identity ecosystem in Italy in order to simplify the experience of citizens, public administrations, and businesses in accessing digital services. + +To achieve these objectives and enhance the already active and eIDAS-notified digital identity schemes, the IT Wallet project entails a technological and governance evolution that envisages the progressive migration of the current threefold digital identification solution towards IT Wallet. + +The purpose of the following technical rules is to define the technical architecture and reference framework to be used as a guideline by all the parties involved in the development of the IT Wallet project. + +This documentation defines the national implementation profile of EUDI Wallet, containing the technical details about components of the Wallet ecosystem, as listed below: + + - Entities of the ecosystem according to `EIDAS-ARF`_. + - Infrastructure of trust attesting realiability and eligibility of the participants. + - PID and EAAs data schemes and attribute sets. + - PID/EAA in MDL CBOR format. + - PID/EAA in `SD-JWT`_ format. + - Wallet Solution general architecture. + - Wallet Attestation. + - Issuance of PID/EAA according to `OpenID4VCI`_. + - Presentation of PID/EAA according to `OpenID4VP`_. + - Presentation of pseudonyms according to `SIOPv2`_. + - PID/EAA backup and restore mechanisms. + - PID/EAA revocation lists. + +Index of content +---------------- + +.. toctree:: + :maxdepth: 3 + + ssi-introduction.rst + defined-terms.rst + trust.rst + wallet-solution.rst + wallet-attestation.rst + pid-eaa-data-model.rst + pid-eaa-issuance.rst + relying-party-solution.rst + revocation-lists.rst + pseudonyms.rst + backup-restore.rst + algorithms.rst + contribute.rst + standards.rst + diff --git a/refs/pull/201/merge/en/_sources/pid-eaa-data-model.rst.txt b/refs/pull/201/merge/en/_sources/pid-eaa-data-model.rst.txt new file mode 100644 index 000000000..d6ce41ac8 --- /dev/null +++ b/refs/pull/201/merge/en/_sources/pid-eaa-data-model.rst.txt @@ -0,0 +1,1193 @@ + +.. include:: ../common/common_definitions.rst + +.. _pid_eaa_data_model.rst: + +PID/(Q)EAA Data Model ++++++++++++++++++++++ + +The Person Identification Data (PID) is issued by the PID Provider according to national laws. The main scope of the PID is allowing natural persons to be authenticated for the access to a service or to a protected resource. +The User attributes provided within the Italian PID are the ones listed below: + + - Current Family Name + - Current First Name + - Date of Birth + - Place of Birth + - Unique Identifier + - Taxpayer identification number + +The Italian digital Credentials, like the PID and the (Q)EAA, contains additional claims and according to the `OpenID Identity Assurance Profile [OIDC.IDA] `_, these carries the national trust framework and the identity proofing procedures underlying the issuance. In particular, these carries some relevant information about the Authentic Sources of the subject's attributes. + +The (Q)EAAs are issued by (Q)EAA Issuers to a Wallet Instance and MUST be provided in SD-JWT-VC or MDOC-CBOR data format. + +The PID/(Q)EAA data format and the mechanism through which a digital credential is issued to the Wallet Instance and presented to a Relying Party are described in the following sections. + +SD-JWT +====== + +The PID/(Q)EAA is issued in the form of a digital credential. The digital credential format is `Selective Disclosure JWT format `_ as specified in `[draft-terbu-sd-jwt-vc-latest] `__. + +An SD-JWT is a JWT that MUST be signed using the Issuer's private key. The SD-JWT payload of the MUST contain the **_sd_alg** claim described in `[SD-JWT]. Section 5.1.2. `_ and other claims specified in this section, some of them may be selectively disclosable claims. + +The claim **_sd_alg** indicates the hash algorithm used by the Issuer to generate the digests over the salts and the claim values. The **_sd_alg** claim MUST be set to one of the specified algorithms in Section :ref:`Cryptographic Algorithms `. + +Selectively disclosable claims are omitted from the SD-JWT. Instead, the digests of the respective disclosures and decoy digests are contained as an array in a new JWT claim, **_sd**. + +Each digest value ensures the integrity of, and maps to, the respective Disclosure. Digest values are calculated using a hash function over the disclosures, each of which contains + + - a random salt, + - the claim name (only when the claim is an object property), + - the claim value. + +The Disclosures are sent to the Holder together with the SD-JWT in the *Combined Format for Issuance* that MUST be an ordered series of base64url-encoded values, each separated from the next by a single tilde ('~') character as follows: + +.. code-block:: + + ~~~...~ + +See `[draft-terbu-sd-jwt-vc-latest] `_ and `[SD-JWT] `__ for more details. + + +PID/(Q)EAA SD-JWT parameters +---------------------------- + +The JOSE header contains the following mandatory parameters: + +.. _pid_jose_header: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **typ** + - MUST be set to ``vc+sd-jwt`` as defined in `[draft-terbu-sd-jwt-vc-latest] `__. + - `[RFC7515, Section 4.1.9] `_. + * - **alg** + - Signature Algorithm. + - `[RFC7515, Section 4.1.1] `_. + * - **kid** + - Unique identifier of the public key. + - `[RFC7515, Section 4.1.8] `_. + * - **trust_chain** + - JSON array containing the trust chain that proves the reliability of the issuer of the JWT. + - `[OIDC-FED, Section 3.2.1] `_. + +The following claims MUST be in the JWT payload. Some of these claims MAY be selectively disclosed, these are listed in the following tables that specify whether a claim is selectively disclosable [SD] or not [NSD]. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **iss** + - [NSD].URL string representing the PID/(Q)EAA Issuer unique identifier. + - `[RFC7519, Section 4.1.1] `_. + * - **sub** + - [NSD].Thumbprint of the JWK in the ``cnf`` parameter. + - `[RFC7519, Section 4.1.2] `_. + * - **jti** + - [NSD].Unique Token ID identifier of this JWT. It SHOULD be a String in *uuid4* format. + - `[RFC7519, Section 4.1.7] `_. + * - **iat** + - [SD].UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in :rfc:`7519`. + - `[RFC7519, Section 4.1.6] `_. + * - **exp** + - [NSD].UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated in :rfc:`7519`. + - `[RFC7519, Section 4.1.4] `_. + * - **status** + - [NSD].HTTPS URL where the credential validity status is available. + - `[SD-JWT-VC. Section 4.2.2.2] `_. + * - **cnf** + - [NSD].JSON object containing the proof-of-possession key materials. By including a **cnf** (confirmation) claim in a JWT, the issuer of the JWT declares that the Holder is in control of the private key related to the public one defined in the **cnf** parameter. The recipient MUST cryptographically verify that the Holder is in control of that key. + - `[RFC7800, Section 3.1] `_. + * - **vct** + - [NSD].Credential type as a string, MUST be set in accordance to the type obtained from the PID/(Q)EAA Issuer metadata. For example, in the case of the PID, it MUST be set to ``PersonIdentificationData``. + - `[draft-terbu-sd-jwt-vc-latest. Section Type Claim] `__. + * - **verified_claims** + - [NSD].JSON object containing the following sub-elements: + + - **verification**; + - **claims**. + - `[OIDC.IDA. Section 5] `_. + +.. _sec-pid-eaa-verification-field: + +PID/(Q)EAA Verification field +----------------------------- + +The ``verification`` claim contains the information regarding the trust framework used by the PID/(Q)EAA Issuer to provide the User attributes (claims). + +The ``verification`` claim is a JSON structure with all the following mandatory sub-claims. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **trust_framework** + - [NSD]. It MUST be set to ``eidas``. + - `[OID.IDA. Section 5.1] `_ + * - **assurance_level** + - [NSD]. MUST be set according to the LoA required. For PID credential it MUST be set to ``high``. + - `[OID.IDA. Section 5.1] `_ + * - **evidence** + - [SD]. JSON Array. Each element is the electronic evidence of the User identification during the PID issuance or, in the case of (Q)EAA, with this evidence the Authentic Source assures the authenticity of the data conveyed in the (Q)EAA. It MUST contain at least the following claims: + + - **type**: MUST be set to ``electronic_record`` + - **record**: JSON object (see the table below) + - `[OID.IDA. Section 5.1] `_ + + +The ``record`` MUST have at least the following sub parameters: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **type** + - It uniquely identifies the trust framework used for the provisioning of the credential. For example, in case of PID, the value ``https://eudi.wallet.cie.gov.it`` means that the CIE id identification scheme is used. + - `[OID.IDA. Section 5.1.1.2] `_ + * - **source** + - JSON Object cointaining the following mandatory claims: + + - **organization_name**: Name of the Organization acting as Authentic Source. + - **organization_id**: Identification code for the Organization. For public Organization, it MUST be set to the *IPA Code*, following the URN namespace ``urn:eudi:it:organization_id:ipa_code:``. + - **country_code**: String representing country in `[ISO3166-1] Alpha-2 (e.g., IT) or [ISO3166-3] syntax `_. + - `[OID.IDA. Section 5.1.1.2] `_ + +.. warning:: + Note that the sub-claims of the **evidence** parameter are not selectively disclosable separately, thus, for example, the User cannot give only the *record type* without the disclosure of the *record source* value (organization name, identifier and country). + +.. _sec-pid-user-claims: + +PID Claims field +---------------- + +The ``claims`` parameter contains the User attributes with the following mandatory fields: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **given_name** + - [SD]. Current First Name. + - `[OpenID Connect Core 1.0, Section 5.1] `_ + * - **family_name** + - [SD]. Current Family Name. + - `[OpenID Connect Core 1.0, Section 5.1] `_ + * - **birth_date** + - [SD]. Date of Birth. + - + * - **birth_place** + - [SD]. Place of Birth. JSON Object with the following subclaims: + + - **country** + - **locality** + - + * - **unique_id** + - [SD]. Unique citizen identifier (ID ANPR) given by the National Register of the Resident Population (ANPR). It MUST be set according to `ANPR rules `_ + - + * - **tax_id_code** + - [SD]. National tax identification code of natural person as a String format. It MUST be set according to ETSI EN 319 412-1. For example ``TINIT-`` + - + + + +PID Non-normative Examples +-------------------------- + +In the following, the non-normative example of a PID in JSON format. + +.. code-block:: JSON + + { + "iss": "https://issuer.example.org", + "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", + "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", + "iat": 1683000000, + "exp": 1883000000, + "status": "https://pidprovider.example.org/status", + "vct": "PidIdentificationData", + "verified_claims": { + "verification": { + "trust_framework": "eidas", + "assurance_level": "high", + "evidence": [ + { + "type": "electronic_record", + "record": { + "type": "https://eudi.wallet.cie.gov.it", + "source": { + "organization_name": "Ministero dell'Interno", + "organization_id": + "urn:eudi:it:organization_id:ipa_code:m_it", + "country_code": "IT" + } + } + } + ] + }, + "claims": { + "unique_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "given_name": "Mario", + "family_name": "Rossi", + "birth_date": "1980-01-10", + "birth_place": { + "country": "IT", + "locality": "Rome" + }, + "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX" + } + } + } + +The corresponding SD-JWT verson for PID is given by + +.. code-block:: JSON + + { + "typ":"vc+sd-jwt", + "alg":"RS512", + "kid":"dB67gL7ck3TFiIAf7N6_7SHvqk0MDYMEQcoGGlkUAAw", + "trust_chain" : [ + "NEhRdERpYnlHY3M5WldWTWZ2aUhm ...", + "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...", + "IkJYdmZybG5oQU11SFIwN2FqVW1B ..." + ] + } + +.. code-block:: JSON + + { + "_sd": [ + "7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc" + ], + "iss": "https://issuer.example.org", + "exp": 1883000000, + "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", + "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", + "status": "https://pidprovider.example.org/status", + "vct": "PidIdentificationData", + "verified_claims": { + "verification": { + "_sd": [ + "gd8gRxKT1hg8ptnvR5fPGhae0VXllDblsiJT9adxiS8" + ], + "trust_framework": "eidas", + "assurance_level": "high" + }, + "claims": { + "_sd": [ + "4g9lBt38U1EeTA1zlvvGfFgPPcoe3zmbQ_zSRDgHQaE", + "EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ", + "EfP5vho0dBdoObBbL45cOTmMsKo6LrSuN4My72y01SE", + "F90SKK9nIQcHIElkHY_ult_9FGqYe-RydvY3E0qR96s", + "IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ", + "lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA" + ] + } + }, + "_sd_alg": "sha-256", + "cnf": { + "jwk": { + "kty": "EC", + "crv": "P-256", + "x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc", + "y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ" + } + } + } + +In the following the disclosure list is given + +**Claim** ``iat``: + +- SHA-256 Hash: ``7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc`` +- Disclosure: + ``WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd`` +- Contents: ``["57mvycTh5yZCrKLZ5xnfUw", "iat", 1683000000]`` + +**Claim** ``source``: + +- SHA-256 Hash: ``ZMHbFH9SeT9CZQaOMVrXDMGWIouzXRKspKp9fDhvJ3I`` +- Disclosure: + ``WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5p`` + ``emF0aW9uX25hbWUiOiAiTWluaXN0ZXJvIGRlbGwnSW50ZXJubyIsICJvcmdh`` + ``bml6YXRpb25faWQiOiAidXJuOmV1ZGk6aXQ6b3JnYW5pemF0aW9uX2lkOmlw`` + ``YV9jb2RlOm1faXQiLCAiY291bnRyeV9jb2RlIjogIklUIn1d`` +- Contents: + ``["kucrBmlo_hMaIFF585RzaQ", "source", {"organization_name":`` + ``"Ministero dell'Interno", "organization_id":`` + ``"urn:eudi:it:organization_id:ipa_code:m_it", "country_code":`` + ``"IT"}]`` + +**Claim** ``evidence``: + +- SHA-256 Hash: ``gd8gRxKT1hg8ptnvR5fPGhae0VXllDblsiJT9adxiS8`` +- Disclosure: + ``WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImV2aWRlbmNlIiwgW3sidHlw`` + ``ZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZWNvcmQiOiB7Il9zZCI6IFsi`` + ``Wk1IYkZIOVNlVDlDWlFhT01WclhETUdXSW91elhSS3NwS3A5ZkRodkozSSJd`` + ``LCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LmNpZS5nb3YuaXQifX1d`` + ``XQ`` +- Contents: ``["NTNRoOiuVVRtF6CEztd9Zw", "evidence", [{"type":`` + ``"electronic_record", "record": {"_sd":`` + ``["ZMHbFH9SeT9CZQaOMVrXDMGWIouzXRKspKp9fDhvJ3I"], "type":`` + ``"https://eudi.wallet.cie.gov.it"}}]]`` + +**Claim** ``unique_id``: + +- SHA-256 Hash: ``4g9lBt38U1EeTA1zlvvGfFgPPcoe3zmbQ_zSRDgHQaE`` +- Disclosure: + ``WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgInVuaXF1ZV9pZCIsICJ4eHh4`` + ``eHh4eC14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ`` +- Contents: ``["FDSSPggzGBUwQLHDSE6wQQ", "unique_id",`` + ``"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]`` + +**Claim** ``given_name``: + +- SHA-256 Hash: ``lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA`` +- Disclosure: + ``WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImdpdmVuX25hbWUiLCAiTWFy`` + ``aW8iXQ`` +- Contents: ``["KZ8e5wVEtDvb1ziSPA4DzA", "given_name", "Mario"]`` + +**Claim** ``family_name``: + +- SHA-256 Hash: ``IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ`` +- Disclosure: + ``WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImZhbWlseV9uYW1lIiwgIlJv`` + ``c3NpIl0`` +- Contents: ``["pZ5MRyOxpVWZuHLoJ-yjRg", "family_name", "Rossi"]`` + +**Claim** ``birth_date``: + +- SHA-256 Hash: ``EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ`` +- Disclosure: + ``WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgImJpcnRoX2RhdGUiLCAiMTk4`` + ``MC0wMS0xMCJd`` +- Contents: ``["jtVuKCpn7bTcHrAg_seUbQ", "birth_date", "1980-01-10"]`` + +**Claim** ``birth_place``: + +- SHA-256 Hash: ``EfP5vho0dBdoObBbL45cOTmMsKo6LrSuN4My72y01SE`` +- Disclosure: + ``WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgImJpcnRoX3BsYWNlIiwgeyJj`` + ``b3VudHJ5IjogIklUIiwgImxvY2FsaXR5IjogIlJvbWUifV0`` +- Contents: + ``["WDkd6JsNhDFvLP4s1hQdyA", "birth_place", {"country": "IT",`` + ``"locality": "Rome"}]`` + +**Claim** ``tax_id_code``: + +- SHA-256 Hash: ``F90SKK9nIQcHIElkHY_ult_9FGqYe-RydvY3E0qR96s`` +- Disclosure: + ``WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiwgInRheF9pZF9jb2RlIiwgIlRJ`` + ``TklULVhYWFhYWFhYWFhYWFhYWFgiXQ`` +- Contents: ``["4ksAz6bMUKy6ZvN1h8HDuQ", "tax_id_code",`` + ``"TINIT-XXXXXXXXXXXXXXXX"]`` + + + +The combined format for the PID issuance is given by + +.. code-block:: + + eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0.eyJfc2QiOiBb + IjdXRzRuVDZLMjZfUjM5NzV6Y3duVndnb0hBN2I5ODhfMy12SnpiWmY2WWMiXSwgImlz + cyI6ICJodHRwczovL2lzc3Vlci5leGFtcGxlLm9yZyIsICJleHAiOiAxODgzMDAwMDAw + LCAic3ViIjogIk56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcyIsICJqdGki + OiAidXJuOnV1aWQ6NmM1YzBhNDktYjU4OS00MzFkLWJhZTctMjE5MTIyYTllYzJjIiwg + InN0YXR1cyI6ICJodHRwczovL3BpZHByb3ZpZGVyLmV4YW1wbGUub3JnL3N0YXR1cyIs + ICJ2Y3QiOiAiUGlkSWRlbnRpZmljYXRpb25EYXRhIiwgInZlcmlmaWVkX2NsYWltcyI6 + IHsidmVyaWZpY2F0aW9uIjogeyJfc2QiOiBbImdkOGdSeEtUMWhnOHB0bnZSNWZQR2hh + ZTBWWGxsRGJsc2lKVDlhZHhpUzgiXSwgInRydXN0X2ZyYW1ld29yayI6ICJlaWRhcyIs + ICJhc3N1cmFuY2VfbGV2ZWwiOiAiaGlnaCJ9LCAiY2xhaW1zIjogeyJfc2QiOiBbIjRn + OWxCdDM4VTFFZVRBMXpsdnZHZkZnUFBjb2Uzem1iUV96U1JEZ0hRYUUiLCAiRVlnekox + aFRZV0pqaEJLMlYzYjhIVjNlX2ZFZi1VZGZmYzV5bVk3N1d0USIsICJFZlA1dmhvMGRC + ZG9PYkJiTDQ1Y09UbU1zS282THJTdU40TXk3MnkwMVNFIiwgIkY5MFNLSzluSVFjSElF + bGtIWV91bHRfOUZHcVllLVJ5ZHZZM0UwcVI5NnMiLCAiSWNZSFF5ZFRfQzNVMUlxYUps + RmljeExsYUhUSHZFbHlGWjZKeGlhMjdxUSIsICJsWGd4RURBdVBlVXZta2NOR3I5Rlp1 + cW9kd0ZxVVQwMWdKajd4ZDR5RVBBIl19fSwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJj + bmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIlRD + QUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMiLCAieSI6ICJa + eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.OjCk1 + G0STMjlG1eSfQRQHEcMdWxRkEDk0yF5eVahuW7x2qymvv_iLqBOLwVb4R_kGHVc4w6ju + 5hs2Pmz4diW4w~WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMD + AwMDBd~WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5pe + mF0aW9uX25hbWUiOiAiTWluaXN0ZXJvIGRlbGwnSW50ZXJubyIsICJvcmdhbml6YXRpb + 25faWQiOiAidXJuOmV1ZGk6aXQ6b3JnYW5pemF0aW9uX2lkOmlwYV9jb2RlOm1faXQiL + CAiY291bnRyeV9jb2RlIjogIklUIn1d~WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3Iiwg + ImV2aWRlbmNlIiwgW3sidHlwZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZWNvcmQi + OiB7Il9zZCI6IFsiWk1IYkZIOVNlVDlDWlFhT01WclhETUdXSW91elhSS3NwS3A5ZkRo + dkozSSJdLCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LmNpZS5nb3YuaXQifX1d + XQ~WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgInVuaXF1ZV9pZCIsICJ4eHh4eHh4e + C14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ~WyJLWjhlNXdWRXREdmIxemlTUE + E0RHpBIiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJwWjVNUnlPeHBWV1p1SExvSi1 + 5alJnIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJqdFZ1S0NwbjdiVGNIckFnX3N + lVWJRIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd~WyJXRGtkNkpzTmhERnZMUD + RzMWhRZHlBIiwgImJpcnRoX3BsYWNlIiwgeyJjb3VudHJ5IjogIklUIiwgImxvY2FsaX + R5IjogIlJvbWUifV0~WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiwgInRheF9pZF9jb2 + RlIiwgIlRJTklULVhYWFhYWFhYWFhYWFhYWFgiXQ~ + +(Q)EAA Non-normative examples +----------------------------- + +In the following, we provide a non-normative example of (Q)EAA in JSON. + +.. code-block:: JSON + + { + "iss": "https://issuer.example.org", + "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", + "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", + "iat": 1683000000, + "exp": 1883000000, + "status": "https://issuer.example.org/status", + "vct": "DisabilityCard", + "verified_claims": { + "verification": { + "trust_framework": "eidas", + "assurance_level": "high", + "evidence": [ + { + "type": "electronic_record", + "record": { + "type": "https://eudi.wallet.pdnd.gov.it", + "source": { + "organization_name": "Istituto Nazionale della Previdenza Sociale", + "organization_id": + "urn:eudi:it:organization_id:ipa_code:inps", + "country_code": "IT" + } + } + } + ] + }, + "claims": { + "document_number": "XXXXXXXXXX", + "given_name": "Mario", + "family_name": "Rossi", + "birth_date": "1980-01-10", + "expiry_date": "2024-01-01", + "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX", + "constant_attendance_allowance": true + } + } + } + +The corresponding SD-JWT for the previous data is represented as follow, as decoded JSON for both header and payload. + +.. code-block:: JSON + + { + "typ":"vc+sd-jwt", + "alg":"RS512", + "kid":"d126a6a856f7724560484fa9dc59d195", + "trust_chain" : [ + "NEhRdERpYnlHY3M5WldWTWZ2aUhm ...", + "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...", + "IkJYdmZybG5oQU11SFIwN2FqVW1B ..." + ] + } + +.. code-block:: JSON + + { + "_sd": [ + "7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc" + ], + "iss": "https://issuer.example.org", + "exp": 1883000000, + "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", + "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", + "status": "https://issuer.example.org/status", + "vct": "DisabilityCard", + "verified_claims": { + "verification": { + "_sd": [ + "sTskq0yFy31ZH3YP2nN_nFnd7H9q18dU3oEa1DC5LRc" + ], + "trust_framework": "eidas", + "assurance_level": "high" + }, + "claims": { + "_sd": [ + "3humFjiCYHdHzjL-OEd1vKnQa10ivaYEd1dCCkfRuaA", + "EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ", + "F90SKK9nIQcHIElkHY_ult_9FGqYe-RydvY3E0qR96s", + "IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ", + "dfrmUvonZDgealZCGwk3ufmc_4ept3y9N7xhWZlCyxo", + "ji86HS1v3D41tU5JqW4oWCwTJDuTUwp1ewqoCUzzEXk", + "lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA" + ] + } + }, + "_sd_alg": "sha-256", + "cnf": { + "jwk": { + "kty": "EC", + "crv": "P-256", + "x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc", + "y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ" + } + } + } + +In the following the disclosure list is given: + +**Claim** ``iat``: + +- SHA-256 Hash: ``7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc`` +- Disclosure: + ``WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd`` +- Contents: ``["57mvycTh5yZCrKLZ5xnfUw", "iat", 1683000000]`` + +**Claim** ``source``: + +- SHA-256 Hash: ``qfuzrQuGcbBBKaE4Q9eqVCSznzJ2rNndLG8q606RLsM`` +- Disclosure: + ``WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5p`` + ``emF0aW9uX25hbWUiOiAiSXN0aXR1dG8gTmF6aW9uYWxlIGRlbGxhIFByZXZp`` + ``ZGVuemEgU29jaWFsZSIsICJvcmdhbml6YXRpb25faWQiOiAidXJuOmV1ZGk6`` + ``aXQ6b3JnYW5pemF0aW9uX2lkOmlwYV9jb2RlOmlucHMiLCAiY291bnRyeV9j`` + ``b2RlIjogIklUIn1d`` +- Contents: + ``["kucrBmlo_hMaIFF585RzaQ", "source", {"organization_name":`` + ``"Istituto Nazionale della Previdenza Sociale",`` + ``"organization_id":`` + ``"urn:eudi:it:organization_id:ipa_code:inps", "country_code":`` + ``"IT"}]`` + +**Claim** ``evidence``: + +- SHA-256 Hash: ``sTskq0yFy31ZH3YP2nN_nFnd7H9q18dU3oEa1DC5LRc`` +- Disclosure: + ``WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImV2aWRlbmNlIiwgW3sidHlw`` + ``ZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZWNvcmQiOiB7Il9zZCI6IFsi`` + ``cWZ1enJRdUdjYkJCS2FFNFE5ZXFWQ1N6bnpKMnJObmRMRzhxNjA2UkxzTSJd`` + ``LCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LnBkbmQuZ292Lml0In19`` + ``XV0`` +- Contents: ``["NTNRoOiuVVRtF6CEztd9Zw", "evidence", [{"type":`` + ``"electronic_record", "record": {"_sd":`` + ``["qfuzrQuGcbBBKaE4Q9eqVCSznzJ2rNndLG8q606RLsM"], "type":`` + ``"https://eudi.wallet.pdnd.gov.it"}}]]`` + +**Claim** ``document_number``: + +- SHA-256 Hash: ``3humFjiCYHdHzjL-OEd1vKnQa10ivaYEd1dCCkfRuaA`` +- Disclosure: + ``WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImRvY3VtZW50X251bWJlciIs`` + ``ICJYWFhYWFhYWFhYIl0`` +- Contents: + ``["FDSSPggzGBUwQLHDSE6wQQ", "document_number", "XXXXXXXXXX"]`` + +**Claim** ``given_name``: + +- SHA-256 Hash: ``lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA`` +- Disclosure: + ``WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImdpdmVuX25hbWUiLCAiTWFy`` + ``aW8iXQ`` +- Contents: ``["KZ8e5wVEtDvb1ziSPA4DzA", "given_name", "Mario"]`` + +**Claim** ``family_name``: + +- SHA-256 Hash: ``IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ`` +- Disclosure: + ``WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImZhbWlseV9uYW1lIiwgIlJv`` + ``c3NpIl0`` +- Contents: ``["pZ5MRyOxpVWZuHLoJ-yjRg", "family_name", "Rossi"]`` + +**Claim** ``birth_date``: + +- SHA-256 Hash: ``EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ`` +- Disclosure: + ``WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgImJpcnRoX2RhdGUiLCAiMTk4`` + ``MC0wMS0xMCJd`` +- Contents: ``["jtVuKCpn7bTcHrAg_seUbQ", "birth_date", "1980-01-10"]`` + +**Claim** ``expiry_date``: + +- SHA-256 Hash: ``dfrmUvonZDgealZCGwk3ufmc_4ept3y9N7xhWZlCyxo`` +- Disclosure: + ``WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgImV4cGlyeV9kYXRlIiwgIjIw`` + ``MjQtMDEtMDEiXQ`` +- Contents: ``["WDkd6JsNhDFvLP4s1hQdyA", "expiry_date", "2024-01-01"]`` + +**Claim** ``tax_id_code``: + +- SHA-256 Hash: ``F90SKK9nIQcHIElkHY_ult_9FGqYe-RydvY3E0qR96s`` +- Disclosure: + ``WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiwgInRheF9pZF9jb2RlIiwgIlRJ`` + ``TklULVhYWFhYWFhYWFhYWFhYWFgiXQ`` +- Contents: ``["4ksAz6bMUKy6ZvN1h8HDuQ", "tax_id_code",`` + ``"TINIT-XXXXXXXXXXXXXXXX"]`` + +**Claim** ``constant_attendance_allowance``: + +- SHA-256 Hash: ``ji86HS1v3D41tU5JqW4oWCwTJDuTUwp1ewqoCUzzEXk`` +- Disclosure: + ``WyJEZFdxS2g3d2RJNVZBeEtTdnhzWFZRIiwgImNvbnN0YW50X2F0dGVuZGFu`` + ``Y2VfYWxsb3dhbmNlIiwgdHJ1ZV0`` +- Contents: + ``["DdWqKh7wdI5VAxKSvxsXVQ", "constant_attendance_allowance",`` + ``true]`` + + + +The combined format for the PID issuance is represented below: + +.. code-block:: + + eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0.eyJfc2QiOiBb + IjdXRzRuVDZLMjZfUjM5NzV6Y3duVndnb0hBN2I5ODhfMy12SnpiWmY2WWMiXSwgImlz + cyI6ICJodHRwczovL2lzc3Vlci5leGFtcGxlLm9yZyIsICJleHAiOiAxODgzMDAwMDAw + LCAic3ViIjogIk56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcyIsICJqdGki + OiAidXJuOnV1aWQ6NmM1YzBhNDktYjU4OS00MzFkLWJhZTctMjE5MTIyYTllYzJjIiwg + InN0YXR1cyI6ICJodHRwczovL2lzc3Vlci5leGFtcGxlLm9yZy9zdGF0dXMiLCAidmN0 + IjogIkRpc2FiaWxpdHlDYXJkIiwgInZlcmlmaWVkX2NsYWltcyI6IHsidmVyaWZpY2F0 + aW9uIjogeyJfc2QiOiBbInNUc2txMHlGeTMxWkgzWVAybk5fbkZuZDdIOXExOGRVM29F + YTFEQzVMUmMiXSwgInRydXN0X2ZyYW1ld29yayI6ICJlaWRhcyIsICJhc3N1cmFuY2Vf + bGV2ZWwiOiAiaGlnaCJ9LCAiY2xhaW1zIjogeyJfc2QiOiBbIjNodW1GamlDWUhkSHpq + TC1PRWQxdktuUWExMGl2YVlFZDFkQ0NrZlJ1YUEiLCAiRVlnekoxaFRZV0pqaEJLMlYz + YjhIVjNlX2ZFZi1VZGZmYzV5bVk3N1d0USIsICJGOTBTS0s5bklRY0hJRWxrSFlfdWx0 + XzlGR3FZZS1SeWR2WTNFMHFSOTZzIiwgIkljWUhReWRUX0MzVTFJcWFKbEZpY3hMbGFI + VEh2RWx5Rlo2SnhpYTI3cVEiLCAiZGZybVV2b25aRGdlYWxaQ0d3azN1Zm1jXzRlcHQz + eTlON3hoV1psQ3l4byIsICJqaTg2SFMxdjNENDF0VTVKcVc0b1dDd1RKRHVUVXdwMWV3 + cW9DVXp6RVhrIiwgImxYZ3hFREF1UGVVdm1rY05HcjlGWnVxb2R3RnFVVDAxZ0pqN3hk + NHlFUEEiXX19LCAiX3NkX2FsZyI6ICJzaGEtMjU2IiwgImNuZiI6IHsiandrIjogeyJr + dHkiOiAiRUMiLCAiY3J2IjogIlAtMjU2IiwgIngiOiAiVENBRVIxOVp2dTNPSEY0ajRX + NHZmU1ZvSElQMUlMaWxEbHM3dkNlR2VtYyIsICJ5IjogIlp4amlXV2JaTVFHSFZXS1ZR + NGhiU0lpcnNWZnVlY0NFNnQ0alQ5RjJIWlEifX19.hbgWxBoQtLVpTfygYVDhrgnoCkw + aw_hqY9GpxG4oXixejLEMvTOAwYFtqiNnYSuNaaGD6aemJW7jLSHDm9NOGA~WyI1N212 + eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd~WyJrdWNyQm1sb19 + oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5pemF0aW9uX25hbWUiOiAiSXN + 0aXR1dG8gTmF6aW9uYWxlIGRlbGxhIFByZXZpZGVuemEgU29jaWFsZSIsICJvcmdhbml + 6YXRpb25faWQiOiAidXJuOmV1ZGk6aXQ6b3JnYW5pemF0aW9uX2lkOmlwYV9jb2RlOml + ucHMiLCAiY291bnRyeV9jb2RlIjogIklUIn1d~WyJOVE5Sb09pdVZWUnRGNkNFenRkOV + p3IiwgImV2aWRlbmNlIiwgW3sidHlwZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZW + NvcmQiOiB7Il9zZCI6IFsicWZ1enJRdUdjYkJCS2FFNFE5ZXFWQ1N6bnpKMnJObmRMRz + hxNjA2UkxzTSJdLCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LnBkbmQuZ292Lm + l0In19XV0~WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImRvY3VtZW50X251bWJlci + IsICJYWFhYWFhYWFhYIl0~WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImdpdmVuX2 + 5hbWUiLCAiTWFyaW8iXQ~WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImZhbWlseV9 + uYW1lIiwgIlJvc3NpIl0~WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgImJpcnRoX2R + hdGUiLCAiMTk4MC0wMS0xMCJd~WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgImV4cG + lyeV9kYXRlIiwgIjIwMjQtMDEtMDEiXQ~WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiw + gInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWFhYWFhYWFhYWFgiXQ~WyJEZFdxS2g3 + d2RJNVZBeEtTdnhzWFZRIiwgImNvbnN0YW50X2F0dGVuZGFuY2VfYWxsb3dhbmNlIiwg + dHJ1ZV0~ + +MDOC-CBOR +========= + +The PID/(Q)EAA MDOC-CBOR data model is defined in ISO/IEC 18013-5, the standard born for the the mobile driving license (mDL) use case. + +The MDOC data elements MUST be encoded as defined in `RFC 8949 - Concise Binary Object Representation (CBOR) `_. + +The PID encoded in MDOC-CBOR format uses the document type set to `eu.europa.ec.eudiw.pid.1`, according to the reverse domain approach defined in the +`EIDAS-ARF`_ and ISO/IEC 18013-5. + +The document's data elements utilize a consistent namespace for the mandatory Mobile Driving License attributes, while the national PID attributes use the domestic namespace `eu.europa.ec.eudiw.pid.it.1`, as outlined in this implementation profile. + +In compliance with ISO/IEC 18013-5, the MDOC data model in the domestic namespace `eu.europa.ec.eudiw.pid.it.1`, requires the following attributes: + +.. _table-mdoc-attributes: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Attribute name** + - **Description** + - **Reference** + * - **version** + - *tstr (text string)*. Version of the data structure being used. It's a way to track changes and updates to the standard or to a specific implementation profile. This allows for backward compatibility and understanding of the data if the standard or implementation evolves over time. + - [ISO 18013-5#8.3.2.1.2] + * - **status** + - *uint (unsigned int)*. Status code. For example ``"status":0`` means OK (normal processing). + - [ISO 18013-5#8.3.2.1.2.3] + * - **documents** + - *bstr (byte string)*. The collection of digital documents. Each document in this collection represents a specific type of data or information related to the Digital Credential. + - [ISO 18013-5#8.3.2.1.2] + +Each document within the **documents** collection MUST have the following structure: + +.. _table-mdoc-documents-attributes: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Attribute name** + - **Description** + - **Reference** + * - **docType** + - *tstr (text string)*. Document type. For the PID, the value MUST be set to ``eu.europa.ec.eudiw.pid.1.`` For an mDL, the value MUST be ``org.iso.18013-5.1.mDL``. + - [ISO 18013-5#8.3.2.1.2] + * - **issuerSigned** + - *bstr (byte string)*. It MUST contain the Mobile Security Object for Issuer data authentication and the data elements protected by Issuer data authentication. + - [ISO 18013-5#8.3.2.1.2] + +The **issuerSigned** object MUST have the following structure: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Attribute name** + - **Description** + - **Reference** + * - **nameSpaces** + - *bstr (byte string)* with *tag* 24 and *major type* 6. Returned data elements for the namespaces. It MAY be possible to have one or more namespaces. The `nameSpaces` MUST use the same value for the document type. However, it MAY have a domestic namespace to include attributes defined in this implementation profile. The value MUST be set to ``eu.europa.ec.eudiw.pid.it.1``. + - [ISO 18013-5#8.3.2.1.2] + * - **issuerAuth** + - *bstr (byte string)*. Contains *Mobile Security Object* (MSO), a COSE Sign1 Document, issued by the Credential Issuer. + - [ISO 18013-5#9.1.2.4] + +During the presentation of the MDOC-CBOR credential, in addition to the objects in the table above, a **deviceSigned** object MUST also be added. **deviceSigned** MUST NOT be included in the issued credential provided by the PID/(Q)EAA Issuer. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Attribute name** + - **Description** + - **Reference** + * - **deviceSigned** + - *bstr (byte string)*. Data elements signed by the Wallet Instance during the presentation phase. + - [ISO 18013-5#8.3.2.1.2] + +Where the **deviceSigned** MUST have the following structure: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Attribute name** + - **Description** + - **Reference** + * - **nameSpaces** + - *tstr (text string)*. Returned data elements for the namespaces. It MAY be possible to have one or more namespaces. It MAY be used for self-attested claims. + - [ISO 18013-5#8.3.2.1.2] + * - **deviceAuth** + - *bstr (byte string)*. It MUST contain either the *DeviceSignature* or the *DeviceMac* element. + - [ISO 18013-5#8.3.2.1.2] + + +.. note:: + + A **deviceSigned** object given during the presentation phase has two purposes: + + 1. It provides optional self-attested attributes in the ``nameSpaces`` object. If no self-attested attributes are provided by the Wallet Instance, the ``nameSpaces`` object MUST be included with an empty structure. + 2. Provide a cryptographic proof attesting that the Holder is the legitimate owner of the Credential, by means of a ``deviceAuth`` object. + + +.. note:: + + The ``issuerSigned`` and the ``deviceSigned`` objects contain the ``nameSpaces`` object and the *Mobile Security Object*. The latter is the only signed object, while the ``nameSpaces`` object is not signed. + + + +nameSpaces +---------- + +The **nameSpaces** object contains one or more *IssuerSignedItemBytes* that are encoded using CBOR bitsring 24 tag (#6.24(bstr .cbor), marked with the CBOR Tag 24(<<... >>) and represented in the example using the diagnostic format). It represents the disclosure information for each digest within the `Mobile Security Object` and MUST contain the following attributes: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Name** + - **Encoding** + - **Description** + * - **digestID** + - *integer* + - Reference value to one of the ``ValueDigests`` provided in the *Mobile Security Object* (`issuerAuth`). + * - **random** + - *bstr (byte string)* + - Random byte value used as salt for the hash function. This value SHALL be different for each *IssuerSignedItem* and it SHALL have a minimum length of 16 bytes. + * - **elementIdentifier** + - *tstr (text string)* + - Data element identifier. + * - **elementValue** + - depends by the value, see the next table. + - Data element value. + +The **elementIdentifier** data that MUST be included in a PID/(Q)EAA are: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Namespace** + - **Element identifier** + - **Description** + * - **eu.europa.ec.eudiw.pid.1** + - **issue_date** + - *full-date (CBORTag 1004)*. Date when the PID/(Q)EAA was issued. + * - **eu.europa.ec.eudiw.pid.1** + - **expiry_date** + - *full-date (CBORTag 1004)*. Date when the PID/(Q)EAA will expire. + * - **eu.europa.ec.eudiw.pid.1** + - **issuing_authority** + - *tstr (text string)*. Name of administrative authority that has issued the PID/(Q)EAA. + * - **eu.europa.ec.eudiw.pid.1** + - **issuing_country** + - *tstr (text string)*. Alpha-2 country code as defined in [ISO 3166]. + * - **eu.europa.ec.eudiw.pid.it.1** + - **verification.evidence** + - *bstr (byte string)*. As defined in the :ref:`PID/(Q)EAA Verification field Section `. + * - **eu.europa.ec.eudiw.pid.it.1** + - **verification.trust_framework** + - *tstr (text string)*. As defined in the :ref:`PID/(Q)EAA Verification field Section `. + * - **eu.europa.ec.eudiw.pid.it.1** + - **verification.assurance_level** + - *tstr (text string)*. As defined in the :ref:`PID/(Q)EAA Verification field Section `. + * - **eu.europa.ec.eudiw.pid.it.1** + - **status** + - *tstr (text string)*. HTTPS URL where the credential validity status is available. + + +Depending on the Digital Credential type, additional **elementIdentifier** data MAY be added. The PID MUST support the following data: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Namespace** + - **Element identifier** + - **Description** + * - **eu.europa.ec.eudiw.pid.1** + - **given_name** + - *tstr (text string)*. See :ref:`PID Claims fields Section `. + * - **eu.europa.ec.eudiw.pid.1** + - **family_name** + - *tstr (text string)*. See :ref:`PID Claims fields Section `. + * - **eu.europa.ec.eudiw.pid.1** + - **birth_date** + - *full-date (CBORTag 1004)*. See :ref:`PID Claims fields Section `. + * - **eu.europa.ec.eudiw.pid.1** + - **birth_place** + - *tstr (text string)*. See :ref:`PID Claims fields Section `. + * - **eu.europa.ec.eudiw.pid.1** + - **birth_country** + - *tstr (text string)*. See :ref:`PID Claims fields Section `. + * - **eu.europa.ec.eudiw.pid.1** + - **unique_id** + - *tstr (text string)*. See :ref:`PID Claims fields Section `. + * - **eu.europa.ec.eudiw.pid.it.1** + - **tax_id_code** + - *tstr (text string)*. See :ref:`PID Claims fields Section `. + + +Mobile Security Object +---------------------- + +The **issuerAuth** represents the `Mobile Security Object` which is a `COSE Sign1 Document` defined in `RFC 9052 - CBOR Object Signing and Encryption (COSE): Structures and Process `_. It has the following data structure: + +* protected header +* unprotected header +* payload +* signature. + +The **protected header** MUST contain the following parameter encoded in CBOR format: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Element** + - **Description** + - **Reference** + * - **Signature algorithm** + - `-7` means ES256, SHA-256. + - RFC8152 + +.. note:: + + Only the Signature Algorithm MUST be present in the protected headers, other elements SHOULD not be present in the protected header. + + +The **unprotected header** MUST contain the following parameter: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Element** + - **Description** + - **Reference** + * - **x5chain** + - Identified with the label 33 + - `RFC 9360 CBOR Object Signing and Encryption (COSE) - Header Parameters for Carrying and Referencing X.509 Certificates `_. + +.. note:: + The `x5chain` is included in the unprotected header with the aim to make the Holder able to update the X.509 certificate chain, related to the `Mobile Security Object` issuer, without invalidating the signature. + +The **payload** MUST contain the *MobileSecurityObject*, without the `content-type` COSE Sign header parameter and encoded as a *byte string* (bstr) using the *CBOR Tag* 24. + +The `MobileSecurityObjectBytes` MUST have the following attributes: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Element** + - **Description** + - **Reference** + * - **docType** + - See :ref:`Table `. + - [ISO 18013-5#9.1.2.4] + * - **version** + - See :ref:`Table `. + - [ISO 18013-5#9.1.2.4] + * - **validityInfo**. + - Object containing issuance and expiration datetimes. It MUST contain the following sub-value: + + * *signed* + * *validFrom* + * *validUntil* + - [ISO 18013-5#9.1.2.4] + * - **digestAlgorithm** + - According to the algorithm defined in the protected header. + - [ISO 18013-5#9.1.2.4] + * - **valueDigests** + - Mapped digest by unique id, grouped by namespace. + - [ISO 18013-5#9.1.2.4] + * - **deviceKeyInfo** + - It MUST contain the Wallet Instance's public key containing the following sub-values. + + * *deviceKey* (REQUIRED). + * *keyAuthorizations* (OPTIONAL). + * *keyInfo* (OPTIONAL). + - [ISO 18013-5#9.1.2.4] + +.. note:: + The private key related to the public key stored in the `deviceKey` object is used to sign the `DeviceSignedItems` object and proof the possession of the PID during the presentation phase (see the presentation phase with MDOC-CBOR). + + +MDOC-CBOR Examples +------------------ + +A non-normative example of a PID in MDOC-CBOR format is represented below using the AF Binary encoding: + +.. code-block:: text + + A366737461747573006776657273696F6E63312E3069646F63756D656E747381A267646F6354797065781865752E6575726F70612E65632E65756469772E7069642E316C6973737565725369676E6564A26A697373756572417574688443A10126A1182159021930820215308201BCA003020102021404AD06A30C1A6DC6E93BE0E2E8F78DCAFA7907C2300A06082A8648CE3D040302305B310B3009060355040613025A45312E302C060355040A0C25465053204D6F62696C69747920616E64205472616E73706F7274206F66205A65746F706961311C301A06035504030C1349414341205A65746573436F6E666964656E73301E170D3231303932393033333034355A170D3232313130333033333034345A3050311A301806035504030C114453205A65746573436F6E666964656E7331253023060355040A0C1C5A65746F70696120436974792044657074206F662054726166666963310B3009060355040613025A453059301306072A8648CE3D020106082A8648CE3D030107034200047C5545E9A0B15F4FF3CE5015121E8AD3257C28D541C1CD0D604FC9D1E352CCC38ADEF5F7902D44B7A6FC1F99F06EEDF7B0018FD9DA716AEC2F1FFAC173356C7DA3693067301F0603551D23041830168014BBA2A53201700D3C97542EF42889556D15B7AC4630150603551D250101FF040B3009060728818C5D050102301D0603551D0E04160414CE5FD758A8E88563E625CF056BFE9F692F4296FD300E0603551D0F0101FF040403020780300A06082A8648CE3D0403020347003044022012B06A3813FFEC5679F3B8CDDB51EAA4B95B0CBB1786B09405E2000E9C46618C02202C1F778AD252285ED05D9B55469F1CB78D773671F30FE7AB815371942328317C59032AD818590325A667646F6354797065781865752E6575726F70612E65632E65756469772E7069642E316776657273696F6E63312E306C76616C6964697479496E666FA3667369676E6564C074323032332D30322D32325430363A32333A35365A6976616C696446726F6DC074323032332D30322D32325430363A32333A35365A6A76616C6964556E74696CC074323032342D30322D32325430303A30303A30305A6C76616C756544696765737473A2781865752E6575726F70612E65632E65756469772E7069642E31AC015820A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A025820CD372FB85148700FA88095E3492D3F9F5BEB43E555E5FF26D95F5A6ADC36F8E6035820E67E72111B363D80C8124D28193926000980E1211C7986CACBD26AACC5528D48045820F7D062D662826ED95869851DB06BB539B402047BAEE53A00E0AA35BFBE98265D0658202A132DBFE4784627B86AA3807CD19CFEFF487AAB3DD7A60D0AB119A72E736936075820BDCA9E8DBCA354E824E67BFE1533FA4A238B9EA832F23FB4271EBEB3A5A8F7200858202C0EAEC2F05B6C7FE7982683E3773B5D8D7A01E33D04DFCB162ADD8BD99BEE9A095820BFE220D85657CCEC3C67E7DB1DF747E9148A152334BB6D4B65B273279BCC36EC0A582018E38144F5044301D6A0B4EC9D5F98D4CD950E6EA2C29B849CBD457DA29B6AD30B58203C71D2F0EFA09D9E3FBBDFFD29204F6B292C9F79570AEF72DD86C91F7A3AA5C50C582065743D58D89D45E52044758F546034FD13A4F994BC270CDFA7844F74EB3F4B6E0D5820B4A8EB5D523BFFA17B41BDA12DDC7DA32AE1E5F7FF3DCC394A35401F16919BBF781B65752E6575726F70612E65632E65756469772E7069642E69742E31A10E58209D6C11644651126C94ACDAF0803E86D4C71D15D3B2712A14295416734EFD514D6D6465766963654B6579496E666FA1696465766963654B6579A401022001215820BA01AEA44EEE1E338EB2F04E279DBD51B34655783EE185150838C9A7A7C4DB7122582025BA0044439A3871A7B975A0994A85E79B705A9AC263B3FE899B0A93412EE8C96F646967657374416C676F726974686D675348412D32353658400813C28FD62F2602CBC14724E5865733C44A0FCA589B55C085EC9D5C725D6CCE25BA0044439A3871A7B975A0994A85E79B705A9AC263B3FE899B0A93412EE8C96A6E616D65537061636573A2781865752E6575726F70612E65632E65756469772E7069642E318DD818586DA4686469676573744944016672616E646F6D5820156DF9227AD341EAA61AABD301106FD21BDC18820E01DFC16BCF5FECC447111B71656C656D656E744964656E7469666965726B6578706972795F646174656C656C656D656E7456616C7565D903EC6A323032342D30322D3232D818586FA4686469676573744944026672616E646F6D5820A3A1F13F05544D03A5B50B5FDB78465808393BCF3B7953A345FE28F820C7BE0D71656C656D656E744964656E7469666965726D69737375616E63655F646174656C656C656D656E7456616C7565D903EC6A323032332D30322D3232D8185866A4686469676573744944036672616E646F6D5820852591F90F2C9DED57A03632E2C1322AB52A082A431E71A4149A6830C8F1AD0C71656C656D656E744964656E7469666965726F69737375696E675F636F756E7472796C656C656D656E7456616C7565624954D818587CA4686469676573744944046672616E646F6D5820D1D587B3512ACCE15C4F6B20944CEB002A464E4A158389788563408873C3FCE571656C656D656E744964656E7469666965727169737375696E675F617574686F726974796C656C656D656E7456616C7565764D696E69737465726F2064656C6C27496E7465726E6FD8185864A4686469676573744944056672616E646F6D582094FDD7609C0E73DC8589B5CAB11E1D9058CF8BFF8A336DA5F81FCBA055396A0F71656C656D656E744964656E7469666965726A676976656E5F6E616D656C656C656D656E7456616C7565654D6172696FD8185865A4686469676573744944066672616E646F6D5820660C0A7BF79E0E0261CA1547A4294FB808AA70738F424B13AB1B9440B566AE1371656C656D656E744964656E7469666965726B66616D696C795F6E616D656C656C656D656E7456616C756565526F737369D818586BA4686469676573744944076672616E646F6D5820315C53491286488FA07F5C2CE67135EF5C9959C3469C99A14E9B6DC924F9EBA571656C656D656E744964656E746966696572696269727468646174656C656C656D656E7456616C7565D903EC6A313935362D30312D3132D818587AA4686469676573744944086672616E646F6D582081C5CC04FBDF78E0F84DF72FDB87028ADE08E66DC5F31084826EBAD7AE70D84671656C656D656E744964656E7469666965726B62697274685F706C6163656C656C656D656E7456616C756581A267636F756E747279624954686C6F63616C69747964526F6D65D818587DA4686469676573744944096672616E646F6D5820764EF39C9D01F3AA6A87F441603CFE853FBA3CEE3BC2C168BCC9E96271D6E06371656C656D656E744964656E74696669657269756E697175655F69646C656C656D656E7456616C7565781E78787878787878782D7878782D787878782D787878787878787878787878D81858E8A46864696765737449440A6672616E646F6D5820AD20B3B9C67AED8089FF33ECDC108781C3B49B81CD7A3F059D2FE236977037B271656C656D656E744964656E74696669657275766572696669636174696F6E2E65766964656E63656C656C656D656E7456616C756581A2647479706571656C656374726F6E69635F7265636F7264667265636F7264A264747970656C65696461732E69742E63696566736F75726365A3716F7267616E697A6174696F6E5F6E616D656C65696461732E69742E6369656F6F7267616E697A6174696F6E5F6964646D5F69746C636F756E7472795F636F6465626974D8185879A46864696765737449440B6672616E646F6D5820C12314B3695D1401505187E2113115E2F7B4A14B135DEE320F5E6DF81275F17671656C656D656E744964656E746966696572667374617475736C656C656D656E7456616C7565781D68747470733A2F2F70696470726F76696465722E69742F737461747573D8185877A46864696765737449440C6672616E646F6D5820A7B6A9027ED97F25DF96DD0EAB8093B264A3BD6A1D5B24228F3FC5B18EF835FB71656C656D656E744964656E746966696572781C766572696669636174696F6E2E74727573745F6672616D65776F726B6C656C656D656E7456616C7565656569646173D8185876A46864696765737449440D6672616E646F6D5820C76CE2AE4E9BE1DB07A5CB397B54ACE3ECCC786D3F85E4348B923DEE059783DB71656C656D656E744964656E746966696572781C766572696669636174696F6E2E6173737572616E63655F6C6576656C6C656C656D656E7456616C75656468696768781B65752E6575726F70612E65632E65756469772E7069642E69742E3181D8185877A46864696765737449440E6672616E646F6D5820717DF3F583B1484366C33A1F869F2B5D201D466A8B589C79AB1A2D85E595432571656C656D656E744964656E7469666965726D7461785F69645F6E756D6265726C656C656D656E7456616C75657554494E49542D585858585858585858585858585858 + +The `Diagnostic Notation` of the above MDOC-CBOR is given below: + +.. code-block:: text + + { + "status": 0, + "version": "1.0", + "documents": [ + { + "docType": "eu.europa.ec.eudiw.pid.1", + "issuerSigned": { + "issuerAuth": [ + << {1: -7} >>, % protected header with the value alg:ES256 + { + 33: h'30820215308201BCA003020102021404AD30C…'% 33->X5chain:COSE X_509 + }, + << + 24(<< + { + "docType": "eu.europa.ec.eudiw.pid.1", + "version": "1.0", + "validityInfo": { + "signed": 0("2023-02-22T06:23:56Z"), + "validFrom": 0("2023-02-22T06:23:56Z"), + "validUntil": 0("2024-02-22T00:00:00Z") + }, + "valueDigests": { + "eu.europa.ec.eudiw.pid.1": { + 1:h'0F1571A97FFB799CC8FCDF2BA4FC2909929…', + 2: h'0CDFE077400432C055A2B69596C90…', + 3: h'E2382149255AE8E955AF9B8984395…', + 4: h'BBC77E6CCA981A3AD0C3E544EDF86…', + 6: h'BB6E6C68D1B4B4EC5A2AE9206F5t4…', + 7: h'F8A5966E6DAC9970E0334D8F75E25…', + 8: h'EAD5E8B5E543BD31F3BE57DE4ED45…', + 9: h'DEFDF1AA746718016EF1B94BFE5R6…' + }, + "eu.europa.ec.eudiw.pid.it.1": { + 10: h'AFC5A127BE44753172844B13491D8…', + 11: h'AFC5A127BE44753172844B13492H4…', + 12: h'DJA5A127BE44753172844B13492H4…', + 13: h'KDL5A127BE44753172844B13492H4…', + 14: h'F9EE4D36F67DBD75E23311AC1C29…' + } + }, + "deviceKeyInfo": { + "deviceKey": { + 1: 2, % kty:EC2 (Eliptic curves with x and y coordinate pairs) + -1: 1, % crv:p256 + -2: h'B820963964E53AF064686DD9218303494A…', % x-coordiantes + -3: h'0A6DA0AF437E2943F1836F31C678D89298E9…'% y-ccordiantes + } + }, + "digestAlgorithm": "SHA-256" + } + >>) + >>, + h'1AD0D6A7313EFDC38FCD765852FA2BD43DEBF48BF5A580D' + ], + "nameSpaces": { + "eu.europa.ec.eudiw.pid.1": [ + 24(<< + { + "digestID": 1, + "random": h'E0B70BCEFBD43686F345C9ED429343AA', + "elementIdentifier": "expiry_date", + "elementValue": 1004("2024-02-22") + } + >>), + 24(<< + { + "digestID": 2, + "random": h'AE84834F389EE69888665B90A3E4FCCE', + "elementIdentifier": "issue_date", + "elementValue": 1004("2023-02-22") + } + >>), + 24(<< + { + "digestID": 3, + "random": h'960CB15A2EA9B68E5233CE902807AA95', + "elementIdentifier": "issuing_country", + "elementValue": "IT" + } + >>), + 24(<< + { + "digestID": 4, + "random": h'9D3774BD5994CCFED248674B32A4F76A', + "elementIdentifier": "issuing_authority", + "elementValue": "Ministero dell'Interno" + } + >>), + 24(<< + { + "digestID": 5, + "random": h'EB12193DC66C6174530CDC29B274381F', + "elementIdentifier": "given_name", + "elementValue": "Mario" + } + >>)), + 24(<< + { + "digestID": 6, + "random": h'DB143143538F3C8D41DC024F9CB25C9D', + "elementIdentifier": "family_name", + "elementValue": "Rossi" + } + >>), + 24(<< + { + "digestID": 7, + "random": h'6059FF1CE27B4997B4ADE1DE7B01DC60', + "elementIdentifier": "birthdate", + "elementValue": 1004("1956-01-12")% the tag 1004 defines the value + is a full date + } + >>), + 24(<< + { + "digestID": 8, + "random": h'CAD1F6A38F603451F1FA653F81FF309D', + "elementIdentifier": "birth_place", + "elementValue": [ + { + "country": "IT" , + "locality": "Rome" + } + ] + } + >>), + 24(<< + { + "digestID": 9, + "random": h'53C15C57B3B076E788795829190220B4', + "elementIdentifier": "unique_id", + "elementValue": "xxxxxxxx-xxx-xxxx-xxxxxxxxxxxx" + } + >>) + ], + "eu.europa.ec.eudiw.pid.it.1": [ + 24(<< + { + "digestID": 10, + "random": h'CAD1F6A38F603451F1FA653F81FF309D', + "elementIdentifier": "verification.evidence", + "elementValue": [ + { + "type": "electronic_record", + "record": { + "type": "eidas.it.cie", + "source": { + "organization_name": "eidas.it.cie", + "organization_id": "m_it", + "country_code": "it", + } + } + } + ] + } + >>), + 24(<< + { + "digestID": 11, + "random": h'CAD1F6A38F603451F1FA653F81FF309D, + "elementIdentifier": "status", + "elementValue": "https://pidprovider.example.it/status" + } + >>), + 24(<< + { + "digestID": 12, + "random": h'564E3C65D46D06FEDEB0E7293A86GF', + "elementIdentifier": "verification.trust_framework", + "elementValue": "eidas" + } + >>), + 24(<< + { + "digestID": 13, + "random": h'D884E5D5EF4CFC93FDB1E4EE8F3923', + "elementIdentifier": "verification.assurance_level", + "elementValue": "high" + } + >>) + 24(<< + { + "digestID": 14, + "random": h'11aa7273a2d2daa973f5951f0c34c2fbae', + "elementIdentifier": "tax_id_number", + "elementValue": "TINIT-XXXXXXXXXXXXXXX" + } + >>) + ] + } + } + } + ] + } + + + diff --git a/refs/pull/201/merge/en/_sources/pid-eaa-issuance.rst.txt b/refs/pull/201/merge/en/_sources/pid-eaa-issuance.rst.txt new file mode 100644 index 000000000..76d3d14c4 --- /dev/null +++ b/refs/pull/201/merge/en/_sources/pid-eaa-issuance.rst.txt @@ -0,0 +1,1091 @@ +.. include:: ../common/common_definitions.rst + +.. _pid_eaa_issuance.rst: + +PID/(Q)EAA Issuance ++++++++++++++++++++ + +This section describes the PID and (Q)EAAs issuance flow with an high level of security. +The relevant entities and interfaces involved in the issuance flow are: + + - *Wallet Provider*: The entity responsible for releasing an EUDI Wallet Solution. The Wallet Provider issues the Wallet Attestations to its Wallet Instances through an Attestation Service. The Wallet Attestation certifies the genuinity and authenticity of the Wallet Instance and its compliance with the security and privacy requirements. + - *Wallet Solution*: Entire product and service owned by a Wallet Provider, offered to all the Users and certified as EUDI-compliant by a Conformity Assessment Body (CAB). + - *Wallet Instance*: Instance of a Wallet Solution, installed on the User device. The Wallet Instance provides graphical interfaces for User interaction with Relying Parties, PID, (Q)EAA Providers and the Wallet Provider. + - *PID Provider*: The entity that issues the eIDAS Person Identification Data (PID). It is composed of: + + - OpenID4VCI Component: based on the "OpenID for Verifiable Credential Issuance" specification ` [OIDC4VCI. Draft 13] `_ to release the PID. + - National eID Relying Party: The component to authenticate the User with the national Digital Identity Providers, based on OpenID Connect Core 1.0 or SAML2. + - National Identity Provider: It represents preexisting identity systems based on SAML2 or OpenID Connect Core 1.0, already in production in each Member State (eg: the Italian SPID and CIE id schemes notified eIDAS with *LoA* **High**, see `SPID/CIE OpenID Connect Specifications `_). + + - *(Q)EAA Provider*: It represents the Issuer of (Q)EAAs. It is composed of: + + - OpenID4VCI Component: based on the "OpenID for Verifiable Credential Issuance" specification to release (Q)EAAs. + - Relying Party: Component to authenticate the User with the PID. The (Q)EAA Provider acts as a Verifier by sending a presentation request to the Wallet Instance, according to [`OpenID4VP`_]. The Wallet Instance MUST have a valid PID, obtained in a previous time, to get authenticated with the (Q)EAA Provider. + +High-Level PID flow +------------------- + +The :numref:`fig_High-Level-Flow-ITWallet-PID-Issuance` shows a general architecture and highlights the main operations involved in the issuance of a PID. + +.. _fig_High-Level-Flow-ITWallet-PID-Issuance: +.. figure:: ../../images/High-Level-Flow-ITWallet-PID-Issuance.svg + :figwidth: 100% + :align: center + + PID Issuance - General architecture and high level flow. + +Below the description of the steps represented in the previous picture: + + 0. **Wallet Instance Setup**: the first time the Wallet Instance is started a preliminary setup phase is carried out. It consists of the release of the Wallet Attestation issued by Wallet Attestation Service asserting the genuineness and the compliance of the Wallet Instance with the shared trust framework. The Wallet Attestation binds the public key provided by the Wallet Instance, related to one of the private keys generated by the Wallet Instance. + 1. **PID/(Q)EAA Provider Discovery**: the Wallet Instance discovers the trusted Digital Credential Issuers using the Federation API (e.g.: using the Subordinate Listing Endpoint of the Trust Anchor and its Intermediates), inspecting the Credential Issuer metadata and Trust Marks for filtering the PID Provider. + 2. **PID Provider Metadata**: the Wallet Instance establishes the trust to the PID Provider according to the Trust Model and obtains the Metadata that discloses the formats of the PID, the algorithms supported, and any other parameter required for interoperability needs. + 3. **PID Request**: using the Authorization Code Flow defined in `[OIDC4VCI. Draft 13] `_ the Wallet Instance requests the PID to the PID Provider. + 4. **User Authentication**: the PID Provider authenticates the User with LoA High, acting as an Identity and Access Management Proxy to the National eID system. + 5. **PID Issuance**: the User is authenticated with LoA High and the PID Provider releases a PID bound to the key material held by the requesting Wallet Instance. + +In the following sections the steps from 1 to 5 are further expanded into more technical details. + +High-Level (Q)EAA flow +---------------------- + +The :numref:`fig_High-Level-Flow-ITWallet-QEAA-Issuance` shows a general architecture and highlights the main operations involved in the issuance of a (Q)EAA, following the assumptions listed below: + + - the User has a valid PID stored in their own Wallet Instance; + - the (Q)EAA requires a high security implementation profile. + +.. _fig_High-Level-Flow-ITWallet-QEAA-Issuance: +.. figure:: ../../images/High-Level-Flow-ITWallet-QEAA-Issuance.svg + :figwidth: 70% + :align: center + + (Q)EAA Issuance - General architecture and high level flow + +Below the description of the most relevant operations involved in the (Q)EAA issuance: + + 1. **Discovery of the trusted (Q)EAA Provider**: the Wallet Instance obtains the list of the trusted (Q)EAA Provider using the Federation API (e.g.: using the Subordinate Listing Endpoint of the Trust Anchor and its Intermediates), then inspects the metadata and Trust Mark looking for the Digital Credential capabilities of each (Q)EAA Provider. + 2. **(Q)EAA Provider Metadata**: the Wallet Instance establishes the trust to the (Q)EAA Provider according to the Trust Model, obtaining the Metadata that discloses the formats of the (Q)EAA, the algorithms supported, and any other parameter required for interoperability needs. + 3. **(Q)EAA Request**: using the Authorization Code Flow , defined in `[OIDC4VCI. Draft 13] `_, the Wallet Instance requests a (Q)EAA to the (Q)EAA Provider. + 4. **User Authentication**: the (Q)EAA Provider, acting as a Verifier (Relying Party), authenticates the User evaluating the presentation of the PID. + 5. **(Q)EAA Issuance**: the User is authenticated with a valid PID and the (Q)EAA Provider releases a (Q)EAA bound to the key material held by the requesting Wallet Instance. + + +Detailed Flow +------------- + +The PID/(Q)EAA Issuance phase uses the **Authorization Code Flow** with the following specifications: + +* **Pushed Authorization Requests** (PAR) [:rfc:`9126`]; +* **PKCE** (Proof Key for Code Exchange, :rfc:`7636`) as recommended in `[OIDC4VCI. Draft 13. Section 3.4] `_. + +In this section a *Wallet Initiated Flow* is outlined, where the User receives the PID/(Q)EAA directly in response to the Credential Request. + +.. warning:: + + All the non-normative examples are referred to the PID Provider issuance flow. + +.. _fig_Low-Level-Flow-ITWallet-PID-QEAA-Issuance: + +.. figure:: ../../images/Low-Level-Flow-ITWallet-PID-QEAA-Issuance.svg + :figwidth: 100% + :align: center + :target: https://www.plantuml.com/plantuml/svg/bLJVRzis47xdNt587vO0DlPke4MTn6kC5OEHfSXB086HplOj4gcHnwZUm_xs7KLPfkQqQ8C0KSZxyNtVVSUFdhNZqDHA1xOcDC_eb6hbZ4fgjM6u-EBHNO3s49Hwjb_JmIyUV2DHxTuQl81tdsctv-iwu3JtsjbkJDVJkqTTryYmDWB1bDZ7T0fD1TBbVnWswrlOEFjArL2CbFnqCFy0OG7scJKPEDZWG29LWBbST0iue5VA6Si8zXKTTF3kyMxzi5931kyHQl8CTjj_FxZW6Il8s_a8gQyX3USVf5rfpPPSqsTuhB5aiYQMoDEK2W92CDYNAOGPYLhhJtSFd-vNgp_KpHxBbqaca0SXFuBw3ULGzpsqgOvaYJqqoBhIh7E449c3W7Ie6M7p-yrA05S8qfosXAulyhXUpZTsCyIJn6-Mzt2FVmVq39TF1i2XRwtnMF2XnLayAMj2mmLLwJyfMfJxE4IpmpUE2e6tjodOfSfv6UqzkiXgsY2_UIym_nsWFfaho7LyIyNag1yHSaZmj3EQWyCXv5XXoOoUJvf7iLzrJHNn0JAr5IMdZVeboU1ou5i4HpF0hoqvz0MPgsJQw5gzW6KGVHpza_gCufzaXgpCbGgwpwIVJbGJtMRXk0J1HpT8BScYCXNhYFU0wzlbdt0dAzspBoCdm-Uy1T4Pc562Q8OPH1Nb3ta_4kX-9Ybpz0vD71_2hTW1Nl3mpRlMMRlDVGvRwwOxnlO53GYZrf9GonRXGMv6KPCUMT7ByqNOEMquCx6jicquRjstdVy-EBCWvEr2lAeRlx1n98iKEnzZvp5syLV7y-FDoQDI_BkxCwnWHGxBtXDFqOcKn4kCyo7eiaJlYrwYML8gqSkSF8EoCDQKE7uKcStFtw6adlosrdkf7iT-EMJsuTFuNFApsKb85Ishwt60sVnkJhVdGyofzGR9HtkgMrIu9KEzjh5_etcMegxUUeEkFtzPgNlSaUUuKNKTtv8CvjnXBQGgK6HIDIdSyqhsIBltgyDNcpuXVsI6EUNCic4DwB9kFpmQ4VNqgaKnefs2XpA-ZLcSP-joEkgZW0jD_Hy0 + + PID/(Q)EAA Issuance - Detailed flow + + +**Steps 1-4 (Discovery):** The User selects the PID/(Q)EAA Provider using the Wallet Instance, the Metadata for the selected PID/(Q)EAA Provider are processed by the Wallet Instance. + +.. note:: + + **Federation Check:** The Wallet Instance needs to check if the PID/(Q)EAA Provider is part of the Federation, obtaining its protocol specific Metadata. A non-normative example of a response from the endpoint **.well-known/openid-federation** with the **Entity Configuration** and the **Metadata** of the PID/(Q)EAA Provider is represented within the section `Entity Configuration Credential Issuer`_. + +**Steps 5-6 (PAR Request):** The Wallet Instance: + + * creates a fresh PKCE code verifier, Wallet Attestation Proof of Possession, and ``state`` parameter for the *Pushed Authorization Request*. + * provides to the PID/(Q)EAA Provider PAR endpoint the parameters previously listed above, using the ``request`` parameter (hereafter Request Object) according to :rfc:`9126` Section 3 to prevent Request URI swapping attack. + * MUST create the ``code_verifier`` with enough entropy random string using the unreserved characters with a minimum length of 43 characters and a maximum length of 128 characters, making it impractical for an attacker to guess its value. The value MUST be generated following the recommendation in Section 4.1 of :rfc:`7636`. + * signs this request using the private key that is created during the setup phase to obtain the Wallet Attestation. The related public key that is attested by the Wallet Provider is provided within the Wallet Attestation ``cnf`` claim. + * MUST create the value of the ``client_assertion`` parameter according to OAuth 2.0 Attestation-based Client Authentication [`oauth-attestation-draft `_], since in this flow the Pushed Authorization Endpoint is a protected endpoint. The ``client_assertion`` value MUST NOT contain more or less than precisely two JWTs separated with the ``~`` character. The first JWT MUST be the Wallet Attestation JWT and the second JWT MUST be the Wallet Attestation Proof of Possession. + * specifies the types of the requested credentials using the ``authorization_details`` [RAR :rfc:`9396`] parameter. + +The PID/(Q)EAA Provider performs the following checks upon the receipt of the PAR request: + + 1. It MUST validate the signature of the Request Object using the algorithm specified in the ``alg`` header parameter (:rfc:`9126`, :rfc:`9101`) and the public key retrieved from the Wallet Attestation (``cnf.jwk``) referenced in the Request Object, using the ``kid`` JWS header parameter. + 2. It MUST check that the used algorithm for signing the request in the ``alg`` header is one of the listed within the Section `Cryptographic Algorithms `_. + 3. It MUST check that the ``client_id`` in the request body of the PAR request matches the ``client_id`` claim included in the Request Object. + 4. It MUST check that the ``iss`` claim in the Request Object matches the ``client_id`` claim in the Request Object (:rfc:`9126`, :rfc:`9101`). + 5. It MUST check that the ``aud`` claim in the Request Object is equal to the PID/(Q)EAA Provider authorization endpoint uri (:rfc:`9126`, :rfc:`9101`). + 6. It MUST reject the PAR request, if it contains the ``request_uri`` parameter (:rfc:`9126`). + 7. It MUST check that the Request Object contains all the mandatory parameters which values are validated according to :ref:`Table of the HTTP parameters ` [derived from :rfc:`9126`]. + 8. It MUST check that the Request Object is not expired, checking the ``exp`` claim (:rfc:`9126`). + 9. It MUST check that the Request Object was issued in a previous time than the value exposed in the ``iat`` claim. It SHOULD reject the request if the ``iat`` claim is far from the current time (:rfc:`9126`) of more than `5` minutes. + 10. It MUST check that the ``jti`` claim in the Request Object has not been used before by the Wallet Instance identified by the ``client_id``. This allows the PID/(Q)EAA Provider to mitigate replay attacks (:rfc:`7519`). + 11. It MUST validate the ``client_assertion`` parameter based on Sections 4.1 and 4.2 of [`oauth-attestation-draft `_]. + +Below a non-normative example of the PAR. + +.. code-block:: http + + POST /as/par HTTP/1.1 + Host: pid-provider.example.org + Content-Type: application/x-www-form-urlencoded + + response_type=code + &client_id=$thumprint-of-the-jwk-in-the-cnf-wallet-attestation$ + &code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM + &code_challenge_method=S256 + &request=eyJhbGciOiJSUzI1NiIsImtpZCI6ImsyYmRjIn0.ew0KIC Jpc3MiOiAiczZCaGRSa3F0MyIsDQogImF1ZCI6ICJodHRwczovL3NlcnZlci5leGFtcGxlLmNvbSIsDQo gInJlc3BvbnNlX3R5cGUiOiAiY29kZSBpZF90b2tlbiIsDQogImNsaWVudF9pZCI6ICJzNkJoZFJrcXQz IiwNCiAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vY2xpZW50LmV4YW1... + &client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation + &client_assertion=$WIA~WIA-PoP + +Below an non-normative example of the Wallet Attestation Proof of Possession without encoding and signature applied: + +.. code-block:: + + { + "alg": "ES256", + "kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c", + "typ": "jwt-client-attestation-pop", + } + . + { + "iss": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c", + "aud": "https://pid-provider.example.org/par-endpoint", + "jti": "ad25868c-8377-479b-8094-46fb1e797625", + "iat": 1686645115, + "exp": 1686652315 + } + +Below an non-normative example of the signed Request Object without encoding and signature applied: + +.. code-block:: + + { + "alg": "ES256", + "kid": "FifYx03bnosD8m6gYQIfNHNP9cM_Sam9Tc5nLloIIrc", + } + . + { + "iss":"$thumprint-of-the-jwk-in-the-cnf-wallet-attestation$", + "aud":"https://pid-provider.example.org", + "exp":1672422065, + "iat": 1672418465, + "jti":"ac80df576e7109686717bf50b869e882", + "response_type":"code", + "client_id":"$thumprint-of-the-jwk-in-the-cnf-wallet-attestation$", + "state":"fyZiOL9Lf2CeKuNT2JzxiLRDink0uPcd", + "code_challenge":"E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM", + "code_challenge_method":"S256", + "authorization_details":[ + { + "type": "openid_credential", + "credential_configuration_id": "PersonIdentificationData" + } + ], + "redirect_uri":"eudiw://start.wallet.example.org", + } + + +.. note:: + + **Federation Check:** The PID/(Q)EAA Provider MUST check that the Wallet Provider is part of the federation. + + +.. note:: + The PID/(Q)EAA Provider MUST validate the signature of the the Wallet Attestation and that it is not expired. + + +**Step 7 (PAR Response):** The PID/(Q)EAA Provider provides a one-time use ``request_uri`` value. The issued ``request_uri`` value must be bound to the client identifier (``client_id``) that was provided in the Request Object. + + +.. note:: + The entropy of the ``request_uri`` MUST be sufficiently large. The adequate shortness of the validity and the entropy of the ``request_uri`` depends on the risk calculation based on the value of the resource being protected. The validity time SHOULD be less than a minute, and the ``request_uri`` MUST include a cryptographic random value of 128 bits or more (:rfc:`9101`). The entire ``request_uri`` SHOULD NOT exceed 512 ASCII characters due to the following two main reasons (:rfc:`9101`): + + 1. Many phones on the market still do not accept large payloads. The restriction is typically either 512 or 1024 ASCII characters. + 2. On a slow connection such as a 2G mobile connection, a large URL would cause a slow response; therefore, the use of such is not advisable from the user-experience point of view. + +The PID/(Q)EAA Provider returns the issued ``request_uri`` to the Wallet Instance. A non-normative example of the response is shown below. + +.. code-block:: http + + HTTP/1.1 201 Created + Cache-Control: no-cache, no-store + Content-Type: application/json + + { + "request_uri":"urn:ietf:params:oauth:request_uri:bwc4JK-ESC0w8acc191e-Y1LTC2", + "expires_in": 60 + } + + +**Steps 8-9 (Authorization Request):** The Wallet Instance sends an authorization request to the PID/(Q)EAA Provider Authorization Endpoint. Since parts of this Authorization Request content, e.g., the ``code_challenge`` parameter value, are unique to a particular Authorization Request, the Wallet Instance MUST only use a ``request_uri`` value once (:rfc:`9126`); The PID/(Q)EAA Provider performs the following checks upon the receipt of the Authorization Request: + + 1. It MUST treat ``request_uri`` values as one-time use and MUST reject an expired request. However, it MAY allow for duplicate requests due to a user reloading/refreshing their user-agent (derived from :rfc:`9126`). + 2. It MUST identify the request as a result of the submitted PAR (derived from :rfc:`9126`). + 3. It MUST reject all the Authorization Requests that do not contain the ``request_uri`` parameter as the PAR is the only way to pass the Authorization Request from the Wallet Instance (derived from :rfc:`9126`). + + +.. code-block:: http + + GET /authorize?client_id=$thumprint-of-the-jwk-in-the-cnf-wallet-attestation$&request_uri=urn%3Aietf%3Aparams%3Aoauth%3Arequest_uri%3Abwc4JK-ESC0w8acc191e-Y1LTC2 HTTP/1.1 + Host: pid-provider.example.org + + +.. note:: + + **User Authentication and Consent:** The PID Provider performs the User authentication based on the requirements of eIDAS LoA High by means of national notified eIDAS scheme and requires the User consent for the PID issuance. + The (Q)EAA Provider performs the User authentication requesting a valid PID to the Wallet Instance. The (Q)EAA Provider MUST use [`OpenID4VP`_] to dynamically request the presentation of the PID. From a protocol perspective, the (Q)EAA Provider acts as a Relying Party, providing the presentation request to the Wallet Instance. The Wallet Instance MUST have a valid PID obtained prior to start the transaction with the (Q)EAA Provider. + + +**Steps 10-11 (Authorization Response):** The PID/(Q)EAA Provider sends an authorization ``code`` together with ``state`` and ``iss`` parameters to the Wallet Instance. The Wallet Instance performs the following checks on the Authorization Response: + + 1. It MUST check the Authorization Response contains all the defined parameters according to :ref:`Table of the HTTP Response parameters `. + 2. It MUST check the returned value by the PID/(Q)EAA Provider for ``state`` parameter is equal to the value sent by Wallet Instance in the Request Object (:rfc:`6749`). + 3. It MUST check that the URL of PID/(Q)EAA Provider in ``iss`` parameter is equal to the URL identifier of intended PID/(Q)EAA Provider that the Wallet Instance start the communication with (:rfc:`9027`). + +.. note:: + + The Wallet Instance redirect URI is a universal or app link registered with the local operating system, so this latter will resolve it and pass the response to the Wallet Instance. + +.. code-block:: http + + HTTP/1.1 302 Found + Location: https://start.wallet.example.org?code=SplxlOBeZQQYbYS6WxSbIA&state=fyZiOL9Lf2CeKuNT2JzxiLRDink0uPcd&iss=https%3A%2F%2Fpid-provider.example.org + +**Steps 12-13 (DPoP Proof for Token Endpoint)**: The Wallet Instance MUST create a new key pair for the DPoP and a fresh DPoP Proof JWT following the instruction provided in Section 4 of (:rfc:`9449`) for the token request to the PID/(Q)EAA Provider. The DPoP Proof JWT is signed using the private key for DPoP created by Wallet Instance for this scope. DPoP binds the Access Token to a certain Wallet Instance (:rfc:`9449`) and mitigates the misuse of leaked or stolen Access Tokens at the Credential Endpoint. + +**Step 14 (Token Request):** The Wallet Instance sends a token request to the PID/(Q)EAA Provider Token Endpoint with a *DPoP Proof JWT* and the parameters: ``code``, ``code_verifier``, and OAuth 2.0 Attestation based Client Authentication (``client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation`` and ``client_assertion=WIA~WIA-PoP``). +The ``client_assertion`` is signed using the private key that is created during the setup phase to obtain the Wallet Attestation. The related public key that is attested by the Wallet Provider is provided within the Wallet Attestation (``cnf`` claim). The PID/(Q)EAA Provider performs the following checks on the Token Request: + + 1. It MUST ensure that the Authorization ``code`` is issued to the authenticated Wallet Instance (:rfc:`6749`) and was not replied. + 2. It MUST ensure the Authorization ``code`` is valid and has not been previously used (:rfc:`6749`). + 3. It MUST ensure the ``redirect_uri`` matches the value included in the previous Request Object `OpenID.Core#TokenRequest `_. + 4. It MUST validate the DPoP Proof JWT, according to (:rfc:`9449`) Section 4.3. + +.. code-block:: http + + POST /token HTTP/1.1 + Host: pid-provider.example.org + Content-Type: application/x-www-form-urlencoded + DPoP: eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6Ik + VDIiwieCI6Imw4dEZyaHgtMzR0VjNoUklDUkRZOXpDa0RscEJoRjQyVVFVZldWQVdCR + nMiLCJ5IjoiOVZFNGpmX09rX282NHpiVFRsY3VOSmFqSG10NnY5VERWclUwQ2R2R1JE + QSIsImNydiI6IlAtMjU2In19.eyJqdGkiOiItQndDM0VTYzZhY2MybFRjIiwiaHRtIj + oiUE9TVCIsImh0dSI6Imh0dHBzOi8vc2VydmVyLmV4YW1wbGUuY29tL3Rva2VuIiwia + WF0IjoxNTYyMjYyNjE2fQ.2-GxA6T8lP4vfrg8v-FdWP0A0zdrj8igiMLvqRMUvwnQg + 4PtFLbdLXiOSsX0x7NVY-FNyJK70nfbV37xRZT3Lg + + grant_type=authorization_code + &code=SplxlOBeZQQYbYS6WxSbIA + &code_verifier=dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk + &redirect_uri=https://start.wallet.example.org/cb + &client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation + &client_assertion=$WIA~WIA-PoP + +**Step 15 (Token Response):** The PID/(Q)EAA Provider validates the request, if successful an *Access Token* (bound to the DPoP key) and a fresh ``c_nonce`` is provided to the Wallet Instance. + +.. code-block:: http + + HTTP/1.1 200 OK + Content-Type: application/json + Cache-Control: no-store + + { + "access_token": "Kz~8mXK1EalYznwH-LC-1fBAo.4Ljp~zsPE_NeO.gxU ...", + "token_type": "DPoP", + "expires_in": 2677, + "c_nonce": "tZign[...]snFbp", + "c_nonce_expires_in": 86400, + "authorization_details": [ + { + "type": "openid_credential", + "credential_configuration_id: "PersonIdentificationData" + } + } + ] + } + + +**Steps 16-17 (DPoP Proof for Credential Endpoint):** The Wallet Instance for requesting the Digital Credential creates a proof of possession with ``c_nonce`` obtained in **Step 15** and using the private key used for the DPoP, signing a DPoP Proof JWT according to (:rfc:`9449`) Section 4. The ``jwk`` value in the ``proof`` parameter MUST be equal to the public key referenced in the DPoP. + +**Step 18 (Credential Request):** The Wallet Instance requests the Digital Credential to the PID/(Q)EAA Credential endpoint. The request MUST contain the *Access Token*, the *DPoP Proof JWT*, the *credential type*, the ``proof`` (proof of possession of the key) and the ``format`` parameters. + +.. note:: + + **PID/(Q)EAA Credential Schema and Status registration:** The PID/(Q)EAA Provider MUST register all the issued Credentials for their later revocation, if needed. + +.. code-block:: + + POST /credential HTTP/1.1 + Host: pid-provider.example.org + Content-Type: application/json + Authorization: DPoP Kz~8mXK1EalYznwH-LC-1fBAo.4Ljp~zsPE_NeO.gxU + DPoP: eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6Ik + VDIiwieCI6Imw4dEZyaHgtMzR0VjNoUklDUkRZOXpDa0RscEJoRjQyVVFVZldWQVdCR + nMiLCJ5IjoiOVZFNGpmX09rX282NHpiVFRsY3VOSmFqSG10NnY5VERWclUwQ2R2R + 1JEQSIsImNydiI6IlAtMjU2In19.eyJqdGkiOiJlMWozVl9iS2ljOC1MQUVCIiwiaHRtIj + oiR0VUIiwiaHR1IjoiaHR0cHM6Ly9yZXNvdXJjZS5leGFtcGxlLm9yZy9wcm90ZWN0Z + WRyZXNvdXJjZSIsImlhdCI6MTU2MjI2MjYxOCwiYXRoIjoiZlVIeU8ycjJaM0RaNTNF + c05yV0JiMHhXWG9hTnk1OUlpS0NBcWtzbVFFbyJ9.2oW9RP35yRqzhrtNP86L-Ey71E + OptxRimPPToA1plemAgR6pxHF8y6-yqyVnmcw6Fy1dqd-jfxSYoMxhAJpLjA + { + "format": "vc+sd-jwt" + "credential_definition":{ + "type": ["PersonIdentificationData"] + }, + "proof": { + "proof_type": "jwt", + "jwt": "eyJraWQiOiJkaWQ6ZXhhbXBsZTplYm" + } + } + + +Where a non-normative example of the decoded content of the ``jwt`` parameter is represented below, +without encoding and signature. The JWS header: + +.. code-block:: JSON + + { + "alg": "ES256", + "typ": "openid4vci-proof+jwt", + "jwk": { + "kty": "EC", + "x": "l8tFrhx-34tV3hRICRDY9zCkDlpBhF42UQUfWVAWBFs", + "y": "9VE4jf_Ok_o64zbTTlcuNJajHmt6v9TDVrU0CdvGRDA", + "crv": "P-256" + } + + } + +And the JWS payload: + +.. code-block:: JSON + + { + "iss": "0b434530-e151-4c40-98b7-74c75a5ef760", + "aud": "https://pid-provider.example.org/credential", + "iat": 1504699136, + "nonce": "tZign...snFbp" + } + + +**Steps 19-21 (Credential Response):** The PID/(Q)EAA Provider MUST validate the *DPoP JWT Proof* based on the steps defined in Section 4.3 of (:rfc:`9449`) and whether the *Access Token* is valid and suitable for the requested PID/(Q)EAA. It also MUST validate the proof of possession for the key material the new credential SHALL be bound to, according to `OPENID4VCI`_ Section 7.2.2. If all checks succeed, the PID/(Q)EAA Provider creates a new Credential bound to the key material and provide it to the Wallet Instance. The Wallet Instance MUST perform the following checks before proceeding with the secure storage of the PID/(Q)EAA: + + 1. It MUST check that the PID Credential Response contains all the mandatory parameters and values are validated according to :ref:`Table of the credential response parameters `. + 2. It MUST check the PID integrity by verifying the signature using the algorithm specified in the ``alg`` header parameter of SD-JWT (:ref:`PID/(Q)EAA Data Model `) and the public key that is identified using using the ``kid`` header of the SD-JWT. + 3. It MUST check that the received PID (in credential claim) matches the schema defined in :ref:`PID/(Q)EAA Data Model `. + 4. It MUST process and verify the PID in SD-JWT VC format (according to `SD.JWT#Verification `_ Section 6.) or MDOC CBOR format. + 5. It MUST verify the Trust Chain in the header of SD-JWT VC to verify that the PID Provider is trusted. + +If the checks defined above are successful the Wallet Instance proceeds with the secure storage of the PID/(Q)EAA. + +.. code-block:: http + + HTTP/1.1 200 OK + Content-Type: application/json + Cache-Control: no-store + Pragma: no-cache + + { + "format": "vc+sd-jwt" + "credential" : "LUpixVCWJk0eOt4CXQe1NXK[...]WZwmhmn9OQp6YxX0a2L", + "c_nonce": "fGFF7[...]UkhLa", + "c_nonce_expires_in": 86400 + } + +Pushed Authorization Request Endpoint +------------------------------------- + +Pushed Authorization Request (PAR) Request +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The requests to the PID/(Q)EAA authorization endpoint MUST use the HTTP POST method with the parameters in the message body encoded in ``application/x-www-form-urlencoded`` format. The Pushed Authorization Endpoint is protected with OAuth 2.0 Attestation-based Client Authentication [`oauth-attestation-draft `_] and the following parameters MUST be provided: + +.. _table_http_request_claim: +.. list-table:: PAR http request parameters + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **response_type** + - MUST be set to ``code``. + - :rfc:`6749` + * - **client_id** + - MUST be set to the thumbprint of the ``jwk`` value in the ``cnf`` parameter inside the Wallet Attestation. + - :rfc:`6749` + * - **code_challenge** + - A challenge derived from the **code verifier** that is sent in the authorization request. + - :rfc:`7636#section-4.2`. + * - **code_challenge_method** + - A method that was used to derive **code challenge**. It MUST be set to ``S256``. + - :rfc:`7636#section-4.3`. + * - **request** + - It MUST be a signed JWT. The private key corresponding to the public one in the ``cnf`` parameter inside the Wallet Attestation MUST be used for signing the Request Object. + - `OpenID Connect Core. Section 6 `_ + * - **client_assertion_type** + - It MUST be set to ``urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation``. + - `oauth-attestation-draft `_. + * - **client_assertion** + - It MUST be set to a value containing the Wallet Attestation JWT and the Proof of Possession, separated with the ``~`` character. + - `oauth-attestation-draft `_. + +The JWT Request Object has the following JOSE header parameters: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **JOSE header** + - **Description** + - **Reference** + * - **alg** + - A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section `Cryptographic Algorithms `_ and MUST NOT be set to ``none`` or any symmetric algorithm (MAC) identifier. + - :rfc:`7516#section-4.1.1`. + * - **kid** + - Unique identifier of the ``jwk`` inside the ``cnf`` claim of Wallet Attestation as base64url-encoded JWK Thumbprint value. + - :rfc:`7638#section_3`. + +.. note:: + The parameter **typ**, if omitted, assumes the implicit value **JWT**. + + +The JWT payload is given by the following parameters: + +.. _table_jwt_request: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **iss** + - It MUST be set to the ``client_id``. + - :rfc:`9126` and :rfc:`7519`. + * - **aud** + - It MUST be set to the identifier of the PID/(Q)EAA Provider. + - :rfc:`9126` and :rfc:`7519`. + * - **exp** + - UNIX Timestamp with the expiry time of the JWT. + - :rfc:`9126` and :rfc:`7519`. + * - **iat** + - UNIX Timestamp with the time of JWT issuance. + - :rfc:`9126` and :rfc:`7519`. + * - **response_type** + - It MUST be set as in the :ref:`Table of the HTTP parameters `. + - See :ref:`Table of the HTTP parameters `. + * - **client_id** + - It MUST be set as in the :ref:`Table of the HTTP parameters `. + - See :ref:`Table of the HTTP parameters `. + * - **state** + - Unique session identifier at the client side. This value will be returned to the client in the response, at the end of the authentication. It MUST be a random string composed by alphanumeric characters and with a minimum length of 32 digits. + - See `OpenID.Core#AuthRequest `_. + * - **code_challenge** + - It MUST be set as in the :ref:`Table of the HTTP parameters `. + - See :ref:`Table of the HTTP parameters `. + * - **code_challenge_method** + - It MUST be set as in the :ref:`Table of the HTTP parameters `. + - See :ref:`Table of the HTTP parameters `. + * - **authorization_details** + - Array of JSON Objects. Each JSON Object MUST include the following claims: + + - **type**: it MUST be set to ``openid_credential``, + - **credential_configuration_id**: JSON String. String specifying a unique identifier of the Credential being described in the `credential_configurations_supported` map in the Credential Issuer Metadata. For example, in the case of the PID, it MUST be set to ``PersonIdentificationData``. + - See [RAR :rfc:`9396`] and `[OIDC4VCI. Draft 13] `_. + * - **redirect_uri** + - Redirection URI to which the response is intended to be sent. It MUST be an universal or app link registered with the local operating system, so this latter will provide the response to the Wallet Instance. + - See `OpenID.Core#AuthRequest `_. + * - **client_assertion_type** + - It MUST be set as in the :ref:`Table of the HTTP parameters `. + - See :ref:`Table of the HTTP parameters `. + * - **client_assertion** + - It MUST be set as in the :ref:`Table of the HTTP parameters `. + - See :ref:`Table of the HTTP parameters `. + * - **jti** + - Unique identifier of the JWT that, together with the value contained in the ``iss`` claim, prevents the reuse of the JWT (replay attack). Since the `jti` value alone is not collision resistant, it MUST be identified uniquely together with its issuer. + - [:rfc:`7519`]. + +The JOSE header of the Wallet Attestation proof of possession MUST contain: + +.. _table_jwt_pop: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **JOSE header** + - **Description** + - **Reference** + * - **alg** + - A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section `Cryptographic Algorithms `_ and MUST NOT be set to ``none`` or any symmetric algorithm (MAC) identifier. + - :rfc:`7516#section-4.1.1`. + * - **kid** + - Unique identifier of the ``jwk`` inside the ``cnf`` claim of Wallet Attestation as base64url-encoded JWK Thumbprint value. + - :rfc:`7638#section_3`. + * - **typ** + - It MUST be set to ``jwt-client-attestation-pop`` + - Currently under discussion in [`oauth-attestation-draft `_]. + +The body of the Wallet Attestation proof of possession JWT MUST contain: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **iss** + - Thumbprint of the JWK in the ``cnf`` parameter. + - :rfc:`9126` and :rfc:`7519`. + * - **aud** + - It MUST be set to the identifier of the PID/(Q)EAA Provider. + - :rfc:`9126` and :rfc:`7519`. + * - **exp** + - UNIX Timestamp with the expiry time of the JWT. + - :rfc:`9126` and :rfc:`7519`. + * - **iat** + - UNIX Timestamp with the time of JWT issuance. + - :rfc:`9126` and :rfc:`7519`. + * - **jti** + - Unique identifier for the DPoP proof JWT. The value SHOULD be set using a *UUID v4* value according to [:rfc:`4122`]. + - [:rfc:`7519`. Section 4.1.7]. + +.. _sec_par: + +Pushed Authorization Request (PAR) Response +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +If the verification is successful, the PID/(Q)EAA Issuer MUST provide the response with a *201 HTTP status code*. The following parameters are included as top-level members in the HTTP response message body, using the ``application/json`` media type as defined in [:rfc:`8259`]. + +.. _table_http_response_claim: +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **request_uri** + - The request URI corresponding to the authorization request posted. This URI MUST be a single-use reference to the respective authorization request. It MUST contain some part generated using a cryptographically strong pseudorandom algorithm. The value format MUST be ``urn:ietf:params:oauth:request_uri:`` with ```` as the random part of the URI that references the respective authorization request data. + - [:rfc:`9126`]. + * - **expires_in** + - A JSON number that represents the lifetime of the request URI in seconds as a positive integer. + - [:rfc:`9126`]. + + +Authorization endpoint +---------------------- + +The authorization endpoint is used to interact with the PID/(Q)EAA Issuer and obtain an authorization grant. +The authorization server MUST first verify the identity of the User that own the credential. + + +Authorization Request +^^^^^^^^^^^^^^^^^^^^^^^ + +The Authorization request is issued by the Web Browser in use by the Wallet Instance, the HTTP methods **POST** or **GET** are used. When the method **POST** is used, the parameters MUST be sent using the *Form Serialization*. When the method **GET** is used, the parameters MUST be sent using the *Query String Serialization*. For more details see `OpenID.Core#Serializations `_. + +The mandatory parameters in the HTTP authentication request are specified in the following table. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **client_id** + - It MUST be set as in the :ref:`Table of the HTTP parameters `. + - See :ref:`Table of the HTTP parameters `. + * - **request_uri** + - It MUST be set to the same value as obtained by PAR Response. See :ref:`Table of the HTTP PAR Response parameters `. + - [:rfc:`9126`]. + + +Authorization Response +^^^^^^^^^^^^^^^^^^^^^^^ + +The authentication response is returned by the PID/(Q)EAA authorization endpoint at the end of the authentication flow. + +If the authentication is successful the PID/(Q)EAA Issuer redirects the User by adding the following query parameters as required to the *redirect_uri*. The redirect URI MUST be an universal or app link registered with the local operating system, so this latter is able to provide the response to the Wallet Instance. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **code** + - Unique *Authorization Code* that the Wallet Instance submits to the Token Endpoint. + - [:rfc:`6749#section-4.1.2`], `Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants `_ + * - **state** + - The Wallet Instance MUST check the correspondence with the ``state`` parameter value in the Request Object. It is defined as in the :ref:`Table of the JWT Request parameters `. + - [:rfc:`6749#section-4.1.2`]. + * - **iss** + - Unique identifier of the PID/(Q)EAA Issuer who created the Authentication Response. The Wallet Instance MUST validate this parameter. + - `OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response `_, `[RFC7519, Section 4.1.1] `_. + + +Token endpoint +-------------- + +The token endpoint is used by the Wallet Instance to obtain an Access Token by presenting an authorization grant, as +defined in :rfc:`6749`. The Token Endpoint is a protected endpoint with a client authentication based on the model defined in OAuth 2.0 Attestation-based Client Authentication [`oauth-attestation-draft `_]. + +Token Request +^^^^^^^^^^^^^^^ + +The request to the PID/(Q)EAA Token endpoint MUST be an HTTP request with method POST, with the body message encoded in ``application/x-www-form-urlencoded`` format. The Wallet Instance sends the Token endpoint request with ``client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation`` and ``client_assertion=WIA~WIA-PoP``. + +The Token endpoint MUST accept and validate the DPoP proof sent in the DPoP HTTP header. The Token endpoint MUST validate the DPoP proof according to Section 4.3 of the DPoP specifications (:rfc:`9449`). This mitigates the misuse of leaked or stolen Access Tokens at the credential endpoint. If the DPoP proof is invalid, the Token endpoint returns an error response, according to Section 5.2 of [:rfc:`6749`] with ``invalid_dpop_proof`` as the value of the error parameter. + +All the parameters listed below are REQUIRED: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **grant_type** + - It MUST be set to ``authorization_code``. + - `Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants `_. + * - **code** + - Authorization code returned in the Authentication Response. + - `Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants `_. + * - **redirect_uri** + - It MUST be set as in the Request Object :ref:`Table of the JWT Request parameters `. + - `Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants `_. + * - **code_verifier** + - Verification code of the **code_challenge**. + - `Proof Key for Code Exchange by OAuth Public Clients `_. + * - **client_assertion_type** + - It MUST be set to ``urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation``. + - `oauth-attestation-draft `_. + * - **client_assertion** + - It MUST be set to a value containing the Wallet Attestation JWT and the Proof of Possession JWT, separated with the ``~`` character (WIA~WIA-PoP). The Wallet Attestation Proof of Possession MUST contain the claims as defined in :ref:`Table of the JWT Wallet Attestation PoP `, Section :ref:`Pushed Authorization Request (PAR) Response`. + - `oauth-attestation-draft `_. + +A **DPoP Proof JWT** is included in the HTTP request using the ``DPoP`` header parameter containing a DPoP JWS. + +The JOSE header of a **DPoP JWT** MUST contain at least the following parameters: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **JOSE header** + - **Description** + - **Reference** + * - **typ** + - It MUST be equal to ``dpop+jwt``. + - [:rfc:`7515`] and [:rfc:`8725`. Section 3.11]. + * - **alg** + - A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms in Section :ref:`Cryptographic Algorithms ` and MUST NOT be set to ``none`` or with a symmetric algorithm (MAC) identifier. + - [:rfc:`7515`]. + * - **jwk** + - It represents the public key chosen by the Wallet Instance, in JSON Web Key (JWK) [:rfc:`7517`] format that the Access Token MUST be bound to, as defined in [:rfc:`7515`] Section 4.1.3. It MUST NOT contain a private key. + - [:rfc:`7517`] and [:rfc:`7515`]. + + +The payload of a **DPoP JWT Proof** MUST contain at least the following claims: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **jti** + - Unique identifier for the DPoP proof JWT. The value SHOULD be set using a *UUID v4* value according to [:rfc:`4122`]. + - [:rfc:`7519`. Section 4.1.7]. + * - **htm** + - The value of the HTTP method of the request to which the JWT is attached. + - [:rfc:`9110`. Section 9.1]. + * - **htu** + - The HTTP target URI, without query and fragment parts, of the request to which the JWT is attached. + - [:rfc:`9110`. Section 7.1]. + * - **iat** + - UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in :rfc:`7519`. + - [:rfc:`7519`. Section 4.1.6]. + + +Token Response +^^^^^^^^^^^^^^^ + +Token endpoint response MUST contain the following mandatory claims. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **access_token** + - The *DPoP-bound Access Token*, in signed JWT format, allows accessing the PID/(Q)EAA Credential Endpoint for obtaining the credential. + - :rfc:`6749`. + * - **token_type** + - Type of *Access Token* returned. It MUST be equal to ``DPoP``. + - :rfc:`6749`. + * - **expires_in** + - Expiry time of the *Access Token* in seconds. + - :rfc:`6749`. + * - **c_nonce** + - JSON string containing a ``nonce`` value to be used to create a *proof of possession* of key material when requesting a Credential. + - `[OIDC4VCI. Draft 13] `_. + * - **c_nonce_expires_in** + - JSON integer, it represents the lifetime in seconds of the **c_nonce**. + - `[OIDC4VCI. Draft 13] `_. + * - **authorization_details** + - JSON object, used to identify Credentials with the same metadata but different claimset/claim values and/or simplify the Credential request even when only one Credential is being issued. + - `[OIDC4VCI. Draft 13] `_. + + +Access Token +^^^^^^^^^^^^ + +A DPoP-bound Access Token is provided by the PID/(Q)EAA Token endpoint as a result of a successful token request. The Access Token is encoded in JWT format, according to [:rfc:`7519`]. The Access Token MUST have at least the following mandatory claims and it MUST be bound to the public key that is provided by the DPoP proof. This binding can be accomplished based on the methodology defined in Section 6 of (:rfc:`9449`). + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **iss** + - It MUST be an HTTPS URL that uniquely identifies the PID/(Q)EAA Issuer. The Wallet Instance MUST verify that this value matches the PID/(Q)EAA Issuer where it has requested the credential. + - [:rfc:`9068`], `[RFC7519, Section 4.1.1] `_. + * - **sub** + - It identifies the subject of the JWT. It MUST be set to the value of the ``sub`` field in the PID/(Q)EAA SD-JWT-VC. + - [:rfc:`9068`], [:rfc:`7519`] and [`OpenID.Core#SubjectIDTypes `_]. + * - **aud** + - It MUST be set to the URL of Credential Endpoint of the PID/(Q)EAA Provider. + - [:rfc:`9068`]. + * - **iat** + - UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in :rfc:`7519`. + - [:rfc:`9068`], [:rfc:`7519`. Section 4.1.6]. + * - **exp** + - UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated in :rfc:`7519`. + - [:rfc:`9068`], [:rfc:`7519`]. + * - **jti** + - It MUST be a String in *uuid4* format. Unique Token ID identifier that the RP MAY use to prevent reuse by rejecting the Token ID if already processed. + - [:rfc:`9068`], [:rfc:`7519`]. + * - **jkt** + - JWK SHA-256 Thumbprint Confirmation Method. The value of the jkt member MUST be the base64url encoding (as defined in [RFC7515]) of the JWK SHA-256 Thumbprint of the DPoP public key (in JWK format) to which the Access Token is bound. + - [:rfc:`9449`. Section 6.1] and [:rfc:`7638`]. + + +Credential endpoint +------------------- + +The Credential Endpoint issues a Credential upon the presentation of a valid Access Token, as defined in `OPENID4VCI`_. + + +Credential Request +^^^^^^^^^^^^^^^^^^^ + +The Wallet Instance when requests the PID/(Q)EAA to the PID/(Q)EAA Credential endpoint, MUST use the following parameters in the message body of the HTTP POST request, using the `application/json` media type. + +The Credential endpoint MUST accept and validate the *DPoP proof* sent in the DPoP HTTP Header parameter, according to the steps defined in (:rfc:`9449`) Section 4.3. The *DPoP proof* in addition to the values that are defined in the Token Endpoint section MUST contain the following claim: + + - **ath**: hash value of the Access Token encoded in ASCII. The value MUST use the base64url encoding (as defined in Section 2 of :rfc:`7515`) with the SHA-256 algorithm. + +If the *DPoP proof* is invalid, the Credential endpoint returns an error response per Section 5.2 of [:rfc:`6749`] with `invalid_dpop_proof` as the value of the error parameter. + +.. warning:: + The Wallet Instance MUST create a **new DPoP proof** for the Credential request and MUST NOT use the previously created proof for the Token Endpoint. + + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **credential_definition** + - JSON object containing the detailed description of the Credential type. It MUST have at least the **type** sub claims which is a JSON array containing the type values the Wallet SHALL request in the Credential Request. It MUST be set in accordance to the type of the requested PID/(Q)EAA that is obtained from the PID/(Q)EAA Issuer metadata. In the case of the PID it MUST be set to ``PersonIdentificationData``. + - `[OIDC4VCI. Draft 13] `_. + * - **format** + - Format of the Credential to be issued. This MUST be `vc+sd-jwt`. + - `[OIDC4VCI. Draft 13] `_. + * - **proof** + - JSON object containing proof of possession of the key material the issued credential shall be bound to. The proof object MUST contain the following mandatory claims: + + - **proof_type**: JSON string denoting the proof type. It MUST be `jwt`. + - **jwt**: the JWT used as proof of possession. + - `[OIDC4VCI. Draft 13] `_. + +.. note:: + + If the **format** value is `mso_mdoc`, the credential request MUST contain the ``doctype`` claim which is a JSON string identifying the credential type according to `EIDAS-ARF`_ . See Appendix E.2. of `[OIDC4VCI. Draft 13] `_ for more details. + + +The JWT proof type MUST contain the following parameters for the JOSE header and the JWT body: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **JOSE Header** + - **Description** + - **Reference** + * - **alg** + - A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms in Section :ref:`Cryptographic Algorithms ` and MUST NOT be set to ``none`` or to a symmetric algorithm (MAC) identifier. + - `[OIDC4VCI. Draft 13] `_, [:rfc:`7515`], [:rfc:`7517`]. + * - **typ** + - It MUST be set to `openid4vci-proof+jwt`. + - `[OIDC4VCI. Draft 13] `_, [:rfc:`7515`], [:rfc:`7517`]. + * - **jwk** + - Representing the public key chosen by the Wallet Instance, in JSON Web Key (JWK) [:rfc:`7517`] format that the PID/(Q)EAA shall be bound to, as defined in Section 4.1.3 of [:rfc:`7515`]. The ``jwk`` value MUST be equal to the same public key that is generated for the DPoP. + - `[OIDC4VCI. Draft 13] `_, [:rfc:`7515`], [:rfc:`7517`]. + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **iss** + - The value of this claim MUST be the **client_id** of the Wallet Instance. + - `[OIDC4VCI. Draft 13] `_, `[RFC7519, Section 4.1.1] `_. + * - **aud** + - The value of this claim MUST be the identifier URL of the PID/(Q)EAA Issuer. + - `[OIDC4VCI. Draft 13] `_. + * - **iat** + - UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in :rfc:`7519`. + - `[OIDC4VCI. Draft 13] `_, [:rfc:`7519`. Section 4.1.6]. + * - **nonce** + - The value type of this claim MUST be a string, where the value is a **c_nonce** provided by the PID/(Q)EAA Issuer in the Token response. + - `[OIDC4VCI. Draft 13] `_. + + +Credential Response +^^^^^^^^^^^^^^^^^^^^ + +Credential Response to the Wallet Instance MUST be sent using `application/json` media type. The response MUST contain the following mandatory claims: + +.. _table_credential_response_claim: +.. list-table:: Credential http response parameters + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Reference** + * - **format** + - Format of the Credential to be issued. This MUST be set to `vc+sd-jwt` when the credential type is SD-JWT. + - `[OIDC4VCI. Draft 13] `_. + * - **credential** + - Contains the issued PID/(Q)EAA. When the credential type is SD-JWT, it MUST be an SD-JWT JSON Object (see Section :ref:`PID/(Q)EAA Data Model `). + - Appendix E in `[OIDC4VCI. Draft 13] `_. + * - **c_nonce** + - JSON string containing a ``nonce`` value to be used to create a *proof of possession* of the key material when requesting a further Credential or for the renewal of a credential. + - `[OIDC4VCI. Draft 13] `_. + * - **c_nonce_expires_in** + - JSON integer corresponding to the **c_nonce** lifetime in seconds. + - `[OIDC4VCI. Draft 13] `_. + +.. note:: + + If the **format** value is `mso_mdoc`, the **credential** value MUST be a base64url-encoded JSON string according to Appendix E of `[OIDC4VCI. Draft 13] `_. + + +.. _Entity Configuration Credential Issuer: + +Entity Configuration Credential Issuer +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Below is a non-normative example of an Entity Configuration containing an `openid_credential_issuer` metadata. + +.. code-block:: http + + HTTP/1.1 200 OK + Content-Type: application/entity-statement+jwt + + { + + "alg": "RS256", + "kid": "FANFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs", + "typ": "entity-statement+jwt" + + } + . + { + "exp": "1649610249", + "iat": "1649437449", + "iss": "https://pid-provider.example.org", + "sub": "https://pid-provider.example.org", + "jwks": { + "keys": [{ + "kty": "RSA", + "use": "sig", + "n": "1Ta-sE ...", + "e": "AQAB", + "kid": "FANFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs" + }] + }, + "authority_hints": ["https://superior-entity.example.org/federation"], + "metadata": { + "openid_credential_issuer": { + "credential_issuer": "https://pid-provider.example.org", + "authorization_servers": ["https://pid-provider.example.org"], + "authorization_endpoint": "https://pid-provider.example.org/connect/authorize", + "token_endpoint": "https://pid-provider.example.org/connect/token", + "pushed_authorization_request_endpoint": "https://pid-provider.example.org/connect/par", + "dpop_signing_alg_values_supported": ["RS256", "RS512", "ES256", "ES512"], + "credential_endpoint": "https://pid-provider.example.org/credential", + "display": [ + { + "name": "PID Provider Italiano di esempio", + "locale": "it-IT" + }, + { + "name": "Example PID Provider", + "locale": "en-US", + "logo": { + "url": "https://pid-provider example.org/public/logo.svg", + "alt_text": "logo di questo PID Provider" + }, + } + ], + "jwks": { + "keys": [ + { + "crv": "P-256", + "kty": "EC", + "x": "newK5qDYMekrCPPO-yEYTdJVWJMTzasMavt2vm1Mb-A", + "y": "VizXaLO6dzeesZPxfpGZabTK3cTXtBUbIiQpmiYRtSE", + "kid": "ff0bded045fe63fe5d1d64dd83b567e0" + } + ] + }, + "credential_configurations_supported": [ + { + "format": "vc+sd-jwt", + "cryptographic_binding_methods_supported": ["jwk"], + "cryptographic_suites_supported": ["RS256", "RS512", "ES256", "ES512"], + "proof_types": ["jwt"], + "display": [{ + "name": "PID Italiano di esempio", + "locale": "it-IT", + "logo": { + "url": "https://pid-provider example.org/public/logo.svg", + "alt_text": "logo di questa Credenziale" + }, + "background_color": "#12107c", + "text_color": "#FFFFFF" + }, + { + "name": "Example Italian PID", + "locale": "en-US", + "logo": { + "url": "https://pid-provider.example.org/public/logo.svg", + "alt_text": "The logo of this credential" + }, + "background_color": "#12107c", + "text_color": "#FFFFFF" + } + ], + "credential_definition": { + "type": ["PersonIdentificationData"], + "credentialSubject": { + "given_name": { + "mandatory": true, + "display": [{ + "name": "Current First Name", + "locale": "en-US" + }, + { + "name": "Nome", + "locale": "it-IT" + } + ] + }, + "family_name": { + "mandatory": true, + "display": [{ + "name": "Current Family Name", + "locale": "en-US" + }, + { + "name": "Cognome", + "locale": "it-IT" + } + ] + }, + "birthdate": { + "mandatory": true, + "display": [{ + "name": "Date of Birth", + "locale": "en-US" + }, + { + "name": "Data di Nascita", + "locale": "it-IT" + } + ] + }, + "place_of_birth": { + "mandatory": true, + "display": [{ + "name": "Place of Birth", + "locale": "en-US" + }, + { + "name": "Luogo di Nascita", + "locale": "it-IT" + } + ] + }, + "unique_id": { + "mandatory": true, + "display": [{ + "name": "Unique Identifier", + "locale": "en-US" + }, + { + "name": "Identificativo univoco", + "locale": "it-IT" + } + ] + }, + "tax_id_code": { + "mandatory": true, + "display": [{ + "name": "Tax Id Number", + "locale": "en-US" + }, + { + "name": "Codice Fiscale", + "locale": "it-IT" + } + ] + } + } + } + } + } + }, + + "federation_entity": { + "organization_name": "PID Provider Organization Example", + "homepage_uri": "https://pid-provider.example.org", + "policy_uri": "https://pid-provider.example.org/privacy_policy", + "tos_uri": "https://pid-provider.example.org/info_policy", + "logo_uri": "https://pid-provider.example.org/logo.svg" + }, + + "openid_relying_party": { + + } + } + } diff --git a/refs/pull/201/merge/en/_sources/proximity-flow.rst.txt b/refs/pull/201/merge/en/_sources/proximity-flow.rst.txt new file mode 100644 index 000000000..4b2246754 --- /dev/null +++ b/refs/pull/201/merge/en/_sources/proximity-flow.rst.txt @@ -0,0 +1,412 @@ + + +.. _proximity_flow_sec: + +Proximity Flow +============== + +This section describes how a Verifier requests the presentation of an *mDoc-CBOR* Credential to a Wallet Instance according to the *ISO 18013-5 Specification*. Only *Supervised Device Retrieval flow* is supported in this technical implementation profile. + +The presentation phase is divided into three sub-phases: + + 1. **Device Engagement**: This subphase begins when the User is prompted to disclose certain attributes from the mDoc(s). The objective of this subphase is to establish a secure communication channel between the Wallet Instance and the Verifier App, so that the mDoc requests and responses can be exchanged during the communication subphase. + The messages exchanged in this subphase are transmitted through short-range technologies to limit the possibility of interception and eavesdropping. + This technical implementation profile exclusively supports QR code for Device Engagement. + + 2. **Session establishment**: During the session establishment phase, the Verifier App sets up a secure connection. All data transmitted over this connection is encrypted using a session key, which is known to both the Wallet Instance and the Verifier at this stage. + The established session MAY be terminated based on the conditions as detailed in [ISO18013-5#9.1.1.4]. + + 3. **Communication - Device Retrieval**: The Verifier App encrypts the mDoc request with the appropriate session key and sends it to the Wallet Instance together with its public key in a session establishment message. The mDoc uses the data from the session establishment message to derive the session key and decrypt the mDoc request. + During the communication subphase, the Verifier App has the option to request information from the Wallet using mDoc requests and responses. The primary mode of communication is the secure channel established during the session setup. The Wallet Instance encrypts the mDoc response using the session key and transmits it to the Verifier App via a session data message. This technical implementation profile only supports Bluetooth Low Energy (BLE) for the communication sub-phase. + + +The following figure illustrates the flow diagram compliant with ISO 18013-5 for proximity flow. + +.. _fig_High-Level-Flow-ITWallet-Presentation-ISO: +.. figure:: ../../images/High-Level-Flow-ITWallet-Presentation-ISO.svg + :figwidth: 100% + :align: center + :target: https://www.plantuml.com/plantuml/svg/bL9BZnCn3BxFhx3A0H3q3_ImMlOXXBJYqGguzE9ct2RQn0bvJDb_ZoSP3QFI2xab_Xx-xDocZ34NPpiisNDn1ufT1t9GPH_XUw88cA3KjuF_3QlnwNM2dHDYq9vf1Q-Up4ddErkeme9KZ381ESFg9rfB6JwnEB4IiAYTAuou7nN_Al-WQ8xcVzHd2dm8eKeFI-cMfApNDpVd3Nm9n90rmKLBa3s4I8b441dSWrTm7wcNkq7RD3xxJE07CIhlXmqyq624-CWdF94RYQaSWiP4iAweRzjr1vLvRkOVYIcYY32TWO8c9rSBp_GYWKoSe88LzPtsvx5HKO5xtnCSVVpNibA6ATjE8IyfKr7aBgptVDry0WlPXIBOH2aPpoEcbgzDOJTXIEPui2PfrqROZogki56OfNuvcxkdHv5N9H8eZSnaPLRJwUPU95JTn9P-5J60Tn2AcAZQjJ_MiCljxndUN6texN8Dr-ErSjd0roZrNEUjFDSVaJqaZP6gOMpDK0-61UHglkcJjJL75Cx4NHflAKT30xLGH_41wnLQIDb7FD6C7URSAOZCSfCjxyjSWcHEZBb4slCuTQL9FJVsWDRq9akuxfQuByx-0G00 + + High-Level Proximity Flow + +**Step 1-3**: The Verifier requests the User to reveal certain attributes from their mDoc(s) stored in the Wallet Instance. The User initiates the Wallet Instance. The Wallet Instance MUST create a new temporary key pair (EDeviceKey.Priv, EDeviceKey.Pub), and incorporate the cipher suite identifier, the identifier of the elliptic curve for key agreement, and the EDeviceKey public point into the device engagement structure (refer to [ISO18013-5#9.1.1.4]). This key pair is temporary and MUST be invalidated immediately after the secure channel is established. Finally, the Wallet Instance displays the QR Code for Device Engagement. + +Below an example of a device engagement structure that utilizes QR for device engagement and Bluetooth Low Energy (BLE) for data retrieval. + +CBOR data: + +.. code-block:: + + a30063312e30018201d818584ba4010220012158205a88d182bce5f42efa59943f33359d2e8a968ff289d93e5fa444b624343167fe225820b16e8cf858ddc7690407ba61d4c338237a8cfcf3de6aa672fc60a557aa32fc670281830201a300f401f50b5045efef742b2c4837a9a3b0e1d05a6917 + +In diagnostic notation: + +.. code-block:: + + { + 0: "1.0", % Version + + 1: % Security + [ + 1, % defines the cipher suite 1 which contains only EC curves + 24(<< % embedded CBOR data item + { + 1: 2, % kty:EC2 (Elliptic curves with x and y coordinate pairs) + -1: 1, % crv:p256 + -2:h'5A88D182BCE5F42EFA59943F33359D2E8A968FF289D93E5FA444B624343 167FE',% x-coordinate + -3:h'B16E8CF858DDC7690407BA61D4C338237A8CFCF3DE6AA672FC60A557AA32FC67' % y-coordinate + } + >>) + ], + + 2: %DeviceRetrievalMethods(Device engagement using QR code) + [ + [ + 2, %BLE + 1, % Version + { %BLE options + 0: false, % no support for mdoc peripheral server mode + 1: true, % support mdoc central client mode + 11: h'45EFEF742B2C4837A9A3B0E1D05A6917' % UUID of mdoc client central mode + } + ] + ] + } + + + +**Step 4-6**: The Verifier App scans the QR Code and generates its own ephemeral key pair (EReaderKey.Priv, EReaderKey.Pub). It then calculates the session key, using the public key received in the Engagement Structure and its newly-generated private key, as outlined in [ISO18013-5#9.1.1.5]. Finally, it generates its session key, which must be independently derived by both the Wallet Instance and the Verifier App. + +**Step 7**: The Verifier App creates an mDoc request that MUST be encrypted using the relevant session key, and transmits it to the Wallet Instance along with EReaderKey.Pub within a session establishment message. The mDoc request MUST be encoded in CBOR, as demonstrated in the following non-normative example. + +CBOR data: +.. code-block:: + + a26776657273696f6e63312e306b646f63526571756573747381a26c6974656d7352657175657374d818590152a267646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e4954a375766572696669636174696f6e2e65766964656e6365f4781c766572696669636174696f6e2e6173737572616e63655f6c6576656cf4781c766572696669636174696f6e2e74727573745f6672616d65776f726bf4716f72672e69736f2e31383031332e352e31ab76756e5f64697374696e6775697368696e675f7369676ef47264726976696e675f70726976696c65676573f46f646f63756d656e745f6e756d626572f46a69737375655f64617465f46f69737375696e675f636f756e747279f47169737375696e675f617574686f72697479f46a62697274685f64617465f46b6578706972795f64617465f46a676976656e5f6e616d65f468706f727472616974f46b66616d696c795f6e616d65f46a726561646572417574688443a10126a11821590129308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97bf6584058a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9 + +The above CBOR data is represented in diagnostic notation as follows: +.. code-block:: + + { + "version": "1.0", + "docRequests": [ + { + "itemsRequest": 24(<< { + "docType": "org.iso.18013.5.1.mDL", + "nameSpaces": { + "org.iso.18013.5.1.IT": { + "verification.evidence": false, + "verification.assurance_level": false, + "verification.trust_framework": false + }, + "org.iso.18013.5.1": { + "un_distinguishing_sign": false, + "driving_privileges": false, + "document_number": false, + "issue_date": false, + "issuing_country": false, + "issuing_authority": false, + "birth_date": false, + "expiry_date": false, + "given_name": false, + "portrait": false, + "family_name": false + } + } + } >>), + "readerAuth": [ + h'a10126', + { + 33: h'308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97b' + }, + null, + h'58a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9' + ] + } + ] + } + +**Step 8**: The Wallet Instance uses the session establishment message to derive the session keys and decrypt the mDoc request. It computes the session key using the public key received from the Verifier App and its private key. + +**Step 9-10**: When the Wallet Instance receives the mDoc request, it locates the documents that contain the requested attributes and asks the User for permission to provide this information to the Verifier. If the User agrees, the Wallet generates an mDoc response and transmits it to the Verifier App through the secure channel. + +**Step 11-12**: If the User gives consent, the Wallet Instance creates an mDoc response and transmits it to the Verifier App via the secure channel. The mDoc response MUST be encoded in CBOR, with its structure outlined in [ISO18013-5#8.3.2.1.2.2]. Below is a non-normative example of an mDoc response. + +CBOR Data: +.. code-block:: + + a36776657273696f6e63312e3069646f63756d656e747381a367646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c6973737565725369676e6564a26a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e495483d81858f7a46864696765737449440b6672616e646f6d506d44f21ee875f2c1d502b43198e5a15271656c656d656e744964656e74696669657275766572696669636174696f6e2e65766964656e63656c656c656d656e7456616c756581a2647479706571656c656374726f6e69635f7265636f7264667265636f7264bf6474797065781f68747470733a2f2f657564692e77616c6c65742e70646e642e676f762e697466736f75726365bf716f7267616e697a6174696f6e5f6e616d65754d6f746f72697a7a617a696f6e6520436976696c656f6f7267616e697a6174696f6e5f6964656d5f696e666c636f756e7472795f636f6465626974ffffd8185866a4686469676573744944046672616e646f6d50185d84dfb71ce9b173010ddd62174fbe71656c656d656e744964656e746966696572781c766572696669636174696f6e2e74727573745f6672616d65776f726b6c656c656d656e7456616c7565656569646173d8185865a4686469676573744944006672616e646f6d50137f903174253c4585358267aae2ea4e71656c656d656e744964656e746966696572781c766572696669636174696f6e2e6173737572616e63655f6c6576656c6c656c656d656e7456616c75656468696768716f72672e69736f2e31383031332e352e318bd8185852a46864696765737449440c6672616e646f6d5053e29d0ddbbc7d2306a32bdbe2e56e5171656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756563446f65d8185855a4686469676573744944036672616e646f6d50990cba2069fa1b33b8d6ae910b6549dc71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c756567416e746f6e696fd818585ba46864696765737449440a6672616e646f6d504086c1379975f805f1b1f4975e6a126571656c656d656e744964656e7469666965726a69737375655f646174656c656c656d656e7456616c7565d903ec6a323031392d31302d3230d818585ca4686469676573744944016672616e646f6d50ab4ca30c918dd2fd0bf35242c15fa2d871656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d31302d3230d8185855a4686469676573744944076672616e646f6d508d9066f6c8da16619867cd4e2fab0c8871656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ea4686469676573744944056672616e646f6d5059fe68db795dee4c20976380ea24770571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c75657828497374697475746f20506f6c696772616669636f2065205a656363612064656c6c6f20537461746fd818585ba4686469676573744944026672616e646f6d5008b3f1ca5517019767be3dee3bb0614571656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3230d818585ca4686469676573744944096672616e646f6d50a2395ec214350c26066306e23279b3ae71656c656d656e744964656e7469666965726f646f63756d656e745f6e756d6265726c656c656d656e7456616c756569393837363534333231d8185850a4686469676573744944066672616e646f6d50a25e1a5b915d2d6eafee9674e023293971656c656d656e744964656e74696669657268706f7274726169746c656c656d656e7456616c75654420212223d81858eea46864696765737449440d6672616e646f6d50eeed6a3b856563627589a360939d12f771656c656d656e744964656e7469666965727264726976696e675f70726976696c656765736c656c656d656e7456616c756582a37576656869636c655f63617465676f72795f636f646561416a69737375655f64617465d903ec6a323031382d30382d30396b6578706972795f64617465d903ec6a323032342d31302d3230a37576656869636c655f63617465676f72795f636f646561426a69737375655f64617465d903ec6a323031372d30322d32336b6578706972795f64617465d903ec6a323032342d31302d3230d818585ba4686469676573744944086672616e646f6d50c0ef486b2a194ed3cbf7f354fd40092171656c656d656e744964656e74696669657276756e5f64697374696e6775697368696e675f7369676e6c656c656d656e7456616c756561496a697373756572417574688443a10126a118215901423082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb + +In diagnostic notation: +.. code-block:: + + { + "version": "1.0", + "documents": [ + { + "docType": "org.iso.18013.5.1.mDL", + "issuerSigned": { + "nameSpaces": { + "org.iso.18013.5.1.IT": [ + 24(<< { + "digestID": 11, + "random": h'6d44f21ee875f2c1d502b43198e5a152', + "elementIdentifier": "verification.evidence", + "elementValue": [ + { + "type": "electronic_record", + "record": { + "type": "https://eudi.wallet.pdnd.gov.it", + "source": { + "organization_name": "Motorizzazione Civile", + "organization_id": "m_inf", + "country_code": "it" + } + } + } + ] + } >>), + 24(<< { + "digestID": 4, + "random": h'185d84dfb71ce9b173010ddd62174fbe', + "elementIdentifier": "verification.trust_framework", + "elementValue": "eidas" + } >>), + 24(<< { + "digestID": 0, + "random": h'137f903174253c4585358267aae2ea4e', + "elementIdentifier": "verification.assurance_level", + "elementValue": "high" + } >>) + ], + "org.iso.18013.5.1": [ + 24(<< { + "digestID": 12, + "random": h'53e29d0ddbbc7d2306a32bdbe2e56e51', + "elementIdentifier": "family_name", + "elementValue": "Doe" + } >>), + 24(<< { + "digestID": 3, + "random": h'990cba2069fa1b33b8d6ae910b6549dc', + "elementIdentifier": "given_name", + "elementValue": "Antonio" + } >>), + 24(<< { + "digestID": 10, + "random": h'4086c1379975f805f1b1f4975e6a1265', + "elementIdentifier": "issue_date", + "elementValue": 1004("2019-10-20") + } >>), + 24(<< { + "digestID": 1, + "random": h'ab4ca30c918dd2fd0bf35242c15fa2d8', + "elementIdentifier": "expiry_date", + "elementValue": 1004("2024-10-20") + } >>), + 24(<< { + "digestID": 7, + "random": h'8d9066f6c8da16619867cd4e2fab0c88', + "elementIdentifier": "issuing_country", + "elementValue": "IT" + } >>), + 24(<< { + "digestID": 5, + "random": h'59fe68db795dee4c20976380ea247705', + "elementIdentifier": "issuing_authority", + "elementValue": "Istituto Poligrafico e Zecca dello Stato" + } >>), + 24(<< { + "digestID": 2, + "random": h'08b3f1ca5517019767be3dee3bb06145', + "elementIdentifier": "birth_date", + "elementValue": 1004("1956-01-20") + } >>), + 24(<< { + "digestID": 9, + "random": h'a2395ec214350c26066306e23279b3ae', + "elementIdentifier": "document_number", + "elementValue": "987654321" + } >>), + 24(<< { + "digestID": 6, + "random": h'a25e1a5b915d2d6eafee9674e0232939', + "elementIdentifier": "portrait", + "elementValue": h'20212223' + } >>), + 24(<< { + "digestID": 13, + "random": h'eeed6a3b856563627589a360939d12f7', + "elementIdentifier": "driving_privileges", + "elementValue": [ + { + "vehicle_category_code": "A", + "issue_date": 1004("2018-08-09"), + "expiry_date": 1004("2024-10-20") + }, + { + "vehicle_category_code": "B", + "issue_date": 1004("2017-02-23"), + "expiry_date": 1004("2024-10-20") + } + ] + } >>), + 24(<< { + "digestID": 8, + "random": h'c0ef486b2a194ed3cbf7f354fd400921', + "elementIdentifier": "un_distinguishing_sign", + "elementValue": "I" + } >>) + ] + }, + "issuerAuth": [ + h'a10126', + { + 33: h'3082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb7d518bd9a519583e082d67effff06565804fc09abf0e4a08e699c9dba3796285a15f68e40ac7f9fc7700a15153a4065300a06082a8648ce3d040302034800304502210099b7d62e6bf7b1823db3713df889bf73e70bb4d9c58c21e92c58d2f1beffe932022058d039747a00d70e6d66be4797e6142b3608a014ee09b7b79af2cae2aaf27788' + }, + 24(<< { + "version": "1.0", + "digestAlgorithm": "SHA-256", + "docType": "org.iso.18013.5.1.mDL", + "valueDigests": { + "org.iso.18013.5.1": { + 1: h'0E5F0B6B33418E508740771E82F893372EAF5B2445BC4C84DCF08B005E9493FC', + 2: h'DE21BB62FF2897D8B986D2CDA9F9BC5865C02807F7B4D9DD1FA4A79DF4C0D37F', + 3: h'BC5568239E35CE9FF8798C27FFDCD757B134B679F0FE05729AA3491381912E65', + 5: h'E6048BDC7FD6454296F1E3F54536107C9C5B24C4064DE46A98121E3630EECCA2', + 6: h'73690D92DCAA61B0203870F67C6AA9FDFEA889B6F0C720DE757B4B0A8516A206', + 7: h'E353EA0B0FD92B6BE90C64CC3B2EE1284153A8F0F5066B99AAC599200E6EEEB2', + 8: h'29227872CEB49923D267B5F4BADE6D387B42AC2DC4B2AE26C9013067FEE7018A', + 9: h'A6A119F7CACAC0B8C6AACAC747FD3FE7E50B6D9BB8A507FDA79F0DF6646F285D', + 10: h'6D8025D2F02A5E7E1406FB6AAEB67F9EDE9B07191A53F3E23B77C528223A94E2', + 12: h'B0D43E4E2EA534E4D5304E64BCF7A0F13E2C8EE8304B9CD23ABA4909652A4647', + 13: h'FBF4DE318982F2DBAD43C601CAEB22628B301AC18AA8264C5831B2AAAC89C486' + }, + "org.iso.18013.5.1.IT": { + 0: h'CF57377B675F64F37314739592C1E8A911A7DDAF341CE2902FE877C5A835E4C1', + 4: h'4A4B4CC64EC9299C1A2501EA449F577005E9F7A60408057C07A7C67FB151E5F5', + 11: h'78824FBD6FBBA88A2AAB44DF8B6F5E9759126D87D1F4415995E658FD9239E1FE' + } + }, + "deviceKeyInfo": { + "deviceKey": { + 1: 2, + -1: 1, + -2: h'AFD09E720B918CEDC2B8A881950BAB6A1051E18AE16A814D51E609938663D5E1', + -3: h'61FBC6C8AD24EC86A78BB4E9AC377DD2B7C711D9F2EB9AFD4AA0963662847AED'}}, + "validityInfo": { + "signed": 0("2023-11-24T14:54:05Z"), + "validFrom": 0("2023-11-24T14:54:05Z"), + "validUntil": 0("2024-11-24T14:54:05Z")} + } >>), + h'f2461e4fab69e9f7bcffe552395424514524d1679440036213173101448d1b1ab4a293859b389ffa8b47aeed10e9b0c1545412ac37c51a76482cd9bbbe110152' + ] + }, + "deviceSigned": { + "nameSpaces": 24(<< {} >>), + "deviceAuth": { + "deviceSignature": [ + h'a10126', + {}, + null, + h'1fed7190d2975ab79c072e6f1d9d52436059d1fc959d55baf74f057d89b10fcc0dc77a50d433d4c76ddf26223c5560c4ab123b5cb5eb805a90036aa147493076' + ] + } + } + } + ], + "status": 0 + } + +**Step 13**: The Verifier App is required to validate the signatures in the mDoc's issuerSigned field using the public key of the Credential Issuer specified within the mDoc. Subsequently, the Verifier MUST validate the signature in the deviceSigned field. If these signature checks pass, the Verifier can confidently consider the received information as valid. + +Device Engagement +----------------- + +The Device Engagement structure MUST be have at least the following components: + + - **Version**: *tstr*. Version of the data structure being used. + - **Security**: an array that contains two mandatory values + + - the cipher identifier: see Table 22 of [ISO18013-5] + - the mDL public ephemeral key generated by the Wallet Instance and required by the Verifier App to derive the Session Key. The mDL public ephemeral key MUST be of a type allowed by the indicated cipher suite. + - **transferMethod**: an array that contains one or more transferMethod arrays when performing device engagement using the QR code. This array is for offline data retrieval methods. A transferMethod array holds two mandatory values (type and version). Only the BLE option is supported by this technical implementation profile, then the type value MUST be set to ``2``. + - **BleOptions**: this elements MUST provide options for the BLE connection (support for Peripheral Server or Central Client Mode, and the device UUID). + + +mDoc Request +------------ + +The messages in the mDoc Request MUST be encoded using CBOR. The resulting CBOR byte string for the mDoc Request MUST be encrypted with the Session Key obtained after the Device Engagement phase and MUST be transmitted using the BLE protocol. +The details on the structure of mDoc Request, including identifier and format of the data elements, are provided below. + + - **version**: (tstr). Version of the data structure. + - **docRequests**: Requested DocType, NameSpace and data elements. + + - **itemsRequest**: #6.24(bstr .cbor ItemsRequest). + + - **docType**: (tstr). The DocType element contains the type of document requested. See :ref:`Data Model Section `. + - **nameSpaces**: (tstr). See :ref:`Data Model Section ` for more details. + + - **dataElements**: (tstr). Requested data elements with *Intent to Retain* value for each requested element. + + - **IntentToRetain**: (bool). It indicates that the Verifier App intends to retain the received data element. + - **readerAuth**: *COSE_Sign1*. It is required for the Verifier App authentication. + +.. note:: + + The domestic data elements MUST not be returned unless specifically requested by the Verifier App. + +mDoc Response +------------- + +The messages in the mDoc Response MUST be encoded using CBOR and MUST be encrypted with the Session Key obtained after the Device Engagement phase. +The details on the structure of mDoc Response are provided below. + + - **version**: (tstr). Version of the data structure. + - **documents**: Returned *DocType*, and *ResponseData*. + + - **docType**: (tstr). The DocType element contains the type of document returned. See :ref:`Data Model Section `. + - **ResponseData**: + + - **IssuerSigned**: Responded data elements signed by the issuer. + + - **nameSpaces**: (tstr). See :ref:`Data Model Section ` for more details. + + - **IssuerSignedItemBytes**: #6.24(bstr .cbor). + + - **digestID**: (uint). Reference value to one of the **ValueDigests** provided in the *Mobile Security Object* (`issuerAuth`). + - **random**: (bstr). Random byte value used as salt for the hash function. This value SHALL be different for each *IssuerSignedItem* and it SHALL have a minimum length of 16 bytes. + - **elementIdentifier**: (tstr). Identifier of User attribute name contained in the Credential. + - **elementValue**: (any). User attribute value + - **DeviceSigned**: Responded data elements signed by the Wallet Instance. + + - **NameSpaces**: #6.24(bstr .cbor DeviceNameSpaces). The DeviceNameSpaces structure MAY be an empty structure. DeviceNameSpaces contains the data element identifiers and values. It is returned as part of the corresponding namespace in DeviceNameSpace. + + - **DataItemName**: (tstr). The identifier of the element. + - **DataItemValue**: (any). The value of the element. + - **DeviceAuth**: The DeviceAuth structure MUST contain the DeviceSignature elements. + + - **DeviceSignature**: It MUST contain the device signature for the Wallet Instance authentication. + - **status**: It contains a status code. For detailed description and action required refer to to Table 8 (ResponseStatus) of the [ISO18013-5] + + +Session Termination +------------------- + +The session MUST be terminated if at least one of the following conditions occur. + + - After a time-out of no activity of receiving or sending session establishment or session data messages occurs. The time-out for no activity implemented by the Wallet Instance and the Verifier App SHOULD be no less than 300 seconds. + - When the Wallet Instance doesn't accept any more requests. + - When the Verifier App does not send any further requests. + +If the Wallet Instance and the Verifier App does not send or receive any further requests, the session termination MUST be initiated as follows. + + - Send the status code for session termination, or + - dispatch the "End" command as outlined in [ISO18013-5#8.3.3.1.1.5]. + +When a session is terminated, the Wallet Instance and the Verifier App MUST perform at least the following actions: + + - destruction of session keys and related ephemeral key material; + - closure of the communication channel used for data retrieval. diff --git a/refs/pull/201/merge/en/_sources/pseudonyms.rst.txt b/refs/pull/201/merge/en/_sources/pseudonyms.rst.txt new file mode 100644 index 000000000..7b20567f9 --- /dev/null +++ b/refs/pull/201/merge/en/_sources/pseudonyms.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _pseudonyms.rst: + +pseudonyms.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/en/_sources/relying-party-solution.rst.txt b/refs/pull/201/merge/en/_sources/relying-party-solution.rst.txt new file mode 100644 index 000000000..1ed5fdacb --- /dev/null +++ b/refs/pull/201/merge/en/_sources/relying-party-solution.rst.txt @@ -0,0 +1,21 @@ + + + + +.. _relying-party-solution: + +Relying Party Solution ++++++++++++++++++++++++ + +This section describes how a remote Relying Party or a Verifier App requests to a Wallet Instance the presentation of the PID/EAAs. + +In this section the following flows are described: + +- :ref:`Remote Flow `, where the User presents a Credential to a remote Relying Party according to `OPENID4VP`_. In this scenario the user-agent and the Wallet Instance may be used in the same device (**Same Device Flow**), or in different devices (**Cross Device Flow**). +- :ref:`Proximity Flow `, where the User presents a Credential to a Verifier App according to ISO 18013-5. The User interacts with a Verifier using proximity connection technologies such as QR Code and Bluetooth Low Energy (BLE). + +.. include:: remote-flow.rst + +.. include:: proximity-flow.rst + + diff --git a/refs/pull/201/merge/en/_sources/remote-flow.rst.txt b/refs/pull/201/merge/en/_sources/remote-flow.rst.txt new file mode 100644 index 000000000..ebf5f726d --- /dev/null +++ b/refs/pull/201/merge/en/_sources/remote-flow.rst.txt @@ -0,0 +1,731 @@ +.. include:: ../common/common_definitions.rst +.. _Wallet Attestation: wallet-attestation.html +.. _Trust Model: trust.html + +.. _remote_flow_sec: + +Remote Flow +=========== + +In this scenario the Relying Party MUST provide the URL where the signed presentation Request Object is available for download. + +Depending on whether the User is using a mobile device or a workstation, the Relying Party MUST support the following remote flows: + +* **Same Device**, the Relying Party MUST provide a HTTP redirect (302) location to the Wallet Instance; +* **Cross Device**, the Relying Party MUST provide a QR Code which the User frames with the Wallet Instance. + +Once the Wallet Instance establishes the trust with the Relying Party and evaluates the request, the User gives the consent for the disclosure of the Digital Credentials, in the form of a Verifiable Presentation. + +A High-Level description of the remote flow, from the User's perspective, is given below: + + 1. the Wallet Instance scans the QR Code and obtains the URL (Cross Device flow) or obtain directly an URL (Same Device flow); + 2. the Wallet Instance extracts from the payload the ``client_id`` and the `request_uri` parameters; + 3. the Wallet Instance establishes the Trust to the Relying Party by building the Federation Trust Chain. Implementations may evaluate the trust after having obtained the signed Request Object (see point 5); + 4. the Wallet fetches the signed Request Object using an HTTP request with method GET to the endpoint provided in the ``request_uri`` parameter; + 5. the Wallet verifies the signature of the signed Request Object and that its issuer matches the ``client_id`` obtained at the step number 2; + 6. the Wallet checks the presence in the signed Request Object of the parameter `request_uri_method`, if this parameter is present and set with the ``post`` valueThe Wallet transmits its metadata to the request_uri endpoint of the Relying Party using an HTTP POST method and obtains an updated signed Request Object; + 7. The Wallet Instance evaluates the requested PID/EAAs and checks the elegibility of the Relying Party in asking these by applying the policies related to that specific Relying Party; + 8. the Wallet Instance asks User disclosure and consent; + 9. the Wallet Instance presents the requested disclosure of PID/EAAs to the Relying Party, which validates the Wallet Attestation and checks that the Wallet Provider is trusted; + 10. the Wallet Instance informs the User about the successfull authentication with the Relying Party and give a good user experience to let the User continuing its navigation. + +Below a sequence diagram that summarizes the interactions between all the involved parties. + +.. figure:: ../../images/cross_device_auth_seq_diagram.svg + :align: center + :target: https://www.plantuml.com/plantuml/svg/XLNTRkCs4xtdKnpuk_YI84cpspi3AJQRfflijergUpSt1W9Q6jjiQ5BbZvoqwBjtA5goN2GeO1WGEMVcdFaPVl11kX0tMiWOh8cR1JaXn5KPhCFegoStWlI8GYpiSpxulyUFrAYI_0Z_-rcjrk6ZZYHgzgDALKiJC7gGMbF0dM7tfgJMn_RG9BAhCxaY4t84ASXKu2Y7PXFIBygiKF3XIslPa10HPpymP8m7Mc1ABj61aOrQoQ2i4L4cWuR6cD0VaNn0uMoWCb359zv6LxANoqiaGRYAOKs6OxPW71MEF7_dhs8jFHtZybB8CgX61aeC6ke2N3jAPn8d9vuXT7A2Hkf8SxEmaHK5YxrKbDO-gLVWBjDyZ4x1TGGRwcJ-Dhcs5U5-WjlPh609bNAi1aVVNxm_nbQ5DKgjEC2Zgaw7paxHaX8L3TcBlPQj42jdOyr4hEyg2slqoow9SOpfscx1AUferAmbbO1ljsFSrsJQstyL7RAkJw5jAJNaGOR55XawBQLXfqXU-yERv-2OtjpqYkPce6XkfAcoghbPEhj9iNidP2hHUw9K2BRp22xwaFEKh7lFsPJhqENCj_TUhGnLtHdiulUKx3xOi5WSiBRAXBPOEUohQ4wv3b3B8VXnGs5jAoWFJpjwnVrq9WG0zDHgPnjLaUyIp2XPoI0HxDjqaeU-omQP61GgK6bKgaufQxbGMWL5lWTcBR7cI5IzfUcDT1yCBNxf-AR2rLQhakFqg6_arFAb3I13T0Ix7DIWdz_x7B57IQqIi-wUBRyLH_uu6yJzt2-jGsbDckTzqyTzzrvRirHkGzLmH6BV5sqzsWLXdVepRuG9-JfvnDpacZNrOx1FPDxO43Uxl2HPMQwI2qquM3FPGG_g1GuBTXK2-Mn_pi7pvz2Wo9tYc9ZoI7kqo-PFnCSjak-u3gyEB6EC3N3KC9dgVC0cXqhBgafZB3Nkl8_aC4k3bLtkANz-c67QrNFWXUcLv7qUmTwL48wZ4cn3ZituJRdxT3lxDBcv-LMyZXWBNA-fVCAjrImBN-W57vMfkELQ8enYsVmhhFSCPzKCEKFqRD7wgkD2gn9F3CnRMgMyyCrGOh1eskRCXIjoZSw5m6nDfjjJxMMbVAcjfmeo1ASMCP0VSuaoppJsdEf-M1N7G9u8Hv2DL3erH9gcDXLYaBElTTS5-QtQwS5HVacw0Jt6O06bD-AxT-VlyFxY0lTVcCPV8vUVZ7PBZCPOXr1xHATp1xjTIp-MjYByFPo5xU7RqJqNKxcXWzSY3vvanZxJ7KPCqlxheMceV-S-JyUxp1q-77djuoW9x7PH5f2pSPoJa7bSlGPTgOPCXhHEabv_YiXsMeEUwxOsri77CdNUCkgM-mV-Ynlz3m00 + + Remote Protocol Flow + +The details of each step shown in the previous picture are described in the table below. + + +.. list-table:: + :widths: 10 50 + :header-rows: 1 + + * - **Id** + - **Description** + * - **1**, **2** + - The User requests to access to a protected resource, the Relying Party redirects the User to a discovery page in which the User selects the *Login with the Wallet* button. The Authorization flow starts. + * - **3**, **4**, + - The Relying Party provides the Wallet Instance with a URL where a generic signed Request Object can be downloaded. + * - **5**, **6**, **7**, **8**, **9** + - In the **Cross Device Flow**: the Request URI is provided in the form of a QR Code that is shown to the User. The User frames the QRCode with the Wallet Instance and extracts ``client_id``, ``request_uri`` and ``state``. In the **Same Device Flow** the Relying Party provides the same information of the Cross-Device flow but in the form of HTTP Redirect Location (302). + * - **10**, **11**, **12** + - The Wallet Instance obtains the signed Request Object. + * - **13**, **14** and **15** + - The Wallet Instance checks if the Relying Party has provided the ``request_uri_method`` within its signed Request Object. If true, the Wallet provides its metadata in the to the Relying Party. The Relying PArty produces a new signed Request Object compliant to the Wallet technical capabilities. + * - **13**, **14**, **15**, **16**, **17**, **18** + - The Request Object JWS is verified by the Wallet Instance. The Wallet processes the Relying Party metadata and applies the policies related to the Relying Party, attesting whose Digital Credentials and User data the Relying Party is granted to request. + * - **19**, **20** + - The Wallet Instance requests the User's consent for the release of the Credentials. The User authorizes and consents the presentation of the Credentials by selecting/deselecting the personal data to release. + * - **21** + - The Wallet Instance provides the Authorization Response to the Relying Party using an HTTP request with the method POST (response mode "direct_post"). + * - **22**, **23**, **24**, **25** and **26** + - The Relying Party verifies the Authorization Response, extracts the Wallet Attestation to establish the trust with the Wallet Solution. The Relying Party extracts the Digital Credentials and attests the trust to the Credentials Issuer and the proof of possession of the Wallet Instance about the presented Digital Credentials. Finally, the Relying Party verifies the revocation status of the presented Digital Credentials. + * - **27** and **28** + - The Relying Party provides to the Wallet a redirect URI with a response code to be used by the Wallet to finalize the authentication. + * - **29** + - The User is informed by the Wallet Instance that the Autentication succeded, then the protected resource is made available to the User. + + +Request URI with HTTP POST +-------------------------- + +The Relying Party SHOULD provide the POST method with its ``request_uri`` endpoint +allowing the Wallet Instance to inform the Relying Party about its technical capabilities. + +This feature can be useful when, for example, the Wallet Instance supports +a restricted set of features, supported algorithms or a specific url for +its ``authorization_endpoint``, and any other information that it deems necessary to +provide to the Relying Party the parameters necessary for better interoperability. + +.. warning:: + The Wallet Instance, when providing its technical capabilities to the + Relying Party, MUST NOT include any User information or other explicit + information regarding the hardware used or usage preferences of its User. + +If both the Relying Party and the Wallet Instance +supports the ``request_uri_method`` with HTTP POST, +the Wallet Instance capabilities MUST +be provided using an HTTP request to the `request_uri` endpoint of the Relying Party, +with the method POST and content type set to `application/json`. + +A non-normative example of the HTTP request is represented below: + +.. code:: http + + POST /request-uri HTTP/1.1 + HOST: relying-party.example.org + Content-Type: application/json + + { + "authorization_endpoint": "https://wallet-solution.digital-strategy.europa.eu/authorization", + "response_types_supported": [ + "vp_token" + ], + "response_modes_supported": [ + "form_post.jwt" + ], + "vp_formats_supported": { + "vc+sd-jwt": { + "sd-jwt_alg_values": [ + "ES256", + "ES384" + ] + } + }, + "request_object_signing_alg_values_supported": [ + "ES256" + ], + "presentation_definition_uri_supported": false, + } + +The response of the Relying Party is defined in the section below. + + +Authorization Request Details +----------------------------- + +The Relying Party MUST create a Request Object in the form of a signed JWT and +it MUST provide it to the Wallet Instance through an HTTP URL (request URI). +The HTTP URL points to the web resource where the signed request object is +available for download. The URL parameters contained in the Relying Party +response, containing the request URI, are described in the Table below. + +.. list-table:: + :widths: 25 50 + :header-rows: 1 + + * - **Name** + - **Description** + * - **client_id** + - Unique identifier of the Relying Party. + * - **request_uri** + - The HTTPs URL where the Relying Party provides the signed Request Object to the Wallet Instance. + + + +Below a non-normative example of the response containing the required parameters previously described. + +.. code-block:: javascript + + https://wallet-solution.digital-strategy.europa.eu/authorization?client_id=...&request_uri=... + +The value corresponding to the `request_uri` endpoint SHOULD be randomized, according to `RFC 9101, The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) `_ Section 5.2.1. + + +In the **Same Device Flow** the Relying Party uses an HTTP response redirect (with status code set to 302) as represented in the following non-normative example: + +.. code:: text + + HTTP/1.1 /authorization Found + Location: https://wallet-solution.digital-strategy.europa.eu? + client_id=https%3A%2F%2Frelying-party.example.org%2Fcb + &request_uri=https%3A%2F%2Frelying-party.example.org%2Frequest_uri + + +In the **Cross Device Flow**, a QR Code is shown by the Relying Party to the User in order to provide the Authorization Request. The User frames the QR Code using their Wallet Instance. + +Below is represented a non-normative example of a QR Code issued by the Relying Party. + +.. figure:: ../../images/verifier_qr_code.svg + :figwidth: 50% + :align: center + + +Below is represented a non-normative example of the QR Code raw payload: + +.. code-block:: text + + https://wallet-solution.digital-strategy.europa.eu/authorization?client_id=https%3A%2F%2Frelying-party.example.org&request_uri=https%3A%2F%2Frelying-party.example.org + +.. note:: + The *error correction level* chosen for the QR Code MUST be Q (Quartily - up to 25%), since it offers a good balance between error correction capability and data density/space. This level of quality and error correction allows the QR Code to remain readable even if it is damaged or partially obscured. + + +Cross Device Flow Status Checks and Security +-------------------------------------------- + +When the flow is Cross Device, the user-agent needs to check the session status to the endpoint made available by Relying Party (status endpoint). This check MAY be implemented in the form of JavaScript code, within the page that shows the QRCode, then the user-agent checks the status with a polling strategy in seconds or a push strategy (eg: web socket). + +Since the QRcode page and the status endpoint are implemented by the Relying Party, it is under its responsability the implementation details of this solution, since it is related to the Relying Party's internal API. + +The Relying Party MUST bind the request of the user-agent, with a Secure and HttpOnly session cookie, with the issued request. The request url SHOULD include a parameter with a random value. The HTTP response returned by this specialized endpoint MAY contain the HTTP status codes listed below: + +* **201 Created**. The signed Request Object was issued by the Relying Party that waits to be downloaded by the Wallet Instance at the **request_uri** endpoint. +* **202 Accepted**. This response is given when the signed Request Object was obtained by the Wallet Instance. +* **200 OK**. The Wallet Instance has provided the presentation to the Relying Party's **response_uri** endpoint and the User authentication is successful. The Relying Party updates the session cookie allowing the user-agent to access to the protected resource. An URL is provided carrying the location where the user-agent is intended to navigate. +* **401 Unauthorized**. The Wallet Instance or its User have rejected the request, or the request is expired. The QRCode page SHOULD be updated with an error message. + +Below a non-normative example of the HTTP Request to this specialized endpoint, where the parameter ``id`` contains an opaque and random value: + +.. code:: + + GET /session-state?id=3be39b69-6ac1-41aa-921b-3e6c07ddcb03 + HTTP/1.1 + HOST: relying-party.example.org + + +Request Object Details +---------------------- + +Below a non-normative example of HTTP request made by the Wallet Instance to the Relying Party. + +.. code-block:: javascript + + GET /request_uri HTTP/1.1 + HOST: relying-party.example.org + + +Request URI response +-------------------- + +The Relying Party issues the signed Request Object, where a non-normative example in the form of decoded header and payload is shown below: + +.. code-block:: text + + { + "alg": "ES256", + "typ": "JWT", + "kid": "e0bbf2f1-8c3a-4eab-a8ac-2e8f34db8a47", + "trust_chain": [ + "MIICajCCAdOgAwIBAgIC...awz", + "MIICajCCAdOgAwIBAgIC...2w3", + "MIICajCCAdOgAwIBAgIC...sf2" + ] + } + . + { + "scope": "eu.europa.ec.eudiw.pid.it.1 tax_id_number", + "client_id_scheme": "entity_id", + "client_id": "https://relying-party.example.org", + "response_mode": "direct_post.jwt", + "response_type": "vp_token", + "response_uri": "https://relying-party.example.org/response_uri", + "nonce": "2c128e4d-fc91-4cd3-86b8-18bdea0988cb", + "state": "3be39b69-6ac1-41aa-921b-3e6c07ddcb03", + "iss": "https://relying-party.example.org", + "iat": 1672418465, + "exp": 1672422065, + "request_uri_method": "post" + } + +The JWS header parameters are described below: + +.. list-table:: + :widths: 25 50 + :header-rows: 1 + + * - **Name** + - **Description** + * - **alg** + - Algorithm used to sign the JWT, according to [:rfc:`7516#section-4.1.1`]. It MUST be one of the supported algorithms in Section *Cryptographic Algorithms* and MUST NOT be set to ``none`` or to a symmetric algorithm (MAC) identifier. + * - **typ** + - Media Type of the JWT, as defined in [:rfc:`7519`]. + * - **kid** + - Key ID of the public key needed to verify the JWS signature, as defined in [:rfc:`7517`]. REQUIRED when ``trust_chain`` is used. + * - **trust_chain** + - Sequence of Entity Statements that composes the Trust Chain related to the Relying Party, as defined in `OIDC-FED`_ Section *3.2.1. Trust Chain Header Parameter*. + + +The JWS payload parameters are described herein: + +.. list-table:: + :widths: 25 50 + :header-rows: 1 + + * - **Name** + - **Description** + * - **scope** + - Aliases for well-defined Presentation Definitions IDs. It is used to identify which required credentials and User attributes are requested by the Relying Party, according to the Section "Using scope Parameter to Request Verifiable Credential(s)" of [OID4VP]. + * - **client_id_scheme** + - String identifying the scheme of the value in the ``client_id``. It MUST be set to the value ``entity_id``. + * - **client_id** + - Unique Identifier of the Relying Party. + * - **response_mode** + - It MUST be set to ``direct_post.jwt``. + * - **response_type** + - It MUST be set to``vp_token``. + * - **response_uri** + - The Response URI to which the Wallet Instance MUST send the Authorization Response using an HTTP request using the method POST. + * - **nonce** + - Fresh cryptographically random number with sufficient entropy, which length MUST be at least 32 digits. + * - **state** + - Unique identifier of the Authorization Request. + * - **iss** + - The entity that has issued the JWT. It will be populated with the Relying Party client id. + * - **iat** + - Unix Timestamp, representing the time at which the JWT was issued. + * - **exp** + - Unix Timestamp, representing the expiration time on or after which the JWT MUST NOT be valid anymore. + * - **request_uri_method** + - String determining the HTTP method to be used with the `request_uri` endpoint to provide the Wallet metadata to the Relying Party. The value is case-insensitive and can be set to: `get` or `post`. The GET method, as defined in [@RFC9101], involves the Wallet sending a GET request to retrieve a Request Object. The POST method involves the Wallet requesting the creation of a new Request Object by sending an HTTP POST request, with its metadata, to the request URI of the Relying Party. + +.. warning:: + + Using the parameter ``scope`` requires that the Relying Party Metadata MUST contain the ``presentation_definition``, where a non-normative example of it is given below: + +.. code-block:: JSON + + { + "presentation_definition": { + "id": "presentation definitions", + "input_descriptors": [ + { + "id": "eu.europa.ec.eudiw.pid.it.1", + "name": "Person Identification Data", + "purpose": "User authentication", + "format": "vc+sd-jwt", + "constraints": { + "fields": [ + { + "path": [ + "$.credentialSubject.unique_id", + "$.credentialSubject.given_name", + "$.credentialSubject.family_name", + ] + } + ], + "limit_discolusre": "preferred" + } + } + ] + } + } + + +.. note:: + + The following parameters, even if defined in [OID4VP], are not mentioned in the previous non-normative example, since their usage is conditional and may change in future release of this documentation. + + - ``presentation_definition``: JSON object according to `Presentation Exchange `_. This parameter MUST not be present when ``presentation_definition_uri`` or ``scope`` are present. + - ``presentation_definition_uri``: Not supported. String containing an HTTPS URL pointing to a resource where a Presentation Definition JSON object can be retrieved. This parameter MUST be present when ``presentation_definition`` parameter or a ``scope`` value representing a Presentation Definition is not present. + - ``client_metadata``: A JSON object containing the Relying Party metadata values. The ``client_metadata`` parameter MUST NOT be present when ``client_id_scheme`` is ``entity_id``. Since the ``client_metadata`` is taken from ``trust_chain``, this parameter is intended to not be used. + - ``client_metadata_uri``: string containing an HTTPS URL pointing to a resource where a JSON object with the Relying Party metadata can be retrieved. The ``client_metadata_uri`` parameter MUST NOT be present when ``client_id_scheme`` is ``entity_id``. Since the ``client_metadata`` is taken from ``trust_chain``, this parameter is intended to not be used. + + +Authorization Response Details +------------------------------ + +After getting the User authorization and consent for the presentation of the Credentials, the Wallet sends the Authorization Response to the Relying Party ``response_uri`` endpoint, the content SHOULD be encrypted according `OPENID4VP`_ Section 6.3, using the Relying Party public key. + +.. note:: + **Why the response is encrypted?** + + The response sent from the Wallet Instance to the Relying Party is encrypted to prevent a malicious agent from gaining access to the plaintext information transmitted within the Relying Party's network. This is only possible if the network environment of the Relying Party employs `TLS termination `_. Such technique employs a termination proxy that acts as an intermediary between the client and the webserver and handles all TLS-related operations. In this manner, the proxy deciphers the transmission's content and either forwards it in plaintext or by negotiates an internal TLS session with the actual webserver's intended target. In the first scenario, any malicious actor within the network segment could intercept the transmitted data and obtain sensitive information, such as an unencrypted response, by sniffing the transmitted data. + +Below a non-normative example of the request: + +.. code-block:: http + + POST /response_uri HTTP/1.1 + HOST: relying-party.example.org + Content-Type: application/x-www-form-urlencoded + + response=eyJhbGciOiJFUzI1NiIs...9t2LQ + + +Below is a non-normative example of the decrypted JSON ``response`` content: + +.. code-block:: + + { + "state": "3be39b69-6ac1-41aa-921b-3e6c07ddcb03", + "vp_token": [ + "eyJhbGciOiJFUzI1NiIs...PT0iXX0", + $WalletInstanceAttestation-JWT + ], + "presentation_submission": { + "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653", + "id": "04a98be3-7fb0-4cf5-af9a-31579c8b0e7d", + "descriptor_map": [ + { + "id": "eu.europa.ec.eudiw.pid.it.1", + "path": "$.vp_token.verified_claims.claims._sd[0]", + "format": "vc+sd-jwt" + } + ] + } + } + +Where the following parameters are used: + +.. list-table:: + :widths: 25 50 + :header-rows: 1 + + * - **Name** + - **Description** + * - **vp_token** + - JSON Array containing the Verifiable Presentation(s). There MUST be at least two signed presentations in this Array: + - The Requested Digital Credential (one or more, if in format SD-JWT VC or MDOC CBOR) + - The Wallet Instance Attestation + * - **presentation_submission** + - JSON Object containing the mappings between the requested Verifiable Credentials and where to find them within the returned Verifiable Presentation Token. + * - **state** + - Unique identifier provided by the Relying Party within the Authorization Request. + + +Below is a non-normative example of the ``vp_token`` decoded content, represented in the form of JWS header and payload, separated by a period: + +.. code-block:: text + + { + "alg": "ES256", + "typ": "JWT", + "kid": "e0bbf2f1-8c3a-4eab-a8ac-2e8f34db8a47" + } + . + { + "iss": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c", + "jti": "3978344f-8596-4c3a-a978-8fcaba3903c5", + "aud": "https://relying-party.example.org/response_uri", + "iat": 1541493724, + "exp": 1573029723, + "nonce": "2c128e4d-fc91-4cd3-86b8-18bdea0988cb" + "vp": "~~~...~" + } + +Where the following parameters are used: + +.. list-table:: + :widths: 25 50 + :header-rows: 1 + + * - **Name** + - **Description** + * - **vp** + - The Digital Credential in its original state. The public key contained in the Digital Credential MUST be used to verify the entire VP JWS as Proof of Possession of the private key which the public key is included in the Digital Credential. Eg: for SD-JWT VC the pblic key is provided within the ``cnf.jwk`` claim. + * - **jti** + - JWS unique identifier. + * - **iat** + - Unix timestamp of the time of issuance of this presentation. + * - **exp** + - Unix timestamp beyond which this presentation will no longer be considered valid. + * - **aud** + - Audience of the VP, corresponding to the ``response_uri`` within the Authorization request issued by the Relying Party. + * - **nonce** + - The nonce value provided by the Relying Party within the Authorization Request. + + +Redirect URI +------------ + +When the Relying Party provides the redirect URI, the Wallet MUST send the user-agent to this redirect URI. The redirect URI allows the Relying Party to continue the interaction with the End-User on the device where the Wallet resides after the Wallet has sent the Authorization Response to the response URI. + +The Relying Party MUST include a response code withing the redirect URI. The response code is a fresh, cryptographically random number used to ensure only the receiver of the redirect can fetch and process the Authorization Response. The number could be added as a path component, as a parameter or as a fragment to the URL. It is RECOMMENDED to use a cryptographic random value of 128 bits or more at the time of the writing of this specification. + +The following is a non-normative example of the response from the Relying Party to the Wallet upon receiving the Authorization Response at the Response Endpoint. + + +.. code-block:: http + + HTTP/1.1 200 OK + Content-Type: application/json;charset=UTF-8 + + { + "redirect_uri": "https://relying-party.example.org/cb#response_code=091535f699ea575c7937fa5f0f454aee" + } + +The ``redirect_uri`` value MUST be used with an HTTP method GET by either the Wallet or the user-agent to redirect the User to the Relying Party in order to complete the authentication process. The specific entity that performs this action depends on whether the flow is Same device or Cross device. + + +Relying Party Entity Configuration +----------------------------------- +According to the `Trust Model`_ section, the Relying Party is a Federation Entity and MUST expose a *well-known* endpoint containing its Entity Configuration. + +Below a non-normative example of the request made by the Wallet Instance to the *openid-federation* well-known endpoint to obtain the Relying Party Entity Configuration: + +.. code-block:: http + + GET /.well-known/openid-federation HTTP/1.1 + HOST: relying-party.example.org + + +Below is a non-normative response example: + +.. code-block:: text + + { + "alg": "RS256", + "kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs", + "typ": "entity-statement+jwt" + } + . + { + "exp": 1649590602, + "iat": 1649417862, + "iss": "https://rp.example.it", + "sub": "https://rp.example.it", + "jwks": { + "keys": [ + { + "kty": "RSA", + "n": "5s4qi ...", + "e": "AQAB", + "kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs" + } + ] + }, + "metadata": { + "wallet_relying_party": { + "application_type": "web", + "client_id": "https://rp.example.it", + "client_name": "Name of an example organization", + "jwks": { + "keys": [ + { + "kty": "RSA", + "use": "sig", + "n": "1Ta-sE ...", + "e": "AQAB", + "kid": "YhNFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs", + "x5c": [ "..." ] + } + ] + }, + + "contacts": [ + "ops@relying-party.example.org" + ], + + "request_uris": [ + "https://relying-party.example.org/request_uri" + ], + "response_uris": [ + "https://relying-party.example.org/response_uri" + ], + "default_acr_values": [ + "https://www.spid.gov.it/SpidL2", + "https://www.spid.gov.it/SpidL3" + ], + "vp_formats": { + "vc+sd-jwt": { + "sd-jwt_alg_values": [ + "ES256", + "ES384" + ], + "kb-jwt_alg_values": [ + "ES256", + "ES384" + ] + } + }, + "presentation_definitions": [ + { + "id": "eu.europa.ec.eudiw.pid.it.1", + "input_descriptors": [ + { + "id": "IdentityCredential", + "format": { + "vc+sd-jwt": {} + }, + "constraints": { + "limit_disclosure": "required", + "fields": [ + { + "path": [ + "$.type" + ], + "filter": { + "type": "string", + "const": "IdentityCredential" + } + }, + { + "path": [ + "$.family_name" + ] + }, + { + "path": [ + "$.given_name" + ] + }, + { + "path": [ + "$.unique_id" + ], + "intent_to_retain": "true" + } + ] + } + } + ] + }, + { + "id": "mDL-sample-req", + "input_descriptors": [ + { + "id": "mDL", + "format": { + "mso_mdoc": { + "alg": [ + "EdDSA", + "ES256" + ] + }, + "constraints": { + "limit_disclosure": "required", + "fields": [ + { + "path": [ + "$.mdoc.doctype" + ], + "filter": { + "type": "string", + "const": "org.iso.18013.5.1.mDL" + } + }, + { + "path": [ + "$.mdoc.namespace" + ], + "filter": { + "type": "string", + "const": "org.iso.18013.5.1" + } + }, + { + "path": [ + "$.mdoc.family_name" + ], + "intent_to_retain": "false" + }, + { + "path": [ + "$.mdoc.portrait" + ], + "intent_to_retain": "false" + }, + { + "path": [ + "$.mdoc.driving_privileges" + ], + "intent_to_retain": "false" + } + ] + } + } + } + ] + } + ], + + "default_max_age": 1111, + + // JARM related + "authorization_signed_response_alg": [[ + "ES256" + ], + "authorization_encrypted_response_alg": [ + "RSA-OAEP", + "RSA-OAEP-256" + ], + "authorization_encrypted_response_enc": [ + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + "A128GCM", + "A192GCM", + "A256GCM" + ], + + // SIOPv2 related + "subject_type": "pairwise", + "require_auth_time": true, + "id_token_signed_response_alg": [ + "ES256" + ], + "id_token_encrypted_response_alg": [ + "RSA-OAEP", + "RSA-OAEP-256" + ], + "id_token_encrypted_response_enc": [ + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + "A128GCM", + "A192GCM", + "A256GCM" + ], + }, + "federation_entity": { + "organization_name": "OpenID Wallet Relying Party example", + "homepage_uri": "https://relying-party.example.org/home", + "policy_uri": "https://relying-party.example.org/policy", + "logo_uri": "https://relying-party.example.org/static/logo.svg", + "contacts": [ + "tech@relying-party.example.org" + ] + } + }, + "authority_hints": [ + "https://registry.eudi-wallet.example.it" + ] + } + } + + +The Entity Configuration is a JWS, where its header parameters are defined below: + +.. list-table:: + :widths: 25 50 + :header-rows: 1 + + * - **Name** + - **Description** + * - **alg** + - Algorithm used to sign the JWT + * - **typ** + - Media Type of the JWT + * - **kid** + - Key ID used identifying the key used to sign the JWS + + +.. note: + The Relying Party specific metadata parameter are experimental + and still under discussion `here `_. + diff --git a/refs/pull/201/merge/en/_sources/revocation-lists.rst.txt b/refs/pull/201/merge/en/_sources/revocation-lists.rst.txt new file mode 100644 index 000000000..49cc7b174 --- /dev/null +++ b/refs/pull/201/merge/en/_sources/revocation-lists.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _revocation-lists.rst: + +revocation-lists.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/en/_sources/ssi-introduction.rst.txt b/refs/pull/201/merge/en/_sources/ssi-introduction.rst.txt new file mode 100644 index 000000000..263d0cb66 --- /dev/null +++ b/refs/pull/201/merge/en/_sources/ssi-introduction.rst.txt @@ -0,0 +1,41 @@ +.. include:: ../common/common_definitions.rst + +.. _ssi-introduction.rst: + +Self Sovereign Identity ++++++++++++++++++++++++ + +Introduction to SSI +------------------- + +**Definition** + +Self-Sovereign Identity (SSI) refers to a new paradigm in Identity and Access Management (IAM) that improves the privacy and grants complete control and ownership over the personal data by their owner, the citizens. +Users possess their digital documents and determine to which actors they present these documents, with the ability to revoke the use of said documents, all while maintaining a history of their activities. + +The main difference between this new approach and the traditional IAM infrastructure is that during the presentation phase there are no intermediates between the Wallet (Holder of the credentials) and the Relying Party, while in the SAML2 or OIDC based infrastructure an Identity Provider is always involved, knowing which services a citizen is accessing to. + +SSI is also significant in the field of data exchange and data governance. This is relevant at both national and European levels, including the new eIDAS Regulation. In fact, it envisions a login option designed for European Users - be they citizens, public administrations, or companies - who want to access another Member State's services using their national authentication systems. + +The main roles in an SSI ecosystem are are listed as follow: + + - Issuers: parties who can issue digital credentials about a person; + - verifiers: parties who request Holders' digital credentials for authentication and authorization purposes; + - Holders: individuals who own a Wallet and have control over the digital credentials they can request, acquire, store, and present to verifiers; + - Verifiable Data Registries: Authorities that publish certificates, attestations, metadata, and schemes needed for allowing the trust establishment between the parties. + +In the SSI model, the data source (e.g., an educational institution) provides digital credentials to the User, who can store them in their digital Wallet. +A secure Self-Sovereign Identity Wallet is crucial, as it allows people to carry their credentials on their personal digital devices. The Wallet typically comes in the form of an application on the User's mobile phone. Portability is, therefore, one of the principles of SSI. + +Other key elements that characterize an SSI system include: + + - **Privacy and control**: SSI enables individuals to maintain control over their personal data. They can choose what information to release, to whom, and for what purpose; + - **Security**: SSI leverages advanced cryptographic techniques to ensure the integrity and security of identity information. It avoids the risk of identity theft, fraud, and unauthorized access since the data remains under the individual's control; + - **Interoperability**: SSI promotes interoperability by enabling different systems and organizations to recognize and verify identities without relying on a central authority. This allows for seamless and trusted interactions between individuals, organizations, and even across borders; + - **Efficiency and cost reduction**: individuals can manage their own identities with SSI, eliminating the need for multiple identity credentials and repetitive identity verification processes. This can streamline administrative procedures, reduce costs, and enhance the user experience. + +**Example** + +When a User wants to purchase a good or access to a service, the service provider asks the User for authentication or for a specific proof. Instead of presenting physical identification documents or disclosing their full data, the individual can use their SSI system if supported by the service provider. +An example of SSI in action could be a scenario where an individual needs to prove their age to access a restricted service, such as purchasing age-restricted items. They would release only the necessary information, such as a digitally signed proof of being above the legal age, without revealing any other personal details. The verifier can then cryptographically validate the proof. + diff --git a/refs/pull/201/merge/en/_sources/standards.rst.txt b/refs/pull/201/merge/en/_sources/standards.rst.txt new file mode 100644 index 000000000..2a2c017f8 --- /dev/null +++ b/refs/pull/201/merge/en/_sources/standards.rst.txt @@ -0,0 +1 @@ +.. include:: ../common/standards.rst diff --git a/refs/pull/201/merge/en/_sources/trust.rst.txt b/refs/pull/201/merge/en/_sources/trust.rst.txt new file mode 100644 index 000000000..87cd8e5a7 --- /dev/null +++ b/refs/pull/201/merge/en/_sources/trust.rst.txt @@ -0,0 +1,632 @@ +.. include:: ../common/common_definitions.rst + +.. _trust.rst: + +The Infrastructure of Trust ++++++++++++++++++++++++++++ + +The EUDI Wallet Architecture Reference Framework (`EIDAS-ARF`_) describes the Trust Model as a *"collection of rules that ensure the legitimacy of the components and the entities involved in the EUDI Wallet ecosystem"*. + +This section outlines the implementation of the Trust Model in an infrastructure that complies with OpenID Federation 1.0 `OIDC-FED`_. This infrastructure involves a RESTful API for distributing metadata, metadata policies, trust marks, public keys, X.509 certificates, and the revocation status of the participants, also called Federation Entities. + +The Infrastructure of trust facilitates the application of a trust assessment mechanism among the parties defined in the `EIDAS-ARF`_. + +.. figure:: ../../images/trust-roles.svg + :alt: federation portrait + :width: 100% + + The roles within the Federation, where the Trust Anchor oversees its subordinates, + which include one or more Intermediates and Leaves. In this + representation, both the Trust Anchor and the Intermediates MAY assume the role of Accreditation Body. + + +Federation Roles +------------------ + +All the participants are Federation Entities that MUST be accredited by an Accreditation Body, +except for Wallet Instances which are End-User's personal devices certified by their Wallet Provider. + +.. note:: + The Wallet Instance, as a personal device, is certified as reliable through a verifiable attestation issued and signed by a trusted third party. + + This is called *Wallet Attestation* and is documented in `the dedicated section `_. + + +Below the table with the summary of the Federation Entity roles, mapped on the corresponding EUDI Wallet roles, as defined in the `EIDAS-ARF`_. + ++-----------------------------------------+----------------+-----------------------------------+ +| EUDI Role | Federation Role| Notes | ++=========================================+================+===================================+ +| Public Key Infrastructure (PKI) | Trust Anchor | The Federation has PKI | +| | | capabilities. The | +| | Intermediates | Entity that configures | +| | | the entire infrastructure | +| | | is the Trust Anchor. | +| | | | ++-----------------------------------------+----------------+-----------------------------------+ +| Qualified Trust Service Provider (QTSP)| Leaf | | ++-----------------------------------------+----------------+-----------------------------------+ +| Person Identification Data Provider | Leaf | | ++-----------------------------------------+----------------+-----------------------------------+ +| Qualified Electronic Attestations | Leaf | | +| of Attributes Provider | | | ++-----------------------------------------+----------------+-----------------------------------+ +| Electronic Attestations of | Leaf | | +| Attributes Provider | | | ++-----------------------------------------+----------------+-----------------------------------+ +| Relying Party | Leaf | | ++-----------------------------------------+----------------+-----------------------------------+ +| Trust Service Provider (TSP) | Leaf | | ++-----------------------------------------+----------------+-----------------------------------+ +| Trusted List | Trust Anchor | The listing endpoint, the | +| | | trust mark status endpoint | +| | Intermediates | and the fetch endpoint must | +| | | be exposed by both Trust Anchors | +| | | and Intermediates, making | +| | | the Trusted List distributed | +| | | over multiple Federation Entities,| +| | | where each of these is responsible| +| | | for their accredited subordinates.| ++-----------------------------------------+----------------+-----------------------------------+ +| Wallet Provider | Leaf | | ++-----------------------------------------+----------------+-----------------------------------+ + + +General Properties +------------------ + +OpenID Federation facilitates the building of an infrastructure that is: + +- **Secure and Tamper-proof**, Entities' attestations of metadata and keys are cryptographically signed in the Trust Chain, comprised of attestations issued by multiple parties. These attestations, called statements, cannot be forged or tampered by an adversary; +- **Privacy-preserving**, the infrastructure is public and exposes public data such as public keys and metadata of the participants. It does not require authentication of the consumers and therefore does not track who is assessing trust against whom; +- **Guarantor of the non-repudiation of long-lived attestations**, historical keys endpoints and historical Trust Chains are saved for years according to data retention policies. This enables the certification of the validity of historical compliance, even in cases of revocation, expiration, or rotation of the keys used for signature verification; +- **Dynamic and flexible**, any participants have the freedom to modify parts of their metadata autonomously, as these are published within their domains and verified through the Trust Chain. Simultaneously, the Trust Anchor or its Intermediate may publish a metadata policy to dynamically modify the metadata of all participants - such as disabling a vulnerable signature algorithm - and obtain certainty of propagation within a configured period of time within the federation; +- **Developer friendly**, JWT and JSON formats have been adopted on the web for years. They are cost-effective in terms of storage and processing and have a wide range of solutions available, such as libraries and software development kits, which enable rapid implementation of the solution; +- **Scalable**, the Trust Model can accommodate more than a single organization by using Intermediates and multiple Trust Anchors where needed. + +Trust Model Requirements +------------------------ + +In the table below is provided the map of the components that the ARF defines within the Trust Model, in the same table is provided their coverage in `OIDC-FED`_. + ++----------------------------------------------------+--------------+----------------+ +| Component | Satisfied | how | ++====================================================+==============+================+ +| Issuers identification | |check-icon| | Trust Chain | ++----------------------------------------------------+--------------+----------------+ +| Issuers registration | |check-icon| | Trust Anchor | +| | | | +| | | Intermediates | +| | | accreditation | +| | | system | +| | | | ++----------------------------------------------------+--------------+----------------+ +| Recognised data models and schemas | |check-icon| | Entity | +| | | Configuration | +| | | | +| | | Entity | +| | | Statements | ++----------------------------------------------------+--------------+----------------+ +| Relying Parties' registration and authentication | |check-icon| | | +| | | Trust Chains | +| | | | +| | | Federation | +| | | Entity | +| | | Discovery | ++----------------------------------------------------+--------------+----------------+ +| Trust mechanisms in a cross-domain scenario | |check-icon| | | +| | | Trust Chains | +| | | | +| | | Federation | +| | | Entity | +| | | Discovery | ++----------------------------------------------------+--------------+----------------+ + + +Federation API endpoints +------------------------ + +OpenID Federation 1.0 uses RESTful Web Services secured over +HTTPs. OpenID Federation 1.0 defines which are the web endpoints that the participants MUST make +publicly available. The table below summarises the endpoints and their scopes. + +All the endpoints listed below are defined in the `OIDC-FED`_ specs. + ++---------------------------+----------------------------------------------+--------------------------------+-----------------+ +| endpoint name | http request | scope | required for | ++===========================+==============================================+================================+=================+ +| | | | Trust Anchor | +| | | | | +| federation metadata | **GET** .well-known/openid-federation |Metadata that an Entity | Intermediate | +| | |publishes about itself, | | +| | |verifiable with a trusted third | Wallet Provider| +| | |party (Superior Entity). It's | | +| | |called Entity Configuration. | Relying Party | +| | | | | +| | | | Credential | +| | | | Issuer | ++---------------------------+----------------------------------------------+--------------------------------+-----------------+ +| subordinate list endpoint | **GET** /list |Lists the Subordinates. | Trust Anchor | +| | | | | +| | | | Intermediate | ++---------------------------+----------------------------------------------+--------------------------------+-----------------+ +| fetch endpoint | **GET** /fetch?sub=https://rp.example.org | | Trust Anchor | +| | |Returns a signed document (JWS) | | +| | |about a specific subject, its | Intermediate | +| | |Subordinate. It's called Entity | | +| | |Statement. | | ++---------------------------+----------------------------------------------+--------------------------------+-----------------+ +| trust mark status | **POST** /status?sub=...&trust_mark_id=... | | Trust Anchor | +| | |Returns the status of the | | +| | |issuance (validity) of a Trust | Intermediate | +| | |Mark related to a specific | | +| | |subject. | | ++---------------------------+----------------------------------------------+--------------------------------+-----------------+ +| historical keys | **GET** | | Trust Anchor | +| | |Lists the expired and revoked | | +| | |keys, with the motivation of the| Intermediate | +| | .well-known/openid-federation-historical-jwks|revocation. | | +| | | | | ++---------------------------+----------------------------------------------+--------------------------------+-----------------+ + +All the responses of the federation endpoints are in the form of JWS, with the exception of the **Subordinate Listing endpoint** and the **Trust Mark Status endpoint** that are served as plain JSON by default. + + +Configuration of the Federation +------------------------------- + +The configuration of the federation is published by the Trust Anchor within its Entity Configuration, it is available at the well-known web path corresponding to **.well-known/openid-federation**. + +All the participants in the federation MUST obtain the federation configuration before entering the operational phase, and they +MUST keep it up-to-date. The federation configuration is the Trust Anchor's Entity Configuration, it contains the +public keys for signature operations and the maximum number of Intermediates allowed between a Leaf and the Trust Anchor (**max_path_length**). + +Below is a non-normative example of a Trust Anchor Entity Configuration, where each parameter is documented in the `OpenID Federation `_ specification: + +.. code-block:: text + + { + "alg": "RS256", + "kid": "FifYx03bnosD8m6gYQIfNHNP9cM_Sam9Tc5nLloIIrc", + "typ": "entity-statement+jwt" + } + . + { + "exp": 1649375259, + "iat": 1649373279, + "iss": "https://registry.eidas.trust-anchor.example.eu", + "sub": "https://registry.eidas.trust-anchor.example.eu", + "jwks": { + "keys": [ + { + "kty": "RSA", + "n": "3i5vV-_ ...", + "e": "AQAB", + "kid": "FifYx03bnosD8m6gYQIfNHNP9cM_Sam9Tc5nLloIIrc", + "x5c": [ ] + }, + { + "kty": "EC", + "kid": "X2ZOMHNGSDc4ZlBrcXhMT3MzRmRZOG9Jd3o2QjZDam51cUhhUFRuOWd0WQ", + "crv": "P-256", + "x": "1kNR9Ar3MzMokYTY8BRvRIue85NIXrYX4XD3K4JW7vI", + "y": "slT14644zbYXYF-xmw7aPdlbMuw3T1URwI4nafMtKrY", + "x5c": [ ] + } + ] + }, + "metadata": { + "federation_entity": { + "organization_name": "example TA", + "contacts":[ + "tech@eidas.trust-anchor.example.eu" + ], + "homepage_uri": "https://registry.eidas.trust-anchor.example.eu", + "logo_uri":"https://registry.eidas.trust-anchor.example.eu/static/svg/logo.svg", + "federation_fetch_endpoint": "https://registry.eidas.trust-anchor.example.eu/fetch", + "federation_resolve_endpoint": "https://registry.eidas.trust-anchor.example.eu/resolve", + "federation_list_endpoint": "https://registry.eidas.trust-anchor.example.eu/list", + "federation_trust_mark_status_endpoint": "https://registry.eidas.trust-anchor.example.eu/trust_mark_status" + } + }, + "trust_mark_issuers": { + "https://registry.eidas.trust-anchor.example.eu/openid_relying_party/public": [ + "https://registry.spid.eidas.trust-anchor.example.eu", + "https://public.intermediary.spid.org" + ], + "https://registry.eidas.trust-anchor.example.eu/openid_relying_party/private": [ + "https://registry.spid.eidas.trust-anchor.example.eu", + "https://private.other.intermediary.org" + ] + }, + "constraints": { + "max_path_length": 1 + } + } + + +Entity Configuration +-------------------- + +The Entity Configuration is the verifiable document that each Federation Entity MUST publish on its own behalf, in the **.well-known/openid-federation** endpoint. + +The Entity Configuration HTTP Response MUST set the media type to `application/entity-statement+jwt`. + +The Entity Configuration MUST be cryptographically signed. The public part of this key MUST be provided in the +Entity Configuration and within the Entity Statement issued by a immediate superior and related to its subordinate Federation Entity. + +The Entity Configuration MAY also contain one or more Trust Marks. + +.. note:: + **Entity Configuration Signature** + + All the signature-check operations regarding the Entity Configurations, Entity Statements and Trust Marks, are carried out with the Federation public keys. For the supported algorithms refer to Section `Cryptografic Algorithm`. + +Entity Configurations Common Parameters +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Entity Configurations of all the participants in the federation MUST have in common the parameters listed below. + + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - **iss** + - String. Identifier of the issuing Entity. + * - **sub** + - String. Identifier of the Entity to which it is referred. It MUST be equal to ``iss``. + * - **iat** + - UNIX Timestamp with the time of generation of the JWT, coded as NumericDate as indicated at :rfc:`7519`. + * - **exp** + - UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated at :rfc:`7519`. + * - **jwks** + - A JSON Web Key Set (JWKS) :rfc:`7517` that represents the public part of the signing keys of the Entity at issue. Each JWK in the JWK set MUST have a key ID (claim kid) and MAY have a `x5c` parameter, as defined in :rfc:`7517`. It contains the Federation Entity Keys required for the operations of trust evaluation. + * - **metadata** + - JSON Object. Each key of the JSON Object represents a metadata type identifier + containing JSON Object representing the metadata, according to the metadata + schema of that type. An Entity Configuration MAY contain more metadata statements, but only one for each type of + metadata (<**entity_type**>). the metadata types are defined in the section `Metadata Types `_. + + +Entity Configuration Trust Anchor +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Trust Anchor Entity Configuration, in addition of the common parameters listed above, MAY contain the following parameters: + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Required** + * - **constraints** + - JSON Object that describes the trust evaluation mechanisms bounds. It MUST contain the attribute **max_path_length** that + defines the maximum number of Intermediates between a Leaf and the Trust Anchor. + - |check-icon| + * - **trust_mark_issuers** + - JSON Array that defines which Federation authorities are considered trustworthy + for issuing specific Trust Marks, assigned with their unique identifiers. + - |uncheck-icon| + * - **trust_mark_owners** + - JSON Array that lists which entities are considered to be the owners of + specific Trust Marks. + - |uncheck-icon| + + +Entity Configuration Leaves and Intermediates +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +In addition to the previously defined claims, the Entity Configuration of the Leaf and of the Intermediate Entities, MUST contain the parameters listed below: + + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Required** + * - **authority_hints** + - Array of URLs (String). It contains a list of URLs of the immediate superior entities, such as the Trust Anchor or + an Intermediate, that issues an Entity Statement related to this subject. + - |check-icon| + * - **trust_marks** + - A JSON Array containing the Trust Marks. + - |uncheck-icon| + +Metadata Types +^^^^^^^^^^^^^^^^ + +In this section are defined the main metadata types mapped to the roles of the ecosystem, +giving the references of the metadata protocol for each of these. + + +.. note:: + + The entries that don't have any reference to a known draft or standard are intended to be defined in this technical reference. + ++------------------+-----------------------------+--------------+ +| Entity | metadata type | references | ++==================+=============================+==============+ +| Trust Anchor | ``federation_entity`` | `OIDC-FED`_ | ++------------------+-----------------------------+--------------+ +| Intermediate | ``federation_entity`` | `OIDC-FED`_ | ++------------------+-----------------------------+--------------+ +| | | | +| Wallet Provider | ``federation_entity`` | -- | +| | | | +| | ``wallet_provider`` | | +| | | | +| | | | ++------------------+-----------------------------+--------------+ +| | | | +| Credential Issuer| ``federation_entity`` | | +| | | | +| | ``openid_credential_issuer``| `OPENID4VCI`_| ++------------------+-----------------------------+--------------+ +| | | | +| Relying Party | ``federation_entity`` | | +| | | | +| | ``wallet_relying_party`` | `OIDC-FED`_ | +| | | | +| | | `OpenID4VP`_ | ++------------------+-----------------------------+--------------+ + +.. note:: + Wallet Provider metadata is defined in the section below. + + `Wallet Solution section `_. + + +Entity Statements +----------------- + +Trust Anchors and Intermediates publish Entity Statements related to their immediate Subordinates. +The Entity Statement MAY contain a metadata policy and the Trust Marks related to a Subordinate. + +The metadata policy, when applied, makes one or more changes to the final metadata of the Leaf. The final metadata of a Leaf is derived from the Trust Chain that contains all the statements, starting from the Entity Configuration up to the Entity Statement issued by the Trust Anchor. + +Trust Anchors and Intermediates MUST expose the Federation Fetch endpoint, where the Entity Statements are requested to validate the Leaf's Entity Configuration signature. + +.. note:: + The Federation Fetch endpoint MAY also publish X.509 certificates for each of the public keys of the Subordinate. Making the distribution of the issued X.509 certificates via a RESTful service. + +Below there is a non-normative example of an Entity Statement issued by an Accreditation Body (such as the Trust Anchor or its Intermediate) in relation to one of its Subordinates. + +.. code-block:: text + + { + "alg": "RS256", + "kid": "em3cmnZgHIYFsQ090N6B3Op7LAAqj8rghMhxGmJstqg", + "typ": "entity-statement+jwt" + } + . + { + "exp": 1649623546, + "iat": 1649450746, + "iss": "https://intermediate.eidas.example.org", + "sub": "https://rp.example.it", + "jwks": { + "keys": [ + { + "kty": "EC", + "kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs", + "crv": "P-256", + "x": "1kNR9Ar3MzMokYTY8BRvRIue85NIXrYX4XD3K4JW7vI", + "y": "slT14644zbYXYF-xmw7aPdlbMuw3T1URwI4nafMtKrY", + "x5c": [ ] + } + ] + }, + "metadata_policy": { + "wallet_relying_party": { + "scope": { + "subset_of": [ + "eu.europa.ec.eudiw.pid.1", + "given_name", + "family_name", + "email" + ] + }, + "vp_formats": { + "vc+sd-jwt": { + "sd-jwt_alg_values": [ + "ES256", + "ES384" + ], + "kb-jwt_alg_values": [ + "ES256", + "ES384" + ] + } + } + } + } + } + + +.. note:: + + **Entity Statement Signature** + + The same considerations and requirements made for the Entity Configuration + and in relation to the signature mechanisms MUST be applied for the Entity Statements. + + +Entity Statement +^^^^^^^^^^^^^^^^^^ + +The Entity Statement issued by Trust Anchors and Intermediates contains the following attributes: + + +.. list-table:: + :widths: 20 60 20 + :header-rows: 1 + + * - **Claim** + - **Description** + - **Required** + * - **iss** + - See `OIDC-FED`_ Section 3.1 for further details. + - |check-icon| + * - **sub** + - See `OIDC-FED`_ Section 3.1 for further details. + - |check-icon| + * - **iat** + - See `OIDC-FED`_ Section 3.1 for further details. + - |check-icon| + * - **exp** + - See `OIDC-FED`_ Section 3.1 for further details. + - |check-icon| + * - **jwks** + - Federation JWKS of the *sub* entity. See `OIDC-FED`_ Section 3.1 for further details. + - |check-icon| + * - **metadata_policy** + - JSON Object that describes the Metadata policy. Each key of the JSON Object represents an identifier of the metadata type and each value MUST be a JSON Object that represents the metadata policy according to that metadata type. Please refer to the `OIDC-FED`_ specifications, Section-5.1, for the implementation details. + - |uncheck-icon| + * - **trust_marks** + - JSON Array containing the Trust Marks issued by itself for the subordinate subject. + - |uncheck-icon| + * - **constraints** + - It MAY contain the **allowed_leaf_entity_types**, that restricts what types of metadata the subject is allowed to publish. + - |check-icon| + + +Trust Evaluation Mechanism +-------------------------- + +The Trust Anchor publishes the list of its Subordinates (Federation Subordinate Listing endpoint) and the attestations of their metadata and public keys (Entity Statements). + +Each participant, including Trust Anchor, Intermediate, Credential Issuer, Wallet Provider, and Relying Party, publishes its own metadata and public keys (Entity Configuration endpoint) in the well-known web resource **.well-known/openid-federation**. + +Each of these can be verified using the Entity Statement issued by a superior, such as the Trust Anchor or an Intermediate. + +Each Entity Statement is verifiable over time and MUST have an expiration date. The revocation of each statement is verifiable in real time and online (only for remote flows) through the federation endpoints. + +.. note:: + The revocation of an Entity is made with the unavailability of the Entity Statement related to it. If the Trust Anchor or its Intermediate doesn't publish a valid Entity Statement, or if it publishes an expired/invalid Entity Statement, the subject of the Entity Statement MUST be intended as not valid or revoked. + +The concatenation of the statements, through the combination of these signing mechanisms and the binding of claims and public keys, forms the Trust Chain. + +The Trust Chains can also be verified offline, using one of the Trust Anchor's public keys. + +.. note:: + Since the Wallet Instance is not a Federation Entity, the Trust Evaluation Mechanism related to it **requires the presentation of the Wallet Attestation during the credential issuance and presentation phases**. + + The Wallet Attestation conveys all the required information pertaining to the instance, such as its public key and any other technical or administrative information, without any User's personal data. + + +Relying Party Attestation +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Relying Party is accredited by a Trust Anchor or its Intermediate and obtains a Trust Mark to be included in its Entity Configuration. In its Entity Configuration the Relying Party publishes its specific metadata, including the supported signature and encryption algorithms and any other necessary information for the interoperability requirements. + +Any requests for User attributes, such as PID or (Q)EAA, from the Relying Party to Wallet Instances are signed and SHOULD contain the verifiable Trust Chain regarding the Relying Party. + +The Wallet Instance verifies that the Trust Chain related to the Relying Party is still active, proving that the Relying Party is still part of the Federation and not revoked. + +The Trust Chain SHOULD be contained within the signed request in the form of a JWS header parameter. + +In offline flows, Trust Chain verification enables the assessment of the reliability of Trust Marks and Attestations contained within. + + +Wallet Attestation +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Wallet Provider issues the Wallet Attestation, certifying the operational status of its Wallet Instances and including one of their public keys. + +The Wallet Attestation contains the Trust Chain that attests the reliability for its issuer (Wallet Provider) at the time of issuance. + +The Wallet Instance provides its Wallet Attestation within the signed request during the PID issuance phase, containing the Trust Chain related to the Wallet Provider. + + +Trust Chain +^^^^^^^^^^^^^^^ + +The Trust Chain is a sequence of verified statements that validates a participant's compliance with the Federation. It has an expiration date time, beyond which it MUST be renewed to obtain the fresh and updated metadata. The expiration date of the Trust Chain is determined by the earliest expiration timestamp among all the expiration timestamp contained in the statements. No Entity can force the expiration date of the Trust Chain to be higher than the one configured by the Trust Anchor. + +Below is an abstract representation of a Trust Chain. + +.. code-block:: python + + [ + "EntityConfiguration-as-SignedJWT-selfissued-byLeaf", + "EntityStatement-as-SignedJWT-issued-byTrustAnchor" + ] + +Below is a non-normative example of a Trust Chain in its original format (JSON Array containing JWS as strings) with an Intermediate involved. + +.. code-block:: python + + [ + "eyJhbGciOiJFUzI1NiIsImtpZCI6Ik5GTTFXVVZpVWxZelVXcExhbWxmY0VwUFJWWTJWWFpJUmpCblFYWm1SSGhLWVVWWVVsZFRRbkEyTkEiLCJ0eXAiOiJhcHBsaWNhdGlvbi9lbnRpdHktc3RhdGVtZW50K2p3dCJ9.eyJleHAiOjE2NDk1OTA2MDIsImlhdCI6MTY0OTQxNzg2MiwiaXNzIjoiaHR0cHM6Ly9ycC5leGFtcGxlLm9yZyIsInN1YiI6Imh0dHBzOi8vcnAuZXhhbXBsZS5vcmciLCJqd2tzIjp7ImtleXMiOlt7Imt0eSI6IkVDIiwia2lkIjoiTkZNMVdVVmlVbFl6VVdwTGFtbGZjRXBQUlZZMlZYWklSakJuUVhabVJIaEtZVVZZVWxkVFFuQTJOQSIsImNydiI6IlAtMjU2IiwieCI6InVzbEMzd2QtcFgzd3o0YlJZbnd5M2x6cGJHWkZoTjk2aEwyQUhBM01RNlkiLCJ5IjoiVkxDQlhGV2xkTlNOSXo4a0gyOXZMUjROMThCa3dHT1gyNnpRb3J1UTFNNCJ9XX0sIm1ldGFkYXRhIjp7Im9wZW5pZF9yZWx5aW5nX3BhcnR5Ijp7ImFwcGxpY2F0aW9uX3R5cGUiOiJ3ZWIiLCJjbGllbnRfaWQiOiJodHRwczovL3JwLmV4YW1wbGUub3JnLyIsImNsaWVudF9yZWdpc3RyYXRpb25fdHlwZXMiOlsiYXV0b21hdGljIl0sImp3a3MiOnsia2V5cyI6W3sia3R5IjoiRUMiLCJraWQiOiJORk0xV1VWaVVsWXpVV3BMYW1sZmNFcFBSVlkyVlhaSVJqQm5RWFptUkhoS1lVVllVbGRUUW5BMk5BIiwiY3J2IjoiUC0yNTYiLCJ4IjoidXNsQzN3ZC1wWDN3ejRiUllud3kzbHpwYkdaRmhOOTZoTDJBSEEzTVE2WSIsInkiOiJWTENCWEZXbGROU05JejhrSDI5dkxSNE4xOEJrd0dPWDI2elFvcnVRMU00In1dfSwiY2xpZW50X25hbWUiOiJOYW1lIG9mIGFuIGV4YW1wbGUgb3JnYW5pemF0aW9uIiwiY29udGFjdHMiOlsib3BzQHJwLmV4YW1wbGUuaXQiXSwiZ3JhbnRfdHlwZXMiOlsicmVmcmVzaF90b2tlbiIsImF1dGhvcml6YXRpb25fY29kZSJdLCJyZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vcnAuZXhhbXBsZS5vcmcvb2lkYy9ycC9jYWxsYmFjay8iXSwicmVzcG9uc2VfdHlwZXMiOlsiY29kZSJdLCJzY29wZSI6ImV1LmV1cm9wYS5lYy5ldWRpdy5waWQuMSBldS5ldXJvcGEuZWMuZXVkaXcucGlkLml0LjEgZW1haWwiLCJzdWJqZWN0X3R5cGUiOiJwYWlyd2lzZSJ9LCJmZWRlcmF0aW9uX2VudGl0eSI6eyJmZWRlcmF0aW9uX3Jlc29sdmVfZW5kcG9pbnQiOiJodHRwczovL3JwLmV4YW1wbGUub3JnL3Jlc29sdmUvIiwib3JnYW5pemF0aW9uX25hbWUiOiJFeGFtcGxlIFJQIiwiaG9tZXBhZ2VfdXJpIjoiaHR0cHM6Ly9ycC5leGFtcGxlLml0IiwicG9saWN5X3VyaSI6Imh0dHBzOi8vcnAuZXhhbXBsZS5pdC9wb2xpY3kiLCJsb2dvX3VyaSI6Imh0dHBzOi8vcnAuZXhhbXBsZS5pdC9zdGF0aWMvbG9nby5zdmciLCJjb250YWN0cyI6WyJ0ZWNoQGV4YW1wbGUuaXQiXX19LCJ0cnVzdF9tYXJrcyI6W3siaWQiOiJodHRwczovL3JlZ2lzdHJ5LmVpZGFzLnRydXN0LWFuY2hvci5leGFtcGxlLmV1L29wZW5pZF9yZWx5aW5nX3BhcnR5L3B1YmxpYy8iLCJ0cnVzdF9tYXJrIjoiZXlKaCBcdTIwMjYifV0sImF1dGhvcml0eV9oaW50cyI6WyJodHRwczovL2ludGVybWVkaWF0ZS5laWRhcy5leGFtcGxlLm9yZyJdfQ.Un315HdckvhYA-iRregZAmL7pnfjQH2APz82blQO5S0sl1JR0TEFp5E1T913g8GnuwgGtMQUqHPZwV6BvTLA8g", + "eyJhbGciOiJFUzI1NiIsImtpZCI6IlNURkRXV2hKY0dWWFgzQjNSVmRaYWtsQ0xUTnVNa000WTNGNlFUTk9kRXRyZFhGWVlYWjJjWGN0UVEiLCJ0eXAiOiJhcHBsaWNhdGlvbi9lbnRpdHktc3RhdGVtZW50K2p3dCJ9.eyJleHAiOjE2NDk2MjM1NDYsImlhdCI6MTY0OTQ1MDc0NiwiaXNzIjoiaHR0cHM6Ly9pbnRlcm1lZGlhdGUuZWlkYXMuZXhhbXBsZS5vcmciLCJzdWIiOiJodHRwczovL3JwLmV4YW1wbGUub3JnIiwiandrcyI6eyJrZXlzIjpbeyJrdHkiOiJFQyIsImtpZCI6Ik5GTTFXVVZpVWxZelVXcExhbWxmY0VwUFJWWTJWWFpJUmpCblFYWm1SSGhLWVVWWVVsZFRRbkEyTkEiLCJjcnYiOiJQLTI1NiIsIngiOiJ1c2xDM3dkLXBYM3d6NGJSWW53eTNsenBiR1pGaE45NmhMMkFIQTNNUTZZIiwieSI6IlZMQ0JYRldsZE5TTkl6OGtIMjl2TFI0TjE4Qmt3R09YMjZ6UW9ydVExTTQifV19LCJtZXRhZGF0YV9wb2xpY3kiOnsib3BlbmlkX3JlbHlpbmdfcGFydHkiOnsic2NvcGUiOnsic3Vic2V0X29mIjpbImV1LmV1cm9wYS5lYy5ldWRpdy5waWQuMSwgIGV1LmV1cm9wYS5lYy5ldWRpdy5waWQuaXQuMSJdfSwicmVxdWVzdF9hdXRoZW50aWNhdGlvbl9tZXRob2RzX3N1cHBvcnRlZCI6eyJvbmVfb2YiOlsicmVxdWVzdF9vYmplY3QiXX0sInJlcXVlc3RfYXV0aGVudGljYXRpb25fc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZCI6eyJzdWJzZXRfb2YiOlsiUlMyNTYiLCJSUzUxMiIsIkVTMjU2IiwiRVM1MTIiLCJQUzI1NiIsIlBTNTEyIl19fX0sInRydXN0X21hcmtzIjpbeyJpZCI6Imh0dHBzOi8vdHJ1c3QtYW5jaG9yLmV4YW1wbGUuZXUvb3BlbmlkX3JlbHlpbmdfcGFydHkvcHVibGljLyIsInRydXN0X21hcmsiOiJleUpoYiBcdTIwMjYifV19._qt5-T6DahP3TuWa_27klE8I9Z_sPK2FtQlKY6pGMPchbSI2aHXY3aAXDUrObPo4CHtqgg3J2XcrghDFUCFGEQ", + "eyJhbGciOiJFUzI1NiIsImtpZCI6ImVXa3pUbWt0WW5kblZHMWxhMjU1ZDJkQ2RVZERSazQwUWt0WVlVMWFhRFZYT1RobFpHdFdXSGQ1WnciLCJ0eXAiOiJhcHBsaWNhdGlvbi9lbnRpdHktc3RhdGVtZW50K2p3dCJ9.eyJleHAiOjE2NDk2MjM1NDYsImlhdCI6MTY0OTQ1MDc0NiwiaXNzIjoiaHR0cHM6Ly90cnVzdC1hbmNob3IuZXhhbXBsZS5ldSIsInN1YiI6Imh0dHBzOi8vaW50ZXJtZWRpYXRlLmVpZGFzLmV4YW1wbGUub3JnIiwiandrcyI6eyJrZXlzIjpbeyJrdHkiOiJFQyIsImtpZCI6IlNURkRXV2hKY0dWWFgzQjNSVmRaYWtsQ0xUTnVNa000WTNGNlFUTk9kRXRyZFhGWVlYWjJjWGN0UVEiLCJjcnYiOiJQLTI1NiIsIngiOiJyQl9BOGdCUnh5NjhVTkxZRkZLR0ZMR2VmWU5XYmgtSzh1OS1GYlQyZkZJIiwieSI6IlNuWVk2Y3NjZnkxcjBISFhLTGJuVFZsamFndzhOZzNRUEs2WFVoc2UzdkUifV19LCJ0cnVzdF9tYXJrcyI6W3siaWQiOiJodHRwczovL3RydXN0LWFuY2hvci5leGFtcGxlLmV1L2ZlZGVyYXRpb25fZW50aXR5L3RoYXQtcHJvZmlsZSIsInRydXN0X21hcmsiOiJleUpoYiBcdTIwMjYifV19.r3uoi-U0tx0gDFlnDdITbcwZNUpy7M2tnh08jlD-Ej9vMzWMCXOCCuwIn0ZT0jS4M_sHneiG6tLxRqj-htI70g" + ] + + +.. note:: + + The entire Trust Chain is verifiable by only possessing the Trust Anchor's public keys. + + +Offline Trust Attestation Mechanisms +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The offline flows do not allow for real-time evaluation of an Entity's status, such as its revocation. At the same time, using short-lived Trust Chains enables the attainment of trust attestations compatible with the required revocation administrative protocols (e.g., a revocation must be propagated in less than 24 hours, thus the Trust Chain must not be valid for more than that period). + + +Offline EUDI Wallet Trust Attestation +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Given that the Wallet Instance cannot publish its metadata online at the *.well-known/openid-federation* endpoint, +it MUST obtain a Wallet Attestation issued by its Wallet Provider. The Wallet Attestation MUST contain all the relevant information regarding the security capabilities of the Wallet Instance and its protocol related configuration. It SHOULD contain the Trust Chain related to its issuer (Wallet Provider). + + +Offline Relying Party Metadata +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Since the Federation Entity Discovery is only applicable in online scenarios, it is possible to include the Trust Chain in the presentation requests that the Relying Party may issue for a Wallet Instance. + +The Relying Party MUST sign the presentation request, the request SHOULD include the `trust_chain` claim in its JWS header parameters, containing the Federation Trust Chain related to itself. + +The Wallet Instance that verifies the request issued by the Relying Party MUST use the Trust Anchor's public keys to validate the entire Trust Chain related to the Relying Party before attesting its reliability. + +Furthermore, the Wallet Instance applies the metadata policy, if any. + + +Non-repudiability of the Long Lived Attestations +-------------------------------------------------- + +The Trust Anchor and its Intermediate MUST expose the Federation Historical Keys endpoint, where are published all the public part of the Federation Entity Keys that are no longer used, whether expired or revoked. + +The details of this endpoint are defined in the `OIDC-FED`_ Section 7.6. + +Each JWS containing a Trust Chain in the form of a JWS header parameter can be verified over time, since the entire Trust Chain is verifiable using the Trust Anchor's public key. + +Even if the Trust Anchor has changed its cryptographic keys for digital signature, the Federation Historical Keys endpoint always makes the keys no longer used available for historical signature verifications. + + +Privacy Remarks +--------------- + +- Wallet Instances MUST NOT publish their metadata through an online service. +- The trust infrastructure MUST be public, with all endpoints publicly accessible without any client credentials that may disclose who is requesting access. +- When a Wallet Instance requests the Entity Statements to build the Trust Chain for a specific Relying Party or validates a Trust Mark online, issued for a specific Relying Party, the Trust Anchor or its Intermediate do not know that a particular Wallet Instance is inquiring about a specific Relying Party; instead, they only serve the statements related to that Relying Party as a public resource. +- The Wallet Instance metadata MUST not contain information that may disclose technical information about the hardware used. +- Leaf entity, Intermediate, and Trust Anchor metadata may include the necessary amount of data as part of administrative, technical, and security contact information. It is generally not recommended to use personal contact details in such cases. From a legal perspective, the publication of such information is needed for operational support concerning technical and security matters and the GDPR regulation. + + +Considerations about Decentralization +------------------------------------- + +- There may be more than a single Trust Anchor. +- In some cases, a trust verifier may trust an Intermediate, especially when the Intermediate acts as a Trust Anchor within a specific perimeter, such as cases where the Leafs are both in the same perimeter like a Member State jurisdiction (eg: an Italian Relying Party with an Italian Wallet Instance may consider the Italian Intermediate as a Trust Anchor for the scopes of their interactions). +- Trust attestations (Trust Chain) should be included in the JWS issued by Credential Issuers, and the Presentation Requests of RPs should contain the Trust Chain related to them (issuers of the presentation requests). +- Since the credential presentation must be signed, storing the signed presentation requests and responses, which include the Trust Chain, the Wallet Instance may have the snapshot of the federation configuration (Trust Anchor Entity Configuration in the Trust Chain) and the verifiable reliability of the Relying Party it has interacted with. +- Each signed attestation is long-lived since it can be cryptographically validated even when the federation configuration changes or the keys of its issuers are renewed. +- Each participant should be able to update its Entity Configuration without notifying the changes to any third party. The metadata policy contained within a Trust Chain must be applied to overload any information related to protocol specific metadata. diff --git a/refs/pull/201/merge/en/_sources/wallet-attestation.rst.txt b/refs/pull/201/merge/en/_sources/wallet-attestation.rst.txt new file mode 100644 index 000000000..abfde0b54 --- /dev/null +++ b/refs/pull/201/merge/en/_sources/wallet-attestation.rst.txt @@ -0,0 +1,351 @@ +.. include:: ../common/common_definitions.rst + +.. _wallet-attestation.rst: + +Wallet Attestation +++++++++++++++++++ + +The Wallet Attestation containing details about the Wallet Instance and the device's security level where the Wallet Instance is installed. It generally attests the **authenticity**, **integrity**, **security**, **privacy**, and **trust** of a specific Wallet Instance. The Wallet Attestation MUST contain a Wallet Instance public key. + +General Properties +------------------ + +The Wallet Attestation: + +- MUST be issued and MUST be signed by Wallet Provider; +- MUST give all the relevant information to attests the **integrity** and **security** of the device where the Wallet Instance is installed. + +It is necessary for each Wallet Instance to obtain a Wallet Attestation before entering the Operational state. + +Requirements +------------ + +The following requirements for the Wallet Attestation are met: + +1. The Wallet Attestation MUST use the signed JSON Web Token (JWT) format. +2. The Wallet Provider MUST offer a RESTful set of services for issuing the Wallet Attestations. +3. The Wallet Attestation MUST be securely bound to the Wallet Instance public key (**Holder Key Binding**). +4. The Wallet Attestation MUST be issued and signed by an accredited and reliable Wallet Provider, thereby providing integrity and authenticity to the attestation. +5. The Wallet Attestation MUST ensure the integrity and authenticity of the Wallet Instance, verifying that it was accurately created and provided by the Wallet Provider. +6. Each Wallet Instance SHOULD be able to request multiple attestations with different public keys associated to them. This requirement provides a privacy-preserving measure, as the public key MAY be used as a tracking tool during the presentation phase (see also the point number 10, listed below). +7. The Wallet Attestation SHOULD be usable multiple times during its validity period, allowing for repeated authentication and authorization without the need to request new attestations with each interaction. +8. The Wallet Attestation SHOULD have an expiration date time, after which it will no longer be considered valid. +9. When the private key associated with the Wallet Instance is lost or deleted, the attestation MUST become invalid to prevent unauthorized use of the Wallet Instance. + + +High-level Design +----------------- + +Static Component View +~~~~~~~~~~~~~~~~~~~~~ + +.. figure:: ../../images/static_view_wallet_instance_attestation.svg + :name: Wallet Solution Schema + :alt: The image illustrates the containment of Wallet Provider and Wallet Instances within the Wallet Solution, managed by the Wallet Provider. + :target: https://www.plantuml.com/plantuml/uml/XP4nJuSm44VtVehBdxbnPp2iRYx6qTHIjR7SaVQ0-EqzaICDgN4ZBxpqzTUXiCkyJCaupvJXzbH2le4hiCW7A7rsAGM6ETCQn-E7RMSloi0OJzDC691FeL1QE1BMWZBeraW2Mbv4wK8VQayPT5yX9TgCQPclpdy676lnGF0ZN93DyVs3xVsrhOU70hCi0_JshwHXFJp-Rg4dIuECo96moD7xeBQbUKBEbE0EPEwuEWx6N2zj_uXqU8wbhVMhD3tjbAX1BYIl_mq0 + +Dynamic Component View +~~~~~~~~~~~~~~~~~~~~~~ + +This section describes the Wallet Attestation format and how the Wallet Provider issues it. + +.. figure:: ../../images/dynamic_view_sequence_wallet_instance_attestation.svg + :name: Sequence Diagram for Wallet Attestation Request + :alt: The figure illustrates the sequence diagram for issuing a Wallet Attestation, with the steps explained below. + :target: https://www.plantuml.com/plantuml/ZP91RzH038NlyojCJwr4n7qFgrOSAf2G409wwSL9h60ryGmUpqRRNuyt6qBJe5MlzlFtx3TpcmtLoj27Tqcn6n2CuZEO5WfOB4ePQj8GagkuuOHYSFKZaru1PYZh-WFsFHby4eTAGvDavFzglceyS3jZndgjkKi9q8mSOnm5tEx0Cy_h8HIezaxUkHKROy_F1A_C7oKgAFqkJlcGb38vkL5gIKuJEOnSxSTw1_S-z6ef6CYmHSCmrfMhtEZBN84cYY4BI_U21dPCbD_34nqdJrOQlECLaZP55flzdFJJrtKIRKnDIpQN_RtjdeJKXHCr8MkUcsYsWs_dqq2Y7nky1DLvRguiVX-Lq3RnmDs_V1VMvuVl0HlZmsbWh5SHuGlzzHjWDwVizZwrlNWPwqWA2mdb3DVJsZUdIwh9rML6dR8TeVb5pHCevTAROy_jXPgv4xIYjBIMv53QgNtf-kMDBuishtT1tD8wHUUNBPwNlzi-YXAsHx08iJPa0Q5nzLjlITeoz7y0 + +- **Message 1**: The User starts the Wallet Instance mobile app and gets authenticated to it. +- **Message 2**: The Wallet Instance verifies the Wallet Provider's trustworthiness by evaluating its Trust Chain. +- **Message 3-4**: The Wallet Instance retrieves the Wallet Provider metadata, including the list of supported algorithms, public keys, and endpoints. +- **Message 5**: The Wallet Instance generates a new key pair. +- **Message 6-7**: The Wallet Instance requests a ``nonce`` from the App Attestation Service. +- **Message 8**: The Wallet Instance creates a Wallet Attestation Request in JWS format, signed with the private key associated with the public key for which it request the attestation. +- **Message 9-13**: The Wallet Instance provides the Wallet Attestation Request to the Wallet Provider, which validates it and returns a signed attestation to the Wallet Instance. +- **Message 13-14**: The Wallet Instance receives the Wallet Attestation signed by the Wallet Provider and performs security and integrity verifications. +- **Message 15**: The Wallet Attestation is now ready for use. + +Detailed Design +--------------- + +The detailed design is explained below. + +Wallet Attestation Request +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +To obtain a Wallet Attestation from the Wallet +Provider it is necessary to send a Wallet Attestation +Request from the Wallet Instance containing the associated public key +, the ``nonce`` value provided by the App Attestation Service and a ``jti`` value. + +The Wallet Instance MUST do an HTTP request to the Wallet Provider's `token endpoint`_, +using the method `POST `__. + +The **token** endpoint (as defined in `RFC 7523 section 4`_) requires the following parameters +encoded in ``application/x-www-form-urlencoded`` format: + +* ``grant_type`` set to ``urn:ietf:params:oauth:grant-type:jwt-bearer``; +* ``assertion`` containing the signed JWT defined in the Section `Wallet Attestation Request`_. + +Below a non-normative example of the HTTP request. + +.. code-block:: http + + POST /token HTTP/1.1 + Host: wallet-provider.example.org + Content-Type: application/x-www-form-urlencoded + + grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer + &assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6ImtoakZWTE9nRjNHeGRxd2xVTl9LWl83NTVUT1ZEbmJIaDg2TW1KcHh2a1UifQ.eyJpc3MiOiAidmJlWEprc000NXhwaHRBTm5DaUc2bUN5dVU0amZHTnpvcEd1S3ZvZ2c5YyIsICJhdWQiOiAiaHR0cHM6Ly93YWxsZXQtcHJvdmlkZXIuZXhhbXBsZS5vcmciLCAianRpIjogImY1NjUyMDcyLWFiZWYtNDU5OS1iODYzLTlhNjkwNjA3MzJjYyIsICJub25jZSI6ICIuLi4uLiIsICJjbmYiOiB7Imp3ayI6IHsiY3J2IjogIlAtMjU2IiwgImt0eSI6ICJFQyIsICJ4IjogIjRITnB0SS14cjJwanlSSktHTW56NFdtZG5RRF91SlNxNFI5NU5qOThiNDQiLCAieSI6ICJMSVpuU0IzOXZGSmhZZ1MzazdqWEU0cjMtQ29HRlF3WnRQQklScXBObHJnIiwgImtpZCI6ICJ2YmVYSmtzTTQ1eHBodEFObkNpRzZtQ3l1VTRqZkdOem9wR3VLdm9nZzljIn19LCAiaWF0IjogMTY5MTQ4ODk2MiwgImV4cCI6IDE2OTE0OTYxNjJ9.Dg_yFaiv6lVftR3FFx0v5JW250mBgXLVP1j0ezZcHRyitqSY7xGmx4y-MGur93FAS85vf_Da-L-REVEltwU2Jw + +The response is the `Wallet Attestation`_ in JWT format: + +.. code-block:: http + + HTTP/1.1 201 OK + Content-Type: application/jwt + + eyJhbGciOiJFUzI1NiIsInR5cCI6IndhbGxldC1hdHRlc3RhdGlvbitqd3QiLCJraWQiOiI1dDVZWXBCaE4tRWdJRUVJNWlVenI2cjBNUjAyTG5WUTBPbWVrbU5LY2pZIiwidHJ1c3RfY2hhaW4iOlsiZXlKaGJHY2lPaUpGVXouLi42UzBBIiwiZXlKaGJHY2lPaUpGVXouLi5qSkxBIiwiZXlKaGJHY2lPaUpGVXouLi5IOWd3Il19.eyJpc3MiOiJodHRwczovL3dhbGxldC1wcm92aWRlci5leGFtcGxlLm9yZyIsInN1YiI6InZiZVhKa3NNNDV4cGh0QU5uQ2lHNm1DeXVVNGpmR056b3BHdUt2b2dnOWMiLCJ0eXBlIjoiV2FsbGV0SW5zdGFuY2VBdHRlc3RhdGlvbiIsInBvbGljeV91cmkiOiJodHRwczovL3dhbGxldC1wcm92aWRlci5leGFtcGxlLm9yZy9wcml2YWN5X3BvbGljeSIsInRvc191cmkiOiJodHRwczovL3dhbGxldC1wcm92aWRlci5leGFtcGxlLm9yZy9pbmZvX3BvbGljeSIsImxvZ29fdXJpIjoiaHR0cHM6Ly93YWxsZXQtcHJvdmlkZXIuZXhhbXBsZS5vcmcvbG9nby5zdmciLCJhdHRlc3RlZF9zZWN1cml0eV9jb250ZXh0IjoiaHR0cHM6Ly93YWxsZXQtcHJvdmlkZXIuZXhhbXBsZS5vcmcvTG9BL2Jhc2ljIiwiY25mIjp7Imp3ayI6eyJjcnYiOiJQLTI1NiIsImt0eSI6IkVDIiwieCI6IjRITnB0SS14cjJwanlSSktHTW56NFdtZG5RRF91SlNxNFI5NU5qOThiNDQiLCJ5IjoiTElablNCMzl2RkpoWWdTM2s3alhFNHIzLUNvR0ZRd1p0UEJJUnFwTmxyZyIsImtpZCI6InZiZVhKa3NNNDV4cGh0QU5uQ2lHNm1DeXVVNGpmR056b3BHdUt2b2dnOWMifX0sImF1dGhvcml6YXRpb25fZW5kcG9pbnQiOiJldWRpdzoiLCJyZXNwb25zZV90eXBlc19zdXBwb3J0ZWQiOlsidnBfdG9rZW4iXSwidnBfZm9ybWF0c19zdXBwb3J0ZWQiOnsiand0X3ZwX2pzb24iOnsiYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlsiRVMyNTYiXX0sImp3dF92Y19qc29uIjp7ImFsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIkVTMjU2Il19fSwicmVxdWVzdF9vYmplY3Rfc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZCI6WyJFUzI1NiJdLCJwcmVzZW50YXRpb25fZGVmaW5pdGlvbl91cmlfc3VwcG9ydGVkIjpmYWxzZSwiaWF0IjoxNjg3MjgxMTk1LCJleHAiOjE2ODcyODgzOTV9.tNvCyFPCL5tUi2NakKwdaG9xbrtWWl4djSRYRfHrF8NdmffdT044U55pRn35J2cl0LZxbesEDrfSAz2pllw2Ug + + +Below are described the JWT headers and the payload claims +of the `assertion` used in the request. + + +Assertion Header +^^^^^^^^^^^^^^^^ ++-----------------------------------+-----------------------------------+ +| **key** | **value** | ++-----------------------------------+-----------------------------------+ +| alg | Algorithm to verify the token | +| | signature (es. ES256). | ++-----------------------------------+-----------------------------------+ +| kid | Key id of the public key | +| | created by the Wallet Instance. | ++-----------------------------------+-----------------------------------+ +| typ | Media type, set to | +| | ``wiar+jwt``. | ++-----------------------------------+-----------------------------------+ + +Assertion Payload +^^^^^^^^^^^^^^^^^ + ++--------+-------------------------------------------------------------+ +| **key**| **value** | ++--------+-------------------------------------------------------------+ +|| iss || Thumbprint value | +|| || of the JWK of the Wallet Instance | +|| || for which the attestation is | +|| || being requested. | ++--------+-------------------------------------------------------------+ +|| aud || The public url of the Wallet | +|| || Provider. | ++--------+-------------------------------------------------------------+ +|| jti || Unique identifier of the request, according to | +|| || `RFC7519 `_.| +|| || | ++--------+-------------------------------------------------------------+ +|| nonce || The nonce value obtained from the | +|| || App Attestation Service. | ++--------+-------------------------------------------------------------+ +|| cnf || JSON object, according to | +|| || `RFC7800 `_ | +|| || containing the public part of an asymmetric key pair owned | +|| || by the Wallet Instance. | ++--------+-------------------------------------------------------------+ +|| iat || Unix timestamp of attestation request | +|| || issuance time. | ++--------+-------------------------------------------------------------+ +|| exp || Unix timestamp regarding the | +|| || expiration date time. | ++--------+-------------------------------------------------------------+ + + +Below a non-normative example of the Wallet Attestation +request where the decoded JWS headers and payload are separated by a comma: + +.. code-block:: javascript + + { + "alg": "ES256", + "kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c", + "typ": "wiar+jwt" + } + . + { + "iss": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c", + "aud": "https://wallet-provider.example.org", + "jti": "6ec69324-60a8-4e5b-a697-a766d85790ea", + "nonce" : ".....", + "cnf": { + "jwk": { + "crv": "P-256", + "kty": "EC", + "x": "4HNptI-xr2pjyRJKGMnz4WmdnQD_uJSq4R95Nj98b44", + "y": "LIZnSB39vFJhYgS3k7jXE4r3-CoGFQwZtPBIRqpNlrg", + "kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c" + } + }, + "iat": 1686645115, + "exp": 1686652315 + } + +Whose corresponding JWS is verifiable using the public part of an asymmetric +key pair owned by the Wallet Instance that has a key id which is the same +as the `kid` made available in the JWS header. + + +Wallet Attestation +~~~~~~~~~~~~~~~~~~ + +The Wallet Attestation MUST be provisioned in JWT format, with +headers and payload claims are listed below. + +Header +^^^^^^ + ++-----------------------------------+-----------------------------------+ +| **key** | **value** | ++-----------------------------------+-----------------------------------+ +| alg | Algorithm to verify the token | +| | signature (es. ES256). | ++-----------------------------------+-----------------------------------+ +| kid | The key id of the key used by the | +| | Wallet Provider to sign the | +| | attestation. | ++-----------------------------------+-----------------------------------+ +| typ | Media type, set to | +| | `wallet-attestation+jwt`, | +| | according to | +| | [`OPENID4VC-HAIP`_] | ++-----------------------------------+-----------------------------------+ +| x5c | Array containing the X.509 | +| | chain | +| | of certificates used to attest | +| | the public key of the Wallet | +| | Provider. | ++-----------------------------------+-----------------------------------+ +| trust_chain | Array containing the Federation | +| | Trust Chain relating to the | +| | Wallet Provider. | ++-----------------------------------+-----------------------------------+ + +.. note:: + + One of the claims `trust_chain` and `x5c` MUST be provisioned. + If they are both provided, the related public key + MUST be the same in both `trust_chain` and `x5c`. + +Payload +^^^^^^^ + ++---------------------------+------------------------------------------------+ +| **key** | **value** | ++---------------------------+------------------------------------------------+ +|| iss || The public url of the Wallet Provider | ++---------------------------+------------------------------------------------+ +|| sub || Thumbprint value | +|| || of the JWK of the Wallet Instance | +|| || for which the attestation is | +|| || being issued. | ++---------------------------+------------------------------------------------+ +|| iat || Unix timestamp of attestation | +|| || issuance time. | ++---------------------------+------------------------------------------------+ +|| exp || Unix timestamp regarding the | +|| || expiration date time. | +|| || A good practice to avoid security | +|| || problems is to have a limited | +|| || duration of the attestation. | ++---------------------------+------------------------------------------------+ +|| aal || JSON String asserting the authentication level| +|| || of the Wallet and the key as asserted in | +|| || the cnf claim. | ++---------------------------+------------------------------------------------+ +|| cnf || This parameter contains the ``jwk`` | +|| || parameter | +|| || with the public key of the Wallet Instance | +|| || necessary for the Holder Key Binding. | ++---------------------------+------------------------------------------------+ +|| authorization_endpoint || URL of the SIOPv2 | +|| || Authorization Endpoint. | ++---------------------------+------------------------------------------------+ +|| response_types_supported || JSON array containing a list of | +|| || the OAuth 2.0 ``response_type`` values. | ++---------------------------+------------------------------------------------+ +|| response_modes_supported || JSON array containing a list of the OAuth 2.0 | +|| || "response_mode" values that this | +|| || authorization server supports. | +|| || `RFC 8414 section 2`_ | ++---------------------------+------------------------------------------------+ +|| vp_formats_supported || JSON object with name/value pairs, | +|| || identifying a Credential format supported | +|| || by the Wallet. | ++---------------------------+------------------------------------------------+ +|| request_object_signing || JSON array containing a list of the | +|| _alg_values_supported || JWS signing algorithms (alg values) | +|| || supported. | ++---------------------------+------------------------------------------------+ +|| presentation_definition || Boolean value specifying whether the | +|| _uri_supported || Wallet Instance supports the transfer of | +|| || ``presentation_definition`` by | +|| || reference. MUST set to `false`. | ++---------------------------+------------------------------------------------+ + +Below is an example of Wallet Attestation: + +.. code-block:: javascript + + { + "alg": "ES256", + "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY", + "trust_chain": [ + "eyJhbGciOiJFUz...6S0A", + "eyJhbGciOiJFUz...jJLA", + "eyJhbGciOiJFUz...H9gw", + ], + "typ": "wallet-attestation+jwt", + } + . + { + "iss": "https://wallet-provider.example.org", + "sub": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c", + "aal": "https://trust-list.eu/aal/high", + "cnf": + { + "jwk": + { + "crv": "P-256", + "kty": "EC", + "x": "4HNptI-xr2pjyRJKGMnz4WmdnQD_uJSq4R95Nj98b44", + "y": "LIZnSB39vFJhYgS3k7jXE4r3-CoGFQwZtPBIRqpNlrg", + "kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c" + } + }, + "authorization_endpoint": "eudiw:", + "response_types_supported": [ + "vp_token" + ], + "response_modes_supported": [ + "form_post.jwt" + ], + "vp_formats_supported": { + "vc+sd-jwt": { + "sd-jwt_alg_values": [ + "ES256", + "ES384" + ] + } + }, + "request_object_signing_alg_values_supported": [ + "ES256" + ], + "presentation_definition_uri_supported": false, + "iat": 1687281195, + "exp": 1687288395 + } + + +.. _token endpoint: wallet-solution.html#wallet-attestation +.. _Wallet Attestation Request: wallet-attestation.html#format-of-the-wallet-attestation-request +.. _Wallet Attestation: wallet-attestation.html#format-of-the-wallet-attestation +.. _RFC 7523 section 4: https://www.rfc-editor.org/rfc/rfc7523.html#section-4 +.. _RFC 8414 section 2: https://www.rfc-editor.org/rfc/rfc8414.html#section-2 diff --git a/refs/pull/201/merge/en/_sources/wallet-solution.rst.txt b/refs/pull/201/merge/en/_sources/wallet-solution.rst.txt new file mode 100644 index 000000000..4a2036b1f --- /dev/null +++ b/refs/pull/201/merge/en/_sources/wallet-solution.rst.txt @@ -0,0 +1,275 @@ +.. include:: ../common/common_definitions.rst + +.. _wallet-solution.rst: + +Wallet Solution +------------------- + +The Wallet Solution is a comprehensive product offered by the Wallet Provider to cater to the needs of Users in managing their digital assets securely. Designed to provide a seamless User experience, this solution enables Users to leverage the capabilities of the Wallet effectively. + +The Wallet Solution is issued by the Wallet Provider in the form of a mobile app, it also consists of services and web interfaces for the exchange of data between the Wallet Provider and its Wallet Instances for the requirements of the trust model and in total respect of the user's privacy, in accordance with national and EU legislation. + +The mobile app serves as the primary interface for Users, allowing them to access and interact with their digital assets conveniently. These digital assets, known as Attestations, include Personal Identification Data (PID[1]), a set of data that can uniquely identify a natural or a legal person, along with other Qualified and non-qualified Electronic Attestations of Attributes, also known as QEAAs and EAAs respectively, or (Q)EAAs for short[1]. Once a User installs the mobile app on their device, it is referred to such an installation as a Wallet Instance for the User. + +By supporting the mobile app, the Wallet Provider plays a vital role in ensuring the security and reliability of the entire Wallet Solution, since it is responsible for issuing the Wallet Attestation, that is a cryptographic proof that allow the evaluation of the authenticity and the integrity of the Wallet Instance. + + +Requirements +^^^^^^^^^^^^^^^^^^^^ + + - **Trustworthiness within the Wallet ecosystem**: the Wallet Instance MUST establish trust and reliability within the Wallet ecosystem. + - **Compliance with Provider specifications for obtaining PID and (Q)EAA**: the Wallet Instance MUST adhere to the specifications set by Providers for obtaining Personal Identification (PID) and (Q)EAAs. + - **Support for Android and iOS operating systems**: the Wallet Instance MUST be compatible and functional at least on both Android and iOS operating systems, as well as available on the Play Store and App Store respectively. + - **Verification of device ownership by the User**: the Wallet Instance MUST provide a mechanism to verify the User's actual possession and full control of their personal device. + +Wallet Instance +^^^^^^^^^^^^^^^ +The Wallet Instance serves as a unique and secure device for authenticating the User within the Wallet ecosystem. It establishes a strong and reliable identity for the User, enabling them to engage in various digital transactions in a secure and privacy-preserving manner. + +The Wallet Instance establishes the trust within the Wallet ecosystem by consistently presenting a Wallet Attestation during interactions with other ecosystem actors such as PID Providers, (Q)EAA Providers, and Relying Parties. These verifiable attestations, provided by the Wallet Provider, reference the public part of the asymmetric cryptographic key owned by the Wallet Instance. Their purpose is to authenticate the Wallet Instance itself, ensuring its realiability when engaging with other ecosystem actors. + +To guarantee the utmost security, these cryptographic keys are securely stored within the device's Trusted Execution Environment (TEE)[3]. This ensures that only the User is allowed to access them, thus preventing unauthorized usage or tampering. For more detailed information, please refer to the `Wallet Attestation section`_ and the `Trust Model section`_ of this document. + +Wallet Instance Lifecycle +^^^^^^^^^^^^^^^^^^^^^^^^^ +The Wallet Instance has three distinct states: Operational, Valid, and Deactivated. Each state represents a specific functional status and determines the actions that can be performed[2]. + +Initialization Process +~~~~~~~~~~~~~~~~~~~~~~ +To activate the Wallet Instance, the Users MUST install the mobile wallet application on their device and open it. Furthermore, Users will be asked to set their preferred method of unlocking their device; this can be accomplished by entering a personal identification number (PIN) or by utilizing biometric authentication, such as fingerprint or facial recognition, according to their personal preferences and device's capabilities. + +After completing these steps, the Wallet Instance sets the Operational state. + +Transition to Valid state +~~~~~~~~~~~~~~~~~~~~~~~~~ +To transition from the Operational state to the Valid state, the Wallet Instance MUST obtain a valid Personal Identification (PID). Once a valid PID is acquired, the Wallet Instance becomes Valid. + +In order to securely and unambiguously identify Users, the Wallet Instance adopts a Level of Assurance (LoA) 3 authentication, which guarantees a high level of confidence in the User's identity. The authentication method is chosen by the PID Provider from among the notified eID solutions at the national level. + +Once the Wallet Instance is in the Operational state, Users can: + + - Obtain, view, and manage (Q)EAAs from trusted (Q)EAA Providers[1]; + - Authenticate to Relying Parties[1]; + - Authorize the presentation of their digital credentials with Relying Parties. + +Please refer to the relative sections for further information about PID and (Q)EAAs issuance and presentation. + +Return to Operational state +~~~~~~~~~~~~~~~~~~~~~~~~~~~ +A Valid Wallet Instance may revert to the Operational state under specific circumstances. These circumstances include the expiration or the revocation of the associated PID by its PID Provider. + + +Deactivation +~~~~~~~~~~~~ +Users have the ability to deactivate the Wallet Instance voluntarily. This action removes the operational capabilities of the Wallet Instance and sets it to the Deactivated state. Deactivation provides Users with control over access and usage according to their preferences. + + +Wallet Provider Endpoints +^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Wallet Provider that issues the Wallet Attestations MUST +made available its APIs in the form of RESTful services, as listed below. + +Wallet Provider Metadata +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +An HTTP GET request to the **/.well-known/openid-federation** endpoint allows the retrieval of the Wallet +Provider Entity Configuration. + +The Wallet Provider Entity Configuration is a JWS containing the public keys and supported algorithms of the Wallet Provider metadata definition. It is structured in accordance with the `OpenID Connect Federation `_ and the Trust Model section outlined in this specification. + +The returning Entity Configuration of the Wallet Provider MUST contain the +attributes listed below: + +Header +^^^^^^ ++---------+-----------------------------------------------------------------+ +| **Key** | **Value** | ++---------+-----------------------------------------------------------------+ +| alg | Algorithm used to verify the token signature (e.g., ES256). | ++---------+-----------------------------------------------------------------+ +| kid | Thumbprint of the public key used for signing. | ++---------+-----------------------------------------------------------------+ +| typ | Media type, set to ``entity-statement+jwt``. | ++---------+-----------------------------------------------------------------+ + +Payload +^^^^^^^ ++-----------------------------------+-----------------------------------+ +| **Key** | **Value** | ++-----------------------------------+-----------------------------------+ +| iss | Public URL of the Wallet | +| | Provider. | ++-----------------------------------+-----------------------------------+ +| sub | Public URL of the Wallet | +| | Provider. | ++-----------------------------------+-----------------------------------+ +| iat | Issuance datetime in | +| | Unix Timestamp format. | ++-----------------------------------+-----------------------------------+ +| exp | Expiration datetime | +| | in Unix Timestamp format. | ++-----------------------------------+-----------------------------------+ +| authority_hints | Array of URLs (String) containing | +| | the list of URLs of the | +| | immediate superior Entities, such | +| | as the Trust Anchor or an | +| | Intermediate, that MAY issue an | +| | Entity Statement related to this | +| | subject. | ++-----------------------------------+-----------------------------------+ +| jwks | A JSON Web Key Set (JWKS) `RFC | +| | 7517 `_ | +| | that represents the public part | +| | of the signing keys of the Entity | +| | at issue. Each JWK in the JWK set | +| | MUST have a key ID (claim kid). | ++-----------------------------------+-----------------------------------+ +| metadata | Contains the | +| | metadata | +| | ``wallet_provider`` | +| | and the | +| | ``federation_entity`` metadata. | ++-----------------------------------+-----------------------------------+ + +`wallet_provider` metadata +~~~~~~~~~~~~~~~~~~~~~~~~~~ + ++---------------------------------------------+---------------------------------------------------------------------+ +| **Key** | **Value** | ++---------------------------------------------+---------------------------------------------------------------------+ +| jwks | A JSON Web Key Set (JWKS) | +| | that represents the Wallet | +| | Provider's public keys. | ++---------------------------------------------+---------------------------------------------------------------------+ +| token_endpoint | Endpoint for obtaining the Wallet | +| | Instance Attestation. | ++---------------------------------------------+---------------------------------------------------------------------+ +| aal_values_supported | List of supported values for the | +| | certifiable security context. These | +| | values specify the security level | +| | of the app, according to the levels: low, medium, or high. | +| | Authenticator Assurance Level values supported. | ++---------------------------------------------+---------------------------------------------------------------------+ +| grant_types_supported | The types of grants supported by | +| | the token endpoint. It MUST be set to | +| | ``urn:ietf:params:oauth:client-assertion-type: | +| | jwt-client-attestation``. | ++---------------------------------------------+---------------------------------------------------------------------+ +| token_endpoint_auth_methods_suppor | Supported authentication methods for | +| ted | the token endpoint. | ++---------------------------------------------+---------------------------------------------------------------------+ +| token_endpoint_auth_signing_alg_va | Supported signature | +| lues_supported | algorithms for the token endpoint. | ++---------------------------------------------+---------------------------------------------------------------------+ + +.. note:: + The `aal_values_supported` parameter is experimental and under review. + +Payload `federation_entity` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ++-------------------+----------------------------------------------+ +| **Key** | **Value** | ++-------------------+----------------------------------------------+ +| organization_name | Organization name. | ++-------------------+----------------------------------------------+ +| homepage_uri | Organization's website URL. | ++-------------------+----------------------------------------------+ +| tos_uri | URL to the terms of service. | ++-------------------+----------------------------------------------+ +| policy_uri | URL to the privacy policy. | ++-------------------+----------------------------------------------+ +| logo_uri | URL of the organization's logo in SVG format.| ++-------------------+----------------------------------------------+ + +Below a non-normative example of the Entity Configuration. + +.. code-block:: javascript + + { + "alg": "ES256", + "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY", + "typ": "entity-statement+jwt" + } + . + { + "iss": "https://wallet-provider.example.org", + "sub": "https://wallet-provider.example.org", + "jwks": { + "keys": [ + { + "crv": "P-256", + "kty": "EC", + "x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk", + "y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM", + "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY" + } + ] + }, + "metadata": { + "wallet_provider": { + "jwks": { + "keys": [ + { + "crv": "P-256", + "kty": "EC", + "x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk", + "y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM", + "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY" + } + ] + }, + "token_endpoint": "https://wallet-provider.example.org/token", + "aal_values_supported": [ + "https://wallet-provider.example.org/LoA/basic", + "https://wallet-provider.example.org/LoA/medium", + "https://wallet-provider.example.org/LoA/high" + ], + "grant_types_supported": [ + "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation" + ], + "token_endpoint_auth_methods_supported": [ + "private_key_jwt" + ], + "token_endpoint_auth_signing_alg_values_supported": [ + "ES256", + "ES384", + "ES512" + ] + }, + "federation_entity": { + "organization_name": "IT Wallet Provider", + "homepage_uri": "https://wallet-provider.example.org", + "policy_uri": "https://wallet-provider.example.org/privacy_policy", + "tos_uri": "https://wallet-provider.example.org/info_policy", + "logo_uri": "https://wallet-provider.example.org/logo.svg" + } + }, + "authority_hints": [ + "https://registry.eudi-wallet.example.it" + ] + "iat": 1687171759, + "exp": 1709290159 + } + + +Wallet Attestation +~~~~~~~~~~~~~~~~~~ + +Please refer to the `Wallet Attestation section`_. + + +External references +^^^^^^^^^^^^^^^^^^^^ +.. [1] Definitions are inherited from the EUDI Wallet Architecture and Reference Framework, version 1.1.0 at the time of writing. Please refer to `this page `_ for extended definitions and details. + +.. [2] Wallet Instance states adhere to the EUDI Wallet Architecture and Reference Framework, as defined `here `_. + +.. [3] Depending on the device operating system, TEE is defined by `Trusty`_ or `Secure Enclave`_ for Android and iOS devices, respectively. + +.. _Trust Model section: trust.html +.. _Wallet Attestation section: wallet-attestation.html +.. _Trusty: https://source.android.com/docs/security/features/trusty +.. _Secure Enclave: https://support.apple.com/en-gb/guide/security/sec59b0b31ff/web + diff --git a/refs/pull/201/merge/en/_static/_sphinx_javascript_frameworks_compat.js b/refs/pull/201/merge/en/_static/_sphinx_javascript_frameworks_compat.js new file mode 100644 index 000000000..8549469dc --- /dev/null +++ b/refs/pull/201/merge/en/_static/_sphinx_javascript_frameworks_compat.js @@ -0,0 +1,134 @@ +/* + * _sphinx_javascript_frameworks_compat.js + * ~~~~~~~~~~ + * + * Compatability shim for jQuery and underscores.js. + * + * WILL BE REMOVED IN Sphinx 6.0 + * xref RemovedInSphinx60Warning + * + */ + +/** + * select a different prefix for underscore + */ +$u = _.noConflict(); + + +/** + * small helper function to urldecode strings + * + * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent#Decoding_query_parameters_from_a_URL + */ +jQuery.urldecode = function(x) { + if (!x) { + return x + } + return decodeURIComponent(x.replace(/\+/g, ' ')); +}; + +/** + * small helper function to urlencode strings + */ +jQuery.urlencode = encodeURIComponent; + +/** + * This function returns the parsed url parameters of the + * current request. Multiple values per key are supported, + * it will always return arrays of strings for the value parts. + */ +jQuery.getQueryParameters = function(s) { + if (typeof s === 'undefined') + s = document.location.search; + var parts = s.substr(s.indexOf('?') + 1).split('&'); + var result = {}; + for (var i = 0; i < parts.length; i++) { + var tmp = parts[i].split('=', 2); + var key = jQuery.urldecode(tmp[0]); + var value = jQuery.urldecode(tmp[1]); + if (key in result) + result[key].push(value); + else + result[key] = [value]; + } + return result; +}; + +/** + * highlight a given string on a jquery object by wrapping it in + * span elements with the given class name. + */ +jQuery.fn.highlightText = function(text, className) { + function highlight(node, addItems) { + if (node.nodeType === 3) { + var val = node.nodeValue; + var pos = val.toLowerCase().indexOf(text); + if (pos >= 0 && + !jQuery(node.parentNode).hasClass(className) && + !jQuery(node.parentNode).hasClass("nohighlight")) { + var span; + var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg"); + if (isInSVG) { + span = document.createElementNS("http://www.w3.org/2000/svg", "tspan"); + } else { + span = document.createElement("span"); + span.className = className; + } + span.appendChild(document.createTextNode(val.substr(pos, text.length))); + node.parentNode.insertBefore(span, node.parentNode.insertBefore( + document.createTextNode(val.substr(pos + text.length)), + node.nextSibling)); + node.nodeValue = val.substr(0, pos); + if (isInSVG) { + var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect"); + var bbox = node.parentElement.getBBox(); + rect.x.baseVal.value = bbox.x; + rect.y.baseVal.value = bbox.y; + rect.width.baseVal.value = bbox.width; + rect.height.baseVal.value = bbox.height; + rect.setAttribute('class', className); + addItems.push({ + "parent": node.parentNode, + "target": rect}); + } + } + } + else if (!jQuery(node).is("button, select, textarea")) { + jQuery.each(node.childNodes, function() { + highlight(this, addItems); + }); + } + } + var addItems = []; + var result = this.each(function() { + highlight(this, addItems); + }); + for (var i = 0; i < addItems.length; ++i) { + jQuery(addItems[i].parent).before(addItems[i].target); + } + return result; +}; + +/* + * backward compatibility for jQuery.browser + * This will be supported until firefox bug is fixed. + */ +if (!jQuery.browser) { + jQuery.uaMatch = function(ua) { + ua = ua.toLowerCase(); + + var match = /(chrome)[ \/]([\w.]+)/.exec(ua) || + /(webkit)[ \/]([\w.]+)/.exec(ua) || + /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) || + /(msie) ([\w.]+)/.exec(ua) || + ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) || + []; + + return { + browser: match[ 1 ] || "", + version: match[ 2 ] || "0" + }; + }; + jQuery.browser = {}; + jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true; +} diff --git a/refs/pull/201/merge/en/_static/basic.css b/refs/pull/201/merge/en/_static/basic.css new file mode 100644 index 000000000..9039e027c --- /dev/null +++ b/refs/pull/201/merge/en/_static/basic.css @@ -0,0 +1,932 @@ +/* + * basic.css + * ~~~~~~~~~ + * + * Sphinx stylesheet -- basic theme. + * + * :copyright: Copyright 2007-2022 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ + +/* -- main layout ----------------------------------------------------------- */ + +div.clearer { + clear: both; +} + +div.section::after { + display: block; + content: ''; + clear: left; +} + +/* -- relbar ---------------------------------------------------------------- */ + +div.related { + width: 100%; + font-size: 90%; +} + +div.related h3 { + display: none; +} + +div.related ul { + margin: 0; + padding: 0 0 0 10px; + list-style: none; +} + +div.related li { + display: inline; +} + +div.related li.right { + float: right; + margin-right: 5px; +} + +/* -- sidebar --------------------------------------------------------------- */ + +div.sphinxsidebarwrapper { + padding: 10px 5px 0 10px; +} + +div.sphinxsidebar { + float: left; + width: 230px; + margin-left: -100%; + font-size: 90%; + word-wrap: break-word; + overflow-wrap : break-word; +} + +div.sphinxsidebar ul { + list-style: none; +} + +div.sphinxsidebar ul ul, +div.sphinxsidebar ul.want-points { + margin-left: 20px; + list-style: square; +} + +div.sphinxsidebar ul ul { + margin-top: 0; + margin-bottom: 0; +} + +div.sphinxsidebar form { + margin-top: 10px; +} + +div.sphinxsidebar input { + border: 1px solid #98dbcc; + font-family: sans-serif; + font-size: 1em; +} + +div.sphinxsidebar #searchbox form.search { + overflow: hidden; +} + +div.sphinxsidebar #searchbox input[type="text"] { + float: left; + width: 80%; + padding: 0.25em; + box-sizing: border-box; +} + +div.sphinxsidebar #searchbox input[type="submit"] { + float: left; + width: 20%; + border-left: none; + padding: 0.25em; + box-sizing: border-box; +} + + +img { + border: 0; + max-width: 100%; +} + +/* -- search page ----------------------------------------------------------- */ + +ul.search { + margin: 10px 0 0 20px; + padding: 0; +} + +ul.search li { + padding: 5px 0 5px 20px; + background-image: url(file.png); + background-repeat: no-repeat; + background-position: 0 7px; +} + +ul.search li a { + font-weight: bold; +} + +ul.search li p.context { + color: #888; + margin: 2px 0 0 30px; + text-align: left; +} + +ul.keywordmatches li.goodmatch a { + font-weight: bold; +} + +/* -- index page ------------------------------------------------------------ */ + +table.contentstable { + width: 90%; + margin-left: auto; + margin-right: auto; +} + +table.contentstable p.biglink { + line-height: 150%; +} + +a.biglink { + font-size: 1.3em; +} + +span.linkdescr { + font-style: italic; + padding-top: 5px; + font-size: 90%; +} + +/* -- general index --------------------------------------------------------- */ + +table.indextable { + width: 100%; +} + +table.indextable td { + text-align: left; + vertical-align: top; +} + +table.indextable ul { + margin-top: 0; + margin-bottom: 0; + list-style-type: none; +} + +table.indextable > tbody > tr > td > ul { + padding-left: 0em; +} + +table.indextable tr.pcap { + height: 10px; +} + +table.indextable tr.cap { + margin-top: 10px; + background-color: #f2f2f2; +} + +img.toggler { + margin-right: 3px; + margin-top: 3px; + cursor: pointer; +} + +div.modindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +div.genindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +/* -- domain module index --------------------------------------------------- */ + +table.modindextable td { + padding: 2px; + border-collapse: collapse; +} + +/* -- general body styles --------------------------------------------------- */ + +div.body { + min-width: 360px; + max-width: 800px; +} + +div.body p, div.body dd, div.body li, div.body blockquote { + -moz-hyphens: auto; + -ms-hyphens: auto; + -webkit-hyphens: auto; + hyphens: auto; +} + +a.headerlink { + visibility: hidden; +} + +a.brackets:before, +span.brackets > a:before{ + content: "["; +} + +a.brackets:after, +span.brackets > a:after { + content: "]"; +} + +h1:hover > a.headerlink, +h2:hover > a.headerlink, +h3:hover > a.headerlink, +h4:hover > a.headerlink, +h5:hover > a.headerlink, +h6:hover > a.headerlink, +dt:hover > a.headerlink, +caption:hover > a.headerlink, +p.caption:hover > a.headerlink, +div.code-block-caption:hover > a.headerlink { + visibility: visible; +} + +div.body p.caption { + text-align: inherit; +} + +div.body td { + text-align: left; +} + +.first { + margin-top: 0 !important; +} + +p.rubric { + margin-top: 30px; + font-weight: bold; +} + +img.align-left, figure.align-left, .figure.align-left, object.align-left { + clear: left; + float: left; + margin-right: 1em; +} + +img.align-right, figure.align-right, .figure.align-right, object.align-right { + clear: right; + float: right; + margin-left: 1em; +} + +img.align-center, figure.align-center, .figure.align-center, object.align-center { + display: block; + margin-left: auto; + margin-right: auto; +} + +img.align-default, figure.align-default, .figure.align-default { + display: block; + margin-left: auto; + margin-right: auto; +} + +.align-left { + text-align: left; +} + +.align-center { + text-align: center; +} + +.align-default { + text-align: center; +} + +.align-right { + text-align: right; +} + +/* -- sidebars -------------------------------------------------------------- */ + +div.sidebar, +aside.sidebar { + margin: 0 0 0.5em 1em; + border: 1px solid #ddb; + padding: 7px; + background-color: #ffe; + width: 40%; + float: right; + clear: right; + overflow-x: auto; +} + +p.sidebar-title { + font-weight: bold; +} + +div.admonition, div.topic, aside.topic, blockquote { + clear: left; +} + +/* -- topics ---------------------------------------------------------------- */ + +div.topic, aside.topic { + border: 1px solid #ccc; + padding: 7px; + margin: 10px 0 10px 0; +} + +p.topic-title { + font-size: 1.1em; + font-weight: bold; + margin-top: 10px; +} + +/* -- admonitions ----------------------------------------------------------- */ + +div.admonition { + margin-top: 10px; + margin-bottom: 10px; + padding: 7px; +} + +div.admonition dt { + font-weight: bold; +} + +p.admonition-title { + margin: 0px 10px 5px 0px; + font-weight: bold; +} + +div.body p.centered { + text-align: center; + margin-top: 25px; +} + +/* -- content of sidebars/topics/admonitions -------------------------------- */ + +div.sidebar > :last-child, +aside.sidebar > :last-child, +div.topic > :last-child, +aside.topic > :last-child, +div.admonition > :last-child { + margin-bottom: 0; +} + +div.sidebar::after, +aside.sidebar::after, +div.topic::after, +aside.topic::after, +div.admonition::after, +blockquote::after { + display: block; + content: ''; + clear: both; +} + +/* -- tables ---------------------------------------------------------------- */ + +table.docutils { + margin-top: 10px; + margin-bottom: 10px; + border: 0; + border-collapse: collapse; +} + +table.align-center { + margin-left: auto; + margin-right: auto; +} + +table.align-default { + margin-left: auto; + margin-right: auto; +} + +table caption span.caption-number { + font-style: italic; +} + +table caption span.caption-text { +} + +table.docutils td, table.docutils th { + padding: 1px 8px 1px 5px; + border-top: 0; + border-left: 0; + border-right: 0; + border-bottom: 1px solid #aaa; +} + +th { + text-align: left; + padding-right: 5px; +} + +table.citation { + border-left: solid 1px gray; + margin-left: 1px; +} + +table.citation td { + border-bottom: none; +} + +th > :first-child, +td > :first-child { + margin-top: 0px; +} + +th > :last-child, +td > :last-child { + margin-bottom: 0px; +} + +/* -- figures --------------------------------------------------------------- */ + +div.figure, figure { + margin: 0.5em; + padding: 0.5em; +} + +div.figure p.caption, figcaption { + padding: 0.3em; +} + +div.figure p.caption span.caption-number, +figcaption span.caption-number { + font-style: italic; +} + +div.figure p.caption span.caption-text, +figcaption span.caption-text { +} + +/* -- field list styles ----------------------------------------------------- */ + +table.field-list td, table.field-list th { + border: 0 !important; +} + +.field-list ul { + margin: 0; + padding-left: 1em; +} + +.field-list p { + margin: 0; +} + +.field-name { + -moz-hyphens: manual; + -ms-hyphens: manual; + -webkit-hyphens: manual; + hyphens: manual; +} + +/* -- hlist styles ---------------------------------------------------------- */ + +table.hlist { + margin: 1em 0; +} + +table.hlist td { + vertical-align: top; +} + +/* -- object description styles --------------------------------------------- */ + +.sig { + font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace; +} + +.sig-name, code.descname { + background-color: transparent; + font-weight: bold; +} + +.sig-name { + font-size: 1.1em; +} + +code.descname { + font-size: 1.2em; +} + +.sig-prename, code.descclassname { + background-color: transparent; +} + +.optional { + font-size: 1.3em; +} + +.sig-paren { + font-size: larger; +} + +.sig-param.n { + font-style: italic; +} + +/* C++ specific styling */ + +.sig-inline.c-texpr, +.sig-inline.cpp-texpr { + font-family: unset; +} + +.sig.c .k, .sig.c .kt, +.sig.cpp .k, .sig.cpp .kt { + color: #0033B3; +} + +.sig.c .m, +.sig.cpp .m { + color: #1750EB; +} + +.sig.c .s, .sig.c .sc, +.sig.cpp .s, .sig.cpp .sc { + color: #067D17; +} + + +/* -- other body styles ----------------------------------------------------- */ + +ol.arabic { + list-style: decimal; +} + +ol.loweralpha { + list-style: lower-alpha; +} + +ol.upperalpha { + list-style: upper-alpha; +} + +ol.lowerroman { + list-style: lower-roman; +} + +ol.upperroman { + list-style: upper-roman; +} + +:not(li) > ol > li:first-child > :first-child, +:not(li) > ul > li:first-child > :first-child { + margin-top: 0px; +} + +:not(li) > ol > li:last-child > :last-child, +:not(li) > ul > li:last-child > :last-child { + margin-bottom: 0px; +} + +ol.simple ol p, +ol.simple ul p, +ul.simple ol p, +ul.simple ul p { + margin-top: 0; +} + +ol.simple > li:not(:first-child) > p, +ul.simple > li:not(:first-child) > p { + margin-top: 0; +} + +ol.simple p, +ul.simple p { + margin-bottom: 0; +} + +/* Docutils 0.17 and older (footnotes & citations) */ +dl.footnote > dt, +dl.citation > dt { + float: left; + margin-right: 0.5em; +} + +dl.footnote > dd, +dl.citation > dd { + margin-bottom: 0em; +} + +dl.footnote > dd:after, +dl.citation > dd:after { + content: ""; + clear: both; +} + +/* Docutils 0.18+ (footnotes & citations) */ +aside.footnote > span, +div.citation > span { + float: left; +} +aside.footnote > span:last-of-type, +div.citation > span:last-of-type { + padding-right: 0.5em; +} +aside.footnote > p { + margin-left: 2em; +} +div.citation > p { + margin-left: 4em; +} +aside.footnote > p:last-of-type, +div.citation > p:last-of-type { + margin-bottom: 0em; +} +aside.footnote > p:last-of-type:after, +div.citation > p:last-of-type:after { + content: ""; + clear: both; +} + +/* Footnotes & citations ends */ + +dl.field-list { + display: grid; + grid-template-columns: fit-content(30%) auto; +} + +dl.field-list > dt { + font-weight: bold; + word-break: break-word; + padding-left: 0.5em; + padding-right: 5px; +} + +dl.field-list > dt:after { + content: ":"; +} + +dl.field-list > dd { + padding-left: 0.5em; + margin-top: 0em; + margin-left: 0em; + margin-bottom: 0em; +} + +dl { + margin-bottom: 15px; +} + +dd > :first-child { + margin-top: 0px; +} + +dd ul, dd table { + margin-bottom: 10px; +} + +dd { + margin-top: 3px; + margin-bottom: 10px; + margin-left: 30px; +} + +dl > dd:last-child, +dl > dd:last-child > :last-child { + margin-bottom: 0; +} + +dt:target, span.highlighted { + background-color: #fbe54e; +} + +rect.highlighted { + fill: #fbe54e; +} + +dl.glossary dt { + font-weight: bold; + font-size: 1.1em; +} + +.versionmodified { + font-style: italic; +} + +.system-message { + background-color: #fda; + padding: 5px; + border: 3px solid red; +} + +.footnote:target { + background-color: #ffa; +} + +.line-block { + display: block; + margin-top: 1em; + margin-bottom: 1em; +} + +.line-block .line-block { + margin-top: 0; + margin-bottom: 0; + margin-left: 1.5em; +} + +.guilabel, .menuselection { + font-family: sans-serif; +} + +.accelerator { + text-decoration: underline; +} + +.classifier { + font-style: oblique; +} + +.classifier:before { + font-style: normal; + margin: 0 0.5em; + content: ":"; + display: inline-block; +} + +abbr, acronym { + border-bottom: dotted 1px; + cursor: help; +} + +/* -- code displays --------------------------------------------------------- */ + +pre { + overflow: auto; + overflow-y: hidden; /* fixes display issues on Chrome browsers */ +} + +pre, div[class*="highlight-"] { + clear: both; +} + +span.pre { + -moz-hyphens: none; + -ms-hyphens: none; + -webkit-hyphens: none; + hyphens: none; + white-space: nowrap; +} + +div[class*="highlight-"] { + margin: 1em 0; +} + +td.linenos pre { + border: 0; + background-color: transparent; + color: #aaa; +} + +table.highlighttable { + display: block; +} + +table.highlighttable tbody { + display: block; +} + +table.highlighttable tr { + display: flex; +} + +table.highlighttable td { + margin: 0; + padding: 0; +} + +table.highlighttable td.linenos { + padding-right: 0.5em; +} + +table.highlighttable td.code { + flex: 1; + overflow: hidden; +} + +.highlight .hll { + display: block; +} + +div.highlight pre, +table.highlighttable pre { + margin: 0; +} + +div.code-block-caption + div { + margin-top: 0; +} + +div.code-block-caption { + margin-top: 1em; + padding: 2px 5px; + font-size: small; +} + +div.code-block-caption code { + background-color: transparent; +} + +table.highlighttable td.linenos, +span.linenos, +div.highlight span.gp { /* gp: Generic.Prompt */ + user-select: none; + -webkit-user-select: text; /* Safari fallback only */ + -webkit-user-select: none; /* Chrome/Safari */ + -moz-user-select: none; /* Firefox */ + -ms-user-select: none; /* IE10+ */ +} + +div.code-block-caption span.caption-number { + padding: 0.1em 0.3em; + font-style: italic; +} + +div.code-block-caption span.caption-text { +} + +div.literal-block-wrapper { + margin: 1em 0; +} + +code.xref, a code { + background-color: transparent; + font-weight: bold; +} + +h1 code, h2 code, h3 code, h4 code, h5 code, h6 code { + background-color: transparent; +} + +.viewcode-link { + float: right; +} + +.viewcode-back { + float: right; + font-family: sans-serif; +} + +div.viewcode-block:target { + margin: -1px -10px; + padding: 0 10px; +} + +/* -- math display ---------------------------------------------------------- */ + +img.math { + vertical-align: middle; +} + +div.body div.math p { + text-align: center; +} + +span.eqno { + float: right; +} + +span.eqno a.headerlink { + position: absolute; + z-index: 1; +} + +div.math:hover a.headerlink { + visibility: visible; +} + +/* -- printout stylesheet --------------------------------------------------- */ + +@media print { + div.document, + div.documentwrapper, + div.bodywrapper { + margin: 0 !important; + width: 100%; + } + + div.sphinxsidebar, + div.related, + div.footer, + #top-link { + display: none; + } +} \ No newline at end of file diff --git a/refs/pull/201/merge/en/_static/css/theme.css b/refs/pull/201/merge/en/_static/css/theme.css new file mode 100644 index 000000000..6c29bebea --- /dev/null +++ b/refs/pull/201/merge/en/_static/css/theme.css @@ -0,0 +1 @@ +@charset "UTF-8";@import url("https://fonts.googleapis.com/css?family=Lora:400,700");@import url("https://fonts.googleapis.com/css?family=Roboto+Mono:400,700");@import url("https://fonts.googleapis.com/css?family=Titillium+Web:300,400,600,700");.primary-bg{background-color:#06c}.primary-color{color:#06c}.primary-border-color,.primary-border-color.border{border-color:#06c!important}.white-bg{background-color:#fff}.white-color{color:#fff}.white-border-color-,.white-border-color-.border{border-color:#fff!important}.primary-bg-a1{background-color:#bfdfff}.primary-color-a1{color:#bfdfff}.primary-border-color-a1,.primary-border-color-a1.border{border-color:#bfdfff!important}.primary-bg-a2{background-color:#93c4f5}.primary-color-a2{color:#93c4f5}.primary-border-color-a2,.primary-border-color-a2.border{border-color:#93c4f5!important}.primary-bg-a3{background-color:#6aaaeb}.primary-color-a3{color:#6aaaeb}.primary-border-color-a3,.primary-border-color-a3.border{border-color:#6aaaeb!important}.primary-bg-a4{background-color:#4392e0}.primary-color-a4{color:#4392e0}.primary-border-color-a4,.primary-border-color-a4.border{border-color:#4392e0!important}.primary-bg-a5{background-color:#207bd6}.primary-color-a5{color:#207bd6}.primary-border-color-a5,.primary-border-color-a5.border{border-color:#207bd6!important}.primary-bg-a6{background-color:#06c}.primary-color-a6{color:#06c}.primary-border-color-a6,.primary-border-color-a6.border{border-color:#06c!important}.primary-bg-a7{background-color:#0059b3}.primary-color-a7{color:#0059b3}.primary-border-color-a7,.primary-border-color-a7.border{border-color:#0059b3!important}.primary-bg-a8{background-color:#004d99}.primary-color-a8{color:#004d99}.primary-border-color-a8,.primary-border-color-a8.border{border-color:#004d99!important}.primary-bg-a9{background-color:#004080}.primary-color-a9{color:#004080}.primary-border-color-a9,.primary-border-color-a9.border{border-color:#004080!important}.primary-bg-a10{background-color:#036}.primary-color-a10{color:#036}.primary-border-color-a10,.primary-border-color-a10.border{border-color:#036!important}.primary-bg-a11{background-color:#00264d}.primary-color-a11{color:#00264d}.primary-border-color-a11,.primary-border-color-a11.border{border-color:#00264d!important}.primary-bg-a12{background-color:#001a33}.primary-color-a12{color:#001a33}.primary-border-color-a12,.primary-border-color-a12.border{border-color:#001a33!important}.primary-bg-b1{background-color:#06c}.primary-color-b1{color:#06c}.primary-border-color-b1,.primary-border-color-b1.border{border-color:#06c!important}.primary-bg-b2{background-color:#1262b3}.primary-color-b2{color:#1262b3}.primary-border-color-b2,.primary-border-color-b2.border{border-color:#1262b3!important}.primary-bg-b3{background-color:#1f5c99}.primary-color-b3{color:#1f5c99}.primary-border-color-b3,.primary-border-color-b3.border{border-color:#1f5c99!important}.primary-bg-b4{background-color:#265380}.primary-color-b4{color:#265380}.primary-border-color-b4,.primary-border-color-b4.border{border-color:#265380!important}.primary-bg-b5{background-color:#294766}.primary-color-b5{color:#294766}.primary-border-color-b5,.primary-border-color-b5.border{border-color:#294766!important}.primary-bg-b6{background-color:#26394d}.primary-color-b6{color:#26394d}.primary-border-color-b6,.primary-border-color-b6.border{border-color:#26394d!important}.primary-bg-b7{background-color:#1f2933}.primary-color-b7{color:#1f2933}.primary-border-color-b7,.primary-border-color-b7.border{border-color:#1f2933!important}.primary-bg-b8{background-color:#12161a}.primary-color-b8{color:#12161a}.primary-border-color-b8,.primary-border-color-b8.border{border-color:#12161a!important}.primary-bg-c1{background-color:#dce9f5}.primary-color-c1{color:#dce9f5}.primary-border-color-c1,.primary-border-color-c1.border{border-color:#dce9f5!important}.primary-bg-c2{background-color:#c4dcf5}.primary-color-c2{color:#c4dcf5}.primary-border-color-c2,.primary-border-color-c2.border{border-color:#c4dcf5!important}.primary-bg-c3{background-color:#abd0f5}.primary-color-c3{color:#abd0f5}.primary-border-color-c3,.primary-border-color-c3.border{border-color:#abd0f5!important}.primary-bg-c4{background-color:#93c4f5}.primary-color-c4{color:#93c4f5}.primary-border-color-c4,.primary-border-color-c4.border{border-color:#93c4f5!important}.primary-bg-c5{background-color:#7ab8f5}.primary-color-c5{color:#7ab8f5}.primary-border-color-c5,.primary-border-color-c5.border{border-color:#7ab8f5!important}.primary-bg-c6{background-color:#62abf5}.primary-color-c6{color:#62abf5}.primary-border-color-c6,.primary-border-color-c6.border{border-color:#62abf5!important}.primary-bg-c7{background-color:#499ff5}.primary-color-c7{color:#499ff5}.primary-border-color-c7,.primary-border-color-c7.border{border-color:#499ff5!important}.primary-bg-c8{background-color:#3193f5}.primary-color-c8{color:#3193f5}.primary-border-color-c8,.primary-border-color-c8.border{border-color:#3193f5!important}.primary-bg-c9{background-color:#1887f5}.primary-color-c9{color:#1887f5}.primary-border-color-c9,.primary-border-color-c9.border{border-color:#1887f5!important}.primary-bg-c10{background-color:#007af5}.primary-color-c10{color:#007af5}.primary-border-color-c10,.primary-border-color-c10.border{border-color:#007af5!important}.primary-bg-c11{background-color:#0070e0}.primary-color-c11{color:#0070e0}.primary-border-color-c11,.primary-border-color-c11.border{border-color:#0070e0!important}.primary-bg-c12{background-color:#06c}.primary-color-c12{color:#06c}.primary-border-color-c12,.primary-border-color-c12.border{border-color:#06c!important}.analogue-1-bg-a1{background-color:#e7e6ff}.analogue-1-color-a1{color:#e7e6ff}.analogue-1-border-color-a1,.analogue-1-border-color-a1.border{border-color:#e7e6ff!important}.analogue-1-bg-a2{background-color:#bbb8f5}.analogue-1-color-a2{color:#bbb8f5}.analogue-1-border-color-a2,.analogue-1-border-color-a2.border{border-color:#bbb8f5!important}.analogue-1-bg-a3{background-color:#918deb}.analogue-1-color-a3{color:#918deb}.analogue-1-border-color-a3,.analogue-1-border-color-a3.border{border-color:#918deb!important}.analogue-1-bg-a4{background-color:#6b65e0}.analogue-1-color-a4{color:#6b65e0}.analogue-1-border-color-a4,.analogue-1-border-color-a4.border{border-color:#6b65e0!important}.analogue-1-bg-a5{background-color:#4840d6}.analogue-1-color-a5{color:#4840d6}.analogue-1-border-color-a5,.analogue-1-border-color-a5.border{border-color:#4840d6!important}.analogue-1-bg-a6{background-color:#271fcc}.analogue-1-color-a6{color:#271fcc}.analogue-1-border-color-a6,.analogue-1-border-color-a6.border{border-color:#271fcc!important}.analogue-1-bg-a7{background-color:#221bb3}.analogue-1-color-a7{color:#221bb3}.analogue-1-border-color-a7,.analogue-1-border-color-a7.border{border-color:#221bb3!important}.analogue-1-bg-a8{background-color:#1d1799}.analogue-1-color-a8{color:#1d1799}.analogue-1-border-color-a8,.analogue-1-border-color-a8.border{border-color:#1d1799!important}.analogue-1-bg-a9{background-color:#191380}.analogue-1-color-a9{color:#191380}.analogue-1-border-color-a9,.analogue-1-border-color-a9.border{border-color:#191380!important}.analogue-1-bg-a10{background-color:#140f66}.analogue-1-color-a10{color:#140f66}.analogue-1-border-color-a10,.analogue-1-border-color-a10.border{border-color:#140f66!important}.analogue-1-bg-a11{background-color:#0f0b4d}.analogue-1-color-a11{color:#0f0b4d}.analogue-1-border-color-a11,.analogue-1-border-color-a11.border{border-color:#0f0b4d!important}.analogue-1-bg-a12{background-color:#0a0833}.analogue-1-color-a12{color:#0a0833}.analogue-1-border-color-a12,.analogue-1-border-color-a12.border{border-color:#0a0833!important}.analogue-2-bg-a1{background-color:#ccfffd}.analogue-2-color-a1{color:#ccfffd}.analogue-2-border-color-a1,.analogue-2-border-color-a1.border{border-color:#ccfffd!important}.analogue-2-bg-a2{background-color:#9ff5f2}.analogue-2-color-a2{color:#9ff5f2}.analogue-2-border-color-a2,.analogue-2-border-color-a2.border{border-color:#9ff5f2!important}.analogue-2-bg-a3{background-color:#75ebe7}.analogue-2-color-a3{color:#75ebe7}.analogue-2-border-color-a3,.analogue-2-border-color-a3.border{border-color:#75ebe7!important}.analogue-2-bg-a4{background-color:#4fe0dc}.analogue-2-color-a4{color:#4fe0dc}.analogue-2-border-color-a4,.analogue-2-border-color-a4.border{border-color:#4fe0dc!important}.analogue-2-bg-a5{background-color:#2bd6d0}.analogue-2-color-a5{color:#2bd6d0}.analogue-2-border-color-a5,.analogue-2-border-color-a5.border{border-color:#2bd6d0!important}.analogue-2-bg-a6{background-color:#0accc6}.analogue-2-color-a6{color:#0accc6}.analogue-2-border-color-a6,.analogue-2-border-color-a6.border{border-color:#0accc6!important}.analogue-2-bg-a7{background-color:#09b3ad}.analogue-2-color-a7{color:#09b3ad}.analogue-2-border-color-a7,.analogue-2-border-color-a7.border{border-color:#09b3ad!important}.analogue-2-bg-a8{background-color:#089994}.analogue-2-color-a8{color:#089994}.analogue-2-border-color-a8,.analogue-2-border-color-a8.border{border-color:#089994!important}.analogue-2-bg-a9{background-color:#06807b}.analogue-2-color-a9{color:#06807b}.analogue-2-border-color-a9,.analogue-2-border-color-a9.border{border-color:#06807b!important}.analogue-2-bg-a10{background-color:#056663}.analogue-2-color-a10{color:#056663}.analogue-2-border-color-a10,.analogue-2-border-color-a10.border{border-color:#056663!important}.analogue-2-bg-a11{background-color:#044d4a}.analogue-2-color-a11{color:#044d4a}.analogue-2-border-color-a11,.analogue-2-border-color-a11.border{border-color:#044d4a!important}.analogue-2-bg-a12{background-color:#033331}.analogue-2-color-a12{color:#033331}.analogue-2-border-color-a12,.analogue-2-border-color-a12.border{border-color:#033331!important}.complementary-1-bg{background-color:#f73e5a}.complementary-1-color{color:#f90}.complementary-1-border-color-,.complementary-1-border-color-.border{border-color:#f73e5a!important}.complementary-1-bg-a1{background-color:#fffcfd}.complementary-1-color-a1{color:#fffcfd}.complementary-1-border-color-a1,.complementary-1-border-color-a1.border{border-color:#fffcfd!important}.complementary-1-bg-a2{background-color:#f5d0d6}.complementary-1-color-a2{color:#f5d0d6}.complementary-1-border-color-a2,.complementary-1-border-color-a2.border{border-color:#f5d0d6!important}.complementary-1-bg-a3{background-color:#eba4af}.complementary-1-color-a3{color:#eba4af}.complementary-1-border-color-a3,.complementary-1-border-color-a3.border{border-color:#eba4af!important}.complementary-1-bg-a4{background-color:#e07b8b}.complementary-1-color-a4{color:#e07b8b}.complementary-1-border-color-a4,.complementary-1-border-color-a4.border{border-color:#e07b8b!important}.complementary-1-bg-a5{background-color:#d65669}.complementary-1-color-a5{color:#d65669}.complementary-1-border-color-a5,.complementary-1-border-color-a5.border{border-color:#d65669!important}.complementary-1-bg-a6{background-color:#cc334a}.complementary-1-color-a6{color:#cc334a}.complementary-1-border-color-a6,.complementary-1-border-color-a6.border{border-color:#cc334a!important}.complementary-1-bg-a7{background-color:#b32d41}.complementary-1-color-a7{color:#b32d41}.complementary-1-border-color-a7,.complementary-1-border-color-a7.border{border-color:#b32d41!important}.complementary-1-bg-a8{background-color:#992637}.complementary-1-color-a8{color:#992637}.complementary-1-border-color-a8,.complementary-1-border-color-a8.border{border-color:#992637!important}.complementary-1-bg-a9{background-color:#80202e}.complementary-1-color-a9{color:#80202e}.complementary-1-border-color-a9,.complementary-1-border-color-a9.border{border-color:#80202e!important}.complementary-1-bg-a10{background-color:#661a25}.complementary-1-color-a10{color:#661a25}.complementary-1-border-color-a10,.complementary-1-border-color-a10.border{border-color:#661a25!important}.complementary-1-bg-a11{background-color:#4d131c}.complementary-1-color-a11{color:#4d131c}.complementary-1-border-color-a11,.complementary-1-border-color-a11.border{border-color:#4d131c!important}.complementary-1-bg-a12{background-color:#330d12}.complementary-1-color-a12{color:#330d12}.complementary-1-border-color-a12,.complementary-1-border-color-a12.border{border-color:#330d12!important}.complementary-2-bg{background-color:#f90}.complementary-2-color{color:#f90}.complementary-2-border-color-,.complementary-2-border-color-.border{border-color:#f90!important}.complementary-2-bg-a1{background-color:#ffe6bf}.complementary-2-color-a1{color:#ffe6bf}.complementary-2-border-color-a1,.complementary-2-border-color-a1.border{border-color:#ffe6bf!important}.complementary-2-bg-a2{background-color:#f5ce93}.complementary-2-color-a2{color:#f5ce93}.complementary-2-border-color-a2,.complementary-2-border-color-a2.border{border-color:#f5ce93!important}.complementary-2-bg-a3{background-color:#ebb76a}.complementary-2-color-a3{color:#ebb76a}.complementary-2-border-color-a3,.complementary-2-border-color-a3.border{border-color:#ebb76a!important}.complementary-2-bg-a4{background-color:#e0a243}.complementary-2-color-a4{color:#e0a243}.complementary-2-border-color-a4,.complementary-2-border-color-a4.border{border-color:#e0a243!important}.complementary-2-bg-a5{background-color:#d68d20}.complementary-2-color-a5{color:#d68d20}.complementary-2-border-color-a5,.complementary-2-border-color-a5.border{border-color:#d68d20!important}.complementary-2-bg-a6{background-color:#cc7a00}.complementary-2-color-a6{color:#cc7a00}.complementary-2-border-color-a6,.complementary-2-border-color-a6.border{border-color:#cc7a00!important}.complementary-2-bg-a7{background-color:#b36b00}.complementary-2-color-a7{color:#b36b00}.complementary-2-border-color-a7,.complementary-2-border-color-a7.border{border-color:#b36b00!important}.complementary-2-bg-a8{background-color:#995c00}.complementary-2-color-a8{color:#995c00}.complementary-2-border-color-a8,.complementary-2-border-color-a8.border{border-color:#995c00!important}.complementary-2-bg-a9{background-color:#804d00}.complementary-2-color-a9{color:#804d00}.complementary-2-border-color-a9,.complementary-2-border-color-a9.border{border-color:#804d00!important}.complementary-2-bg-a10{background-color:#663d00}.complementary-2-color-a10{color:#663d00}.complementary-2-border-color-a10,.complementary-2-border-color-a10.border{border-color:#663d00!important}.complementary-2-bg-a11{background-color:#4d2e00}.complementary-2-color-a11{color:#4d2e00}.complementary-2-border-color-a11,.complementary-2-border-color-a11.border{border-color:#4d2e00!important}.complementary-2-bg-a12{background-color:#331f00}.complementary-2-color-a12{color:#331f00}.complementary-2-border-color-a12,.complementary-2-border-color-a12.border{border-color:#331f00!important}.complementary-3-bg{background-color:#00cf86}.complementary-3-color{color:#00cf86}.complementary-3-border-color-,.complementary-3-border-color-.border{border-color:#00cf86!important}.complementary-3-bg-a1{background-color:#bfffe9}.complementary-3-color-a1{color:#bfffe9}.complementary-3-border-color-a1,.complementary-3-border-color-a1.border{border-color:#bfffe9!important}.complementary-3-bg-a2{background-color:#93f5d3}.complementary-3-color-a2{color:#93f5d3}.complementary-3-border-color-a2,.complementary-3-border-color-a2.border{border-color:#93f5d3!important}.complementary-3-bg-a3{background-color:#6aebbd}.complementary-3-color-a3{color:#6aebbd}.complementary-3-border-color-a3,.complementary-3-border-color-a3.border{border-color:#6aebbd!important}.complementary-3-bg-a4{background-color:#43e0a9}.complementary-3-color-a4{color:#43e0a9}.complementary-3-border-color-a4,.complementary-3-border-color-a4.border{border-color:#43e0a9!important}.complementary-3-bg-a5{background-color:#20d696}.complementary-3-color-a5{color:#20d696}.complementary-3-border-color-a5,.complementary-3-border-color-a5.border{border-color:#20d696!important}.complementary-3-bg-a6{background-color:#00cc85}.complementary-3-color-a6{color:#00cc85}.complementary-3-border-color-a6,.complementary-3-border-color-a6.border{border-color:#00cc85!important}.complementary-3-bg-a7{background-color:#00b374}.complementary-3-color-a7{color:#00b374}.complementary-3-border-color-a7,.complementary-3-border-color-a7.border{border-color:#00b374!important}.complementary-3-bg-a8{background-color:#009963}.complementary-3-color-a8{color:#009963}.complementary-3-border-color-a8,.complementary-3-border-color-a8.border{border-color:#009963!important}.complementary-3-bg-a9{background-color:#008053}.complementary-3-color-a9{color:#008053}.complementary-3-border-color-a9,.complementary-3-border-color-a9.border{border-color:#008053!important}.complementary-3-bg-a10{background-color:#006642}.complementary-3-color-a10{color:#006642}.complementary-3-border-color-a10,.complementary-3-border-color-a10.border{border-color:#006642!important}.complementary-3-bg-a11{background-color:#004d32}.complementary-3-color-a11{color:#004d32}.complementary-3-border-color-a11,.complementary-3-border-color-a11.border{border-color:#004d32!important}.complementary-3-bg-a12{background-color:#003321}.complementary-3-color-a12{color:#003321}.complementary-3-border-color-a12,.complementary-3-border-color-a12.border{border-color:#003321!important}.analogue-1-bg{background-color:#3126ff}.analogue-1-color{color:#3126ff}.analogue-1-border-color-,.analogue-1-border-color-.border{border-color:#3126ff!important}.analogue-1-bg-b1{background-color:#3126ff}.analogue-1-color-b1{color:#3126ff}.analogue-1-border-color-b1,.analogue-1-border-color-b1.border{border-color:#3126ff!important}.analogue-1-bg-b2{background-color:#4239e6}.analogue-1-color-b2{color:#4239e6}.analogue-1-border-color-b2,.analogue-1-border-color-b2.border{border-color:#4239e6!important}.analogue-1-bg-b3{background-color:#4e47cc}.analogue-1-color-b3{color:#4e47cc}.analogue-1-border-color-b3,.analogue-1-border-color-b3.border{border-color:#4e47cc!important}.analogue-1-bg-b4{background-color:#5550b3}.analogue-1-color-b4{color:#5550b3}.analogue-1-border-color-b4,.analogue-1-border-color-b4.border{border-color:#5550b3!important}.analogue-1-bg-b5{background-color:#585499}.analogue-1-color-b5{color:#585499}.analogue-1-border-color-b5,.analogue-1-border-color-b5.border{border-color:#585499!important}.analogue-1-bg-b6{background-color:#555380}.analogue-1-color-b6{color:#555380}.analogue-1-border-color-b6,.analogue-1-border-color-b6.border{border-color:#555380!important}.analogue-1-bg-b7{background-color:#4e4d66}.analogue-1-color-b7{color:#4e4d66}.analogue-1-border-color-b7,.analogue-1-border-color-b7.border{border-color:#4e4d66!important}.analogue-1-bg-b8{background-color:#42414d}.analogue-1-color-b8{color:#42414d}.analogue-1-border-color-b8,.analogue-1-border-color-b8.border{border-color:#42414d!important}.analogue-2-bg{background-color:#0bd9d2}.analogue-2-color{color:#0bd9d2}.analogue-2-border-color-,.analogue-2-border-color-.border{border-color:#0bd9d2!important}.analogue-2-bg-b1{background-color:#0bd9d2}.analogue-2-color-b1{color:#0bd9d2}.analogue-2-border-color-b1,.analogue-2-border-color-b1.border{border-color:#0bd9d2!important}.analogue-2-bg-b2{background-color:#1dbfba}.analogue-2-color-b2{color:#1dbfba}.analogue-2-border-color-b2,.analogue-2-border-color-b2.border{border-color:#1dbfba!important}.analogue-2-bg-b3{background-color:#29a6a2}.analogue-2-color-b3{color:#29a6a2}.analogue-2-border-color-b3,.analogue-2-border-color-b3.border{border-color:#29a6a2!important}.analogue-2-bg-b4{background-color:#318c89}.analogue-2-color-b4{color:#318c89}.analogue-2-border-color-b4,.analogue-2-border-color-b4.border{border-color:#318c89!important}.analogue-2-bg-b5{background-color:#347371}.analogue-2-color-b5{color:#347371}.analogue-2-border-color-b5,.analogue-2-border-color-b5.border{border-color:#347371!important}.analogue-2-bg-b6{background-color:#315958}.analogue-2-color-b6{color:#315958}.analogue-2-border-color-b6,.analogue-2-border-color-b6.border{border-color:#315958!important}.analogue-2-bg-b7{background-color:#29403f}.analogue-2-color-b7{color:#29403f}.analogue-2-border-color-b7,.analogue-2-border-color-b7.border{border-color:#29403f!important}.analogue-2-bg-b8{background-color:#1d2626}.analogue-2-color-b8{color:#1d2626}.analogue-2-border-color-b8,.analogue-2-border-color-b8.border{border-color:#1d2626!important}.complementary-1-bg-b1{background-color:#f73e5a}.complementary-1-color-b1{color:#f73e5a}.complementary-1-border-color-b1,.complementary-1-border-color-b1.border{border-color:#f73e5a!important}.complementary-1-bg-b2{background-color:#de4e63}.complementary-1-color-b2{color:#de4e63}.complementary-1-border-color-b2,.complementary-1-border-color-b2.border{border-color:#de4e63!important}.complementary-1-bg-b3{background-color:#c45869}.complementary-1-color-b3{color:#c45869}.complementary-1-border-color-b3,.complementary-1-border-color-b3.border{border-color:#c45869!important}.complementary-1-bg-b4{background-color:#ab5e69}.complementary-1-color-b4{color:#ab5e69}.complementary-1-border-color-b4,.complementary-1-border-color-b4.border{border-color:#ab5e69!important}.complementary-1-bg-b5{background-color:#915e66}.complementary-1-color-b5{color:#915e66}.complementary-1-border-color-b5,.complementary-1-border-color-b5.border{border-color:#915e66!important}.complementary-1-bg-b6{background-color:#785a5e}.complementary-1-color-b6{color:#785a5e}.complementary-1-border-color-b6,.complementary-1-border-color-b6.border{border-color:#785a5e!important}.complementary-1-bg-b7{background-color:#5e5052}.complementary-1-color-b7{color:#5e5052}.complementary-1-border-color-b7,.complementary-1-border-color-b7.border{border-color:#5e5052!important}.complementary-1-bg-b8{background-color:#454142}.complementary-1-color-b8{color:#454142}.complementary-1-border-color-b8,.complementary-1-border-color-b8.border{border-color:#454142!important}.complementary-2-bg-b1{background-color:#f90}.complementary-2-color-b1{color:#f90}.complementary-2-border-color-b1,.complementary-2-border-color-b1.border{border-color:#f90!important}.complementary-2-bg-b2{background-color:#e69317}.complementary-2-color-b2{color:#e69317}.complementary-2-border-color-b2,.complementary-2-border-color-b2.border{border-color:#e69317!important}.complementary-2-bg-b3{background-color:#cc8b29}.complementary-2-color-b3{color:#cc8b29}.complementary-2-border-color-b3,.complementary-2-border-color-b3.border{border-color:#cc8b29!important}.complementary-2-bg-b4{background-color:#b38136}.complementary-2-color-b4{color:#b38136}.complementary-2-border-color-b4,.complementary-2-border-color-b4.border{border-color:#b38136!important}.complementary-2-bg-b5{background-color:#99743d}.complementary-2-color-b5{color:#99743d}.complementary-2-border-color-b5,.complementary-2-border-color-b5.border{border-color:#99743d!important}.complementary-2-bg-b6{background-color:#806640}.complementary-2-color-b6{color:#806640}.complementary-2-border-color-b6,.complementary-2-border-color-b6.border{border-color:#806640!important}.complementary-2-bg-b7{background-color:#66563d}.complementary-2-color-b7{color:#66563d}.complementary-2-border-color-b7,.complementary-2-border-color-b7.border{border-color:#66563d!important}.complementary-2-bg-b8{background-color:#4d4336}.complementary-2-color-b8{color:#4d4336}.complementary-2-border-color-b8,.complementary-2-border-color-b8.border{border-color:#4d4336!important}.complementary-3-bg-b1{background-color:#00cf86}.complementary-3-color-b1{color:#00cf86}.complementary-3-border-color-b1,.complementary-3-border-color-b1.border{border-color:#00cf86!important}.complementary-3-bg-b2{background-color:#12b57c}.complementary-3-color-b2{color:#12b57c}.complementary-3-border-color-b2,.complementary-3-border-color-b2.border{border-color:#12b57c!important}.complementary-3-bg-b3{background-color:#1f9c70}.complementary-3-color-b3{color:#1f9c70}.complementary-3-border-color-b3,.complementary-3-border-color-b3.border{border-color:#1f9c70!important}.complementary-3-bg-b4{background-color:#278262}.complementary-3-color-b4{color:#278262}.complementary-3-border-color-b4,.complementary-3-border-color-b4.border{border-color:#278262!important}.complementary-3-bg-b5{background-color:#2a6953}.complementary-3-color-b5{color:#2a6953}.complementary-3-border-color-b5,.complementary-3-border-color-b5.border{border-color:#2a6953!important}.complementary-3-bg-b6{background-color:#284f41}.complementary-3-color-b6{color:#284f41}.complementary-3-border-color-b6,.complementary-3-border-color-b6.border{border-color:#284f41!important}.complementary-3-bg-b7{background-color:#20362e}.complementary-3-color-b7{color:#20362e}.complementary-3-border-color-b7,.complementary-3-border-color-b7.border{border-color:#20362e!important}.complementary-3-bg-b8{background-color:#141c19}.complementary-3-color-b8{color:#141c19}.complementary-3-border-color-b8,.complementary-3-border-color-b8.border{border-color:#141c19!important}.neutral-1-bg{background-color:#17324d}.neutral-1-color{color:#17324d}.neutral-1-border-color-,.neutral-1-border-color-.border{border-color:#17324d!important}.neutral-1-bg-a1{background-color:#ebeced}.neutral-1-color-a1{color:#ebeced}.neutral-1-border-color-a1,.neutral-1-border-color-a1.border{border-color:#ebeced!important}.neutral-1-bg-a2{background-color:#d9dadb}.neutral-1-color-a2{color:#d9dadb}.neutral-1-border-color-a2,.neutral-1-border-color-a2.border{border-color:#d9dadb!important}.neutral-1-bg-a3{background-color:#c5c7c9}.neutral-1-color-a3{color:#c5c7c9}.neutral-1-border-color-a3,.neutral-1-border-color-a3.border{border-color:#c5c7c9!important}.neutral-1-bg-a4{background-color:#adb2b8}.neutral-1-color-a4{color:#adb2b8}.neutral-1-border-color-a4,.neutral-1-border-color-a4.border{border-color:#adb2b8!important}.neutral-1-bg-a5{background-color:#959da6}.neutral-1-color-a5{color:#959da6}.neutral-1-border-color-a5,.neutral-1-border-color-a5.border{border-color:#959da6!important}.neutral-1-bg-a6{background-color:#768594}.neutral-1-color-a6{color:#768594}.neutral-1-border-color-a6,.neutral-1-border-color-a6.border{border-color:#768594!important}.neutral-1-bg-a7{background-color:#5b6f82}.neutral-1-color-a7{color:#5b6f82}.neutral-1-border-color-a7,.neutral-1-border-color-a7.border{border-color:#5b6f82!important}.neutral-1-bg-a8{background-color:#435a70}.neutral-1-color-a8{color:#435a70}.neutral-1-border-color-a8,.neutral-1-border-color-a8.border{border-color:#435a70!important}.neutral-1-bg-a9{background-color:#2f475e}.neutral-1-color-a9{color:#2f475e}.neutral-1-border-color-a9,.neutral-1-border-color-a9.border{border-color:#2f475e!important}.neutral-1-bg-a10{background-color:#17324d}.neutral-1-color-a10{color:#17324d}.neutral-1-border-color-a10,.neutral-1-border-color-a10.border{border-color:#17324d!important}.neutral-2-bg{background-color:#e6ecf2}.neutral-2-color{color:#e6ecf2}.neutral-2-border-color-{border-color:#e6ecf2}.neutral-2-bg-b1{background-color:#e6ecf2}.neutral-2-color-b1{color:#e6ecf2}.neutral-2-border-color-b1,.neutral-2-border-color-b1.border{border-color:#e6ecf2!important}.neutral-2-bg-b2{background-color:#c2c7cc}.neutral-2-color-b2{color:#c2c7cc}.neutral-2-border-color-b2,.neutral-2-border-color-b2.border{border-color:#c2c7cc!important}.neutral-2-bg-b3{background-color:#9da2a6}.neutral-2-color-b3{color:#9da2a6}.neutral-2-border-color-b3,.neutral-2-border-color-b3.border{border-color:#9da2a6!important}.neutral-2-bg-b4{background-color:#797c80}.neutral-2-color-b4{color:#797c80}.neutral-2-border-color-b4,.neutral-2-border-color-b4.border{border-color:#797c80!important}.neutral-2-bg-b5{background-color:#565759}.neutral-2-color-b5{color:#565759}.neutral-2-border-color-b5,.neutral-2-border-color-b5.border{border-color:#565759!important}.neutral-2-bg-b6{background-color:#2f3133}.neutral-2-color-b6{color:#2f3133}.neutral-2-border-color-b6,.neutral-2-border-color-b6.border{border-color:#2f3133!important}.neutral-2-bg-b7{background-color:#0c0c0d}.neutral-2-color-b7{color:#0c0c0d}.neutral-2-border-color-b7,.neutral-2-border-color-b7.border{border-color:#0c0c0d!important}.neutral-2-bg-a1{background-color:#e6ecf2}.neutral-2-color-a1{color:#e6ecf2}.neutral-2-border-color-a1,.neutral-2-border-color-a1.border{border-color:#e6ecf2!important}.neutral-2-bg-a2{background-color:#bcc4cc}.neutral-2-color-a2{color:#bcc4cc}.neutral-2-border-color-a2,.neutral-2-border-color-a2.border{border-color:#bcc4cc!important}.neutral-2-bg-a3{background-color:#9aa0a6}.neutral-2-color-a3{color:#9aa0a6}.neutral-2-border-color-a3,.neutral-2-border-color-a3.border{border-color:#9aa0a6!important}.neutral-2-bg-a4{background-color:#777b80}.neutral-2-color-a4{color:#777b80}.neutral-2-border-color-a4,.neutral-2-border-color-a4.border{border-color:#777b80!important}.neutral-2-bg-a5{background-color:#535659}.neutral-2-color-a5{color:#535659}.neutral-2-border-color-a5,.neutral-2-border-color-a5.border{border-color:#535659!important}.neutral-2-bg-a6{background-color:#2f3133}.neutral-2-color-a6{color:#2f3133}.neutral-2-border-color-a6,.neutral-2-border-color-a6.border{border-color:#2f3133!important}.neutral-2-bg-a7{background-color:#17181a}.neutral-2-color-a7{color:#17181a}.neutral-2-border-color-a7,.neutral-2-border-color-a7.border{border-color:#17181a!important}.lightgrey-bg-a1{background-color:#e8f2fc}.lightgrey-color-a1{color:#e8f2fc}.lightgrey-border-color-a1,.lightgrey-border-color-a1.border{border-color:#e8f2fc!important}.lightgrey-bg-a2{background-color:#edf5fc}.lightgrey-color-a2{color:#edf5fc}.lightgrey-border-color-a2,.lightgrey-border-color-a2.border{border-color:#edf5fc!important}.lightgrey-bg-a3{background-color:#f2f7fc}.lightgrey-color-a3{color:#f2f7fc}.lightgrey-border-color-a3,.lightgrey-border-color-a3.border{border-color:#f2f7fc!important}.lightgrey-bg-a4{background-color:#f5f9fc}.lightgrey-color-a4{color:#f5f9fc}.lightgrey-border-color-a4,.lightgrey-border-color-a4.border{border-color:#f5f9fc!important}.lightgrey-bg-b1{background-color:#e6f0fa}.lightgrey-color-b1{color:#e6f0fa}.lightgrey-border-color-b1,.lightgrey-border-color-b1.border{border-color:#e6f0fa!important}.lightgrey-bg-b2{background-color:#ebf2fa}.lightgrey-color-b2{color:#ebf2fa}.lightgrey-border-color-b2,.lightgrey-border-color-b2.border{border-color:#ebf2fa!important}.lightgrey-bg-b3{background-color:#edf4fa}.lightgrey-color-b3{color:#edf4fa}.lightgrey-border-color-b3,.lightgrey-border-color-b3.border{border-color:#edf4fa!important}.lightgrey-bg-b4{background-color:#f2f6fa}.lightgrey-color-b4{color:#f2f6fa}.lightgrey-border-color-b4,.lightgrey-border-color-b4.border{border-color:#f2f6fa!important}.lightgrey-bg-c1{background-color:#f7f9fa}.lightgrey-color-c1{color:#f7f9fa}.lightgrey-border-color-c1,.lightgrey-border-color-c1.border{border-color:#f7f9fa!important}.lightgrey-bg-c2{background-color:#f5f6f7}.lightgrey-color-c2{color:#f5f6f7}.lightgrey-border-color-c2,.lightgrey-border-color-c2.border{border-color:#f5f6f7!important}:root{--blue:#0073e6;--indigo:#554dff;--purple:#9e99ff;--pink:#ffb3bf;--red:#f73e5a;--orange:#f90;--yellow:#ffda73;--green:#00cc85;--teal:#0bd9d2;--cyan:#00fff7;--white:#fff;--gray:#656566;--gray-dark:#323333;--italia:#06c;--gray-secondary:#5c6f82;--gray-tertiary:#5a768a;--gray-quaternary:#fcfdff;--primary:#0073e6;--secondary:#5c6f82;--success:#00cc85;--info:#979899;--warning:#f90;--danger:#f73e5a;--light:#e9e6f2;--dark:#17324d;--100:#e3e4e6;--200:#cacacc;--300:#b1b1b3;--400:#979899;--500:#7e7f80;--600:#656566;--700:#4c4c4d;--800:#323333;--900:#19191a;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Titillium Web",Geneva,Tahoma,sans-serif;--font-family-monospace:"Roboto Mono",monospace}@media print{*,:after,:before{text-shadow:none!important;-webkit-box-shadow:none!important;box-shadow:none!important}a:not(.btn){text-decoration:underline}abbr[title]:after{content:" (" attr(title) ")"}pre{white-space:pre-wrap!important}blockquote,pre{border:1px solid #7e7f80;page-break-inside:avoid}thead{display:table-header-group}img,tr{page-break-inside:avoid}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}@page{size:a3}.container,body{min-width:992px!important}.navbar{display:none}.badge{border:1px solid #000}.table{border-collapse:collapse!important}.table td,.table th{background-color:#fff!important}.table-bordered td,.table-bordered th{border:1px solid #b1b1b3!important}.table-dark{color:inherit}.table-dark tbody+tbody,.table-dark td,.table-dark th,.table-dark thead th{border-color:#d6dce3}.table .thead-dark th{color:inherit;border-color:#d6dce3}}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-family:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:rgba(0,0,0,0)}article,aside,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}body{margin:0;font-family:Titillium Web,Geneva,Tahoma,sans-serif;font-size:16px;font-size:1rem;font-weight:300;line-height:1.5;color:#19191a;text-align:left;background-color:#fff}[tabindex="-1"]:focus{outline:0!important}hr{-webkit-box-sizing:content-box;box-sizing:content-box;height:0;overflow:visible}h1,h2,h3,h4,h5,h6{margin-top:0;margin-bottom:8px}p{margin-top:0;margin-bottom:1rem}abbr[data-original-title],abbr[title]{text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0;text-decoration-skip-ink:none}address{font-style:normal;line-height:inherit}address,dl,ol,ul{margin-bottom:1rem}dl,ol,ul{margin-top:0}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{margin-bottom:.5rem;margin-left:0}blockquote{margin:0 0 1rem}b,strong{font-weight:bolder}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}a{color:#0073e6;text-decoration:none;background-color:transparent}a:hover{color:#004d99;text-decoration:underline}a:not([href]):not([tabindex]),a:not([href]):not([tabindex]):focus,a:not([href]):not([tabindex]):hover{color:inherit;text-decoration:none}a:not([href]):not([tabindex]):focus{outline:0}code,kbd,pre,samp{font-family:Roboto Mono,monospace;font-size:1em}pre{margin-top:0;margin-bottom:1rem;overflow:auto}figure{margin:0 0 1rem}img{border-style:none}img,svg{vertical-align:middle}svg{overflow:hidden}table{border-collapse:collapse}caption{padding-top:1em;padding-bottom:1em;color:#5a768a;text-align:left;caption-side:bottom}th{text-align:inherit}label{display:inline-block;margin-bottom:.5rem}button{border-radius:0}button:focus{outline:1px dotted;outline:5px auto -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,input{overflow:visible}button,select{text-transform:none}select{word-wrap:normal}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]:not(:disabled),[type=reset]:not(:disabled),[type=submit]:not(:disabled),button:not(:disabled){cursor:pointer}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{padding:0;border-style:none}input[type=checkbox],input[type=radio]{-webkit-box-sizing:border-box;box-sizing:border-box;padding:0}input[type=date],input[type=datetime-local],input[type=month],input[type=time]{-webkit-appearance:listbox}textarea{overflow:auto;resize:vertical}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;max-width:100%;padding:0;margin-bottom:.5rem;font-size:24px;font-size:1.5rem;line-height:inherit;color:inherit;white-space:normal}progress{vertical-align:baseline}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{outline-offset:-2px;-webkit-appearance:none}[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{font:inherit;-webkit-appearance:button}output{display:inline-block}summary{display:list-item;cursor:pointer}template{display:none}[hidden]{display:none!important}.h1,.h2,.h3,.h4,.h5,.h6,h1,h2,h3,h4,h5,h6{margin-bottom:8px;font-weight:700;line-height:1.2}.h1,h1{font-size:40px;font-size:2.5rem}.h2,h2{font-size:32px;font-size:2rem}.h3,h3{font-size:28px;font-size:1.75rem}.h4,h4{font-size:24px;font-size:1.5rem}.h5,h5{font-size:20px;font-size:1.25rem}.h6,h6{font-size:16px;font-size:1rem}.lead{font-size:20px;font-size:1.25rem;font-weight:300}.display-1{font-size:56px;font-size:3.5rem}.display-1,.display-2{font-weight:700;line-height:1.2}.display-2{font-size:40px;font-size:2.5rem}.display-3{font-size:24px;font-size:1.5rem}.display-3,.display-4{font-weight:700;line-height:1.2}.display-4{font-size:20px;font-size:1.25rem}hr{margin-top:16px;margin-bottom:16px;border:0;border-top:1px solid rgba(0,0,0,.1)}.small,small{font-size:12.432px;font-size:.777rem}.mark,mark{padding:.2em;background-color:#fcf8e3}.list-inline,.list-unstyled{padding-left:0;list-style:none}.list-inline-item{display:inline-block}.list-inline-item:not(:last-child){margin-right:.5rem}.initialism{font-size:90%;text-transform:uppercase}.blockquote{margin-bottom:16px;font-size:20px;font-size:1.25rem}.blockquote-footer{display:block;font-size:12.432px;font-size:.777rem}.blockquote-footer:before{content:"\2014\00A0"}.img-fluid,.img-thumbnail{max-width:100%;height:auto}.img-thumbnail{padding:.25rem;background-color:#fff;border:1px solid #b1b1b3;border-radius:4px;-webkit-box-shadow:0 1px 2px rgba(0,0,0,.075);box-shadow:0 1px 2px rgba(0,0,0,.075)}.figure{display:inline-block}.figure-img{margin-bottom:8px;line-height:1}.figure-caption{font-size:90%;color:#656566}code{font-size:87.5%;color:#17324d;word-break:break-word}a>code{color:inherit}kbd{padding:.2rem .4rem;font-size:87.5%;color:#fff;background-color:#19191a;border-radius:2px;-webkit-box-shadow:inset 0 -.1rem 0 rgba(0,0,0,.25);box-shadow:inset 0 -.1rem 0 rgba(0,0,0,.25)}kbd kbd{padding:0;font-size:100%;font-weight:700;-webkit-box-shadow:none;box-shadow:none}pre{display:block;font-size:87.5%;color:#19191a}pre code{font-size:inherit;color:inherit;word-break:normal}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{width:100%;padding-right:6px;padding-left:6px;margin-right:auto;margin-left:auto}@media (min-width:576px){.container{max-width:540px}}@media (min-width:768px){.container{max-width:720px}}@media (min-width:992px){.container{max-width:960px}}@media (min-width:1200px){.container{max-width:1140px}}.container-fluid{width:100%;padding-right:6px;padding-left:6px;margin-right:auto;margin-left:auto}.row{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;margin-right:-6px;margin-left:-6px}.no-gutters{margin-right:0;margin-left:0}.no-gutters>.col,.no-gutters>[class*=col-]{padding-right:0;padding-left:0}.col,.col-1,.col-2,.col-3,.col-4,.col-5,.col-6,.col-7,.col-8,.col-9,.col-10,.col-11,.col-12,.col-auto,.col-lg,.col-lg-1,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-auto,.col-md,.col-md-1,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-10,.col-md-11,.col-md-12,.col-md-auto,.col-sm,.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-auto,.col-xl,.col-xl-1,.col-xl-2,.col-xl-3,.col-xl-4,.col-xl-5,.col-xl-6,.col-xl-7,.col-xl-8,.col-xl-9,.col-xl-10,.col-xl-11,.col-xl-12,.col-xl-auto{position:relative;width:100%;padding-right:6px;padding-left:6px}.col{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-auto{-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-1,.col-auto{-webkit-box-flex:0}.col-1{-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-2{-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-2,.col-3{-webkit-box-flex:0}.col-3{-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-4{-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-4,.col-5{-webkit-box-flex:0}.col-5{-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-6{-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-6,.col-7{-webkit-box-flex:0}.col-7{-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-8{-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-8,.col-9{-webkit-box-flex:0}.col-9{-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-10{-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-10,.col-11{-webkit-box-flex:0}.col-11{-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-1{margin-left:8.3333333333%}.offset-2{margin-left:16.6666666667%}.offset-3{margin-left:25%}.offset-4{margin-left:33.3333333333%}.offset-5{margin-left:41.6666666667%}.offset-6{margin-left:50%}.offset-7{margin-left:58.3333333333%}.offset-8{margin-left:66.6666666667%}.offset-9{margin-left:75%}.offset-10{margin-left:83.3333333333%}.offset-11{margin-left:91.6666666667%}@media (min-width:576px){.col-sm{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-sm-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-sm-1{-webkit-box-flex:0;-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-sm-2{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-sm-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-sm-4{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-sm-5{-webkit-box-flex:0;-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-sm-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-sm-7{-webkit-box-flex:0;-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-sm-8{-webkit-box-flex:0;-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-sm-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-sm-10{-webkit-box-flex:0;-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-sm-11{-webkit-box-flex:0;-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-sm-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-sm-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-sm-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-sm-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-sm-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-sm-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-sm-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-sm-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-sm-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-sm-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-sm-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-sm-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-sm-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-sm-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-sm-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-sm-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-sm-0{margin-left:0}.offset-sm-1{margin-left:8.3333333333%}.offset-sm-2{margin-left:16.6666666667%}.offset-sm-3{margin-left:25%}.offset-sm-4{margin-left:33.3333333333%}.offset-sm-5{margin-left:41.6666666667%}.offset-sm-6{margin-left:50%}.offset-sm-7{margin-left:58.3333333333%}.offset-sm-8{margin-left:66.6666666667%}.offset-sm-9{margin-left:75%}.offset-sm-10{margin-left:83.3333333333%}.offset-sm-11{margin-left:91.6666666667%}}@media (min-width:768px){.col-md{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-md-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-md-1{-webkit-box-flex:0;-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-md-2{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-md-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-md-4{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-md-5{-webkit-box-flex:0;-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-md-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-md-7{-webkit-box-flex:0;-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-md-8{-webkit-box-flex:0;-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-md-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-md-10{-webkit-box-flex:0;-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-md-11{-webkit-box-flex:0;-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-md-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-md-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-md-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-md-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-md-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-md-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-md-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-md-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-md-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-md-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-md-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-md-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-md-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-md-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-md-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-md-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-md-0{margin-left:0}.offset-md-1{margin-left:8.3333333333%}.offset-md-2{margin-left:16.6666666667%}.offset-md-3{margin-left:25%}.offset-md-4{margin-left:33.3333333333%}.offset-md-5{margin-left:41.6666666667%}.offset-md-6{margin-left:50%}.offset-md-7{margin-left:58.3333333333%}.offset-md-8{margin-left:66.6666666667%}.offset-md-9{margin-left:75%}.offset-md-10{margin-left:83.3333333333%}.offset-md-11{margin-left:91.6666666667%}}@media (min-width:992px){.col-lg{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-lg-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-lg-1{-webkit-box-flex:0;-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-lg-2{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-lg-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-lg-4{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-lg-5{-webkit-box-flex:0;-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-lg-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-lg-7{-webkit-box-flex:0;-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-lg-8{-webkit-box-flex:0;-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-lg-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-lg-10{-webkit-box-flex:0;-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-lg-11{-webkit-box-flex:0;-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-lg-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-lg-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-lg-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-lg-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-lg-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-lg-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-lg-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-lg-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-lg-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-lg-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-lg-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-lg-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-lg-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-lg-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-lg-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-lg-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-lg-0{margin-left:0}.offset-lg-1{margin-left:8.3333333333%}.offset-lg-2{margin-left:16.6666666667%}.offset-lg-3{margin-left:25%}.offset-lg-4{margin-left:33.3333333333%}.offset-lg-5{margin-left:41.6666666667%}.offset-lg-6{margin-left:50%}.offset-lg-7{margin-left:58.3333333333%}.offset-lg-8{margin-left:66.6666666667%}.offset-lg-9{margin-left:75%}.offset-lg-10{margin-left:83.3333333333%}.offset-lg-11{margin-left:91.6666666667%}}@media (min-width:1200px){.col-xl{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-xl-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-xl-1{-webkit-box-flex:0;-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-xl-2{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-xl-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-xl-4{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-xl-5{-webkit-box-flex:0;-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-xl-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-xl-7{-webkit-box-flex:0;-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-xl-8{-webkit-box-flex:0;-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-xl-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-xl-10{-webkit-box-flex:0;-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-xl-11{-webkit-box-flex:0;-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-xl-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-xl-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-xl-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-xl-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-xl-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-xl-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-xl-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-xl-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-xl-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-xl-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-xl-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-xl-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-xl-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-xl-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-xl-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-xl-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-xl-0{margin-left:0}.offset-xl-1{margin-left:8.3333333333%}.offset-xl-2{margin-left:16.6666666667%}.offset-xl-3{margin-left:25%}.offset-xl-4{margin-left:33.3333333333%}.offset-xl-5{margin-left:41.6666666667%}.offset-xl-6{margin-left:50%}.offset-xl-7{margin-left:58.3333333333%}.offset-xl-8{margin-left:66.6666666667%}.offset-xl-9{margin-left:75%}.offset-xl-10{margin-left:83.3333333333%}.offset-xl-11{margin-left:91.6666666667%}}.table{width:100%;margin-bottom:16px;color:#19191a}.table td,.table th{padding:1em;vertical-align:top;border-top:1px solid #d6dce3}.table thead th{vertical-align:bottom;border-bottom:2px solid #d6dce3}.table tbody+tbody{border-top:2px solid #d6dce3}.table-sm td,.table-sm th{padding:.3rem}.table-bordered,.table-bordered td,.table-bordered th{border:1px solid #d6dce3}.table-bordered thead td,.table-bordered thead th{border-bottom-width:2px}.table-borderless tbody+tbody,.table-borderless td,.table-borderless th,.table-borderless thead th{border:0}.table-striped tbody tr:nth-of-type(odd){background-color:#f6f7f9}.table-hover tbody tr:hover{color:#19191a;background-color:#e5f1fa}.table-primary,.table-primary>td,.table-primary>th{background-color:#b8d8f8}.table-primary tbody+tbody,.table-primary td,.table-primary th,.table-primary thead th{border-color:#7ab6f2}.table-hover .table-primary:hover,.table-hover .table-primary:hover>td,.table-hover .table-primary:hover>th{background-color:#a1cbf6}.table-secondary,.table-secondary>td,.table-secondary>th{background-color:#d1d7dc}.table-secondary tbody+tbody,.table-secondary td,.table-secondary th,.table-secondary thead th{border-color:#aab4be}.table-hover .table-secondary:hover,.table-hover .table-secondary:hover>td,.table-hover .table-secondary:hover>th{background-color:#c3cad1}.table-success,.table-success>td,.table-success>th{background-color:#b8f1dd}.table-success tbody+tbody,.table-success td,.table-success th,.table-success thead th{border-color:#7ae4c0}.table-hover .table-success:hover,.table-hover .table-success:hover>td,.table-hover .table-success:hover>th{background-color:#a3edd3}.table-info,.table-info>td,.table-info>th{background-color:#e2e2e2}.table-info tbody+tbody,.table-info td,.table-info th,.table-info thead th{border-color:#c9c9ca}.table-hover .table-info:hover,.table-hover .table-info:hover>td,.table-hover .table-info:hover>th{background-color:#d5d5d5}.table-warning,.table-warning>td,.table-warning>th{background-color:#ffe2b8}.table-warning tbody+tbody,.table-warning td,.table-warning th,.table-warning thead th{border-color:#ffca7a}.table-hover .table-warning:hover,.table-hover .table-warning:hover>td,.table-hover .table-warning:hover>th{background-color:#ffd89f}.table-danger,.table-danger>td,.table-danger>th{background-color:#fdc9d1}.table-danger tbody+tbody,.table-danger td,.table-danger th,.table-danger thead th{border-color:#fb9ba9}.table-hover .table-danger:hover,.table-hover .table-danger:hover>td,.table-hover .table-danger:hover>th{background-color:#fcb0bc}.table-light,.table-light>td,.table-light>th{background-color:#f9f8fb}.table-light tbody+tbody,.table-light td,.table-light th,.table-light thead th{border-color:#f4f2f8}.table-hover .table-light:hover,.table-hover .table-light:hover>td,.table-hover .table-light:hover>th{background-color:#ebe8f2}.table-dark,.table-dark>td,.table-dark>th{background-color:#bec6cd}.table-dark tbody+tbody,.table-dark td,.table-dark th,.table-dark thead th{border-color:#8694a2}.table-hover .table-dark:hover,.table-hover .table-dark:hover>td,.table-hover .table-dark:hover>th{background-color:#b0b9c2}.table-100,.table-100>td,.table-100>th{background-color:#f7f7f8}.table-100 tbody+tbody,.table-100 td,.table-100 th,.table-100 thead th{border-color:#f0f1f2}.table-hover .table-100:hover,.table-hover .table-100:hover>td,.table-hover .table-100:hover>th{background-color:#e9e9ec}.table-200,.table-200>td,.table-200>th{background-color:#f0f0f1}.table-200 tbody+tbody,.table-200 td,.table-200 th,.table-200 thead th{border-color:#e3e3e4}.table-hover .table-200:hover,.table-hover .table-200:hover>td,.table-hover .table-200:hover>th{background-color:#e3e3e5}.table-300,.table-300>td,.table-300>th{background-color:#e9e9ea}.table-300 tbody+tbody,.table-300 td,.table-300 th,.table-300 thead th{border-color:#d6d6d7}.table-hover .table-300:hover,.table-hover .table-300:hover>td,.table-hover .table-300:hover>th{background-color:#dcdcde}.table-400,.table-400>td,.table-400>th{background-color:#e2e2e2}.table-400 tbody+tbody,.table-400 td,.table-400 th,.table-400 thead th{border-color:#c9c9ca}.table-hover .table-400:hover,.table-hover .table-400:hover>td,.table-hover .table-400:hover>th{background-color:#d5d5d5}.table-500,.table-500>td,.table-500>th{background-color:#dbdbdb}.table-500 tbody+tbody,.table-500 td,.table-500 th,.table-500 thead th{border-color:#bcbcbd}.table-hover .table-500:hover,.table-hover .table-500:hover>td,.table-hover .table-500:hover>th{background-color:#cecece}.table-600,.table-600>td,.table-600>th{background-color:#d4d4d4}.table-600 tbody+tbody,.table-600 td,.table-600 th,.table-600 thead th{border-color:#afafaf}.table-hover .table-600:hover,.table-hover .table-600:hover>td,.table-hover .table-600:hover>th{background-color:#c7c7c7}.table-700,.table-700>td,.table-700>th{background-color:#cdcdcd}.table-700 tbody+tbody,.table-700 td,.table-700 th,.table-700 thead th{border-color:#a2a2a2}.table-hover .table-700:hover,.table-hover .table-700:hover>td,.table-hover .table-700:hover>th{background-color:silver}.table-800,.table-800>td,.table-800>th{background-color:#c6c6c6}.table-800 tbody+tbody,.table-800 td,.table-800 th,.table-800 thead th{border-color:#949595}.table-hover .table-800:hover,.table-hover .table-800:hover>td,.table-hover .table-800:hover>th{background-color:#b9b9b9}.table-900,.table-900>td,.table-900>th{background-color:#bfbfbf}.table-900 tbody+tbody,.table-900 td,.table-900 th,.table-900 thead th{border-color:#878788}.table-hover .table-900:hover,.table-hover .table-900:hover>td,.table-hover .table-900:hover>th{background-color:#b2b2b2}.table-active,.table-active>td,.table-active>th{background-color:#e5f1fa}.table-hover .table-active:hover,.table-hover .table-active:hover>td,.table-hover .table-active:hover>th{background-color:#d0e5f6}.table .thead-dark th{color:#fff;background-color:#323333;border-color:#464646}.table .thead-light th{color:#4c4c4d;background-color:#cacacc;border-color:#d6dce3}.table-dark{color:#fff;background-color:#323333}.table-dark td,.table-dark th,.table-dark thead th{border-color:#464646}.table-dark.table-bordered{border:0}.table-dark.table-striped tbody tr:nth-of-type(odd){background-color:hsla(0,0%,100%,.05)}.table-dark.table-hover tbody tr:hover{color:#fff;background-color:hsla(0,0%,100%,.075)}@media (max-width:575.98px){.table-responsive-sm{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive-sm>.table-bordered{border:0}}@media (max-width:767.98px){.table-responsive-md{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive-md>.table-bordered{border:0}}@media (max-width:991.98px){.table-responsive-lg{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive-lg>.table-bordered{border:0}}@media (max-width:1199.98px){.table-responsive-xl{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive-xl>.table-bordered{border:0}}.table-responsive{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive>.table-bordered{border:0}.form-control{display:block;width:100%;height:calc(1.5em + .75rem + 2px);padding:.375rem .75rem;font-size:16px;font-size:1rem;font-weight:300;line-height:1.5;color:#4c4c4d;background-color:#fff;background-clip:padding-box;border:1px solid #979899;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075);-webkit-transition:border-color .15s ease-in-out,-webkit-box-shadow .15s ease-in-out;transition:border-color .15s ease-in-out,-webkit-box-shadow .15s ease-in-out;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out,-webkit-box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.form-control{-webkit-transition:none;transition:none}}.form-control::-ms-expand{background-color:transparent;border:0}.form-control:focus{color:#4c4c4d;background-color:#fff;border-color:#5c6f82;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,115,230,.25);box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,115,230,.25)}.form-control::-webkit-input-placeholder{color:#656566;opacity:1}.form-control::-moz-placeholder{color:#656566;opacity:1}.form-control::-ms-input-placeholder{color:#656566;opacity:1}.form-control::placeholder{color:#656566;opacity:1}.form-control:disabled,.form-control[readonly]{background-color:#cacacc;opacity:1}select.form-control:focus::-ms-value{color:#4c4c4d;background-color:#fff}.form-control-file,.form-control-range{display:block;width:100%}.col-form-label{padding-top:calc(.375rem + 1px);padding-bottom:calc(.375rem + 1px);margin-bottom:0;font-size:inherit;line-height:1.5}.col-form-label-lg{padding-top:calc(.5rem + 1px);padding-bottom:calc(.5rem + 1px);font-size:20px;font-size:1.25rem;line-height:1.556}.col-form-label-sm{padding-top:calc(.25rem + 1px);padding-bottom:calc(.25rem + 1px);font-size:14px;font-size:.875rem;line-height:1.428}.form-control-plaintext{display:block;width:100%;padding-top:.375rem;padding-bottom:.375rem;margin-bottom:0;line-height:1.5;color:#19191a;background-color:transparent;border:solid transparent;border-width:1px 0}.form-control-plaintext.form-control-lg,.form-control-plaintext.form-control-sm{padding-right:0;padding-left:0}.form-control-sm{height:calc(1.428em + .5rem + 2px);padding:.25rem .5rem;font-size:14px;font-size:.875rem;line-height:1.428;border-radius:2px}.form-control-lg{height:calc(1.556em + 1rem + 2px);padding:.5rem 1rem;font-size:20px;font-size:1.25rem;line-height:1.556;border-radius:8px}select.form-control[multiple],select.form-control[size],textarea.form-control{height:auto}.form-group{margin-bottom:1rem}.form-text{display:block;margin-top:.25rem}.form-row{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;margin-right:-5px;margin-left:-5px}.form-row>.col,.form-row>[class*=col-]{padding-right:5px;padding-left:5px}.form-check{position:relative;display:block;padding-left:1.25rem}.form-check-input{position:absolute;margin-top:.3rem;margin-left:-1.25rem}.form-check-input:disabled~.form-check-label{color:#5a768a}.form-check-label{margin-bottom:0}.form-check-inline{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;padding-left:0;margin-right:.75rem}.form-check-inline .form-check-input{position:static;margin-top:0;margin-right:.3125rem;margin-left:0}.valid-feedback{display:none;width:100%;margin-top:.25rem;font-size:12.432px;font-size:.777rem;color:#00cc85}.valid-tooltip{position:absolute;top:100%;z-index:5;display:none;max-width:100%;padding:1rem;margin-top:.1rem;font-size:14px;font-size:.875rem;line-height:1.5;color:#19191a;background-color:#00cc85;border-radius:4px}.form-control.is-valid,.was-validated .form-control:valid{border-color:#00cc85;padding-right:calc(1.5em + .75rem);background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3E%3Cpath fill='%2300cc85' d='M2.3 6.73L.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1z'/%3E%3C/svg%3E");background-repeat:no-repeat;background-position:100% calc(.375em + .1875rem);background-size:calc(.75em + .375rem) calc(.75em + .375rem)}.form-control.is-valid:focus,.was-validated .form-control:valid:focus{border-color:#00cc85;-webkit-box-shadow:0 0 0 .2rem rgba(0,204,133,.25);box-shadow:0 0 0 .2rem rgba(0,204,133,.25)}.form-control.is-valid~.valid-feedback,.form-control.is-valid~.valid-tooltip,.was-validated .form-control:valid~.valid-feedback,.was-validated .form-control:valid~.valid-tooltip{display:block}.was-validated textarea.form-control:valid,textarea.form-control.is-valid{padding-right:calc(1.5em + .75rem);background-position:top calc(.375em + .1875rem) right calc(.375em + .1875rem)}.custom-select.is-valid,.was-validated .custom-select:valid{border-color:#00cc85;padding-right:calc((3em + 2.25rem)/4 + 1.75rem);background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 4 5'%3E%3Cpath fill='%23323333' d='M2 0L0 2h4zm0 5L0 3h4z'/%3E%3C/svg%3E") no-repeat right .75rem center/8px 10px,url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3E%3Cpath fill='%2300cc85' d='M2.3 6.73L.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1z'/%3E%3C/svg%3E") #fff no-repeat center right 1.75rem/calc(.75em + .375rem) calc(.75em + .375rem)}.custom-select.is-valid:focus,.was-validated .custom-select:valid:focus{border-color:#00cc85;-webkit-box-shadow:0 0 0 .2rem rgba(0,204,133,.25);box-shadow:0 0 0 .2rem rgba(0,204,133,.25)}.custom-select.is-valid~.valid-feedback,.custom-select.is-valid~.valid-tooltip,.form-control-file.is-valid~.valid-feedback,.form-control-file.is-valid~.valid-tooltip,.was-validated .custom-select:valid~.valid-feedback,.was-validated .custom-select:valid~.valid-tooltip,.was-validated .form-control-file:valid~.valid-feedback,.was-validated .form-control-file:valid~.valid-tooltip{display:block}.form-check-input.is-valid~.form-check-label,.was-validated .form-check-input:valid~.form-check-label{color:#00cc85}.form-check-input.is-valid~.valid-feedback,.form-check-input.is-valid~.valid-tooltip,.was-validated .form-check-input:valid~.valid-feedback,.was-validated .form-check-input:valid~.valid-tooltip{display:block}.custom-control-input.is-valid~.custom-control-label,.was-validated .custom-control-input:valid~.custom-control-label{color:#00cc85}.custom-control-input.is-valid~.custom-control-label:before,.was-validated .custom-control-input:valid~.custom-control-label:before{border-color:#00cc85}.custom-control-input.is-valid~.valid-feedback,.custom-control-input.is-valid~.valid-tooltip,.was-validated .custom-control-input:valid~.valid-feedback,.was-validated .custom-control-input:valid~.valid-tooltip{display:block}.custom-control-input.is-valid:checked~.custom-control-label:before,.was-validated .custom-control-input:valid:checked~.custom-control-label:before{border-color:#00ffa6;background-color:#00ffa6}.custom-control-input.is-valid:focus~.custom-control-label:before,.was-validated .custom-control-input:valid:focus~.custom-control-label:before{-webkit-box-shadow:0 0 0 .2rem rgba(0,204,133,.25);box-shadow:0 0 0 .2rem rgba(0,204,133,.25)}.custom-control-input.is-valid:focus:not(:checked)~.custom-control-label:before,.custom-file-input.is-valid~.custom-file-label,.was-validated .custom-control-input:valid:focus:not(:checked)~.custom-control-label:before,.was-validated .custom-file-input:valid~.custom-file-label{border-color:#00cc85}.custom-file-input.is-valid~.valid-feedback,.custom-file-input.is-valid~.valid-tooltip,.was-validated .custom-file-input:valid~.valid-feedback,.was-validated .custom-file-input:valid~.valid-tooltip{display:block}.custom-file-input.is-valid:focus~.custom-file-label,.was-validated .custom-file-input:valid:focus~.custom-file-label{border-color:#00cc85;-webkit-box-shadow:0 0 0 .2rem rgba(0,204,133,.25);box-shadow:0 0 0 .2rem rgba(0,204,133,.25)}.invalid-feedback{display:none;width:100%;margin-top:.25rem;font-size:12.432px;font-size:.777rem;color:#f73e5a}.invalid-tooltip{position:absolute;top:100%;z-index:5;display:none;max-width:100%;padding:1rem;margin-top:.1rem;font-size:14px;font-size:.875rem;line-height:1.5;color:#19191a;background-color:#f73e5a;border-radius:4px}.form-control.is-invalid,.was-validated .form-control:invalid{border-color:#f73e5a;padding-right:calc(1.5em + .75rem);background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%23f73e5a' viewBox='-2 -2 7 7'%3E%3Cpath stroke='%23f73e5a' d='M0 0l3 3m0-3L0 3'/%3E%3Ccircle r='.5'/%3E%3Ccircle cx='3' r='.5'/%3E%3Ccircle cy='3' r='.5'/%3E%3Ccircle cx='3' cy='3' r='.5'/%3E%3C/svg%3E");background-repeat:no-repeat;background-position:100% calc(.375em + .1875rem);background-size:calc(.75em + .375rem) calc(.75em + .375rem)}.form-control.is-invalid:focus,.was-validated .form-control:invalid:focus{border-color:#f73e5a;-webkit-box-shadow:0 0 0 .2rem rgba(247,62,90,.25);box-shadow:0 0 0 .2rem rgba(247,62,90,.25)}.form-control.is-invalid~.invalid-feedback,.form-control.is-invalid~.invalid-tooltip,.was-validated .form-control:invalid~.invalid-feedback,.was-validated .form-control:invalid~.invalid-tooltip{display:block}.was-validated textarea.form-control:invalid,textarea.form-control.is-invalid{padding-right:calc(1.5em + .75rem);background-position:top calc(.375em + .1875rem) right calc(.375em + .1875rem)}.custom-select.is-invalid,.was-validated .custom-select:invalid{border-color:#f73e5a;padding-right:calc((3em + 2.25rem)/4 + 1.75rem);background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 4 5'%3E%3Cpath fill='%23323333' d='M2 0L0 2h4zm0 5L0 3h4z'/%3E%3C/svg%3E") no-repeat right .75rem center/8px 10px,url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%23f73e5a' viewBox='-2 -2 7 7'%3E%3Cpath stroke='%23f73e5a' d='M0 0l3 3m0-3L0 3'/%3E%3Ccircle r='.5'/%3E%3Ccircle cx='3' r='.5'/%3E%3Ccircle cy='3' r='.5'/%3E%3Ccircle cx='3' cy='3' r='.5'/%3E%3C/svg%3E") #fff no-repeat center right 1.75rem/calc(.75em + .375rem) calc(.75em + .375rem)}.custom-select.is-invalid:focus,.was-validated .custom-select:invalid:focus{border-color:#f73e5a;-webkit-box-shadow:0 0 0 .2rem rgba(247,62,90,.25);box-shadow:0 0 0 .2rem rgba(247,62,90,.25)}.custom-select.is-invalid~.invalid-feedback,.custom-select.is-invalid~.invalid-tooltip,.form-control-file.is-invalid~.invalid-feedback,.form-control-file.is-invalid~.invalid-tooltip,.was-validated .custom-select:invalid~.invalid-feedback,.was-validated .custom-select:invalid~.invalid-tooltip,.was-validated .form-control-file:invalid~.invalid-feedback,.was-validated .form-control-file:invalid~.invalid-tooltip{display:block}.form-check-input.is-invalid~.form-check-label,.was-validated .form-check-input:invalid~.form-check-label{color:#f73e5a}.form-check-input.is-invalid~.invalid-feedback,.form-check-input.is-invalid~.invalid-tooltip,.was-validated .form-check-input:invalid~.invalid-feedback,.was-validated .form-check-input:invalid~.invalid-tooltip{display:block}.custom-control-input.is-invalid~.custom-control-label,.was-validated .custom-control-input:invalid~.custom-control-label{color:#f73e5a}.custom-control-input.is-invalid~.custom-control-label:before,.was-validated .custom-control-input:invalid~.custom-control-label:before{border-color:#f73e5a}.custom-control-input.is-invalid~.invalid-feedback,.custom-control-input.is-invalid~.invalid-tooltip,.was-validated .custom-control-input:invalid~.invalid-feedback,.was-validated .custom-control-input:invalid~.invalid-tooltip{display:block}.custom-control-input.is-invalid:checked~.custom-control-label:before,.was-validated .custom-control-input:invalid:checked~.custom-control-label:before{border-color:#f96f84;background-color:#f96f84}.custom-control-input.is-invalid:focus~.custom-control-label:before,.was-validated .custom-control-input:invalid:focus~.custom-control-label:before{-webkit-box-shadow:0 0 0 .2rem rgba(247,62,90,.25);box-shadow:0 0 0 .2rem rgba(247,62,90,.25)}.custom-control-input.is-invalid:focus:not(:checked)~.custom-control-label:before,.custom-file-input.is-invalid~.custom-file-label,.was-validated .custom-control-input:invalid:focus:not(:checked)~.custom-control-label:before,.was-validated .custom-file-input:invalid~.custom-file-label{border-color:#f73e5a}.custom-file-input.is-invalid~.invalid-feedback,.custom-file-input.is-invalid~.invalid-tooltip,.was-validated .custom-file-input:invalid~.invalid-feedback,.was-validated .custom-file-input:invalid~.invalid-tooltip{display:block}.custom-file-input.is-invalid:focus~.custom-file-label,.was-validated .custom-file-input:invalid:focus~.custom-file-label{border-color:#f73e5a;-webkit-box-shadow:0 0 0 .2rem rgba(247,62,90,.25);box-shadow:0 0 0 .2rem rgba(247,62,90,.25)}.form-inline{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.form-inline .form-check{width:100%}@media (min-width:576px){.form-inline label{-ms-flex-align:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.form-inline .form-group,.form-inline label{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;align-items:center;margin-bottom:0}.form-inline .form-group{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap;-ms-flex-align:center}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-plaintext{display:inline-block}.form-inline .custom-select,.form-inline .input-group{width:auto}.form-inline .form-check{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;width:auto;padding-left:0}.form-inline .form-check-input{position:relative;-ms-flex-negative:0;flex-shrink:0;margin-top:0;margin-right:.25rem;margin-left:0}.form-inline .custom-control{-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.form-inline .custom-control-label{margin-bottom:0}}.btn{display:inline-block;font-weight:600;color:#19191a;text-align:center;vertical-align:middle;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-color:transparent;border:0 solid transparent;padding:.375rem .75rem;font-size:1rem;line-height:1.5;border-radius:4px;-webkit-transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,-webkit-box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,-webkit-box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out,-webkit-box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.btn{-webkit-transition:none;transition:none}}.btn:hover{color:#19191a;text-decoration:none}.btn.focus,.btn:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(0,115,230,.25);box-shadow:0 0 0 .2rem rgba(0,115,230,.25)}.btn.disabled,.btn:disabled{opacity:.65;-webkit-box-shadow:none;box-shadow:none}.btn:not(:disabled):not(.disabled).active,.btn:not(:disabled):not(.disabled):active{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn:not(:disabled):not(.disabled).active:focus,.btn:not(:disabled):not(.disabled):active:focus{-webkit-box-shadow:0 0 0 .2rem rgba(0,115,230,.25),inset 0 3px 5px rgba(0,0,0,.125);box-shadow:0 0 0 .2rem rgba(0,115,230,.25),inset 0 3px 5px rgba(0,0,0,.125)}a.btn.disabled,fieldset:disabled a.btn{pointer-events:none}.btn-primary{color:#fff;background-color:#0073e6;border-color:#0073e6;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-primary:hover{color:#fff;background-color:#0060bf;border-color:#0059b3}.btn-primary.focus,.btn-primary:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,115,230,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,115,230,.5)}.btn-primary.disabled,.btn-primary:disabled{color:#fff;background-color:#0073e6;border-color:#0073e6}.btn-primary:not(:disabled):not(.disabled).active,.btn-primary:not(:disabled):not(.disabled):active,.show>.btn-primary.dropdown-toggle{color:#fff;background-color:#0059b3;border-color:#0053a6}.btn-primary:not(:disabled):not(.disabled).active:focus,.btn-primary:not(:disabled):not(.disabled):active:focus,.show>.btn-primary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,115,230,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,115,230,.5)}.btn-secondary{color:#fff;background-color:#5c6f82;border-color:#5c6f82;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-secondary:hover{color:#fff;background-color:#4c5c6c;border-color:#475664}.btn-secondary.focus,.btn-secondary:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(92,111,130,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(92,111,130,.5)}.btn-secondary.disabled,.btn-secondary:disabled{color:#fff;background-color:#5c6f82;border-color:#5c6f82}.btn-secondary:not(:disabled):not(.disabled).active,.btn-secondary:not(:disabled):not(.disabled):active,.show>.btn-secondary.dropdown-toggle{color:#fff;background-color:#475664;border-color:#424f5d}.btn-secondary:not(:disabled):not(.disabled).active:focus,.btn-secondary:not(:disabled):not(.disabled):active:focus,.show>.btn-secondary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(92,111,130,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(92,111,130,.5)}.btn-success{color:#19191a;background-color:#00cc85;border-color:#00cc85;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-success:hover{color:#fff;background-color:#00a66c;border-color:#009963}.btn-success.focus,.btn-success:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,204,133,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,204,133,.5)}.btn-success.disabled,.btn-success:disabled{color:#19191a;background-color:#00cc85;border-color:#00cc85}.btn-success:not(:disabled):not(.disabled).active,.btn-success:not(:disabled):not(.disabled):active,.show>.btn-success.dropdown-toggle{color:#fff;background-color:#009963;border-color:#008c5b}.btn-success:not(:disabled):not(.disabled).active:focus,.btn-success:not(:disabled):not(.disabled):active:focus,.show>.btn-success.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,204,133,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,204,133,.5)}.btn-info{color:#19191a;background-color:#979899;border-color:#979899;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-info:hover{color:#19191a;background-color:#848586;border-color:#7e7e80}.btn-info.focus,.btn-info:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(151,152,153,.5)}.btn-info.disabled,.btn-info:disabled{color:#19191a;background-color:#979899;border-color:#979899}.btn-info:not(:disabled):not(.disabled).active,.btn-info:not(:disabled):not(.disabled):active,.show>.btn-info.dropdown-toggle{color:#19191a;background-color:#7e7e80;border-color:#777879}.btn-info:not(:disabled):not(.disabled).active:focus,.btn-info:not(:disabled):not(.disabled):active:focus,.show>.btn-info.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5)}.btn-warning{color:#19191a;background-color:#f90;border-color:#f90;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-warning:hover{color:#19191a;background-color:#d98200;border-color:#cc7a00}.btn-warning.focus,.btn-warning:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(255,153,0,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(255,153,0,.5)}.btn-warning.disabled,.btn-warning:disabled{color:#19191a;background-color:#f90;border-color:#f90}.btn-warning:not(:disabled):not(.disabled).active,.btn-warning:not(:disabled):not(.disabled):active,.show>.btn-warning.dropdown-toggle{color:#19191a;background-color:#cc7a00;border-color:#bf7300}.btn-warning:not(:disabled):not(.disabled).active:focus,.btn-warning:not(:disabled):not(.disabled):active:focus,.show>.btn-warning.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(255,153,0,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(255,153,0,.5)}.btn-danger{color:#19191a;background-color:#f73e5a;border-color:#f73e5a;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-danger:hover{color:#fff;background-color:#f6193a;border-color:#f50d30}.btn-danger.focus,.btn-danger:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(247,62,90,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(247,62,90,.5)}.btn-danger.disabled,.btn-danger:disabled{color:#19191a;background-color:#f73e5a;border-color:#f73e5a}.btn-danger:not(:disabled):not(.disabled).active,.btn-danger:not(:disabled):not(.disabled):active,.show>.btn-danger.dropdown-toggle{color:#fff;background-color:#f50d30;border-color:#ec092b}.btn-danger:not(:disabled):not(.disabled).active:focus,.btn-danger:not(:disabled):not(.disabled):active:focus,.show>.btn-danger.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(247,62,90,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(247,62,90,.5)}.btn-light{color:#19191a;background-color:#e9e6f2;border-color:#e9e6f2;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-light:hover{color:#19191a;background-color:#d3cde5;border-color:#ccc4e1}.btn-light.focus,.btn-light:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(233,230,242,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(233,230,242,.5)}.btn-light.disabled,.btn-light:disabled{color:#19191a;background-color:#e9e6f2;border-color:#e9e6f2}.btn-light:not(:disabled):not(.disabled).active,.btn-light:not(:disabled):not(.disabled):active,.show>.btn-light.dropdown-toggle{color:#19191a;background-color:#ccc4e1;border-color:#c4bcdd}.btn-light:not(:disabled):not(.disabled).active:focus,.btn-light:not(:disabled):not(.disabled):active:focus,.show>.btn-light.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(233,230,242,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(233,230,242,.5)}.btn-dark{color:#fff;background-color:#17324d;border-color:#17324d;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-dark:hover{color:#fff;background-color:#0e1f2f;border-color:#0b1825}.btn-dark.focus,.btn-dark:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(23,50,77,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(23,50,77,.5)}.btn-dark.disabled,.btn-dark:disabled{color:#fff;background-color:#17324d;border-color:#17324d}.btn-dark:not(:disabled):not(.disabled).active,.btn-dark:not(:disabled):not(.disabled):active,.show>.btn-dark.dropdown-toggle{color:#fff;background-color:#0b1825;border-color:#08121b}.btn-dark:not(:disabled):not(.disabled).active:focus,.btn-dark:not(:disabled):not(.disabled):active:focus,.show>.btn-dark.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(23,50,77,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(23,50,77,.5)}.btn-100{color:#19191a;background-color:#e3e4e6;border-color:#e3e4e6;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-100:hover{color:#19191a;background-color:#cfd0d3;border-color:#c9cacd}.btn-100.focus,.btn-100:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(227,228,230,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(227,228,230,.5)}.btn-100.disabled,.btn-100:disabled{color:#19191a;background-color:#e3e4e6;border-color:#e3e4e6}.btn-100:not(:disabled):not(.disabled).active,.btn-100:not(:disabled):not(.disabled):active,.show>.btn-100.dropdown-toggle{color:#19191a;background-color:#c9cacd;border-color:#c2c3c7}.btn-100:not(:disabled):not(.disabled).active:focus,.btn-100:not(:disabled):not(.disabled):active:focus,.show>.btn-100.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(227,228,230,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(227,228,230,.5)}.btn-200{color:#19191a;background-color:#cacacc;border-color:#cacacc;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-200:hover{color:#19191a;background-color:#b6b7b9;border-color:#b0b1b3}.btn-200.focus,.btn-200:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(202,202,204,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(202,202,204,.5)}.btn-200.disabled,.btn-200:disabled{color:#19191a;background-color:#cacacc;border-color:#cacacc}.btn-200:not(:disabled):not(.disabled).active,.btn-200:not(:disabled):not(.disabled):active,.show>.btn-200.dropdown-toggle{color:#19191a;background-color:#b0b1b3;border-color:#a9aaad}.btn-200:not(:disabled):not(.disabled).active:focus,.btn-200:not(:disabled):not(.disabled):active:focus,.show>.btn-200.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(202,202,204,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(202,202,204,.5)}.btn-300{color:#19191a;background-color:#b1b1b3;border-color:#b1b1b3;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-300:hover{color:#19191a;background-color:#9d9ea0;border-color:#979899}.btn-300.focus,.btn-300:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(177,177,179,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(177,177,179,.5)}.btn-300.disabled,.btn-300:disabled{color:#19191a;background-color:#b1b1b3;border-color:#b1b1b3}.btn-300:not(:disabled):not(.disabled).active,.btn-300:not(:disabled):not(.disabled):active,.show>.btn-300.dropdown-toggle{color:#19191a;background-color:#979899;border-color:#909193}.btn-300:not(:disabled):not(.disabled).active:focus,.btn-300:not(:disabled):not(.disabled):active:focus,.show>.btn-300.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(177,177,179,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(177,177,179,.5)}.btn-400{color:#19191a;background-color:#979899;border-color:#979899;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-400:hover{color:#19191a;background-color:#848586;border-color:#7e7e80}.btn-400.focus,.btn-400:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(151,152,153,.5)}.btn-400.disabled,.btn-400:disabled{color:#19191a;background-color:#979899;border-color:#979899}.btn-400:not(:disabled):not(.disabled).active,.btn-400:not(:disabled):not(.disabled):active,.show>.btn-400.dropdown-toggle{color:#19191a;background-color:#7e7e80;border-color:#777879}.btn-400:not(:disabled):not(.disabled).active:focus,.btn-400:not(:disabled):not(.disabled):active:focus,.show>.btn-400.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5)}.btn-500{color:#19191a;background-color:#7e7f80;border-color:#7e7f80;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-500:hover{color:#fff;background-color:#6b6b6c;border-color:#656566}.btn-500.focus,.btn-500:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(126,127,128,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(126,127,128,.5)}.btn-500.disabled,.btn-500:disabled{color:#19191a;background-color:#7e7f80;border-color:#7e7f80}.btn-500:not(:disabled):not(.disabled).active,.btn-500:not(:disabled):not(.disabled):active,.show>.btn-500.dropdown-toggle{color:#fff;background-color:#656566;border-color:#5f5f5f}.btn-500:not(:disabled):not(.disabled).active:focus,.btn-500:not(:disabled):not(.disabled):active:focus,.show>.btn-500.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(126,127,128,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(126,127,128,.5)}.btn-600{color:#fff;background-color:#656566;border-color:#656566;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-600:hover{color:#fff;background-color:#525253;border-color:#4c4c4c}.btn-600.focus,.btn-600:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(101,101,102,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(101,101,102,.5)}.btn-600.disabled,.btn-600:disabled{color:#fff;background-color:#656566;border-color:#656566}.btn-600:not(:disabled):not(.disabled).active,.btn-600:not(:disabled):not(.disabled):active,.show>.btn-600.dropdown-toggle{color:#fff;background-color:#4c4c4c;border-color:#454546}.btn-600:not(:disabled):not(.disabled).active:focus,.btn-600:not(:disabled):not(.disabled):active:focus,.show>.btn-600.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(101,101,102,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(101,101,102,.5)}.btn-700{color:#fff;background-color:#4c4c4d;border-color:#4c4c4d;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-700:hover{color:#fff;background-color:#393939;border-color:#323233}.btn-700.focus,.btn-700:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(76,76,77,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(76,76,77,.5)}.btn-700.disabled,.btn-700:disabled{color:#fff;background-color:#4c4c4d;border-color:#4c4c4d}.btn-700:not(:disabled):not(.disabled).active,.btn-700:not(:disabled):not(.disabled):active,.show>.btn-700.dropdown-toggle{color:#fff;background-color:#323233;border-color:#2c2c2c}.btn-700:not(:disabled):not(.disabled).active:focus,.btn-700:not(:disabled):not(.disabled):active:focus,.show>.btn-700.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(76,76,77,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(76,76,77,.5)}.btn-800{color:#fff;background-color:#323333;border-color:#323333;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-800:hover{color:#fff;background-color:#1f2020;border-color:#191919}.btn-800.focus,.btn-800:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(50,51,51,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(50,51,51,.5)}.btn-800.disabled,.btn-800:disabled{color:#fff;background-color:#323333;border-color:#323333}.btn-800:not(:disabled):not(.disabled).active,.btn-800:not(:disabled):not(.disabled):active,.show>.btn-800.dropdown-toggle{color:#fff;background-color:#191919;border-color:#131313}.btn-800:not(:disabled):not(.disabled).active:focus,.btn-800:not(:disabled):not(.disabled):active:focus,.show>.btn-800.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(50,51,51,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(50,51,51,.5)}.btn-900{color:#fff;background-color:#19191a;border-color:#19191a;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-900:hover{color:#fff;background-color:#060606;border-color:#000}.btn-900.focus,.btn-900:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(25,25,26,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(25,25,26,.5)}.btn-900.disabled,.btn-900:disabled{color:#fff;background-color:#19191a;border-color:#19191a}.btn-900:not(:disabled):not(.disabled).active,.btn-900:not(:disabled):not(.disabled):active,.show>.btn-900.dropdown-toggle{color:#fff;background-color:#000;border-color:#000}.btn-900:not(:disabled):not(.disabled).active:focus,.btn-900:not(:disabled):not(.disabled):active:focus,.show>.btn-900.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(25,25,26,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(25,25,26,.5)}.btn-outline-primary{color:#0073e6;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #0073e6;box-shadow:inset 0 0 0 1px #0073e6}.btn-outline-primary:hover{color:#0959aa;-webkit-box-shadow:inset 0 0 0 1px #0959aa;box-shadow:inset 0 0 0 1px #0959aa}.btn-outline-primary.focus,.btn-outline-primary:focus{-webkit-box-shadow:inset 0 0 0 1px #0073e6,0 0 0 .2rem rgba(0,115,230,.5);box-shadow:inset 0 0 0 1px #0073e6,0 0 0 .2rem rgba(0,115,230,.5)}.btn-outline-primary.disabled,.btn-outline-primary:disabled{color:#0073e6;background-color:transparent}.btn-outline-primary:not(:disabled):not(.disabled).active,.btn-outline-primary:not(:disabled):not(.disabled):active,.show>.btn-outline-primary.dropdown-toggle{color:#0073e6;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #0073e6;box-shadow:inset 0 0 0 1px #0073e6}.btn-outline-primary:not(:disabled):not(.disabled).active:focus,.btn-outline-primary:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-primary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,115,230,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,115,230,.5)}.btn-outline-secondary{color:#5c6f82;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #5c6f82;box-shadow:inset 0 0 0 1px #5c6f82}.btn-outline-secondary:hover{color:#50565c;-webkit-box-shadow:inset 0 0 0 1px #50565c;box-shadow:inset 0 0 0 1px #50565c}.btn-outline-secondary.focus,.btn-outline-secondary:focus{-webkit-box-shadow:inset 0 0 0 1px #5c6f82,0 0 0 .2rem rgba(92,111,130,.5);box-shadow:inset 0 0 0 1px #5c6f82,0 0 0 .2rem rgba(92,111,130,.5)}.btn-outline-secondary.disabled,.btn-outline-secondary:disabled{color:#5c6f82;background-color:transparent}.btn-outline-secondary:not(:disabled):not(.disabled).active,.btn-outline-secondary:not(:disabled):not(.disabled):active,.show>.btn-outline-secondary.dropdown-toggle{color:#5c6f82;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #5c6f82;box-shadow:inset 0 0 0 1px #5c6f82}.btn-outline-secondary:not(:disabled):not(.disabled).active:focus,.btn-outline-secondary:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-secondary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(92,111,130,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(92,111,130,.5)}.btn-outline-success{color:#00cc85;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #00cc85;box-shadow:inset 0 0 0 1px #00cc85}.btn-outline-success:hover{color:#089161;-webkit-box-shadow:inset 0 0 0 1px #089161;box-shadow:inset 0 0 0 1px #089161}.btn-outline-success.focus,.btn-outline-success:focus{-webkit-box-shadow:inset 0 0 0 1px #00cc85,0 0 0 .2rem rgba(0,204,133,.5);box-shadow:inset 0 0 0 1px #00cc85,0 0 0 .2rem rgba(0,204,133,.5)}.btn-outline-success.disabled,.btn-outline-success:disabled{color:#00cc85;background-color:transparent}.btn-outline-success:not(:disabled):not(.disabled).active,.btn-outline-success:not(:disabled):not(.disabled):active,.show>.btn-outline-success.dropdown-toggle{color:#00cc85;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #00cc85;box-shadow:inset 0 0 0 1px #00cc85}.btn-outline-success:not(:disabled):not(.disabled).active:focus,.btn-outline-success:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-success.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,204,133,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,204,133,.5)}.btn-outline-info{color:#979899;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #979899;box-shadow:inset 0 0 0 1px #979899}.btn-outline-info:hover{color:#7f7f7f;-webkit-box-shadow:inset 0 0 0 1px #7f7f7f;box-shadow:inset 0 0 0 1px #7f7f7f}.btn-outline-info.focus,.btn-outline-info:focus{-webkit-box-shadow:inset 0 0 0 1px #979899,0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 0 0 1px #979899,0 0 0 .2rem rgba(151,152,153,.5)}.btn-outline-info.disabled,.btn-outline-info:disabled{color:#979899;background-color:transparent}.btn-outline-info:not(:disabled):not(.disabled).active,.btn-outline-info:not(:disabled):not(.disabled):active,.show>.btn-outline-info.dropdown-toggle{color:#979899;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #979899;box-shadow:inset 0 0 0 1px #979899}.btn-outline-info:not(:disabled):not(.disabled).active:focus,.btn-outline-info:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-info.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5)}.btn-outline-warning{color:#f90;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #f90;box-shadow:inset 0 0 0 1px #f90}.btn-outline-warning:hover{color:#c2780a;-webkit-box-shadow:inset 0 0 0 1px #c2780a;box-shadow:inset 0 0 0 1px #c2780a}.btn-outline-warning.focus,.btn-outline-warning:focus{-webkit-box-shadow:inset 0 0 0 1px #f90,0 0 0 .2rem rgba(255,153,0,.5);box-shadow:inset 0 0 0 1px #f90,0 0 0 .2rem rgba(255,153,0,.5)}.btn-outline-warning.disabled,.btn-outline-warning:disabled{color:#f90;background-color:transparent}.btn-outline-warning:not(:disabled):not(.disabled).active,.btn-outline-warning:not(:disabled):not(.disabled):active,.show>.btn-outline-warning.dropdown-toggle{color:#f90;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #f90;box-shadow:inset 0 0 0 1px #f90}.btn-outline-warning:not(:disabled):not(.disabled).active:focus,.btn-outline-warning:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-warning.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(255,153,0,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(255,153,0,.5)}.btn-outline-danger{color:#f73e5a;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #f73e5a;box-shadow:inset 0 0 0 1px #f73e5a}.btn-outline-danger:hover{color:#e91938;-webkit-box-shadow:inset 0 0 0 1px #e91938;box-shadow:inset 0 0 0 1px #e91938}.btn-outline-danger.focus,.btn-outline-danger:focus{-webkit-box-shadow:inset 0 0 0 1px #f73e5a,0 0 0 .2rem rgba(247,62,90,.5);box-shadow:inset 0 0 0 1px #f73e5a,0 0 0 .2rem rgba(247,62,90,.5)}.btn-outline-danger.disabled,.btn-outline-danger:disabled{color:#f73e5a;background-color:transparent}.btn-outline-danger:not(:disabled):not(.disabled).active,.btn-outline-danger:not(:disabled):not(.disabled):active,.show>.btn-outline-danger.dropdown-toggle{color:#f73e5a;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #f73e5a;box-shadow:inset 0 0 0 1px #f73e5a}.btn-outline-danger:not(:disabled):not(.disabled).active:focus,.btn-outline-danger:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-danger.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(247,62,90,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(247,62,90,.5)}.btn-outline-light{color:#e9e6f2;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #e9e6f2;box-shadow:inset 0 0 0 1px #e9e6f2}.btn-outline-light:hover{color:#cec9dd;-webkit-box-shadow:inset 0 0 0 1px #cec9dd;box-shadow:inset 0 0 0 1px #cec9dd}.btn-outline-light.focus,.btn-outline-light:focus{-webkit-box-shadow:inset 0 0 0 1px #e9e6f2,0 0 0 .2rem rgba(233,230,242,.5);box-shadow:inset 0 0 0 1px #e9e6f2,0 0 0 .2rem rgba(233,230,242,.5)}.btn-outline-light.disabled,.btn-outline-light:disabled{color:#e9e6f2;background-color:transparent}.btn-outline-light:not(:disabled):not(.disabled).active,.btn-outline-light:not(:disabled):not(.disabled):active,.show>.btn-outline-light.dropdown-toggle{color:#e9e6f2;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #e9e6f2;box-shadow:inset 0 0 0 1px #e9e6f2}.btn-outline-light:not(:disabled):not(.disabled).active:focus,.btn-outline-light:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-light.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(233,230,242,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(233,230,242,.5)}.btn-outline-dark{color:#17324d;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #17324d;box-shadow:inset 0 0 0 1px #17324d}.btn-outline-dark:hover{color:#0e1823;-webkit-box-shadow:inset 0 0 0 1px #0e1823;box-shadow:inset 0 0 0 1px #0e1823}.btn-outline-dark.focus,.btn-outline-dark:focus{-webkit-box-shadow:inset 0 0 0 1px #17324d,0 0 0 .2rem rgba(23,50,77,.5);box-shadow:inset 0 0 0 1px #17324d,0 0 0 .2rem rgba(23,50,77,.5)}.btn-outline-dark.disabled,.btn-outline-dark:disabled{color:#17324d;background-color:transparent}.btn-outline-dark:not(:disabled):not(.disabled).active,.btn-outline-dark:not(:disabled):not(.disabled):active,.show>.btn-outline-dark.dropdown-toggle{color:#17324d;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #17324d;box-shadow:inset 0 0 0 1px #17324d}.btn-outline-dark:not(:disabled):not(.disabled).active:focus,.btn-outline-dark:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-dark.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(23,50,77,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(23,50,77,.5)}.btn-outline-100{color:#e3e4e6;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #e3e4e6;box-shadow:inset 0 0 0 1px #e3e4e6}.btn-outline-100:hover{color:#cbcbcb;-webkit-box-shadow:inset 0 0 0 1px #cbcbcb;box-shadow:inset 0 0 0 1px #cbcbcb}.btn-outline-100.focus,.btn-outline-100:focus{-webkit-box-shadow:inset 0 0 0 1px #e3e4e6,0 0 0 .2rem rgba(227,228,230,.5);box-shadow:inset 0 0 0 1px #e3e4e6,0 0 0 .2rem rgba(227,228,230,.5)}.btn-outline-100.disabled,.btn-outline-100:disabled{color:#e3e4e6;background-color:transparent}.btn-outline-100:not(:disabled):not(.disabled).active,.btn-outline-100:not(:disabled):not(.disabled):active,.show>.btn-outline-100.dropdown-toggle{color:#e3e4e6;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #e3e4e6;box-shadow:inset 0 0 0 1px #e3e4e6}.btn-outline-100:not(:disabled):not(.disabled).active:focus,.btn-outline-100:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-100.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(227,228,230,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(227,228,230,.5)}.btn-outline-200{color:#cacacc;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #cacacc;box-shadow:inset 0 0 0 1px #cacacc}.btn-outline-200:hover{color:#b1b1b1;-webkit-box-shadow:inset 0 0 0 1px #b1b1b1;box-shadow:inset 0 0 0 1px #b1b1b1}.btn-outline-200.focus,.btn-outline-200:focus{-webkit-box-shadow:inset 0 0 0 1px #cacacc,0 0 0 .2rem rgba(202,202,204,.5);box-shadow:inset 0 0 0 1px #cacacc,0 0 0 .2rem rgba(202,202,204,.5)}.btn-outline-200.disabled,.btn-outline-200:disabled{color:#cacacc;background-color:transparent}.btn-outline-200:not(:disabled):not(.disabled).active,.btn-outline-200:not(:disabled):not(.disabled):active,.show>.btn-outline-200.dropdown-toggle{color:#cacacc;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #cacacc;box-shadow:inset 0 0 0 1px #cacacc}.btn-outline-200:not(:disabled):not(.disabled).active:focus,.btn-outline-200:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-200.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(202,202,204,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(202,202,204,.5)}.btn-outline-300{color:#b1b1b3;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #b1b1b3;box-shadow:inset 0 0 0 1px #b1b1b3}.btn-outline-300:hover{color:#989898;-webkit-box-shadow:inset 0 0 0 1px #989898;box-shadow:inset 0 0 0 1px #989898}.btn-outline-300.focus,.btn-outline-300:focus{-webkit-box-shadow:inset 0 0 0 1px #b1b1b3,0 0 0 .2rem rgba(177,177,179,.5);box-shadow:inset 0 0 0 1px #b1b1b3,0 0 0 .2rem rgba(177,177,179,.5)}.btn-outline-300.disabled,.btn-outline-300:disabled{color:#b1b1b3;background-color:transparent}.btn-outline-300:not(:disabled):not(.disabled).active,.btn-outline-300:not(:disabled):not(.disabled):active,.show>.btn-outline-300.dropdown-toggle{color:#b1b1b3;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #b1b1b3;box-shadow:inset 0 0 0 1px #b1b1b3}.btn-outline-300:not(:disabled):not(.disabled).active:focus,.btn-outline-300:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-300.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(177,177,179,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(177,177,179,.5)}.btn-outline-400{color:#979899;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #979899;box-shadow:inset 0 0 0 1px #979899}.btn-outline-400:hover{color:#7f7f7f;-webkit-box-shadow:inset 0 0 0 1px #7f7f7f;box-shadow:inset 0 0 0 1px #7f7f7f}.btn-outline-400.focus,.btn-outline-400:focus{-webkit-box-shadow:inset 0 0 0 1px #979899,0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 0 0 1px #979899,0 0 0 .2rem rgba(151,152,153,.5)}.btn-outline-400.disabled,.btn-outline-400:disabled{color:#979899;background-color:transparent}.btn-outline-400:not(:disabled):not(.disabled).active,.btn-outline-400:not(:disabled):not(.disabled):active,.show>.btn-outline-400.dropdown-toggle{color:#979899;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #979899;box-shadow:inset 0 0 0 1px #979899}.btn-outline-400:not(:disabled):not(.disabled).active:focus,.btn-outline-400:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-400.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5)}.btn-outline-500{color:#7e7f80;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #7e7f80;box-shadow:inset 0 0 0 1px #7e7f80}.btn-outline-500:hover{color:#656565;-webkit-box-shadow:inset 0 0 0 1px #656565;box-shadow:inset 0 0 0 1px #656565}.btn-outline-500.focus,.btn-outline-500:focus{-webkit-box-shadow:inset 0 0 0 1px #7e7f80,0 0 0 .2rem rgba(126,127,128,.5);box-shadow:inset 0 0 0 1px #7e7f80,0 0 0 .2rem rgba(126,127,128,.5)}.btn-outline-500.disabled,.btn-outline-500:disabled{color:#7e7f80;background-color:transparent}.btn-outline-500:not(:disabled):not(.disabled).active,.btn-outline-500:not(:disabled):not(.disabled):active,.show>.btn-outline-500.dropdown-toggle{color:#7e7f80;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #7e7f80;box-shadow:inset 0 0 0 1px #7e7f80}.btn-outline-500:not(:disabled):not(.disabled).active:focus,.btn-outline-500:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-500.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(126,127,128,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(126,127,128,.5)}.btn-outline-600{color:#656566;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #656566;box-shadow:inset 0 0 0 1px #656566}.btn-outline-600:hover{color:#4c4c4c;-webkit-box-shadow:inset 0 0 0 1px #4c4c4c;box-shadow:inset 0 0 0 1px #4c4c4c}.btn-outline-600.focus,.btn-outline-600:focus{-webkit-box-shadow:inset 0 0 0 1px #656566,0 0 0 .2rem rgba(101,101,102,.5);box-shadow:inset 0 0 0 1px #656566,0 0 0 .2rem rgba(101,101,102,.5)}.btn-outline-600.disabled,.btn-outline-600:disabled{color:#656566;background-color:transparent}.btn-outline-600:not(:disabled):not(.disabled).active,.btn-outline-600:not(:disabled):not(.disabled):active,.show>.btn-outline-600.dropdown-toggle{color:#656566;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #656566;box-shadow:inset 0 0 0 1px #656566}.btn-outline-600:not(:disabled):not(.disabled).active:focus,.btn-outline-600:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-600.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(101,101,102,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(101,101,102,.5)}.btn-outline-700{color:#4c4c4d;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #4c4c4d;box-shadow:inset 0 0 0 1px #4c4c4d}.btn-outline-700:hover{color:#333;-webkit-box-shadow:inset 0 0 0 1px #333;box-shadow:inset 0 0 0 1px #333}.btn-outline-700.focus,.btn-outline-700:focus{-webkit-box-shadow:inset 0 0 0 1px #4c4c4d,0 0 0 .2rem rgba(76,76,77,.5);box-shadow:inset 0 0 0 1px #4c4c4d,0 0 0 .2rem rgba(76,76,77,.5)}.btn-outline-700.disabled,.btn-outline-700:disabled{color:#4c4c4d;background-color:transparent}.btn-outline-700:not(:disabled):not(.disabled).active,.btn-outline-700:not(:disabled):not(.disabled):active,.show>.btn-outline-700.dropdown-toggle{color:#4c4c4d;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #4c4c4d;box-shadow:inset 0 0 0 1px #4c4c4d}.btn-outline-700:not(:disabled):not(.disabled).active:focus,.btn-outline-700:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-700.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(76,76,77,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(76,76,77,.5)}.btn-outline-800{color:#323333;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #323333;box-shadow:inset 0 0 0 1px #323333}.btn-outline-800:hover{color:#191919;-webkit-box-shadow:inset 0 0 0 1px #191919;box-shadow:inset 0 0 0 1px #191919}.btn-outline-800.focus,.btn-outline-800:focus{-webkit-box-shadow:inset 0 0 0 1px #323333,0 0 0 .2rem rgba(50,51,51,.5);box-shadow:inset 0 0 0 1px #323333,0 0 0 .2rem rgba(50,51,51,.5)}.btn-outline-800.disabled,.btn-outline-800:disabled{color:#323333;background-color:transparent}.btn-outline-800:not(:disabled):not(.disabled).active,.btn-outline-800:not(:disabled):not(.disabled):active,.show>.btn-outline-800.dropdown-toggle{color:#323333;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #323333;box-shadow:inset 0 0 0 1px #323333}.btn-outline-800:not(:disabled):not(.disabled).active:focus,.btn-outline-800:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-800.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(50,51,51,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(50,51,51,.5)}.btn-outline-900{color:#19191a;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #19191a;box-shadow:inset 0 0 0 1px #19191a}.btn-outline-900:hover{color:#000;-webkit-box-shadow:inset 0 0 0 1px #000;box-shadow:inset 0 0 0 1px #000}.btn-outline-900.focus,.btn-outline-900:focus{-webkit-box-shadow:inset 0 0 0 1px #19191a,0 0 0 .2rem rgba(25,25,26,.5);box-shadow:inset 0 0 0 1px #19191a,0 0 0 .2rem rgba(25,25,26,.5)}.btn-outline-900.disabled,.btn-outline-900:disabled{color:#19191a;background-color:transparent}.btn-outline-900:not(:disabled):not(.disabled).active,.btn-outline-900:not(:disabled):not(.disabled):active,.show>.btn-outline-900.dropdown-toggle{color:#19191a;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #19191a;box-shadow:inset 0 0 0 1px #19191a}.btn-outline-900:not(:disabled):not(.disabled).active:focus,.btn-outline-900:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-900.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(25,25,26,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(25,25,26,.5)}.btn-link{font-weight:400;color:#0073e6;text-decoration:none}.btn-link:hover{color:#004d99;text-decoration:underline}.btn-link.focus,.btn-link:focus{text-decoration:underline;-webkit-box-shadow:none;box-shadow:none}.btn-link.disabled,.btn-link:disabled{color:#656566;pointer-events:none}.btn-group-lg>.btn,.btn-lg{padding:.5rem 1rem;font-size:1.125rem;border-radius:8px}.btn-group-sm>.btn,.btn-sm{padding:.25rem .5rem;font-size:.875rem;border-radius:2px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:.5rem}input[type=button].btn-block,input[type=reset].btn-block,input[type=submit].btn-block{width:100%}.fade{-webkit-transition:opacity .15s linear;transition:opacity .15s linear}@media (prefers-reduced-motion:reduce){.fade{-webkit-transition:none;transition:none}}.fade:not(.show){opacity:0}.collapse:not(.show){display:none}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;transition:height .35s ease}@media (prefers-reduced-motion:reduce){.collapsing{-webkit-transition:none;transition:none}}.dropdown,.dropleft,.dropright,.dropup{position:relative}.dropdown-toggle{white-space:nowrap}.dropdown-toggle:after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";border-top:.3em solid;border-right:.3em solid transparent;border-bottom:0;border-left:.3em solid transparent}.dropdown-toggle:empty:after{margin-left:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;min-width:10rem;padding:.5rem 0;margin:.125rem 0 0;font-size:16px;font-size:1rem;color:#19191a;text-align:left;list-style:none;background-clip:padding-box;border:0 solid transparent;border-radius:4px;-webkit-box-shadow:0 0 30px 5px rgba(0,0,0,.05);box-shadow:0 0 30px 5px rgba(0,0,0,.05)}.dropdown-menu-left{right:auto;left:0}.dropdown-menu-right{right:0;left:auto}@media (min-width:576px){.dropdown-menu-sm-left{right:auto;left:0}.dropdown-menu-sm-right{right:0;left:auto}}@media (min-width:768px){.dropdown-menu-md-left{right:auto;left:0}.dropdown-menu-md-right{right:0;left:auto}}@media (min-width:992px){.dropdown-menu-lg-left{right:auto;left:0}.dropdown-menu-lg-right{right:0;left:auto}}@media (min-width:1200px){.dropdown-menu-xl-left{right:auto;left:0}.dropdown-menu-xl-right{right:0;left:auto}}.dropup .dropdown-menu{top:auto;bottom:100%;margin-top:0;margin-bottom:.125rem}.dropup .dropdown-toggle:after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";border-top:0;border-right:.3em solid transparent;border-bottom:.3em solid;border-left:.3em solid transparent}.dropup .dropdown-toggle:empty:after{margin-left:0}.dropright .dropdown-menu{top:0;right:auto;left:100%;margin-top:0;margin-left:.125rem}.dropright .dropdown-toggle:after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";border-top:.3em solid transparent;border-right:0;border-bottom:.3em solid transparent;border-left:.3em solid}.dropright .dropdown-toggle:empty:after{margin-left:0}.dropright .dropdown-toggle:after{vertical-align:0}.dropleft .dropdown-menu{top:0;right:100%;left:auto;margin-top:0;margin-right:.125rem}.dropleft .dropdown-toggle:after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";display:none}.dropleft .dropdown-toggle:before{display:inline-block;margin-right:.255em;vertical-align:.255em;content:"";border-top:.3em solid transparent;border-right:.3em solid;border-bottom:.3em solid transparent}.dropleft .dropdown-toggle:empty:after{margin-left:0}.dropleft .dropdown-toggle:before{vertical-align:0}.dropdown-divider{height:0;margin:8px 0;overflow:hidden;border-top:1px solid #cacacc}.dropdown-item{display:block;width:100%;padding:12px 24px;clear:both;font-weight:400;color:#17324d;text-align:inherit;white-space:nowrap;background-color:transparent;border:0}.dropdown-item:focus,.dropdown-item:hover{color:#17324d;text-decoration:none;background-color:#e6ecf2}.dropdown-item.active,.dropdown-item:active{color:#fff;text-decoration:none;background-color:#0073e6}.dropdown-item.disabled,.dropdown-item:disabled{color:#656566;pointer-events:none;background-color:transparent}.dropdown-menu.show{display:block}.dropdown-header{display:block;padding:.5rem 24px;margin-bottom:0;font-size:14px;font-size:.875rem;color:#17324d;white-space:nowrap}.dropdown-item-text{display:block;padding:12px 24px;color:#17324d}.btn-group,.btn-group-vertical{position:relative;display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;vertical-align:middle}.btn-group-vertical>.btn,.btn-group>.btn{position:relative;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto}.btn-group-vertical>.btn.active,.btn-group-vertical>.btn:active,.btn-group-vertical>.btn:focus,.btn-group-vertical>.btn:hover,.btn-group>.btn.active,.btn-group>.btn:active,.btn-group>.btn:focus,.btn-group>.btn:hover{z-index:1}.btn-toolbar{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.btn-toolbar .input-group{width:auto}.btn-group>.btn-group:not(:first-child),.btn-group>.btn:not(:first-child){margin-left:0}.btn-group>.btn-group:not(:last-child)>.btn,.btn-group>.btn:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:not(:first-child)>.btn,.btn-group>.btn:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.dropdown-toggle-split{padding-right:.5625rem;padding-left:.5625rem}.dropdown-toggle-split:after,.dropright .dropdown-toggle-split:after,.dropup .dropdown-toggle-split:after{margin-left:0}.dropleft .dropdown-toggle-split:before{margin-right:0}.btn-group-sm>.btn+.dropdown-toggle-split,.btn-sm+.dropdown-toggle-split{padding-right:.375rem;padding-left:.375rem}.btn-group-lg>.btn+.dropdown-toggle-split,.btn-lg+.dropdown-toggle-split{padding-right:.75rem;padding-left:.75rem}.btn-group.show .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn-group.show .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn-group-vertical{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group{width:100%}.btn-group-vertical>.btn-group:not(:first-child),.btn-group-vertical>.btn:not(:first-child){margin-top:0}.btn-group-vertical>.btn-group:not(:last-child)>.btn,.btn-group-vertical>.btn:not(:last-child):not(.dropdown-toggle){border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:not(:first-child)>.btn,.btn-group-vertical>.btn:not(:first-child){border-top-left-radius:0;border-top-right-radius:0}.btn-group-toggle>.btn,.btn-group-toggle>.btn-group>.btn{margin-bottom:0}.btn-group-toggle>.btn-group>.btn input[type=checkbox],.btn-group-toggle>.btn-group>.btn input[type=radio],.btn-group-toggle>.btn input[type=checkbox],.btn-group-toggle>.btn input[type=radio]{position:absolute;clip:rect(0,0,0,0);pointer-events:none}.input-group{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;width:100%}.input-group>.custom-file,.input-group>.custom-select,.input-group>.form-control,.input-group>.form-control-plaintext{position:relative;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;width:1%;margin-bottom:0}.input-group>.custom-file+.custom-file,.input-group>.custom-file+.custom-select,.input-group>.custom-file+.form-control,.input-group>.custom-select+.custom-file,.input-group>.custom-select+.custom-select,.input-group>.custom-select+.form-control,.input-group>.form-control+.custom-file,.input-group>.form-control+.custom-select,.input-group>.form-control+.form-control,.input-group>.form-control-plaintext+.custom-file,.input-group>.form-control-plaintext+.custom-select,.input-group>.form-control-plaintext+.form-control{margin-left:-1px}.input-group>.custom-file .custom-file-input:focus~.custom-file-label,.input-group>.custom-select:focus,.input-group>.form-control:focus{z-index:3}.input-group>.custom-file .custom-file-input:focus{z-index:4}.input-group>.custom-select:not(:last-child),.input-group>.form-control:not(:last-child){border-top-right-radius:0;border-bottom-right-radius:0}.input-group>.custom-select:not(:first-child),.input-group>.form-control:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.input-group>.custom-file{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.input-group>.custom-file:not(:last-child) .custom-file-label,.input-group>.custom-file:not(:last-child) .custom-file-label:after{border-top-right-radius:0;border-bottom-right-radius:0}.input-group>.custom-file:not(:first-child) .custom-file-label{border-top-left-radius:0;border-bottom-left-radius:0}.input-group-append,.input-group-prepend{display:-webkit-box;display:-ms-flexbox;display:flex}.input-group-append .btn,.input-group-prepend .btn{position:relative;z-index:2}.input-group-append .btn:focus,.input-group-prepend .btn:focus{z-index:3}.input-group-append .btn+.btn,.input-group-append .btn+.input-group-text,.input-group-append .input-group-text+.btn,.input-group-append .input-group-text+.input-group-text,.input-group-prepend .btn+.btn,.input-group-prepend .btn+.input-group-text,.input-group-prepend .input-group-text+.btn,.input-group-prepend .input-group-text+.input-group-text{margin-left:-1px}.input-group-prepend{margin-right:-1px}.input-group-append{margin-left:-1px}.input-group-text{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;padding:.375rem .75rem;margin-bottom:0;font-size:16px;font-size:1rem;font-weight:400;line-height:1.5;color:#4c4c4d;text-align:center;white-space:nowrap;background-color:#cacacc;border:1px solid #979899;border-radius:4px}.input-group-text input[type=checkbox],.input-group-text input[type=radio]{margin-top:0}.input-group-lg>.custom-select,.input-group-lg>.form-control:not(textarea){height:calc(1.556em + 1rem + 2px)}.input-group-lg>.custom-select,.input-group-lg>.form-control,.input-group-lg>.input-group-append>.btn,.input-group-lg>.input-group-append>.input-group-text,.input-group-lg>.input-group-prepend>.btn,.input-group-lg>.input-group-prepend>.input-group-text{padding:.5rem 1rem;font-size:20px;font-size:1.25rem;line-height:1.556;border-radius:8px}.input-group-sm>.custom-select,.input-group-sm>.form-control:not(textarea){height:calc(1.428em + .5rem + 2px)}.input-group-sm>.custom-select,.input-group-sm>.form-control,.input-group-sm>.input-group-append>.btn,.input-group-sm>.input-group-append>.input-group-text,.input-group-sm>.input-group-prepend>.btn,.input-group-sm>.input-group-prepend>.input-group-text{padding:.25rem .5rem;font-size:14px;font-size:.875rem;line-height:1.428;border-radius:2px}.input-group-lg>.custom-select,.input-group-sm>.custom-select{padding-right:1.75rem}.input-group>.input-group-append:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group>.input-group-append:last-child>.input-group-text:not(:last-child),.input-group>.input-group-append:not(:last-child)>.btn,.input-group>.input-group-append:not(:last-child)>.input-group-text,.input-group>.input-group-prepend>.btn,.input-group>.input-group-prepend>.input-group-text{border-top-right-radius:0;border-bottom-right-radius:0}.input-group>.input-group-append>.btn,.input-group>.input-group-append>.input-group-text,.input-group>.input-group-prepend:first-child>.btn:not(:first-child),.input-group>.input-group-prepend:first-child>.input-group-text:not(:first-child),.input-group>.input-group-prepend:not(:first-child)>.btn,.input-group>.input-group-prepend:not(:first-child)>.input-group-text{border-top-left-radius:0;border-bottom-left-radius:0}.nav{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;padding-left:0;margin-bottom:0;list-style:none}.nav-link{display:block;padding:.5rem 1rem}.nav-link:focus,.nav-link:hover{text-decoration:none}.nav-link.disabled{color:#656566;pointer-events:none;cursor:default}.nav-tabs{border-bottom:1px solid #b1b1b3}.nav-tabs .nav-item{margin-bottom:-1px}.nav-tabs .nav-link{border:1px solid transparent;border-top-left-radius:4px;border-top-right-radius:4px}.nav-tabs .nav-link:focus,.nav-tabs .nav-link:hover{border-color:#cacacc #cacacc #b1b1b3}.nav-tabs .nav-link.disabled{color:#656566;background-color:transparent;border-color:transparent}.nav-tabs .nav-item.show .nav-link,.nav-tabs .nav-link.active{color:#4c4c4d;background-color:#fff;border-color:#b1b1b3 #b1b1b3 #fff}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-left-radius:0;border-top-right-radius:0}.nav-pills .nav-link{border-radius:4px}.nav-pills .nav-link.active,.nav-pills .show>.nav-link{color:#fff;background-color:#0073e6}.nav-fill .nav-item{-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;text-align:center}.nav-justified .nav-item{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;text-align:center}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.navbar{position:relative;padding:8px 16px}.navbar,.navbar>.container,.navbar>.container-fluid{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between}.navbar-brand{display:inline-block;padding-top:.5rem;padding-bottom:.5rem;margin-right:16px;font-size:16px;font-size:1rem;line-height:inherit;white-space:nowrap}.navbar-brand:focus,.navbar-brand:hover{text-decoration:none}.navbar-nav{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;padding-left:0;margin-bottom:0;list-style:none}.navbar-nav .nav-link{padding-right:0;padding-left:0}.navbar-nav .dropdown-menu{position:static;float:none}.navbar-text{display:inline-block;padding-top:.5rem;padding-bottom:.5rem}.navbar-collapse{-ms-flex-preferred-size:100%;flex-basis:100%;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.navbar-toggler{padding:.25rem .75rem;font-size:20px;font-size:1.25rem;line-height:1;background-color:transparent;border:1px solid transparent;border-radius:0}.navbar-toggler:focus,.navbar-toggler:hover{text-decoration:none}.navbar-toggler-icon{display:inline-block;width:1.5em;height:1.5em;vertical-align:middle;content:"";background:no-repeat 50%;background-size:100% 100%}@media (max-width:575.98px){.navbar-expand-sm>.container,.navbar-expand-sm>.container-fluid{padding-right:0;padding-left:0}}@media (min-width:576px){.navbar-expand-sm{-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-sm,.navbar-expand-sm .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal}.navbar-expand-sm .navbar-nav{-ms-flex-direction:row;flex-direction:row}.navbar-expand-sm .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-sm .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand-sm>.container,.navbar-expand-sm>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-sm .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-sm .navbar-toggler{display:none}}@media (max-width:767.98px){.navbar-expand-md>.container,.navbar-expand-md>.container-fluid{padding-right:0;padding-left:0}}@media (min-width:768px){.navbar-expand-md{-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-md,.navbar-expand-md .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal}.navbar-expand-md .navbar-nav{-ms-flex-direction:row;flex-direction:row}.navbar-expand-md .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-md .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand-md>.container,.navbar-expand-md>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-md .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-md .navbar-toggler{display:none}}@media (max-width:991.98px){.navbar-expand-lg>.container,.navbar-expand-lg>.container-fluid{padding-right:0;padding-left:0}}@media (min-width:992px){.navbar-expand-lg{-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-lg,.navbar-expand-lg .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal}.navbar-expand-lg .navbar-nav{-ms-flex-direction:row;flex-direction:row}.navbar-expand-lg .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-lg .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand-lg>.container,.navbar-expand-lg>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-lg .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-lg .navbar-toggler{display:none}}@media (max-width:1199.98px){.navbar-expand-xl>.container,.navbar-expand-xl>.container-fluid{padding-right:0;padding-left:0}}@media (min-width:1200px){.navbar-expand-xl{-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-xl,.navbar-expand-xl .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal}.navbar-expand-xl .navbar-nav{-ms-flex-direction:row;flex-direction:row}.navbar-expand-xl .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-xl .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand-xl>.container,.navbar-expand-xl>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-xl .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-xl .navbar-toggler{display:none}}.navbar-expand{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand>.container,.navbar-expand>.container-fluid{padding-right:0;padding-left:0}.navbar-expand .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.navbar-expand .navbar-nav .dropdown-menu{position:absolute}.navbar-expand .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand>.container,.navbar-expand>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand .navbar-toggler{display:none}.navbar-light .navbar-brand,.navbar-light .navbar-brand:focus,.navbar-light .navbar-brand:hover{color:rgba(0,0,0,.9)}.navbar-light .navbar-nav .nav-link{color:rgba(0,0,0,.5)}.navbar-light .navbar-nav .nav-link:focus,.navbar-light .navbar-nav .nav-link:hover{color:rgba(0,0,0,.7)}.navbar-light .navbar-nav .nav-link.disabled{color:rgba(0,0,0,.3)}.navbar-light .navbar-nav .active>.nav-link,.navbar-light .navbar-nav .nav-link.active,.navbar-light .navbar-nav .nav-link.show,.navbar-light .navbar-nav .show>.nav-link{color:rgba(0,0,0,.9)}.navbar-light .navbar-toggler{color:rgba(0,0,0,.5);border-color:rgba(0,0,0,.1)}.navbar-light .navbar-toggler-icon{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg viewBox='0 0 30 30' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath stroke='rgba(0, 0, 0, 0.5)' stroke-width='2' stroke-linecap='round' stroke-miterlimit='10' d='M4 7h22M4 15h22M4 23h22'/%3E%3C/svg%3E")}.navbar-light .navbar-text{color:rgba(0,0,0,.5)}.navbar-light .navbar-text a,.navbar-light .navbar-text a:focus,.navbar-light .navbar-text a:hover{color:rgba(0,0,0,.9)}.navbar-dark .navbar-brand,.navbar-dark .navbar-brand:focus,.navbar-dark .navbar-brand:hover{color:#fff}.navbar-dark .navbar-nav .nav-link{color:hsla(0,0%,100%,.5)}.navbar-dark .navbar-nav .nav-link:focus,.navbar-dark .navbar-nav .nav-link:hover{color:hsla(0,0%,100%,.75)}.navbar-dark .navbar-nav .nav-link.disabled{color:hsla(0,0%,100%,.25)}.navbar-dark .navbar-nav .active>.nav-link,.navbar-dark .navbar-nav .nav-link.active,.navbar-dark .navbar-nav .nav-link.show,.navbar-dark .navbar-nav .show>.nav-link{color:#fff}.navbar-dark .navbar-toggler{color:hsla(0,0%,100%,.5);border-color:transparent}.navbar-dark .navbar-toggler-icon{background-image:url(data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTkuMiIgaGVpZ2h0PSIxNiIgdmlld0JveD0iMCAwIDEyIDEwIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxwYXRoIGQ9Ik0wIDRoMTJ2MkgwVjR6bTAtNGg4djJIMFYwem0wIDhoOHYySDBWOHoiIGZpbGw9IiNGRkYiIGZpbGwtcnVsZT0iZXZlbm9kZCIvPjwvc3ZnPg==)}.navbar-dark .navbar-text{color:hsla(0,0%,100%,.5)}.navbar-dark .navbar-text a,.navbar-dark .navbar-text a:focus,.navbar-dark .navbar-text a:hover{color:#fff}.card{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;min-width:0;word-wrap:break-word;background-color:#fff;background-clip:border-box;border:1px solid rgba(0,0,0,.125);border-radius:0}.card>hr{margin-right:0;margin-left:0}.card>.list-group:first-child .list-group-item:first-child{border-top-left-radius:0;border-top-right-radius:0}.card>.list-group:last-child .list-group-item:last-child{border-bottom-right-radius:0;border-bottom-left-radius:0}.card-body{-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;padding:2rem}.card-title{margin-bottom:1rem}.card-subtitle{margin-top:-.5rem}.card-subtitle,.card-text:last-child{margin-bottom:0}.card-link:hover{text-decoration:none}.card-link+.card-link{margin-left:2rem}.card-header{padding:1rem 2rem;margin-bottom:0;background-color:transparent;border-bottom:1px solid rgba(0,0,0,.125)}.card-header:first-child{border-radius:-1px -1px 0 0}.card-header+.list-group .list-group-item:first-child{border-top:0}.card-footer{padding:1rem 2rem;background-color:transparent;border-top:1px solid rgba(0,0,0,.125)}.card-footer:last-child{border-radius:0 0 -1px -1px}.card-header-tabs{margin-bottom:-1rem;border-bottom:0}.card-header-pills,.card-header-tabs{margin-right:-1rem;margin-left:-1rem}.card-img-overlay{position:absolute;top:0;right:0;bottom:0;left:0;padding:1.25rem}.card-img{width:100%;border-radius:-1px}.card-img-top{width:100%;border-top-left-radius:-1px;border-top-right-radius:-1px}.card-img-bottom{width:100%;border-bottom-right-radius:-1px;border-bottom-left-radius:-1px}.card-deck{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.card-deck .card{margin-bottom:6px}@media (min-width:576px){.card-deck{-webkit-box-orient:horizontal;-ms-flex-flow:row wrap;flex-flow:row wrap;margin-right:-6px;margin-left:-6px}.card-deck,.card-deck .card{-webkit-box-direction:normal}.card-deck .card{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-flex:1;-ms-flex:1 0 0%;flex:1 0 0%;-webkit-box-orient:vertical;-ms-flex-direction:column;flex-direction:column;margin-right:6px;margin-bottom:0;margin-left:6px}}.card-group{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.card-group>.card{margin-bottom:6px}@media (min-width:576px){.card-group{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap}.card-group>.card{-webkit-box-flex:1;-ms-flex:1 0 0%;flex:1 0 0%;margin-bottom:0}.card-group>.card+.card{margin-left:0;border-left:0}.card-group>.card:not(:last-child){border-top-right-radius:0;border-bottom-right-radius:0}.card-group>.card:not(:last-child) .card-header,.card-group>.card:not(:last-child) .card-img-top{border-top-right-radius:0}.card-group>.card:not(:last-child) .card-footer,.card-group>.card:not(:last-child) .card-img-bottom{border-bottom-right-radius:0}.card-group>.card:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.card-group>.card:not(:first-child) .card-header,.card-group>.card:not(:first-child) .card-img-top{border-top-left-radius:0}.card-group>.card:not(:first-child) .card-footer,.card-group>.card:not(:first-child) .card-img-bottom{border-bottom-left-radius:0}}.card-columns .card{margin-bottom:1rem}@media (min-width:576px){.card-columns{-webkit-column-count:3;-moz-column-count:3;column-count:3;-webkit-column-gap:1.25rem;-moz-column-gap:1.25rem;column-gap:1.25rem;orphans:1;widows:1}.card-columns .card{display:inline-block;width:100%}}.accordion>.card{overflow:hidden}.accordion>.card:not(:first-of-type) .card-header:first-child{border-radius:0}.accordion>.card:not(:first-of-type):not(:last-of-type){border-bottom:0;border-radius:0}.accordion>.card:first-of-type{border-bottom:0;border-bottom-right-radius:0;border-bottom-left-radius:0}.accordion>.card:last-of-type{border-top-left-radius:0;border-top-right-radius:0}.accordion>.card .card-header{margin-bottom:-1px}.breadcrumb{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;padding:.75rem 1rem;margin-bottom:1rem;list-style:none;background-color:transparent;border-radius:0}.breadcrumb-item+.breadcrumb-item{padding-left:.5rem}.breadcrumb-item+.breadcrumb-item:before{display:inline-block;padding-right:.5rem;color:#656566;content:"/"}.breadcrumb-item+.breadcrumb-item:hover:before{text-decoration:underline;text-decoration:none}.breadcrumb-item.active{color:#656566}.pagination{display:-webkit-box;display:-ms-flexbox;display:flex;padding-left:0;list-style:none;border-radius:4px}.page-link{position:relative;display:block;padding:.5rem .75rem;margin-left:-1px;line-height:1.25;color:#0073e6;background-color:#fff;border:1px solid #b1b1b3}.page-link:hover{z-index:2;color:#004d99;text-decoration:none;background-color:#cacacc;border-color:#b1b1b3}.page-link:focus{z-index:2;outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(0,115,230,.25);box-shadow:0 0 0 .2rem rgba(0,115,230,.25)}.page-item:first-child .page-link{margin-left:0;border-top-left-radius:4px;border-bottom-left-radius:4px}.page-item:last-child .page-link{border-top-right-radius:4px;border-bottom-right-radius:4px}.page-item.active .page-link{z-index:1;color:#fff;background-color:#0073e6;border-color:#0073e6}.page-item.disabled .page-link{color:#656566;pointer-events:none;cursor:auto;background-color:#fff;border-color:#b1b1b3}.pagination-lg .page-link{padding:.75rem 1.5rem;font-size:20px;font-size:1.25rem;line-height:1.5}.pagination-lg .page-item:first-child .page-link{border-top-left-radius:8px;border-bottom-left-radius:8px}.pagination-lg .page-item:last-child .page-link{border-top-right-radius:8px;border-bottom-right-radius:8px}.pagination-sm .page-link{padding:.25rem .5rem;font-size:14px;font-size:.875rem;line-height:1.5}.pagination-sm .page-item:first-child .page-link{border-top-left-radius:2px;border-bottom-left-radius:2px}.pagination-sm .page-item:last-child .page-link{border-top-right-radius:2px;border-bottom-right-radius:2px}.badge{display:inline-block;padding:.25em .4em;font-size:75%;font-weight:700;line-height:1;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:4px;-webkit-transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,-webkit-box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,-webkit-box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out,-webkit-box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.badge{-webkit-transition:none;transition:none}}a.badge:focus,a.badge:hover{text-decoration:none}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.badge-pill{padding-right:.6em;padding-left:.6em;border-radius:10rem}.badge-primary{color:#fff;background-color:#0073e6}a.badge-primary:focus,a.badge-primary:hover{color:#fff;background-color:#0059b3}a.badge-primary.focus,a.badge-primary:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(0,115,230,.5);box-shadow:0 0 0 .2rem rgba(0,115,230,.5)}.badge-secondary{color:#fff;background-color:#5c6f82}a.badge-secondary:focus,a.badge-secondary:hover{color:#fff;background-color:#475664}a.badge-secondary.focus,a.badge-secondary:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(92,111,130,.5);box-shadow:0 0 0 .2rem rgba(92,111,130,.5)}.badge-success{color:#19191a;background-color:#00cc85}a.badge-success:focus,a.badge-success:hover{color:#19191a;background-color:#009963}a.badge-success.focus,a.badge-success:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(0,204,133,.5);box-shadow:0 0 0 .2rem rgba(0,204,133,.5)}.badge-info{color:#19191a;background-color:#979899}a.badge-info:focus,a.badge-info:hover{color:#19191a;background-color:#7e7e80}a.badge-info.focus,a.badge-info:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(151,152,153,.5);box-shadow:0 0 0 .2rem rgba(151,152,153,.5)}.badge-warning{color:#19191a;background-color:#f90}a.badge-warning:focus,a.badge-warning:hover{color:#19191a;background-color:#cc7a00}a.badge-warning.focus,a.badge-warning:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(255,153,0,.5);box-shadow:0 0 0 .2rem rgba(255,153,0,.5)}.badge-danger{color:#19191a;background-color:#f73e5a}a.badge-danger:focus,a.badge-danger:hover{color:#19191a;background-color:#f50d30}a.badge-danger.focus,a.badge-danger:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(247,62,90,.5);box-shadow:0 0 0 .2rem rgba(247,62,90,.5)}.badge-light{color:#19191a;background-color:#e9e6f2}a.badge-light:focus,a.badge-light:hover{color:#19191a;background-color:#ccc4e1}a.badge-light.focus,a.badge-light:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(233,230,242,.5);box-shadow:0 0 0 .2rem rgba(233,230,242,.5)}.badge-dark{color:#fff;background-color:#17324d}a.badge-dark:focus,a.badge-dark:hover{color:#fff;background-color:#0b1825}a.badge-dark.focus,a.badge-dark:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(23,50,77,.5);box-shadow:0 0 0 .2rem rgba(23,50,77,.5)}.badge-100{color:#19191a;background-color:#e3e4e6}a.badge-100:focus,a.badge-100:hover{color:#19191a;background-color:#c9cacd}a.badge-100.focus,a.badge-100:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(227,228,230,.5);box-shadow:0 0 0 .2rem rgba(227,228,230,.5)}.badge-200{color:#19191a;background-color:#cacacc}a.badge-200:focus,a.badge-200:hover{color:#19191a;background-color:#b0b1b3}a.badge-200.focus,a.badge-200:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(202,202,204,.5);box-shadow:0 0 0 .2rem rgba(202,202,204,.5)}.badge-300{color:#19191a;background-color:#b1b1b3}a.badge-300:focus,a.badge-300:hover{color:#19191a;background-color:#979899}a.badge-300.focus,a.badge-300:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(177,177,179,.5);box-shadow:0 0 0 .2rem rgba(177,177,179,.5)}.badge-400{color:#19191a;background-color:#979899}a.badge-400:focus,a.badge-400:hover{color:#19191a;background-color:#7e7e80}a.badge-400.focus,a.badge-400:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(151,152,153,.5);box-shadow:0 0 0 .2rem rgba(151,152,153,.5)}.badge-500{color:#19191a;background-color:#7e7f80}a.badge-500:focus,a.badge-500:hover{color:#19191a;background-color:#656566}a.badge-500.focus,a.badge-500:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(126,127,128,.5);box-shadow:0 0 0 .2rem rgba(126,127,128,.5)}.badge-600{color:#fff;background-color:#656566}a.badge-600:focus,a.badge-600:hover{color:#fff;background-color:#4c4c4c}a.badge-600.focus,a.badge-600:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(101,101,102,.5);box-shadow:0 0 0 .2rem rgba(101,101,102,.5)}.badge-700{color:#fff;background-color:#4c4c4d}a.badge-700:focus,a.badge-700:hover{color:#fff;background-color:#323233}a.badge-700.focus,a.badge-700:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(76,76,77,.5);box-shadow:0 0 0 .2rem rgba(76,76,77,.5)}.badge-800{color:#fff;background-color:#323333}a.badge-800:focus,a.badge-800:hover{color:#fff;background-color:#191919}a.badge-800.focus,a.badge-800:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(50,51,51,.5);box-shadow:0 0 0 .2rem rgba(50,51,51,.5)}.badge-900{color:#fff;background-color:#19191a}a.badge-900:focus,a.badge-900:hover{color:#fff;background-color:#000}a.badge-900.focus,a.badge-900:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(25,25,26,.5);box-shadow:0 0 0 .2rem rgba(25,25,26,.5)}@-webkit-keyframes progress-bar-stripes{0%{background-position:16px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{0%{background-position:16px 0}to{background-position:0 0}}.progress{height:16px;overflow:hidden;font-size:12px;font-size:.75rem;background-color:#cacacc;border-radius:0;-webkit-box-shadow:inset 0 .1rem .1rem rgba(0,0,0,.1);box-shadow:inset 0 .1rem .1rem rgba(0,0,0,.1)}.progress,.progress-bar{display:-webkit-box;display:-ms-flexbox;display:flex}.progress-bar{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;color:#fff;text-align:center;white-space:nowrap;background-color:#0073e6;-webkit-transition:width .6s ease;transition:width .6s ease}@media (prefers-reduced-motion:reduce){.progress-bar{-webkit-transition:none;transition:none}}.progress-bar-striped{background-image:linear-gradient(45deg,hsla(0,0%,100%,.15) 25%,transparent 0,transparent 50%,hsla(0,0%,100%,.15) 0,hsla(0,0%,100%,.15) 75%,transparent 0,transparent);background-size:16px 16px}.progress-bar-animated{-webkit-animation:progress-bar-stripes 1s linear infinite;animation:progress-bar-stripes 1s linear infinite}@media (prefers-reduced-motion:reduce){.progress-bar-animated{-webkit-animation:none;animation:none}}.media{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start}.media-body{-webkit-box-flex:1;-ms-flex:1;flex:1}.list-group{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;padding-left:0;margin-bottom:0}.list-group-item-action{width:100%;color:#0073e6;text-align:inherit}.list-group-item-action:focus,.list-group-item-action:hover{z-index:1;color:#00264d;text-decoration:none}.list-group-item-action:active{color:#19191a;background-color:#cacacc}.list-group-item{position:relative;display:block;padding:1rem 1.25rem;margin-bottom:-1px;background-color:#fff;border:1px solid rgba(0,0,0,.125)}.list-group-item:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.list-group-item.disabled,.list-group-item:disabled{color:#656566;pointer-events:none;background-color:#fff}.list-group-item.active{z-index:2;color:#fff;background-color:#0073e6;border-color:#0073e6}.list-group-horizontal{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal .list-group-item{margin-right:-1px;margin-bottom:0}.list-group-horizontal .list-group-item:first-child{border-top-left-radius:4px;border-bottom-left-radius:4px;border-top-right-radius:0}.list-group-horizontal .list-group-item:last-child{margin-right:0;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:0}@media (min-width:576px){.list-group-horizontal-sm{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal-sm .list-group-item{margin-right:-1px;margin-bottom:0}.list-group-horizontal-sm .list-group-item:first-child{border-top-left-radius:4px;border-bottom-left-radius:4px;border-top-right-radius:0}.list-group-horizontal-sm .list-group-item:last-child{margin-right:0;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:0}}@media (min-width:768px){.list-group-horizontal-md{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal-md .list-group-item{margin-right:-1px;margin-bottom:0}.list-group-horizontal-md .list-group-item:first-child{border-top-left-radius:4px;border-bottom-left-radius:4px;border-top-right-radius:0}.list-group-horizontal-md .list-group-item:last-child{margin-right:0;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:0}}@media (min-width:992px){.list-group-horizontal-lg{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal-lg .list-group-item{margin-right:-1px;margin-bottom:0}.list-group-horizontal-lg .list-group-item:first-child{border-top-left-radius:4px;border-bottom-left-radius:4px;border-top-right-radius:0}.list-group-horizontal-lg .list-group-item:last-child{margin-right:0;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:0}}@media (min-width:1200px){.list-group-horizontal-xl{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal-xl .list-group-item{margin-right:-1px;margin-bottom:0}.list-group-horizontal-xl .list-group-item:first-child{border-top-left-radius:4px;border-bottom-left-radius:4px;border-top-right-radius:0}.list-group-horizontal-xl .list-group-item:last-child{margin-right:0;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:0}}.list-group-flush .list-group-item{border-right:0;border-left:0;border-radius:0}.list-group-flush .list-group-item:last-child{margin-bottom:-1px}.list-group-flush:first-child .list-group-item:first-child{border-top:0}.list-group-flush:last-child .list-group-item:last-child{margin-bottom:0;border-bottom:0}.list-group-item-primary{color:#003c78;background-color:#b8d8f8}.list-group-item-primary.list-group-item-action:focus,.list-group-item-primary.list-group-item-action:hover{color:#003c78;background-color:#a1cbf6}.list-group-item-primary.list-group-item-action.active{color:#fff;background-color:#003c78;border-color:#003c78}.list-group-item-secondary{color:#303a44;background-color:#d1d7dc}.list-group-item-secondary.list-group-item-action:focus,.list-group-item-secondary.list-group-item-action:hover{color:#303a44;background-color:#c3cad1}.list-group-item-secondary.list-group-item-action.active{color:#fff;background-color:#303a44;border-color:#303a44}.list-group-item-success{color:#006a45;background-color:#b8f1dd}.list-group-item-success.list-group-item-action:focus,.list-group-item-success.list-group-item-action:hover{color:#006a45;background-color:#a3edd3}.list-group-item-success.list-group-item-action.active{color:#fff;background-color:#006a45;border-color:#006a45}.list-group-item-info{color:#4f4f50;background-color:#e2e2e2}.list-group-item-info.list-group-item-action:focus,.list-group-item-info.list-group-item-action:hover{color:#4f4f50;background-color:#d5d5d5}.list-group-item-info.list-group-item-action.active{color:#fff;background-color:#4f4f50;border-color:#4f4f50}.list-group-item-warning{color:#855000;background-color:#ffe2b8}.list-group-item-warning.list-group-item-action:focus,.list-group-item-warning.list-group-item-action:hover{color:#855000;background-color:#ffd89f}.list-group-item-warning.list-group-item-action.active{color:#fff;background-color:#855000;border-color:#855000}.list-group-item-danger{color:#80202f;background-color:#fdc9d1}.list-group-item-danger.list-group-item-action:focus,.list-group-item-danger.list-group-item-action:hover{color:#80202f;background-color:#fcb0bc}.list-group-item-danger.list-group-item-action.active{color:#fff;background-color:#80202f;border-color:#80202f}.list-group-item-light{color:#79787e;background-color:#f9f8fb}.list-group-item-light.list-group-item-action:focus,.list-group-item-light.list-group-item-action:hover{color:#79787e;background-color:#ebe8f2}.list-group-item-light.list-group-item-action.active{color:#fff;background-color:#79787e;border-color:#79787e}.list-group-item-dark{color:#0c1a28;background-color:#bec6cd}.list-group-item-dark.list-group-item-action:focus,.list-group-item-dark.list-group-item-action:hover{color:#0c1a28;background-color:#b0b9c2}.list-group-item-dark.list-group-item-action.active{color:#fff;background-color:#0c1a28;border-color:#0c1a28}.list-group-item-100{color:#767778;background-color:#f7f7f8}.list-group-item-100.list-group-item-action:focus,.list-group-item-100.list-group-item-action:hover{color:#767778;background-color:#e9e9ec}.list-group-item-100.list-group-item-action.active{color:#fff;background-color:#767778;border-color:#767778}.list-group-item-200{color:#69696a;background-color:#f0f0f1}.list-group-item-200.list-group-item-action:focus,.list-group-item-200.list-group-item-action:hover{color:#69696a;background-color:#e3e3e5}.list-group-item-200.list-group-item-action.active{color:#fff;background-color:#69696a;border-color:#69696a}.list-group-item-300{color:#5c5c5d;background-color:#e9e9ea}.list-group-item-300.list-group-item-action:focus,.list-group-item-300.list-group-item-action:hover{color:#5c5c5d;background-color:#dcdcde}.list-group-item-300.list-group-item-action.active{color:#fff;background-color:#5c5c5d;border-color:#5c5c5d}.list-group-item-400{color:#4f4f50;background-color:#e2e2e2}.list-group-item-400.list-group-item-action:focus,.list-group-item-400.list-group-item-action:hover{color:#4f4f50;background-color:#d5d5d5}.list-group-item-400.list-group-item-action.active{color:#fff;background-color:#4f4f50;border-color:#4f4f50}.list-group-item-500{color:#424243;background-color:#dbdbdb}.list-group-item-500.list-group-item-action:focus,.list-group-item-500.list-group-item-action:hover{color:#424243;background-color:#cecece}.list-group-item-500.list-group-item-action.active{color:#fff;background-color:#424243;border-color:#424243}.list-group-item-600{color:#353535;background-color:#d4d4d4}.list-group-item-600.list-group-item-action:focus,.list-group-item-600.list-group-item-action:hover{color:#353535;background-color:#c7c7c7}.list-group-item-600.list-group-item-action.active{color:#fff;background-color:#353535;border-color:#353535}.list-group-item-700{color:#282828;background-color:#cdcdcd}.list-group-item-700.list-group-item-action:focus,.list-group-item-700.list-group-item-action:hover{color:#282828;background-color:silver}.list-group-item-700.list-group-item-action.active{color:#fff;background-color:#282828;border-color:#282828}.list-group-item-800{color:#1a1b1b;background-color:#c6c6c6}.list-group-item-800.list-group-item-action:focus,.list-group-item-800.list-group-item-action:hover{color:#1a1b1b;background-color:#b9b9b9}.list-group-item-800.list-group-item-action.active{color:#fff;background-color:#1a1b1b;border-color:#1a1b1b}.list-group-item-900{color:#0d0d0e;background-color:#bfbfbf}.list-group-item-900.list-group-item-action:focus,.list-group-item-900.list-group-item-action:hover{color:#0d0d0e;background-color:#b2b2b2}.list-group-item-900.list-group-item-action.active{color:#fff;background-color:#0d0d0e;border-color:#0d0d0e}.close{float:right;font-size:24px;font-size:1.5rem;font-weight:700;line-height:1;color:#000;text-shadow:0 1px 0 #fff;opacity:.5}.close:hover{color:#000;text-decoration:none}.close:not(:disabled):not(.disabled):focus,.close:not(:disabled):not(.disabled):hover{opacity:.75}button.close{padding:0;background-color:transparent;border:0;-webkit-appearance:none;-moz-appearance:none;appearance:none}a.close.disabled{pointer-events:none}.modal-open{overflow:hidden}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal{position:fixed;top:0;left:0;z-index:1050;display:none;width:100%;height:100%;overflow:hidden;outline:0}.modal-dialog{position:relative;width:auto;margin:.5rem;pointer-events:none}.modal.fade .modal-dialog{-webkit-transition:-webkit-transform .3s ease-out;transition:-webkit-transform .3s ease-out;transition:transform .3s ease-out;transition:transform .3s ease-out,-webkit-transform .3s ease-out;-webkit-transform:translateY(-50px);transform:translateY(-50px)}@media (prefers-reduced-motion:reduce){.modal.fade .modal-dialog{-webkit-transition:none;transition:none}}.modal.show .modal-dialog{-webkit-transform:none;transform:none}.modal-dialog-scrollable{display:-webkit-box;display:-ms-flexbox;display:flex;max-height:calc(100% - 1rem)}.modal-dialog-scrollable .modal-content{max-height:calc(100vh - 1rem);overflow:hidden}.modal-dialog-scrollable .modal-footer,.modal-dialog-scrollable .modal-header{-ms-flex-negative:0;flex-shrink:0}.modal-dialog-scrollable .modal-body{overflow-y:auto}.modal-dialog-centered{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;min-height:calc(100% - 1rem)}.modal-dialog-centered:before{display:block;height:calc(100vh - 1rem);content:""}.modal-dialog-centered.modal-dialog-scrollable{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;height:100%}.modal-dialog-centered.modal-dialog-scrollable .modal-content{max-height:none}.modal-dialog-centered.modal-dialog-scrollable:before{content:none}.modal-content{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;width:100%;pointer-events:auto;background-color:#fff;background-clip:padding-box;border:1px solid rgba(0,0,0,.2);border-radius:8px;-webkit-box-shadow:0 .25rem .5rem rgba(0,0,0,.5);box-shadow:0 .25rem .5rem rgba(0,0,0,.5);outline:0}.modal-backdrop{position:fixed;top:0;left:0;z-index:1040;width:100vw;height:100vh;background-color:#000}.modal-backdrop.fade{opacity:0}.modal-backdrop.show{opacity:.8}.modal-header{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;padding:1.5rem;border-bottom:0 solid #b1b1b3;border-top-left-radius:8px;border-top-right-radius:8px}.modal-header .close{padding:1.5rem;margin:-1rem -1rem -1rem auto}.modal-title{margin-bottom:0;line-height:1.5}.modal-body{position:relative;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;padding:1.5rem}.modal-footer{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:end;-ms-flex-pack:end;justify-content:flex-end;padding:1.5rem;border-top:0 solid #b1b1b3;border-bottom-right-radius:8px;border-bottom-left-radius:8px}.modal-footer>:not(:first-child){margin-left:.25rem}.modal-footer>:not(:last-child){margin-right:.25rem}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:576px){.modal-dialog{max-width:500px;margin:1.5rem auto}.modal-dialog-scrollable{max-height:calc(100% - 3rem)}.modal-dialog-scrollable .modal-content{max-height:calc(100vh - 3rem)}.modal-dialog-centered{min-height:calc(100% - 3rem)}.modal-dialog-centered:before{height:calc(100vh - 3rem)}.modal-content{-webkit-box-shadow:0 .5rem 1rem rgba(0,0,0,.5);box-shadow:0 .5rem 1rem rgba(0,0,0,.5)}.modal-sm{max-width:300px}}@media (min-width:992px){.modal-lg,.modal-xl{max-width:800px}}@media (min-width:1200px){.modal-xl{max-width:1140px}}.tooltip{position:absolute;z-index:1070;display:block;margin:0;font-family:Titillium Web,Geneva,Tahoma,sans-serif;font-style:normal;font-weight:400;line-height:1.5;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;white-space:normal;line-break:auto;font-size:14px;font-size:.875rem;word-wrap:break-word;opacity:0}.tooltip.show{opacity:1}.tooltip .arrow{position:absolute;display:block;width:12.8px;width:.8rem;height:6.4px;height:.4rem}.tooltip .arrow:before{position:absolute;content:"";border-color:transparent;border-style:solid}.bs-tooltip-auto[x-placement^=top],.bs-tooltip-top{padding:.4rem 0}.bs-tooltip-auto[x-placement^=top] .arrow,.bs-tooltip-top .arrow{bottom:0}.bs-tooltip-auto[x-placement^=top] .arrow:before,.bs-tooltip-top .arrow:before{top:0;border-width:.4rem .4rem 0;border-top-color:#004a4d}.bs-tooltip-auto[x-placement^=right],.bs-tooltip-right{padding:0 .4rem}.bs-tooltip-auto[x-placement^=right] .arrow,.bs-tooltip-right .arrow{left:0;width:6.4px;width:.4rem;height:12.8px;height:.8rem}.bs-tooltip-auto[x-placement^=right] .arrow:before,.bs-tooltip-right .arrow:before{right:0;border-width:.4rem .4rem .4rem 0;border-right-color:#004a4d}.bs-tooltip-auto[x-placement^=bottom],.bs-tooltip-bottom{padding:.4rem 0}.bs-tooltip-auto[x-placement^=bottom] .arrow,.bs-tooltip-bottom .arrow{top:0}.bs-tooltip-auto[x-placement^=bottom] .arrow:before,.bs-tooltip-bottom .arrow:before{bottom:0;border-width:0 .4rem .4rem;border-bottom-color:#004a4d}.bs-tooltip-auto[x-placement^=left],.bs-tooltip-left{padding:0 .4rem}.bs-tooltip-auto[x-placement^=left] .arrow,.bs-tooltip-left .arrow{right:0;width:6.4px;width:.4rem;height:12.8px;height:.8rem}.bs-tooltip-auto[x-placement^=left] .arrow:before,.bs-tooltip-left .arrow:before{left:0;border-width:.4rem 0 .4rem .4rem;border-left-color:#004a4d}.tooltip-inner{max-width:32em;padding:1rem;color:#fff;text-align:center;background-color:#004a4d;border-radius:4px}.popover{top:0;left:0;z-index:1060;max-width:276px;font-family:Titillium Web,Geneva,Tahoma,sans-serif;font-style:normal;font-weight:400;line-height:1.5;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;white-space:normal;line-break:auto;font-size:14px;font-size:.875rem;word-wrap:break-word;background-color:#fff;background-clip:padding-box;border:1px solid rgba(0,0,0,.2);border-radius:8px;-webkit-box-shadow:0 .25rem .5rem rgba(0,0,0,.2);box-shadow:0 .25rem .5rem rgba(0,0,0,.2)}.popover,.popover .arrow{position:absolute;display:block}.popover .arrow{width:16px;width:1rem;height:8px;height:.5rem;margin:0 8px}.popover .arrow:after,.popover .arrow:before{position:absolute;display:block;content:"";border-color:transparent;border-style:solid}.bs-popover-auto[x-placement^=top],.bs-popover-top{margin-bottom:.5rem}.bs-popover-auto[x-placement^=top]>.arrow,.bs-popover-top>.arrow{bottom:calc(-.5rem + -1px)}.bs-popover-auto[x-placement^=top]>.arrow:before,.bs-popover-top>.arrow:before{bottom:0;border-width:.5rem .5rem 0;border-top-color:rgba(0,0,0,.25)}.bs-popover-auto[x-placement^=top]>.arrow:after,.bs-popover-top>.arrow:after{bottom:1px;border-width:.5rem .5rem 0;border-top-color:#fff}.bs-popover-auto[x-placement^=right],.bs-popover-right{margin-left:.5rem}.bs-popover-auto[x-placement^=right]>.arrow,.bs-popover-right>.arrow{left:calc(-.5rem + -1px);width:8px;width:.5rem;height:16px;height:1rem;margin:8px 0}.bs-popover-auto[x-placement^=right]>.arrow:before,.bs-popover-right>.arrow:before{left:0;border-width:.5rem .5rem .5rem 0;border-right-color:rgba(0,0,0,.25)}.bs-popover-auto[x-placement^=right]>.arrow:after,.bs-popover-right>.arrow:after{left:1px;border-width:.5rem .5rem .5rem 0;border-right-color:#fff}.bs-popover-auto[x-placement^=bottom],.bs-popover-bottom{margin-top:.5rem}.bs-popover-auto[x-placement^=bottom]>.arrow,.bs-popover-bottom>.arrow{top:calc(-.5rem + -1px)}.bs-popover-auto[x-placement^=bottom]>.arrow:before,.bs-popover-bottom>.arrow:before{top:0;border-width:0 .5rem .5rem;border-bottom-color:rgba(0,0,0,.25)}.bs-popover-auto[x-placement^=bottom]>.arrow:after,.bs-popover-bottom>.arrow:after{top:1px;border-width:0 .5rem .5rem;border-bottom-color:#fff}.bs-popover-auto[x-placement^=bottom] .popover-header:before,.bs-popover-bottom .popover-header:before{position:absolute;top:0;left:50%;display:block;width:16px;width:1rem;margin-left:-.5rem;content:"";border-bottom:1px solid #f7f7f7}.bs-popover-auto[x-placement^=left],.bs-popover-left{margin-right:.5rem}.bs-popover-auto[x-placement^=left]>.arrow,.bs-popover-left>.arrow{right:calc(-.5rem + -1px);width:8px;width:.5rem;height:16px;height:1rem;margin:8px 0}.bs-popover-auto[x-placement^=left]>.arrow:before,.bs-popover-left>.arrow:before{right:0;border-width:.5rem 0 .5rem .5rem;border-left-color:rgba(0,0,0,.25)}.bs-popover-auto[x-placement^=left]>.arrow:after,.bs-popover-left>.arrow:after{right:1px;border-width:.5rem 0 .5rem .5rem;border-left-color:#fff}.popover-header{padding:.5rem .75rem;margin-bottom:0;font-size:16px;font-size:1rem;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-top-left-radius:7px;border-top-right-radius:7px}.popover-header:empty{display:none}.popover-body{padding:.5rem .75rem;color:#19191a}.carousel{position:relative}.carousel.pointer-event{-ms-touch-action:pan-y;touch-action:pan-y}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner:after{display:block;clear:both;content:""}.carousel-item{position:relative;display:none;float:left;width:100%;margin-right:-100%;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-transition:-webkit-transform .6s ease-in-out;transition:-webkit-transform .6s ease-in-out;transition:transform .6s ease-in-out;transition:transform .6s ease-in-out,-webkit-transform .6s ease-in-out}@media (prefers-reduced-motion:reduce){.carousel-item{-webkit-transition:none;transition:none}}.carousel-item-next,.carousel-item-prev,.carousel-item.active{display:block}.active.carousel-item-right,.carousel-item-next:not(.carousel-item-left){-webkit-transform:translateX(100%);transform:translateX(100%)}.active.carousel-item-left,.carousel-item-prev:not(.carousel-item-right){-webkit-transform:translateX(-100%);transform:translateX(-100%)}.carousel-fade .carousel-item{opacity:0;-webkit-transition-property:opacity;transition-property:opacity;-webkit-transform:none;transform:none}.carousel-fade .carousel-item-next.carousel-item-left,.carousel-fade .carousel-item-prev.carousel-item-right,.carousel-fade .carousel-item.active{z-index:1;opacity:1}.carousel-fade .active.carousel-item-left,.carousel-fade .active.carousel-item-right{z-index:0;opacity:0;-webkit-transition:opacity 0s .6s;transition:opacity 0s .6s}@media (prefers-reduced-motion:reduce){.carousel-fade .active.carousel-item-left,.carousel-fade .active.carousel-item-right{-webkit-transition:none;transition:none}}.carousel-control-next,.carousel-control-prev{position:absolute;top:0;bottom:0;z-index:1;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;width:auto;color:#5c6f82;text-align:center;opacity:1;-webkit-transition:opacity .15s ease;transition:opacity .15s ease}@media (prefers-reduced-motion:reduce){.carousel-control-next,.carousel-control-prev{-webkit-transition:none;transition:none}}.carousel-control-next:focus,.carousel-control-next:hover,.carousel-control-prev:focus,.carousel-control-prev:hover{color:#5c6f82;text-decoration:none;outline:0;opacity:.9}.carousel-control-prev{left:0}.carousel-control-next{right:0}.carousel-control-next-icon,.carousel-control-prev-icon{display:inline-block;width:32px;height:32px;background:no-repeat 50%/100% 100%}.carousel-control-prev-icon{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%235c6f82' viewBox='0 0 8 8'%3E%3Cpath d='M5.25 0l-4 4 4 4 1.5-1.5L4.25 4l2.5-2.5L5.25 0z'/%3E%3C/svg%3E")}.carousel-control-next-icon{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%235c6f82' viewBox='0 0 8 8'%3E%3Cpath d='M2.75 0l-1.5 1.5L3.75 4l-2.5 2.5L2.75 8l4-4-4-4z'/%3E%3C/svg%3E")}.carousel-indicators{position:absolute;right:0;bottom:0;left:0;z-index:15;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;padding-left:0;margin-right:auto;margin-left:auto;list-style:none}.carousel-indicators li{-webkit-box-sizing:content-box;box-sizing:content-box;-webkit-box-flex:0;-ms-flex:0 1 auto;flex:0 1 auto;width:30px;height:3px;margin-right:3px;margin-left:3px;text-indent:-999px;cursor:pointer;background-color:#fff;background-clip:padding-box;border-top:10px solid transparent;border-bottom:10px solid transparent;opacity:.5;-webkit-transition:opacity .6s ease;transition:opacity .6s ease}@media (prefers-reduced-motion:reduce){.carousel-indicators li{-webkit-transition:none;transition:none}}.carousel-indicators .active{opacity:1}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center}.align-baseline{vertical-align:baseline!important}.align-top{vertical-align:top!important}.align-middle{vertical-align:middle!important}.align-bottom{vertical-align:bottom!important}.align-text-bottom{vertical-align:text-bottom!important}.align-text-top{vertical-align:text-top!important}.bg-primary{background-color:#0073e6!important}a.bg-primary:focus,a.bg-primary:hover,button.bg-primary:focus,button.bg-primary:hover{background-color:#0059b3!important}.bg-secondary{background-color:#5c6f82!important}a.bg-secondary:focus,a.bg-secondary:hover,button.bg-secondary:focus,button.bg-secondary:hover{background-color:#475664!important}.bg-success{background-color:#00cc85!important}a.bg-success:focus,a.bg-success:hover,button.bg-success:focus,button.bg-success:hover{background-color:#009963!important}.bg-info{background-color:#979899!important}a.bg-info:focus,a.bg-info:hover,button.bg-info:focus,button.bg-info:hover{background-color:#7e7e80!important}.bg-warning{background-color:#f90!important}a.bg-warning:focus,a.bg-warning:hover,button.bg-warning:focus,button.bg-warning:hover{background-color:#cc7a00!important}.bg-danger{background-color:#f73e5a!important}a.bg-danger:focus,a.bg-danger:hover,button.bg-danger:focus,button.bg-danger:hover{background-color:#f50d30!important}.bg-light{background-color:#e9e6f2!important}a.bg-light:focus,a.bg-light:hover,button.bg-light:focus,button.bg-light:hover{background-color:#ccc4e1!important}.bg-dark{background-color:#17324d!important}a.bg-dark:focus,a.bg-dark:hover,button.bg-dark:focus,button.bg-dark:hover{background-color:#0b1825!important}.bg-100{background-color:#e3e4e6!important}a.bg-100:focus,a.bg-100:hover,button.bg-100:focus,button.bg-100:hover{background-color:#c9cacd!important}.bg-200{background-color:#cacacc!important}a.bg-200:focus,a.bg-200:hover,button.bg-200:focus,button.bg-200:hover{background-color:#b0b1b3!important}.bg-300{background-color:#b1b1b3!important}.bg-400,a.bg-300:focus,a.bg-300:hover,button.bg-300:focus,button.bg-300:hover{background-color:#979899!important}a.bg-400:focus,a.bg-400:hover,button.bg-400:focus,button.bg-400:hover{background-color:#7e7e80!important}.bg-500{background-color:#7e7f80!important}.bg-600,a.bg-500:focus,a.bg-500:hover,button.bg-500:focus,button.bg-500:hover{background-color:#656566!important}a.bg-600:focus,a.bg-600:hover,button.bg-600:focus,button.bg-600:hover{background-color:#4c4c4c!important}.bg-700{background-color:#4c4c4d!important}a.bg-700:focus,a.bg-700:hover,button.bg-700:focus,button.bg-700:hover{background-color:#323233!important}.bg-800{background-color:#323333!important}a.bg-800:focus,a.bg-800:hover,button.bg-800:focus,button.bg-800:hover{background-color:#191919!important}.bg-900{background-color:#19191a!important}a.bg-900:focus,a.bg-900:hover,button.bg-900:focus,button.bg-900:hover{background-color:#000!important}.bg-white{background-color:#fff!important}.bg-transparent{background-color:transparent!important}.border{border:1px solid #b1b1b3!important}.border-top{border-top:1px solid #b1b1b3!important}.border-right{border-right:1px solid #b1b1b3!important}.border-bottom{border-bottom:1px solid #b1b1b3!important}.border-left{border-left:1px solid #b1b1b3!important}.border-0{border:0!important}.border-top-0{border-top:0!important}.border-right-0{border-right:0!important}.border-bottom-0{border-bottom:0!important}.border-left-0{border-left:0!important}.border-primary{border-color:#0073e6!important}.border-secondary{border-color:#5c6f82!important}.border-success{border-color:#00cc85!important}.border-info{border-color:#979899!important}.border-warning{border-color:#f90!important}.border-danger{border-color:#f73e5a!important}.border-light{border-color:#e9e6f2!important}.border-dark{border-color:#17324d!important}.border-100{border-color:#e3e4e6!important}.border-200{border-color:#cacacc!important}.border-300{border-color:#b1b1b3!important}.border-400{border-color:#979899!important}.border-500{border-color:#7e7f80!important}.border-600{border-color:#656566!important}.border-700{border-color:#4c4c4d!important}.border-800{border-color:#323333!important}.border-900{border-color:#19191a!important}.border-white{border-color:#fff!important}.rounded-sm{border-radius:2px!important}.rounded{border-radius:4px!important}.rounded-top{border-top-left-radius:4px!important}.rounded-right,.rounded-top{border-top-right-radius:4px!important}.rounded-bottom,.rounded-right{border-bottom-right-radius:4px!important}.rounded-bottom,.rounded-left{border-bottom-left-radius:4px!important}.rounded-left{border-top-left-radius:4px!important}.rounded-lg{border-radius:8px!important}.rounded-circle{border-radius:50%!important}.rounded-pill{border-radius:50rem!important}.rounded-0{border-radius:0!important}.clearfix:after{display:block;clear:both;content:""}.d-none{display:none!important}.d-inline{display:inline!important}.d-inline-block{display:inline-block!important}.d-block{display:block!important}.d-table{display:table!important}.d-table-row{display:table-row!important}.d-table-cell{display:table-cell!important}.d-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}@media (min-width:576px){.d-sm-none{display:none!important}.d-sm-inline{display:inline!important}.d-sm-inline-block{display:inline-block!important}.d-sm-block{display:block!important}.d-sm-table{display:table!important}.d-sm-table-row{display:table-row!important}.d-sm-table-cell{display:table-cell!important}.d-sm-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-sm-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}@media (min-width:768px){.d-md-none{display:none!important}.d-md-inline{display:inline!important}.d-md-inline-block{display:inline-block!important}.d-md-block{display:block!important}.d-md-table{display:table!important}.d-md-table-row{display:table-row!important}.d-md-table-cell{display:table-cell!important}.d-md-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-md-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}@media (min-width:992px){.d-lg-none{display:none!important}.d-lg-inline{display:inline!important}.d-lg-inline-block{display:inline-block!important}.d-lg-block{display:block!important}.d-lg-table{display:table!important}.d-lg-table-row{display:table-row!important}.d-lg-table-cell{display:table-cell!important}.d-lg-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-lg-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}@media (min-width:1200px){.d-xl-none{display:none!important}.d-xl-inline{display:inline!important}.d-xl-inline-block{display:inline-block!important}.d-xl-block{display:block!important}.d-xl-table{display:table!important}.d-xl-table-row{display:table-row!important}.d-xl-table-cell{display:table-cell!important}.d-xl-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-xl-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}@media print{.d-print-none{display:none!important}.d-print-inline{display:inline!important}.d-print-inline-block{display:inline-block!important}.d-print-block{display:block!important}.d-print-table{display:table!important}.d-print-table-row{display:table-row!important}.d-print-table-cell{display:table-cell!important}.d-print-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-print-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}.embed-responsive{position:relative;display:block;width:100%;padding:0;overflow:hidden}.embed-responsive:before{display:block;content:""}.embed-responsive .embed-responsive-item,.embed-responsive embed,.embed-responsive iframe,.embed-responsive object,.embed-responsive video{position:absolute;top:0;bottom:0;left:0;width:100%;height:100%;border:0}.embed-responsive-21by9:before{padding-top:42.8571428571%}.embed-responsive-16by9:before{padding-top:56.25%}.embed-responsive-4by3:before{padding-top:75%}.embed-responsive-1by1:before{padding-top:100%}.flex-row{-webkit-box-orient:horizontal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-column,.flex-row{-webkit-box-direction:normal!important}.flex-column{-webkit-box-orient:vertical!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-row-reverse{-webkit-box-orient:horizontal!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-column-reverse,.flex-row-reverse{-webkit-box-direction:reverse!important}.flex-column-reverse{-webkit-box-orient:vertical!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.flex-fill{-webkit-box-flex:1!important;-ms-flex:1 1 auto!important;flex:1 1 auto!important}.flex-grow-0{-webkit-box-flex:0!important;-ms-flex-positive:0!important;flex-grow:0!important}.flex-grow-1{-webkit-box-flex:1!important;-ms-flex-positive:1!important;flex-grow:1!important}.flex-shrink-0{-ms-flex-negative:0!important;flex-shrink:0!important}.flex-shrink-1{-ms-flex-negative:1!important;flex-shrink:1!important}.justify-content-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}@media (min-width:576px){.flex-sm-row{-webkit-box-orient:horizontal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-sm-column,.flex-sm-row{-webkit-box-direction:normal!important}.flex-sm-column{-webkit-box-orient:vertical!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-sm-row-reverse{-webkit-box-orient:horizontal!important;-webkit-box-direction:reverse!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-sm-column-reverse{-webkit-box-orient:vertical!important;-webkit-box-direction:reverse!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-sm-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-sm-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-sm-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.flex-sm-fill{-webkit-box-flex:1!important;-ms-flex:1 1 auto!important;flex:1 1 auto!important}.flex-sm-grow-0{-webkit-box-flex:0!important;-ms-flex-positive:0!important;flex-grow:0!important}.flex-sm-grow-1{-webkit-box-flex:1!important;-ms-flex-positive:1!important;flex-grow:1!important}.flex-sm-shrink-0{-ms-flex-negative:0!important;flex-shrink:0!important}.flex-sm-shrink-1{-ms-flex-negative:1!important;flex-shrink:1!important}.justify-content-sm-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-sm-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-sm-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-sm-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-sm-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-sm-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-sm-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-sm-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-sm-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-sm-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-sm-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-sm-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-sm-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-sm-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-sm-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-sm-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-sm-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-sm-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-sm-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-sm-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-sm-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-sm-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}}@media (min-width:768px){.flex-md-row{-webkit-box-orient:horizontal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-md-column,.flex-md-row{-webkit-box-direction:normal!important}.flex-md-column{-webkit-box-orient:vertical!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-md-row-reverse{-webkit-box-orient:horizontal!important;-webkit-box-direction:reverse!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-md-column-reverse{-webkit-box-orient:vertical!important;-webkit-box-direction:reverse!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-md-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-md-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-md-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.flex-md-fill{-webkit-box-flex:1!important;-ms-flex:1 1 auto!important;flex:1 1 auto!important}.flex-md-grow-0{-webkit-box-flex:0!important;-ms-flex-positive:0!important;flex-grow:0!important}.flex-md-grow-1{-webkit-box-flex:1!important;-ms-flex-positive:1!important;flex-grow:1!important}.flex-md-shrink-0{-ms-flex-negative:0!important;flex-shrink:0!important}.flex-md-shrink-1{-ms-flex-negative:1!important;flex-shrink:1!important}.justify-content-md-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-md-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-md-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-md-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-md-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-md-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-md-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-md-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-md-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-md-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-md-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-md-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-md-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-md-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-md-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-md-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-md-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-md-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-md-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-md-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-md-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-md-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}}@media (min-width:992px){.flex-lg-row{-webkit-box-orient:horizontal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-lg-column,.flex-lg-row{-webkit-box-direction:normal!important}.flex-lg-column{-webkit-box-orient:vertical!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-lg-row-reverse{-webkit-box-orient:horizontal!important;-webkit-box-direction:reverse!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-lg-column-reverse{-webkit-box-orient:vertical!important;-webkit-box-direction:reverse!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-lg-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-lg-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-lg-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.flex-lg-fill{-webkit-box-flex:1!important;-ms-flex:1 1 auto!important;flex:1 1 auto!important}.flex-lg-grow-0{-webkit-box-flex:0!important;-ms-flex-positive:0!important;flex-grow:0!important}.flex-lg-grow-1{-webkit-box-flex:1!important;-ms-flex-positive:1!important;flex-grow:1!important}.flex-lg-shrink-0{-ms-flex-negative:0!important;flex-shrink:0!important}.flex-lg-shrink-1{-ms-flex-negative:1!important;flex-shrink:1!important}.justify-content-lg-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-lg-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-lg-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-lg-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-lg-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-lg-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-lg-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-lg-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-lg-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-lg-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-lg-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-lg-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-lg-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-lg-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-lg-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-lg-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-lg-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-lg-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-lg-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-lg-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-lg-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-lg-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}}@media (min-width:1200px){.flex-xl-row{-webkit-box-orient:horizontal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-xl-column,.flex-xl-row{-webkit-box-direction:normal!important}.flex-xl-column{-webkit-box-orient:vertical!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-xl-row-reverse{-webkit-box-orient:horizontal!important;-webkit-box-direction:reverse!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-xl-column-reverse{-webkit-box-orient:vertical!important;-webkit-box-direction:reverse!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-xl-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-xl-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-xl-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.flex-xl-fill{-webkit-box-flex:1!important;-ms-flex:1 1 auto!important;flex:1 1 auto!important}.flex-xl-grow-0{-webkit-box-flex:0!important;-ms-flex-positive:0!important;flex-grow:0!important}.flex-xl-grow-1{-webkit-box-flex:1!important;-ms-flex-positive:1!important;flex-grow:1!important}.flex-xl-shrink-0{-ms-flex-negative:0!important;flex-shrink:0!important}.flex-xl-shrink-1{-ms-flex-negative:1!important;flex-shrink:1!important}.justify-content-xl-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-xl-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-xl-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-xl-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-xl-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-xl-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-xl-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-xl-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-xl-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-xl-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-xl-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-xl-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-xl-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-xl-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-xl-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-xl-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-xl-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-xl-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-xl-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-xl-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-xl-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-xl-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}}.float-left{float:left!important}.float-right{float:right!important}.float-none{float:none!important}@media (min-width:576px){.float-sm-left{float:left!important}.float-sm-right{float:right!important}.float-sm-none{float:none!important}}@media (min-width:768px){.float-md-left{float:left!important}.float-md-right{float:right!important}.float-md-none{float:none!important}}@media (min-width:992px){.float-lg-left{float:left!important}.float-lg-right{float:right!important}.float-lg-none{float:none!important}}@media (min-width:1200px){.float-xl-left{float:left!important}.float-xl-right{float:right!important}.float-xl-none{float:none!important}}.overflow-auto{overflow:auto!important}.overflow-hidden{overflow:hidden!important}.position-static{position:static!important}.position-relative{position:relative!important}.position-absolute{position:absolute!important}.position-fixed{position:fixed!important}.position-sticky{position:-webkit-sticky!important;position:sticky!important}.fixed-top{top:0}.fixed-bottom,.fixed-top{position:fixed;right:0;left:0;z-index:1030}.fixed-bottom{bottom:0}@supports ((position:-webkit-sticky) or (position:sticky)){.sticky-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}}.sr-only{position:absolute;width:1px;height:1px;padding:0;overflow:hidden;clip:rect(0,0,0,0);white-space:nowrap;border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;overflow:visible;clip:auto;white-space:normal}.shadow-sm{-webkit-box-shadow:0 .125rem .25rem rgba(0,0,0,.075)!important;box-shadow:0 .125rem .25rem rgba(0,0,0,.075)!important}.shadow{-webkit-box-shadow:0 .5rem 1rem rgba(0,0,0,.15)!important;box-shadow:0 .5rem 1rem rgba(0,0,0,.15)!important}.shadow-lg{-webkit-box-shadow:0 1rem 3rem rgba(0,0,0,.175)!important;box-shadow:0 1rem 3rem rgba(0,0,0,.175)!important}.shadow-none{-webkit-box-shadow:none!important;box-shadow:none!important}.w-25{width:25%!important}.w-50{width:50%!important}.w-75{width:75%!important}.w-100{width:100%!important}.w-auto{width:auto!important}.h-25{height:25%!important}.h-50{height:50%!important}.h-75{height:75%!important}.h-100{height:100%!important}.h-auto{height:auto!important}.mw-100{max-width:100%!important}.mh-100{max-height:100%!important}.min-vw-100{min-width:100vw!important}.min-vh-100{min-height:100vh!important}.vw-100{width:100vw!important}.vh-100{height:100vh!important}.stretched-link:after{position:absolute;top:0;right:0;bottom:0;left:0;z-index:1;pointer-events:auto;content:"";background-color:transparent}.m-0{margin:0!important}.mt-0,.my-0{margin-top:0!important}.mr-0,.mx-0{margin-right:0!important}.mb-0,.my-0{margin-bottom:0!important}.ml-0,.mx-0{margin-left:0!important}.m-1{margin:4px!important}.mt-1,.my-1{margin-top:4px!important}.mr-1,.mx-1{margin-right:4px!important}.mb-1,.my-1{margin-bottom:4px!important}.ml-1,.mx-1{margin-left:4px!important}.m-2{margin:8px!important}.mt-2,.my-2{margin-top:8px!important}.mr-2,.mx-2{margin-right:8px!important}.mb-2,.my-2{margin-bottom:8px!important}.ml-2,.mx-2{margin-left:8px!important}.m-3{margin:16px!important}.mt-3,.my-3{margin-top:16px!important}.mr-3,.mx-3{margin-right:16px!important}.mb-3,.my-3{margin-bottom:16px!important}.ml-3,.mx-3{margin-left:16px!important}.m-4{margin:24px!important}.mt-4,.my-4{margin-top:24px!important}.mr-4,.mx-4{margin-right:24px!important}.mb-4,.my-4{margin-bottom:24px!important}.ml-4,.mx-4{margin-left:24px!important}.m-5{margin:48px!important}.mt-5,.my-5{margin-top:48px!important}.mr-5,.mx-5{margin-right:48px!important}.mb-5,.my-5{margin-bottom:48px!important}.ml-5,.mx-5{margin-left:48px!important}.p-0{padding:0!important}.pt-0,.py-0{padding-top:0!important}.pr-0,.px-0{padding-right:0!important}.pb-0,.py-0{padding-bottom:0!important}.pl-0,.px-0{padding-left:0!important}.p-1{padding:4px!important}.pt-1,.py-1{padding-top:4px!important}.pr-1,.px-1{padding-right:4px!important}.pb-1,.py-1{padding-bottom:4px!important}.pl-1,.px-1{padding-left:4px!important}.p-2{padding:8px!important}.pt-2,.py-2{padding-top:8px!important}.pr-2,.px-2{padding-right:8px!important}.pb-2,.py-2{padding-bottom:8px!important}.pl-2,.px-2{padding-left:8px!important}.p-3{padding:16px!important}.pt-3,.py-3{padding-top:16px!important}.pr-3,.px-3{padding-right:16px!important}.pb-3,.py-3{padding-bottom:16px!important}.pl-3,.px-3{padding-left:16px!important}.p-4{padding:24px!important}.pt-4,.py-4{padding-top:24px!important}.pr-4,.px-4{padding-right:24px!important}.pb-4,.py-4{padding-bottom:24px!important}.pl-4,.px-4{padding-left:24px!important}.p-5{padding:48px!important}.pt-5,.py-5{padding-top:48px!important}.pr-5,.px-5{padding-right:48px!important}.pb-5,.py-5{padding-bottom:48px!important}.pl-5,.px-5{padding-left:48px!important}.m-n1{margin:-4px!important}.mt-n1,.my-n1{margin-top:-4px!important}.mr-n1,.mx-n1{margin-right:-4px!important}.mb-n1,.my-n1{margin-bottom:-4px!important}.ml-n1,.mx-n1{margin-left:-4px!important}.m-n2{margin:-8px!important}.mt-n2,.my-n2{margin-top:-8px!important}.mr-n2,.mx-n2{margin-right:-8px!important}.mb-n2,.my-n2{margin-bottom:-8px!important}.ml-n2,.mx-n2{margin-left:-8px!important}.m-n3{margin:-16px!important}.mt-n3,.my-n3{margin-top:-16px!important}.mr-n3,.mx-n3{margin-right:-16px!important}.mb-n3,.my-n3{margin-bottom:-16px!important}.ml-n3,.mx-n3{margin-left:-16px!important}.m-n4{margin:-24px!important}.mt-n4,.my-n4{margin-top:-24px!important}.mr-n4,.mx-n4{margin-right:-24px!important}.mb-n4,.my-n4{margin-bottom:-24px!important}.ml-n4,.mx-n4{margin-left:-24px!important}.m-n5{margin:-48px!important}.mt-n5,.my-n5{margin-top:-48px!important}.mr-n5,.mx-n5{margin-right:-48px!important}.mb-n5,.my-n5{margin-bottom:-48px!important}.ml-n5,.mx-n5{margin-left:-48px!important}.m-auto{margin:auto!important}.mt-auto,.my-auto{margin-top:auto!important}.mr-auto,.mx-auto{margin-right:auto!important}.mb-auto,.my-auto{margin-bottom:auto!important}.ml-auto,.mx-auto{margin-left:auto!important}@media (min-width:576px){.m-sm-0{margin:0!important}.mt-sm-0,.my-sm-0{margin-top:0!important}.mr-sm-0,.mx-sm-0{margin-right:0!important}.mb-sm-0,.my-sm-0{margin-bottom:0!important}.ml-sm-0,.mx-sm-0{margin-left:0!important}.m-sm-1{margin:4px!important}.mt-sm-1,.my-sm-1{margin-top:4px!important}.mr-sm-1,.mx-sm-1{margin-right:4px!important}.mb-sm-1,.my-sm-1{margin-bottom:4px!important}.ml-sm-1,.mx-sm-1{margin-left:4px!important}.m-sm-2{margin:8px!important}.mt-sm-2,.my-sm-2{margin-top:8px!important}.mr-sm-2,.mx-sm-2{margin-right:8px!important}.mb-sm-2,.my-sm-2{margin-bottom:8px!important}.ml-sm-2,.mx-sm-2{margin-left:8px!important}.m-sm-3{margin:16px!important}.mt-sm-3,.my-sm-3{margin-top:16px!important}.mr-sm-3,.mx-sm-3{margin-right:16px!important}.mb-sm-3,.my-sm-3{margin-bottom:16px!important}.ml-sm-3,.mx-sm-3{margin-left:16px!important}.m-sm-4{margin:24px!important}.mt-sm-4,.my-sm-4{margin-top:24px!important}.mr-sm-4,.mx-sm-4{margin-right:24px!important}.mb-sm-4,.my-sm-4{margin-bottom:24px!important}.ml-sm-4,.mx-sm-4{margin-left:24px!important}.m-sm-5{margin:48px!important}.mt-sm-5,.my-sm-5{margin-top:48px!important}.mr-sm-5,.mx-sm-5{margin-right:48px!important}.mb-sm-5,.my-sm-5{margin-bottom:48px!important}.ml-sm-5,.mx-sm-5{margin-left:48px!important}.p-sm-0{padding:0!important}.pt-sm-0,.py-sm-0{padding-top:0!important}.pr-sm-0,.px-sm-0{padding-right:0!important}.pb-sm-0,.py-sm-0{padding-bottom:0!important}.pl-sm-0,.px-sm-0{padding-left:0!important}.p-sm-1{padding:4px!important}.pt-sm-1,.py-sm-1{padding-top:4px!important}.pr-sm-1,.px-sm-1{padding-right:4px!important}.pb-sm-1,.py-sm-1{padding-bottom:4px!important}.pl-sm-1,.px-sm-1{padding-left:4px!important}.p-sm-2{padding:8px!important}.pt-sm-2,.py-sm-2{padding-top:8px!important}.pr-sm-2,.px-sm-2{padding-right:8px!important}.pb-sm-2,.py-sm-2{padding-bottom:8px!important}.pl-sm-2,.px-sm-2{padding-left:8px!important}.p-sm-3{padding:16px!important}.pt-sm-3,.py-sm-3{padding-top:16px!important}.pr-sm-3,.px-sm-3{padding-right:16px!important}.pb-sm-3,.py-sm-3{padding-bottom:16px!important}.pl-sm-3,.px-sm-3{padding-left:16px!important}.p-sm-4{padding:24px!important}.pt-sm-4,.py-sm-4{padding-top:24px!important}.pr-sm-4,.px-sm-4{padding-right:24px!important}.pb-sm-4,.py-sm-4{padding-bottom:24px!important}.pl-sm-4,.px-sm-4{padding-left:24px!important}.p-sm-5{padding:48px!important}.pt-sm-5,.py-sm-5{padding-top:48px!important}.pr-sm-5,.px-sm-5{padding-right:48px!important}.pb-sm-5,.py-sm-5{padding-bottom:48px!important}.pl-sm-5,.px-sm-5{padding-left:48px!important}.m-sm-n1{margin:-4px!important}.mt-sm-n1,.my-sm-n1{margin-top:-4px!important}.mr-sm-n1,.mx-sm-n1{margin-right:-4px!important}.mb-sm-n1,.my-sm-n1{margin-bottom:-4px!important}.ml-sm-n1,.mx-sm-n1{margin-left:-4px!important}.m-sm-n2{margin:-8px!important}.mt-sm-n2,.my-sm-n2{margin-top:-8px!important}.mr-sm-n2,.mx-sm-n2{margin-right:-8px!important}.mb-sm-n2,.my-sm-n2{margin-bottom:-8px!important}.ml-sm-n2,.mx-sm-n2{margin-left:-8px!important}.m-sm-n3{margin:-16px!important}.mt-sm-n3,.my-sm-n3{margin-top:-16px!important}.mr-sm-n3,.mx-sm-n3{margin-right:-16px!important}.mb-sm-n3,.my-sm-n3{margin-bottom:-16px!important}.ml-sm-n3,.mx-sm-n3{margin-left:-16px!important}.m-sm-n4{margin:-24px!important}.mt-sm-n4,.my-sm-n4{margin-top:-24px!important}.mr-sm-n4,.mx-sm-n4{margin-right:-24px!important}.mb-sm-n4,.my-sm-n4{margin-bottom:-24px!important}.ml-sm-n4,.mx-sm-n4{margin-left:-24px!important}.m-sm-n5{margin:-48px!important}.mt-sm-n5,.my-sm-n5{margin-top:-48px!important}.mr-sm-n5,.mx-sm-n5{margin-right:-48px!important}.mb-sm-n5,.my-sm-n5{margin-bottom:-48px!important}.ml-sm-n5,.mx-sm-n5{margin-left:-48px!important}.m-sm-auto{margin:auto!important}.mt-sm-auto,.my-sm-auto{margin-top:auto!important}.mr-sm-auto,.mx-sm-auto{margin-right:auto!important}.mb-sm-auto,.my-sm-auto{margin-bottom:auto!important}.ml-sm-auto,.mx-sm-auto{margin-left:auto!important}}@media (min-width:768px){.m-md-0{margin:0!important}.mt-md-0,.my-md-0{margin-top:0!important}.mr-md-0,.mx-md-0{margin-right:0!important}.mb-md-0,.my-md-0{margin-bottom:0!important}.ml-md-0,.mx-md-0{margin-left:0!important}.m-md-1{margin:4px!important}.mt-md-1,.my-md-1{margin-top:4px!important}.mr-md-1,.mx-md-1{margin-right:4px!important}.mb-md-1,.my-md-1{margin-bottom:4px!important}.ml-md-1,.mx-md-1{margin-left:4px!important}.m-md-2{margin:8px!important}.mt-md-2,.my-md-2{margin-top:8px!important}.mr-md-2,.mx-md-2{margin-right:8px!important}.mb-md-2,.my-md-2{margin-bottom:8px!important}.ml-md-2,.mx-md-2{margin-left:8px!important}.m-md-3{margin:16px!important}.mt-md-3,.my-md-3{margin-top:16px!important}.mr-md-3,.mx-md-3{margin-right:16px!important}.mb-md-3,.my-md-3{margin-bottom:16px!important}.ml-md-3,.mx-md-3{margin-left:16px!important}.m-md-4{margin:24px!important}.mt-md-4,.my-md-4{margin-top:24px!important}.mr-md-4,.mx-md-4{margin-right:24px!important}.mb-md-4,.my-md-4{margin-bottom:24px!important}.ml-md-4,.mx-md-4{margin-left:24px!important}.m-md-5{margin:48px!important}.mt-md-5,.my-md-5{margin-top:48px!important}.mr-md-5,.mx-md-5{margin-right:48px!important}.mb-md-5,.my-md-5{margin-bottom:48px!important}.ml-md-5,.mx-md-5{margin-left:48px!important}.p-md-0{padding:0!important}.pt-md-0,.py-md-0{padding-top:0!important}.pr-md-0,.px-md-0{padding-right:0!important}.pb-md-0,.py-md-0{padding-bottom:0!important}.pl-md-0,.px-md-0{padding-left:0!important}.p-md-1{padding:4px!important}.pt-md-1,.py-md-1{padding-top:4px!important}.pr-md-1,.px-md-1{padding-right:4px!important}.pb-md-1,.py-md-1{padding-bottom:4px!important}.pl-md-1,.px-md-1{padding-left:4px!important}.p-md-2{padding:8px!important}.pt-md-2,.py-md-2{padding-top:8px!important}.pr-md-2,.px-md-2{padding-right:8px!important}.pb-md-2,.py-md-2{padding-bottom:8px!important}.pl-md-2,.px-md-2{padding-left:8px!important}.p-md-3{padding:16px!important}.pt-md-3,.py-md-3{padding-top:16px!important}.pr-md-3,.px-md-3{padding-right:16px!important}.pb-md-3,.py-md-3{padding-bottom:16px!important}.pl-md-3,.px-md-3{padding-left:16px!important}.p-md-4{padding:24px!important}.pt-md-4,.py-md-4{padding-top:24px!important}.pr-md-4,.px-md-4{padding-right:24px!important}.pb-md-4,.py-md-4{padding-bottom:24px!important}.pl-md-4,.px-md-4{padding-left:24px!important}.p-md-5{padding:48px!important}.pt-md-5,.py-md-5{padding-top:48px!important}.pr-md-5,.px-md-5{padding-right:48px!important}.pb-md-5,.py-md-5{padding-bottom:48px!important}.pl-md-5,.px-md-5{padding-left:48px!important}.m-md-n1{margin:-4px!important}.mt-md-n1,.my-md-n1{margin-top:-4px!important}.mr-md-n1,.mx-md-n1{margin-right:-4px!important}.mb-md-n1,.my-md-n1{margin-bottom:-4px!important}.ml-md-n1,.mx-md-n1{margin-left:-4px!important}.m-md-n2{margin:-8px!important}.mt-md-n2,.my-md-n2{margin-top:-8px!important}.mr-md-n2,.mx-md-n2{margin-right:-8px!important}.mb-md-n2,.my-md-n2{margin-bottom:-8px!important}.ml-md-n2,.mx-md-n2{margin-left:-8px!important}.m-md-n3{margin:-16px!important}.mt-md-n3,.my-md-n3{margin-top:-16px!important}.mr-md-n3,.mx-md-n3{margin-right:-16px!important}.mb-md-n3,.my-md-n3{margin-bottom:-16px!important}.ml-md-n3,.mx-md-n3{margin-left:-16px!important}.m-md-n4{margin:-24px!important}.mt-md-n4,.my-md-n4{margin-top:-24px!important}.mr-md-n4,.mx-md-n4{margin-right:-24px!important}.mb-md-n4,.my-md-n4{margin-bottom:-24px!important}.ml-md-n4,.mx-md-n4{margin-left:-24px!important}.m-md-n5{margin:-48px!important}.mt-md-n5,.my-md-n5{margin-top:-48px!important}.mr-md-n5,.mx-md-n5{margin-right:-48px!important}.mb-md-n5,.my-md-n5{margin-bottom:-48px!important}.ml-md-n5,.mx-md-n5{margin-left:-48px!important}.m-md-auto{margin:auto!important}.mt-md-auto,.my-md-auto{margin-top:auto!important}.mr-md-auto,.mx-md-auto{margin-right:auto!important}.mb-md-auto,.my-md-auto{margin-bottom:auto!important}.ml-md-auto,.mx-md-auto{margin-left:auto!important}}@media (min-width:992px){.m-lg-0{margin:0!important}.mt-lg-0,.my-lg-0{margin-top:0!important}.mr-lg-0,.mx-lg-0{margin-right:0!important}.mb-lg-0,.my-lg-0{margin-bottom:0!important}.ml-lg-0,.mx-lg-0{margin-left:0!important}.m-lg-1{margin:4px!important}.mt-lg-1,.my-lg-1{margin-top:4px!important}.mr-lg-1,.mx-lg-1{margin-right:4px!important}.mb-lg-1,.my-lg-1{margin-bottom:4px!important}.ml-lg-1,.mx-lg-1{margin-left:4px!important}.m-lg-2{margin:8px!important}.mt-lg-2,.my-lg-2{margin-top:8px!important}.mr-lg-2,.mx-lg-2{margin-right:8px!important}.mb-lg-2,.my-lg-2{margin-bottom:8px!important}.ml-lg-2,.mx-lg-2{margin-left:8px!important}.m-lg-3{margin:16px!important}.mt-lg-3,.my-lg-3{margin-top:16px!important}.mr-lg-3,.mx-lg-3{margin-right:16px!important}.mb-lg-3,.my-lg-3{margin-bottom:16px!important}.ml-lg-3,.mx-lg-3{margin-left:16px!important}.m-lg-4{margin:24px!important}.mt-lg-4,.my-lg-4{margin-top:24px!important}.mr-lg-4,.mx-lg-4{margin-right:24px!important}.mb-lg-4,.my-lg-4{margin-bottom:24px!important}.ml-lg-4,.mx-lg-4{margin-left:24px!important}.m-lg-5{margin:48px!important}.mt-lg-5,.my-lg-5{margin-top:48px!important}.mr-lg-5,.mx-lg-5{margin-right:48px!important}.mb-lg-5,.my-lg-5{margin-bottom:48px!important}.ml-lg-5,.mx-lg-5{margin-left:48px!important}.p-lg-0{padding:0!important}.pt-lg-0,.py-lg-0{padding-top:0!important}.pr-lg-0,.px-lg-0{padding-right:0!important}.pb-lg-0,.py-lg-0{padding-bottom:0!important}.pl-lg-0,.px-lg-0{padding-left:0!important}.p-lg-1{padding:4px!important}.pt-lg-1,.py-lg-1{padding-top:4px!important}.pr-lg-1,.px-lg-1{padding-right:4px!important}.pb-lg-1,.py-lg-1{padding-bottom:4px!important}.pl-lg-1,.px-lg-1{padding-left:4px!important}.p-lg-2{padding:8px!important}.pt-lg-2,.py-lg-2{padding-top:8px!important}.pr-lg-2,.px-lg-2{padding-right:8px!important}.pb-lg-2,.py-lg-2{padding-bottom:8px!important}.pl-lg-2,.px-lg-2{padding-left:8px!important}.p-lg-3{padding:16px!important}.pt-lg-3,.py-lg-3{padding-top:16px!important}.pr-lg-3,.px-lg-3{padding-right:16px!important}.pb-lg-3,.py-lg-3{padding-bottom:16px!important}.pl-lg-3,.px-lg-3{padding-left:16px!important}.p-lg-4{padding:24px!important}.pt-lg-4,.py-lg-4{padding-top:24px!important}.pr-lg-4,.px-lg-4{padding-right:24px!important}.pb-lg-4,.py-lg-4{padding-bottom:24px!important}.pl-lg-4,.px-lg-4{padding-left:24px!important}.p-lg-5{padding:48px!important}.pt-lg-5,.py-lg-5{padding-top:48px!important}.pr-lg-5,.px-lg-5{padding-right:48px!important}.pb-lg-5,.py-lg-5{padding-bottom:48px!important}.pl-lg-5,.px-lg-5{padding-left:48px!important}.m-lg-n1{margin:-4px!important}.mt-lg-n1,.my-lg-n1{margin-top:-4px!important}.mr-lg-n1,.mx-lg-n1{margin-right:-4px!important}.mb-lg-n1,.my-lg-n1{margin-bottom:-4px!important}.ml-lg-n1,.mx-lg-n1{margin-left:-4px!important}.m-lg-n2{margin:-8px!important}.mt-lg-n2,.my-lg-n2{margin-top:-8px!important}.mr-lg-n2,.mx-lg-n2{margin-right:-8px!important}.mb-lg-n2,.my-lg-n2{margin-bottom:-8px!important}.ml-lg-n2,.mx-lg-n2{margin-left:-8px!important}.m-lg-n3{margin:-16px!important}.mt-lg-n3,.my-lg-n3{margin-top:-16px!important}.mr-lg-n3,.mx-lg-n3{margin-right:-16px!important}.mb-lg-n3,.my-lg-n3{margin-bottom:-16px!important}.ml-lg-n3,.mx-lg-n3{margin-left:-16px!important}.m-lg-n4{margin:-24px!important}.mt-lg-n4,.my-lg-n4{margin-top:-24px!important}.mr-lg-n4,.mx-lg-n4{margin-right:-24px!important}.mb-lg-n4,.my-lg-n4{margin-bottom:-24px!important}.ml-lg-n4,.mx-lg-n4{margin-left:-24px!important}.m-lg-n5{margin:-48px!important}.mt-lg-n5,.my-lg-n5{margin-top:-48px!important}.mr-lg-n5,.mx-lg-n5{margin-right:-48px!important}.mb-lg-n5,.my-lg-n5{margin-bottom:-48px!important}.ml-lg-n5,.mx-lg-n5{margin-left:-48px!important}.m-lg-auto{margin:auto!important}.mt-lg-auto,.my-lg-auto{margin-top:auto!important}.mr-lg-auto,.mx-lg-auto{margin-right:auto!important}.mb-lg-auto,.my-lg-auto{margin-bottom:auto!important}.ml-lg-auto,.mx-lg-auto{margin-left:auto!important}}@media (min-width:1200px){.m-xl-0{margin:0!important}.mt-xl-0,.my-xl-0{margin-top:0!important}.mr-xl-0,.mx-xl-0{margin-right:0!important}.mb-xl-0,.my-xl-0{margin-bottom:0!important}.ml-xl-0,.mx-xl-0{margin-left:0!important}.m-xl-1{margin:4px!important}.mt-xl-1,.my-xl-1{margin-top:4px!important}.mr-xl-1,.mx-xl-1{margin-right:4px!important}.mb-xl-1,.my-xl-1{margin-bottom:4px!important}.ml-xl-1,.mx-xl-1{margin-left:4px!important}.m-xl-2{margin:8px!important}.mt-xl-2,.my-xl-2{margin-top:8px!important}.mr-xl-2,.mx-xl-2{margin-right:8px!important}.mb-xl-2,.my-xl-2{margin-bottom:8px!important}.ml-xl-2,.mx-xl-2{margin-left:8px!important}.m-xl-3{margin:16px!important}.mt-xl-3,.my-xl-3{margin-top:16px!important}.mr-xl-3,.mx-xl-3{margin-right:16px!important}.mb-xl-3,.my-xl-3{margin-bottom:16px!important}.ml-xl-3,.mx-xl-3{margin-left:16px!important}.m-xl-4{margin:24px!important}.mt-xl-4,.my-xl-4{margin-top:24px!important}.mr-xl-4,.mx-xl-4{margin-right:24px!important}.mb-xl-4,.my-xl-4{margin-bottom:24px!important}.ml-xl-4,.mx-xl-4{margin-left:24px!important}.m-xl-5{margin:48px!important}.mt-xl-5,.my-xl-5{margin-top:48px!important}.mr-xl-5,.mx-xl-5{margin-right:48px!important}.mb-xl-5,.my-xl-5{margin-bottom:48px!important}.ml-xl-5,.mx-xl-5{margin-left:48px!important}.p-xl-0{padding:0!important}.pt-xl-0,.py-xl-0{padding-top:0!important}.pr-xl-0,.px-xl-0{padding-right:0!important}.pb-xl-0,.py-xl-0{padding-bottom:0!important}.pl-xl-0,.px-xl-0{padding-left:0!important}.p-xl-1{padding:4px!important}.pt-xl-1,.py-xl-1{padding-top:4px!important}.pr-xl-1,.px-xl-1{padding-right:4px!important}.pb-xl-1,.py-xl-1{padding-bottom:4px!important}.pl-xl-1,.px-xl-1{padding-left:4px!important}.p-xl-2{padding:8px!important}.pt-xl-2,.py-xl-2{padding-top:8px!important}.pr-xl-2,.px-xl-2{padding-right:8px!important}.pb-xl-2,.py-xl-2{padding-bottom:8px!important}.pl-xl-2,.px-xl-2{padding-left:8px!important}.p-xl-3{padding:16px!important}.pt-xl-3,.py-xl-3{padding-top:16px!important}.pr-xl-3,.px-xl-3{padding-right:16px!important}.pb-xl-3,.py-xl-3{padding-bottom:16px!important}.pl-xl-3,.px-xl-3{padding-left:16px!important}.p-xl-4{padding:24px!important}.pt-xl-4,.py-xl-4{padding-top:24px!important}.pr-xl-4,.px-xl-4{padding-right:24px!important}.pb-xl-4,.py-xl-4{padding-bottom:24px!important}.pl-xl-4,.px-xl-4{padding-left:24px!important}.p-xl-5{padding:48px!important}.pt-xl-5,.py-xl-5{padding-top:48px!important}.pr-xl-5,.px-xl-5{padding-right:48px!important}.pb-xl-5,.py-xl-5{padding-bottom:48px!important}.pl-xl-5,.px-xl-5{padding-left:48px!important}.m-xl-n1{margin:-4px!important}.mt-xl-n1,.my-xl-n1{margin-top:-4px!important}.mr-xl-n1,.mx-xl-n1{margin-right:-4px!important}.mb-xl-n1,.my-xl-n1{margin-bottom:-4px!important}.ml-xl-n1,.mx-xl-n1{margin-left:-4px!important}.m-xl-n2{margin:-8px!important}.mt-xl-n2,.my-xl-n2{margin-top:-8px!important}.mr-xl-n2,.mx-xl-n2{margin-right:-8px!important}.mb-xl-n2,.my-xl-n2{margin-bottom:-8px!important}.ml-xl-n2,.mx-xl-n2{margin-left:-8px!important}.m-xl-n3{margin:-16px!important}.mt-xl-n3,.my-xl-n3{margin-top:-16px!important}.mr-xl-n3,.mx-xl-n3{margin-right:-16px!important}.mb-xl-n3,.my-xl-n3{margin-bottom:-16px!important}.ml-xl-n3,.mx-xl-n3{margin-left:-16px!important}.m-xl-n4{margin:-24px!important}.mt-xl-n4,.my-xl-n4{margin-top:-24px!important}.mr-xl-n4,.mx-xl-n4{margin-right:-24px!important}.mb-xl-n4,.my-xl-n4{margin-bottom:-24px!important}.ml-xl-n4,.mx-xl-n4{margin-left:-24px!important}.m-xl-n5{margin:-48px!important}.mt-xl-n5,.my-xl-n5{margin-top:-48px!important}.mr-xl-n5,.mx-xl-n5{margin-right:-48px!important}.mb-xl-n5,.my-xl-n5{margin-bottom:-48px!important}.ml-xl-n5,.mx-xl-n5{margin-left:-48px!important}.m-xl-auto{margin:auto!important}.mt-xl-auto,.my-xl-auto{margin-top:auto!important}.mr-xl-auto,.mx-xl-auto{margin-right:auto!important}.mb-xl-auto,.my-xl-auto{margin-bottom:auto!important}.ml-xl-auto,.mx-xl-auto{margin-left:auto!important}}.text-monospace{font-family:Roboto Mono,monospace!important}.text-justify{text-align:justify!important}.text-wrap{white-space:normal!important}.text-nowrap{white-space:nowrap!important}.text-truncate{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.text-left{text-align:left!important}.text-right{text-align:right!important}.text-center{text-align:center!important}@media (min-width:576px){.text-sm-left{text-align:left!important}.text-sm-right{text-align:right!important}.text-sm-center{text-align:center!important}}@media (min-width:768px){.text-md-left{text-align:left!important}.text-md-right{text-align:right!important}.text-md-center{text-align:center!important}}@media (min-width:992px){.text-lg-left{text-align:left!important}.text-lg-right{text-align:right!important}.text-lg-center{text-align:center!important}}@media (min-width:1200px){.text-xl-left{text-align:left!important}.text-xl-right{text-align:right!important}.text-xl-center{text-align:center!important}}.text-lowercase{text-transform:lowercase!important}.text-uppercase{text-transform:uppercase!important}.text-capitalize{text-transform:capitalize!important}.font-weight-light{font-weight:300!important}.font-weight-lighter{font-weight:lighter!important}.font-weight-normal{font-weight:400!important}.font-weight-bold{font-weight:700!important}.font-weight-bolder{font-weight:bolder!important}.font-italic{font-style:italic!important}.text-white{color:#fff!important}.text-primary{color:#004d99!important}a.text-primary:focus,a.text-primary:hover{color:#004080!important}.text-secondary{color:#3d4955!important}a.text-secondary:focus,a.text-secondary:hover{color:#323c46!important}.text-success{color:#008053!important}a.text-success:focus,a.text-success:hover{color:#006642!important}.text-info{color:#717273!important}a.text-info:focus,a.text-info:hover{color:#646566!important}.text-warning{color:#a36200!important}a.text-warning:focus,a.text-warning:hover{color:#995c00!important}.text-danger{color:#e00929!important}a.text-danger:focus,a.text-danger:hover{color:#c70825!important}.text-light{color:#bdb4d8!important}a.text-light:focus,a.text-light:hover{color:#aea3d0!important}.text-dark{color:#050b12!important}a.text-dark:focus,a.text-dark:hover{color:#000!important}.text-100{color:#bbbdc1!important}a.text-100:focus,a.text-100:hover{color:#aeb0b5!important}.text-200{color:#a3a4a7!important}a.text-200:focus,a.text-200:hover{color:#96979a!important}.text-300{color:#8a8b8d!important}a.text-300:focus,a.text-300:hover{color:#7d7e80!important}.text-400{color:#717273!important}a.text-400:focus,a.text-400:hover{color:#646566!important}.text-500{color:#585859!important}a.text-500:focus,a.text-500:hover{color:#4b4c4c!important}.text-600{color:#3f3f40!important}a.text-600:focus,a.text-600:hover{color:#323233!important}.text-700{color:#262626!important}a.text-700:focus,a.text-700:hover{color:#191919!important}.text-800{color:#0c0c0d!important}.text-900,a.text-800:focus,a.text-800:hover,a.text-900:focus,a.text-900:hover{color:#000!important}.text-body{color:#19191a!important}.text-muted{color:#5a768a!important}.text-black-50{color:rgba(0,0,0,.5)!important}.text-white-50{color:hsla(0,0%,100%,.5)!important}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.text-decoration-none{text-decoration:none!important}.text-break{word-break:break-word!important;overflow-wrap:break-word!important}.text-reset{color:inherit!important}.visible{visibility:visible!important}.invisible{visibility:hidden!important}body,html{font-size:16px;line-height:1.5}@media (min-width:576px){body,html{font-size:18px;line-height:1.555}}.h1,h1{letter-spacing:-1px}@media (min-width:576px){.h1,h1{font-size:2.666rem;letter-spacing:-1.3px;line-height:1.25}}.h2,h2{line-height:1.25}@media (min-width:576px){.h2,h2{font-size:2.222rem;line-height:1.2;letter-spacing:-2px}}.h3,h3{line-height:1.1428}@media (min-width:576px){.h3,h3{font-size:1.777rem;line-height:1.25}}.h4,h4{line-height:1.1666}@media (min-width:576px){.h4,h4{font-size:1.555rem;line-height:1.428;font-weight:600}}.h5,h5{font-weight:400}@media (min-width:576px){.h5,h5{font-size:1.333rem}}.h6,h6{font-weight:600;line-height:1.5}.display-1{font-size:49.776px;font-size:3.111rem}@media (min-width:576px){.display-1{font-size:3.111rem;line-height:1.428}}.blockquote,blockquote{font-family:Lora,Georgia,serif;margin:1.5rem 0}caption{font-size:12.432px;font-size:.777rem;line-height:1.4285}b,strong{font-weight:600}.small,small{font-size:15px;font-size:.9375rem;font-weight:400}@media (min-width:576px){.small,small{font-size:.8888rem}}.x-small{font-size:14px;font-size:.875rem;font-weight:400}@media (min-width:576px){.x-small{font-size:.7777rem}}.blockquote-footer{color:#656566}.bg-dark .blockquote-footer{color:#979899}.row.variable-gutters{margin-right:-6px;margin-left:-6px}.row.variable-gutters>.col,.row.variable-gutters>[class*=col-]{padding-right:6px;padding-left:6px}@media (min-width:576px){.row.variable-gutters{margin-right:-6px;margin-left:-6px}.row.variable-gutters>.col,.row.variable-gutters>[class*=col-]{padding-right:6px;padding-left:6px}}@media (min-width:768px){.row.variable-gutters{margin-right:-10px;margin-left:-10px}.row.variable-gutters>.col,.row.variable-gutters>[class*=col-]{padding-right:10px;padding-left:10px}}@media (min-width:992px){.row.variable-gutters{margin-right:-10px;margin-left:-10px}.row.variable-gutters>.col,.row.variable-gutters>[class*=col-]{padding-right:10px;padding-left:10px}}@media (min-width:1200px){.row.variable-gutters{margin-right:-14px;margin-left:-14px}.row.variable-gutters>.col,.row.variable-gutters>[class*=col-]{padding-right:14px;padding-left:14px}}.table td,.table th{text-align:left;border-bottom:1px solid #d6dce3;border-top:none}.breadcrumb-container .breadcrumb{padding:24px;border-radius:0}.breadcrumb-container .breadcrumb .breadcrumb-item{padding-left:0}.breadcrumb-container .breadcrumb .breadcrumb-item+.breadcrumb-item:before{display:none}.breadcrumb-container .breadcrumb .breadcrumb-item i{padding-right:.5em}.breadcrumb-container .breadcrumb .breadcrumb-item a{color:#5b6f82;font-weight:600}.breadcrumb-container .breadcrumb .breadcrumb-item.active a{font-weight:400;pointer-events:none}.breadcrumb-container .breadcrumb .breadcrumb-item span.separator{display:inline-block;font-weight:600;padding:0 .5em}.breadcrumb-container .breadcrumb.dark{background:#435a70}.breadcrumb-container .breadcrumb.dark .breadcrumb-item a,.breadcrumb-container .breadcrumb.dark .breadcrumb-item span.separator{color:#fff}.breadcrumb-container .breadcrumb.dark .breadcrumb-item i{color:#0bd9d2}.modal-content,.modal-header{border-radius:0}[data-toggle=collapse] .collapse-icon:before{content:"";display:inline-block;width:0;height:0;border-top:.5rem solid;border-right:.5rem solid transparent;border-bottom:0;border-left:.5rem solid transparent;vertical-align:3px;vertical-align:.1875rem}[data-toggle=collapse].collapsed .collapse-icon:before{-webkit-transform:rotate(180deg);transform:rotate(180deg)}.collapse-div{border-bottom:1px solid #e3e4e6}.collapse-div .collapse-div{border:1px solid #e3e4e6;border-top:0}.collapse-header{position:relative}.collapse-header [data-toggle=collapse]{width:100%;text-align:left;border:0;background-color:transparent;border-top:1px solid #e3e4e6;padding:14px 24px;cursor:pointer;color:#5c6f82;font-weight:600}.collapse-header [data-toggle=collapse][aria-expanded=false]{color:#0073e6}.collapse-header [data-toggle=collapse][aria-expanded=false]:after{content:"\e818"}.collapse-header [data-toggle=collapse][aria-expanded=true]:before{height:2px;width:56px;border-radius:2px;background-color:#0073e6;position:absolute;top:0;display:block;content:"";left:20px}.collapse-header [data-toggle=collapse][aria-expanded=false]:hover:after,.collapse-header [data-toggle=collapse][aria-expanded=true]:hover:after{text-decoration:none}.collapse-header [data-toggle=collapse]:after{content:"\e810";font-family:italia-icon-font;font-style:normal;font-weight:400;float:right;text-decoration:inherit;width:1em;margin-right:.2em;margin-top:5px;text-align:center;font-variant:normal;text-transform:none;line-height:1em}.collapse-header [data-toggle=collapse]:hover{background-color:#e6ecf2;text-decoration:underline}.collapse-header [data-toggle=collapse]:active{background-color:#0073e6;color:#fff;border-color:#0073e6}.collapse-body{padding:12px 24px 42px}.collapse-body .collapse-header button[aria-expanded=true]:before{height:0;width:0}.carousel{background-color:#444e57;padding:3.5em 3em 3em}.carousel-control-next,.carousel-control-prev{top:1em;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start}.carousel-control-prev{left:auto;right:6em}.carousel-control-next{right:3em}.carousel-caption{position:static;padding-bottom:0}.carousel-indicators li{background-color:rgba(101,220,223,.5)}.carousel-indicators .active{background-color:#5c6f82}.list-group-item{padding:1rem}.list-group-item.disabled,.list-group-item:disabled{cursor:default}.list-group-item-action:focus,.list-group-item-action:hover{text-decoration:underline;background-color:#d9e6f2}.list-group-item-action.disabled:focus,.list-group-item-action.disabled:hover,.list-group-item-action:disabled:focus,.list-group-item-action:disabled:hover{text-decoration:none;background-color:transparent;border-top-color:transparent}.list-group-item.active:focus,.list-group-item.active:hover{background-color:#0073e6}.alert{position:relative;margin-bottom:1rem;border:1px solid #b1b1b3;padding:1rem 1rem 1rem 4em}.alert-heading{color:inherit}.alert-link{font-weight:700}.alert-dismissible{padding-right:3.5rem}.alert-dismissible .close{position:absolute;top:0;right:0;padding:.8rem 1rem;color:inherit}.alert-success{border-left:8px solid #00cc85}.alert-info,.alert-success{background-position:1em .8em;background-repeat:no-repeat}.alert-info{border-left:8px solid #979899}.alert-warning{border-left:8px solid #f90}.alert-danger,.alert-warning{background-position:1em .8em;background-repeat:no-repeat}.alert-danger{border-left:8px solid #f73e5a;background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='32' height='32'%3E%3Cpath d='M16 1.6C24 1.6 30.4 8 30.4 16S24 30.4 16 30.4 1.6 24 1.6 16 8 1.6 16 1.6zM16 0C7.2 0 0 7.2 0 16s7.2 16 16 16 16-7.2 16-16S24.8 0 16 0z'/%3E%3Cpath d='M14.4 24c0-.96.64-1.6 1.6-1.6s1.6.64 1.6 1.6c0 .96-.64 1.6-1.6 1.6s-1.6-.64-1.6-1.6zm.64-3.2l-.32-14.4h2.56l-.32 14.4z'/%3E%3C/svg%3E")}.alert-warning{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='32' height='32'%3E%3Cpath d='M14.333 26c0-1 .667-1.667 1.667-1.667S17.667 25 17.667 26 17 27.667 16 27.667 14.333 27 14.333 26zM15 22.667l-.333-15h2.667l-.333 15z'/%3E%3Cpath d='M16 2.667c1 0 2 .5 2.5 1.333l10.333 20.833c.5.833.5 2 0 2.833s-1.5 1.5-2.5 1.5H5.666c-1 0-2-.5-2.5-1.5-.5-.833-.5-2 0-2.833L13.499 4c.5-.833 1.5-1.333 2.5-1.333zM16 1c-1.5 0-3 .833-4 2.333L1.667 24.166c-1.667 3 .5 6.833 4 6.833h20.667c3.5 0 5.667-3.833 4-6.833L20.001 3.333c-1-1.667-2.5-2.333-4-2.333z'/%3E%3C/svg%3E")}.alert-success{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='32' height='32'%3E%3Cpath d='M32 6.682l-2.824-2.635-18.447 18.635-8.094-8.094L0 17.412l8.094 7.906h-.188l2.824 2.635 2.635-2.635z'/%3E%3C/svg%3E")}.alert-info{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='32' height='32'%3E%3Cpath d='M16 1.6C24 1.6 30.4 8 30.4 16S24 30.4 16 30.4 1.6 24 1.6 16 8.16 1.6 16 1.6zM16 0C7.2 0 0 7.2 0 16s7.2 16 16 16 16-7.2 16-16S24.8 0 16 0z'/%3E%3Cpath d='M14.72 9.76V6.72h2.88v3.04h-2.88zm0 15.84V12h2.88v13.6h-2.88z'/%3E%3C/svg%3E")}.btn{padding:12px 24px;font-size:16px;white-space:normal}.btn-group-lg>.btn,.btn-group-sm>.btn,.btn-lg,.btn-sm,.btn-xs{border-radius:4px;line-height:1.5}.btn-xs{padding:8px;font-size:14px;line-height:1.428}.btn-group-sm>.btn,.btn-sm{padding:10px 20px;font-size:14px;line-height:1.428}.btn-group-lg>.btn,.btn-lg{padding:14px 28px;font-size:18px;line-height:1.556}.btn-block{border-radius:0}.btn-primary.disabled,.btn-primary:disabled{color:#bfc2c9;background-color:#e6e9f2;border-color:#dfe4f2}.btn-outline-secondary{background:#fcfdff;-webkit-box-shadow:inset 0 0 0 1px #e6e9f2;box-shadow:inset 0 0 0 1px #e6e9f2}.btn-outline-secondary:hover{-webkit-box-shadow:inset 0 0 0 1px #c9cedc;box-shadow:inset 0 0 0 1px #c9cedc}.bg-dark .btn-link{color:#fff}.bg-dark .btn-primary{color:#19191a;background-color:#fff;border-color:#0073e6;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);color:#0073e6}.bg-dark .btn-primary:hover{color:#19191a;background-color:#fff;border-color:#0059b3}.bg-dark .btn-primary.focus,.bg-dark .btn-primary:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,115,230,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,115,230,.5)}.bg-dark .btn-primary.disabled,.bg-dark .btn-primary:disabled{color:#19191a;background-color:#fff;border-color:#0073e6}.bg-dark .btn-primary:not(:disabled):not(.disabled).active,.bg-dark .btn-primary:not(:disabled):not(.disabled):active,.show>.bg-dark .btn-primary.dropdown-toggle{color:#19191a;background-color:#fff;border-color:#0053a6}.bg-dark .btn-primary:not(:disabled):not(.disabled).active:focus,.bg-dark .btn-primary:not(:disabled):not(.disabled):active:focus,.show>.bg-dark .btn-primary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,115,230,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,115,230,.5)}.bg-dark .btn-primary.disabled,.bg-dark .btn-primary:disabled,.bg-dark .btn-primary:hover{color:#0059b3}.bg-dark .btn-outline-primary{color:#fff;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #fff;box-shadow:inset 0 0 0 1px #fff;-webkit-box-shadow:inset 0 0 0 2px #fff;box-shadow:inset 0 0 0 2px #fff}.bg-dark .btn-outline-primary:hover{color:#e6e6e6;-webkit-box-shadow:inset 0 0 0 1px #e6e6e6;box-shadow:inset 0 0 0 1px #e6e6e6}.bg-dark .btn-outline-primary.focus,.bg-dark .btn-outline-primary:focus{-webkit-box-shadow:inset 0 0 0 1px #e6e6e6,0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 0 0 1px #e6e6e6,0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-primary.disabled,.bg-dark .btn-outline-primary:disabled{color:#fff;background-color:transparent}.bg-dark .btn-outline-primary:not(:disabled):not(.disabled).active,.bg-dark .btn-outline-primary:not(:disabled):not(.disabled):active,.show>.bg-dark .btn-outline-primary.dropdown-toggle{color:#e6e6e6;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #e6e6e6;box-shadow:inset 0 0 0 1px #e6e6e6}.bg-dark .btn-outline-primary:not(:disabled):not(.disabled).active:focus,.bg-dark .btn-outline-primary:not(:disabled):not(.disabled):active:focus,.show>.bg-dark .btn-outline-primary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-primary:hover{-webkit-box-shadow:inset 0 0 0 2px #e6e6e6;box-shadow:inset 0 0 0 2px #e6e6e6}.bg-dark .btn-outline-primary.focus,.bg-dark .btn-outline-primary:focus{-webkit-box-shadow:inset 0 0 0 2px #fff,0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 0 0 2px #fff,0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-primary:not(:disabled):not(.disabled).active,.bg-dark .btn-outline-primary:not(:disabled):not(.disabled):active,.show>.bg-dark .btn-outline-primary.dropdown-toggle{-webkit-box-shadow:inset 0 0 0 2px #fff;box-shadow:inset 0 0 0 2px #fff}.bg-dark .btn-secondary{background-color:#0073e6;border-color:#fff;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);color:#fff}.bg-dark .btn-secondary:hover{color:#fff;background-color:#0d86ff;border-color:#e6e6e6}.bg-dark .btn-secondary.focus,.bg-dark .btn-secondary:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-secondary.disabled,.bg-dark .btn-secondary:disabled{color:#fff;background-color:#0073e6;border-color:#fff}.bg-dark .btn-secondary:not(:disabled):not(.disabled).active,.bg-dark .btn-secondary:not(:disabled):not(.disabled):active,.show>.bg-dark .btn-secondary.dropdown-toggle{color:#fff;background-color:#1a8cff;border-color:#dfdfdf}.bg-dark .btn-secondary:not(:disabled):not(.disabled).active:focus,.bg-dark .btn-secondary:not(:disabled):not(.disabled):active:focus,.show>.bg-dark .btn-secondary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-secondary{color:#fff;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #fff;box-shadow:inset 0 0 0 1px #fff;-webkit-box-shadow:none;box-shadow:none}.bg-dark .btn-outline-secondary:hover{color:#e6e6e6;-webkit-box-shadow:inset 0 0 0 1px #e6e6e6;box-shadow:inset 0 0 0 1px #e6e6e6}.bg-dark .btn-outline-secondary.focus,.bg-dark .btn-outline-secondary:focus{-webkit-box-shadow:inset 0 0 0 1px #e6e6e6,0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 0 0 1px #e6e6e6,0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-secondary.disabled,.bg-dark .btn-outline-secondary:disabled{color:#fff;background-color:transparent}.bg-dark .btn-outline-secondary:not(:disabled):not(.disabled).active,.bg-dark .btn-outline-secondary:not(:disabled):not(.disabled):active,.show>.bg-dark .btn-outline-secondary.dropdown-toggle{color:#e6e6e6;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #e6e6e6;box-shadow:inset 0 0 0 1px #e6e6e6}.bg-dark .btn-outline-secondary:not(:disabled):not(.disabled).active:focus,.bg-dark .btn-outline-secondary:not(:disabled):not(.disabled):active:focus,.show>.bg-dark .btn-outline-secondary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-secondary:hover{-webkit-box-shadow:none;box-shadow:none}.bg-dark .btn-outline-secondary.focus,.bg-dark .btn-outline-secondary:focus{-webkit-box-shadow:0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-secondary:not(:disabled):not(.disabled).active,.bg-dark .btn-outline-secondary:not(:disabled):not(.disabled):active,.show>.bg-dark .btn-outline-secondary.dropdown-toggle{-webkit-box-shadow:none;box-shadow:none}.form-group{position:relative;margin-bottom:4px;padding:1.5rem 0 1rem}.form-group button,.form-group input,.form-group optgroup,.form-group select,.form-group textarea{color:#17324d}.form-group label{position:absolute;color:#5c6f82;font-weight:600;line-height:40px;line-height:2.5rem;-webkit-transition:.2s ease-out;transition:.2s ease-out;top:24px;top:1.5rem;font-size:16px;font-size:1rem;cursor:text;display:block;width:100%;padding:0 .75rem;z-index:6}.form-group small.form-text{position:absolute;margin:0;padding:0 .75rem;font-size:12.432px;font-size:.777rem}.form-group.active label{-webkit-transform:translateY(-75%);transform:translateY(-75%);font-size:12.432px;font-size:.777rem}.form-group.active .ico-prefix,.form-group.active label{color:#5c6f82}.form-row .form-group{padding-bottom:0}input[type=date],input[type=datetime-local],input[type=email],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],select,textarea{border:none;border-bottom:1px solid #5c6f82;border-radius:0;outline:0;height:40px;height:2.5rem;width:100%;-webkit-box-shadow:none;box-shadow:none;-webkit-transition:all .3s;transition:all .3s;font-weight:700}select,textarea{border:1px solid #5c6f82}input[type=file]+label{background-color:transparent}.form-control-plaintext+label,.form-group input.form-control-file+label,.form-group label.active,.form-group select.form-control+label,.input-group+label,.input-group~label,:disabled .form-group label{-webkit-transform:translateY(-75%);transform:translateY(-75%);font-size:12.432px;font-size:.777rem;background:transparent}:disabled .form-group label{top:0}.form-group.active .form-file-name{padding-bottom:1.95rem}.form-control-plaintext{padding:.375rem .75rem;background-color:#fff}.form-control:active,.form-control:focus{-webkit-box-shadow:none!important;box-shadow:none!important}.custom-select.is-valid,.form-control.is-valid,.was-validated .custom-select:valid,.was-validated .form-control:valid{background-position:100%!important;background-repeat:no-repeat!important;background-size:45px 45%!important;background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%2300cc85' viewBox='0 0 192 512'%3E%3Cpath d='M435.848 83.466L172.804 346.51l-96.652-96.652c-4.686-4.686-12.284-4.686-16.971 0l-28.284 28.284c-4.686 4.686-4.686 12.284 0 16.971l133.421 133.421c4.686 4.686 12.284 4.686 16.971 0l299.813-299.813c4.686-4.686 4.686-12.284 0-16.971l-28.284-28.284c-4.686-4.686-12.284-4.686-16.97 0z'/%3E%3C/svg%3E")}.custom-select.is-invalid,.form-control.is-invalid,.was-validated .custom-select:invalid,.was-validated .form-control:invalid{background-position:100%!important;background-repeat:no-repeat!important;background-size:45px 45%!important;background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%23f73e5a' viewBox='0 0 384 512'%3E%3Cpath d='M231.6 256l130.1-130.1c4.7-4.7 4.7-12.3 0-17l-22.6-22.6c-4.7-4.7-12.3-4.7-17 0L192 216.4 61.9 86.3c-4.7-4.7-12.3-4.7-17 0l-22.6 22.6c-4.7 4.7-4.7 12.3 0 17L152.4 256 22.3 386.1c-4.7 4.7-4.7 12.3 0 17l22.6 22.6c4.7 4.7 12.3 4.7 17 0L192 295.6l130.1 130.1c4.7 4.7 12.3 4.7 17 0l22.6-22.6c4.7-4.7 4.7-12.3 0-17L231.6 256z'/%3E%3C/svg%3E")}.custom-select.warning,.form-control.warning{background-position:100%!important;background-repeat:no-repeat!important;background-size:25px 45%!important;border-color:#f90;background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%23f90' viewBox='0 0 192 512'%3E%3Cpath d='M176 432c0 44.112-35.888 80-80 80s-80-35.888-80-80 35.888-80 80-80 80 35.888 80 80zM25.26 25.199l13.6 272C39.499 309.972 50.041 320 62.83 320h66.34c12.789 0 23.331-10.028 23.97-22.801l13.6-272C167.425 11.49 156.496 0 142.77 0H49.23C35.504 0 24.575 11.49 25.26 25.199z'/%3E%3C/svg%3E")}.custom-select.is-valid~.warning-feedback,.form-control.is-valid~.warning-feedback{display:block}.warning-feedback{display:none;width:100%;margin-top:.25rem;font-size:12.432px;font-size:.777rem;color:#f90}.invalid-feedback,.valid-feedback,.warning-feedback{margin-left:.75rem}.form-file input[type=file]{filter:alpha(opacity=0);margin:0;max-width:100%;opacity:0}.form-file .form-file-name{border-bottom:1px solid rgba(0,0,0,.15);border-radius:0;color:#464a4c;left:0;overflow:hidden;padding:.5rem .6rem 2rem;max-height:32px;max-height:2rem;pointer-events:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;z-index:5}.form-file .form-file-name,.form-file .form-file-name:before{background-color:#fff;line-height:1.7;position:absolute;right:0;top:0}.form-file .form-file-name:before{bottom:-1px;color:#0073e6;content:"Sfoglia";display:block;height:40px;height:2.5rem;padding:.4rem 1rem 1.5rem;border:1px solid #0073e6;z-index:6;border-top-right-radius:4px}.input-group-text{background-color:#f8f8f8;border:0;border-radius:0!important;border-bottom:1px solid #555}.input-group-prepend{margin-right:0}.input-group-append{margin-left:0}.input-group-lg>.form-control,.input-group-lg>.input-group-append>.btn,.input-group-lg>.input-group-append>.input-group-text,.input-group-lg>.input-group-prepend>.btn,.input-group-lg>.input-group-prepend>.input-group-text{padding:0 1rem;border-radius:0}.ico-prefix{position:absolute;width:48px;width:3rem;font-size:28.8px;font-size:1.8rem;z-index:10;text-align:center}.ico-prefix~.form-file-name{padding-left:3.5rem}.ico-prefix~.select-wrapper .select-dropdown,.ico-prefix~input,.ico-prefix~label,.ico-prefix~textarea{padding-left:3rem}.form-group.active .ico-prefix~label,.ico-prefix~.custom-select~label,.ico-prefix~label.active{padding-left:.75rem}.form-group .form-check,.form-row .form-check,.row .form-check{padding-left:0;margin-top:1rem}.form-check [type=checkbox],.form-check [type=radio]{position:absolute;left:-9999px}.form-check [type=checkbox]+label,.form-check [type=radio]+label{position:relative;padding-left:36px;cursor:pointer;display:inline-block;height:32px;line-height:32px;font-size:16px;font-size:1rem;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.form-check [type=checkbox]+label:after,.form-check [type=checkbox]+label:before{content:"";left:0;position:absolute;-webkit-transition:.2s;transition:.2s;z-index:1;border-style:solid;border-width:2px}.form-check [type=checkbox]+label:before{top:0;width:17px;height:17px;border:1px solid #e6e9f2;border-radius:1px;margin:2px 5px;-webkit-transform:rotate(37deg);transform:rotate(37deg);-webkit-transform-origin:100% 100%;transform-origin:100% 100%}.form-check [type=checkbox]+label:after{border-radius:4px;height:20px;width:20px;margin:6px 5px;top:0}.form-check [type=checkbox]:checked+label:before{top:6px;left:1px;width:8px;height:13px;border-color:transparent #fff #fff transparent;border-style:solid;border-width:2px;-webkit-transform:rotate(40deg);transform:rotate(40deg);-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-transform-origin:100% 100%;transform-origin:100% 100%;opacity:.8}.form-check [type=checkbox]:checked+label:after{border-color:#0073e6;background-color:#0073e6;z-index:0}.form-check [type=checkbox]:not(:checked)+label:after{background-color:transparent;border-color:#5c6f82;z-index:0}.form-check [type=checkbox]:not(:checked)+label:before{width:0;height:0;border-color:transparent;left:6px;top:10px}.form-check [type=checkbox]:disabled+label{cursor:not-allowed}.form-check [type=checkbox]:disabled:not(:checked)+label:after{border-color:#e6e9f2;background-color:#fff}.form-check [type=checkbox]:disabled:checked+label:after{background-color:#e6e9f2;border-color:#e6e9f2}.form-check [type=radio]+label{-webkit-transition:.2s ease;transition:.2s ease}.form-check [type=radio]+label:after,.form-check [type=radio]+label:before{content:"";position:absolute;left:0;top:0;margin:5px;width:22px;height:22px;z-index:0;border-radius:50%;border-style:solid;border-width:2px;-webkit-transition:.2s ease;transition:.2s ease}.form-check [type=radio]:not(:checked)+label:after,.form-check [type=radio]:not(:checked)+label:before{border-color:#5c6f82}.form-check [type=radio]:not(:checked)+label:after{z-index:-1;-webkit-transform:scale(0);transform:scale(0)}.form-check [type=radio]:checked+label:after{border-color:#0073e6;background-color:#0073e6;z-index:0;-webkit-transform:scale(.64);transform:scale(.64)}.form-check [type=radio]:checked+label:before{border-color:#0073e6}.form-check [type=radio]:disabled+label{cursor:not-allowed}.form-check [type=radio]:disabled:not(:checked)+label:after,.form-check [type=radio]:disabled:not(:checked)+label:before{border-color:#e6e9f2}.form-check [type=radio]:disabled:checked+label:after{border-color:#e6e9f2;background-color:#e6e9f2}.form-check [type=radio]:disabled:checked+label:before{border-color:#e6e9f2}.form-check.form-check-group{padding:0 0 8px;margin-bottom:16px;-webkit-box-shadow:inset 0 -1px 0 0 rgba(1,1,1,.1);box-shadow:inset 0 -1px 0 0 rgba(1,1,1,.1)}.form-check.form-check-group [type=checkbox]+label,.form-check.form-check-group [type=radio]+label{position:static;padding-left:8px;padding-right:52px}.form-check.form-check-group [type=checkbox]+label:after,.form-check.form-check-group [type=checkbox]+label:before,.form-check.form-check-group [type=radio]+label:after,.form-check.form-check-group [type=radio]+label:before{right:15px;left:auto}.form-check.form-check-group [type=checkbox]:checked+label:before{right:26px}.form-check.form-check-group [type=radio]:checked+label:before{right:15px}.form-check.form-check-group .form-text{opacity:.6;margin:0;padding-left:8px;padding-right:52px}.toggles,.toggles *{-webkit-appearance:none;-moz-appearance:none;appearance:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.toggles label{cursor:pointer;width:100%;margin:0 8px 8px;height:32px;line-height:32px;font-weight:700}.toggles label input[type=checkbox]{opacity:0;width:0;height:0}.toggles label input[type=checkbox]+.lever{content:"";position:relative;width:46px;height:16px;background-color:#e6e9f2;border-radius:10px;-webkit-transition:background .3s ease;transition:background .3s ease;vertical-align:middle;float:right;margin:8px 16px 0}.toggles label input[type=checkbox]+.lever:after,.toggles label input[type=checkbox]+.lever:before{content:"";position:absolute;display:inline-block;width:26px;height:26px;border-radius:50%;left:0;top:-5px;left:-3px;-webkit-transition:left .3s ease,background .1s ease,-webkit-transform .1s ease;transition:left .3s ease,background .1s ease,-webkit-transform .1s ease;transition:left .3s ease,background .1s ease,transform .1s ease;transition:left .3s ease,background .1s ease,transform .1s ease,-webkit-transform .1s ease}.toggles label input[type=checkbox]+.lever:before{background-color:rgba(0,115,230,.15)}.toggles label input[type=checkbox]+.lever:after{background-color:#5c6f82;background-size:10px 10px;background-repeat:no-repeat;background-position:50%;background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg width='10' height='10' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M6.364 4.95l3.535 3.535L8.485 9.9 4.95 6.364 1.414 9.899 0 8.485 3.536 4.95 0 1.414 1.414 0 4.95 3.536 8.485 0 9.9 1.414 6.364 4.95z' fill='%23FFF' fill-rule='evenodd' opacity='.8'/%3E%3C/svg%3E");border:2px solid #fff}.toggles label input[type=checkbox]:checked+.lever{background-color:#e6e9f2}.toggles label input[type=checkbox]:checked+.lever:after,.toggles label input[type=checkbox]:checked+.lever:before{left:23px}.toggles label input[type=checkbox]:checked+.lever:after{background-color:#0073e6;background-size:14px 14px;background-repeat:no-repeat;background-position:50%;background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg width='14' height='11' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M4.879 7.536l7.07-7.072 1.415 1.415-7.071 7.07-1.414 1.415L.636 6.121 2.05 4.707 4.88 7.536z' fill='%23FFF' fill-rule='evenodd' opacity='.5'/%3E%3C/svg%3E")}.toggles label input[type=checkbox][disabled]+.lever{cursor:default;background-color:#e6e9f2}.toggles label input[type=checkbox][disabled]+.lever:after,.toggles label input[type=checkbox][disabled]:checked+.lever:after{background-color:#e6e9f2}.select-wrapper{position:relative}.select-wrapper .search-wrap input{width:100%;border:none;border-bottom:1px solid #0073e6;font-size:14.4px;font-size:.9rem;padding:0 .5em}.select-wrapper .dropdown-menu{background-color:#fff;border-radius:0;-webkit-box-shadow:0 2px 4px 3px rgba(0,0,0,.1);box-shadow:0 2px 4px 3px rgba(0,0,0,.1);margin:0;display:none;min-width:100px;max-height:240px;overflow-y:auto;position:absolute;padding:.3rem;z-index:999;will-change:width,height;list-style-type:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;width:100%}.select-wrapper .dropdown-menu.show{display:block}.select-wrapper .dropdown-menu li{clear:both;color:#000;cursor:pointer;line-height:32px;width:100%;text-align:left;text-transform:none}.select-wrapper .dropdown-menu li.optgroup>span{color:#ccc;padding:0}.select-wrapper .dropdown-menu li:not(.disabled):focus,.select-wrapper .dropdown-menu li:not(.disabled):hover{background-color:#eee}.select-wrapper .dropdown-menu li.active>span:after{content:"";background-image:url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI1MTIiIGhlaWdodD0iNTEyIiB2aWV3Qm94PSIwIDAgNDQ4LjggNDQ4LjgiPjxwYXRoIGZpbGw9IiMwMDZERjAiIGQ9Ik0xNDIuOCAzMjMuODVMMzUuNyAyMTYuNzUgMCAyNTIuNDVsMTQyLjggMTQyLjggMzA2LTMwNi0zNS43LTM1Ljd6Ii8+PC9zdmc+");background-size:16px 16px;background-repeat:no-repeat;background-position:50%;float:right;display:block;height:32px;width:16px;opacity:.5}.select-wrapper .dropdown-menu li>a,.select-wrapper .dropdown-menu li>span{font-size:14px;color:#5c6f82;font-weight:600;display:block;padding:0 .5rem}.select-wrapper .dropdown-menu li>a.filtrable label,.select-wrapper .dropdown-menu li>a [type=checkbox],.select-wrapper .dropdown-menu li>span.filtrable label,.select-wrapper .dropdown-menu li>span [type=checkbox]{display:none}.select-wrapper .dropdown-menu li.disabled>span{cursor:unset;color:#ccc}.select-wrapper .dropdown-menu li>a>i{height:inherit;line-height:inherit}.select-wrapper .select-dropdown{color:#17324d;border-bottom:1px solid #5c6f82;position:relative;cursor:pointer;background-color:transparent;outline:0;width:100%;font-size:16px;font-size:1rem;margin:0 0 15px;display:block;line-height:24px;padding:12px 38px 12px 16px}.select-wrapper .select-dropdown:disabled{color:rgba(0,0,0,.3);border-bottom-color:rgba(0,0,0,.3);cursor:default}.select-wrapper .select-dropdown ul{list-style-type:none;padding:0}.select-wrapper .select-dropdown ul li.disabled,.select-wrapper .select-dropdown ul li.disabled>span,.select-wrapper .select-dropdown ul li.optgroup{color:rgba(0,0,0,.3);background-color:transparent!important;cursor:context-menu}.select-wrapper .select-dropdown ul li.optgroup{border-top:1px solid #eee}.select-wrapper .select-dropdown ul li.optgroup.selected>span{color:rgba(0,0,0,.7)}.select-wrapper .select-dropdown ul li.optgroup>span{color:rgba(0,0,0,.4)}.select-wrapper .caret{color:#757575;position:absolute;right:12px;line-height:16px;top:calc(50% - 8px)}.select-wrapper .caret .disabled{color:rgba(0,0,0,.46)}.select-wrapper.show .select-dropdown{color:#0073e6;border-bottom:1px solid #0073e6}.select-wrapper.show .caret{color:#0073e6}.select-wrapper+label{padding:0 .75rem!important;position:absolute;top:-18px;font-size:12.8px;font-size:.8rem}.select-wrapper select.custom-select{display:none!important}.select-wrapper select:disabled{color:rgba(0,0,0,.3)}.btn-eye{background-position:50%!important;background-repeat:no-repeat!important;width:28px;height:22px;position:absolute;right:8px;right:.5rem;top:36px;top:2.25rem;z-index:10;color:#5c6f82;cursor:pointer}.eye-on{background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%235c6f82' viewBox='0 0 576 512'%3E%3Cpath d='M272.702 359.139c-80.483-9.011-136.212-86.886-116.93-167.042l116.93 167.042zM288 392c-102.556 0-192.092-54.701-240-136 21.755-36.917 52.1-68.342 88.344-91.658l-27.541-39.343C67.001 152.234 31.921 188.741 6.646 231.631a47.999 47.999 0 0 0 0 48.739C63.004 376.006 168.14 440 288 440a332.89 332.89 0 0 0 39.648-2.367l-32.021-45.744A284.16 284.16 0 0 1 288 392zm281.354-111.631c-33.232 56.394-83.421 101.742-143.554 129.492l48.116 68.74c3.801 5.429 2.48 12.912-2.949 16.712L450.23 509.83c-5.429 3.801-12.912 2.48-16.712-2.949L102.084 33.399c-3.801-5.429-2.48-12.912 2.949-16.712L125.77 2.17c5.429-3.801 12.912-2.48 16.712 2.949l55.526 79.325C226.612 76.343 256.808 72 288 72c119.86 0 224.996 63.994 281.354 159.631a48.002 48.002 0 0 1 0 48.738zM528 256c-44.157-74.933-123.677-127.27-216.162-135.007C302.042 131.078 296 144.83 296 160c0 30.928 25.072 56 56 56s56-25.072 56-56l-.001-.042c30.632 57.277 16.739 130.26-36.928 171.719l26.695 38.135C452.626 346.551 498.308 306.386 528 256z'/%3E%3C/svg%3E")}.eye-off{background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%235c6f82' viewBox='0 0 576 512'%3E%3Cpath d='M569.354 231.631C512.97 135.949 407.81 72 288 72 168.14 72 63.004 135.994 6.646 231.631a47.999 47.999 0 0 0 0 48.739C63.031 376.051 168.19 440 288 440c119.86 0 224.996-63.994 281.354-159.631a47.997 47.997 0 0 0 0-48.738zM288 392c-102.556 0-192.091-54.701-240-136 44.157-74.933 123.677-127.27 216.162-135.007C273.958 131.078 280 144.83 280 160c0 30.928-25.072 56-56 56s-56-25.072-56-56l.001-.042C157.794 179.043 152 200.844 152 224c0 75.111 60.889 136 136 136s136-60.889 136-136c0-31.031-10.4-59.629-27.895-82.515C451.704 164.638 498.009 205.106 528 256c-47.908 81.299-137.444 136-240 136z'/%3E%3C/svg%3E")}.psw-wrapper{padding:0 .75rem}.psw-meter{height:3px;max-width:180px}.psw-meter .col-3{height:3px}.psw-percent,.psw-text{font-size:12px;font-size:.75rem;display:block;padding:.25rem 0;font-weight:500}.psw-percent{margin-right:5px}@-webkit-keyframes dropdownFadeIn{0%{opacity:0;margin-top:0}to{opacity:1;margin-top:16px}}@keyframes dropdownFadeIn{0%{opacity:0;margin-top:0}to{opacity:1;margin-top:16px}}@-webkit-keyframes dropdownFadeInTop{0%{opacity:0;margin-top:0}to{opacity:1;margin-top:-16px}}@keyframes dropdownFadeInTop{0%{opacity:0;margin-top:0}to{opacity:1;margin-top:-16px}}.btn-dropdown{color:#06c;padding:0 4px;background-color:transparent;font-size:16px;font-size:1rem;border-radius:0}.btn-dropdown:not(:disabled):not(.disabled):active{-webkit-box-shadow:none;box-shadow:none}.btn-dropdown:after{content:"";font-size:12.8px;font-size:.8rem;font-family:italia-icon-font;font-style:normal;font-weight:400;speak:none;border:none;display:inline-block;vertical-align:0;width:auto;height:auto;-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s}.btn-dropdown[aria-expanded=true]:after{-webkit-transform:scaleY(-1);transform:scaleY(-1)}.dropdown-menu{border-radius:0 0 4px 4px}.dropdown-menu.full-width{width:100%}.dropdown-menu.full-width .link-list li{display:inline-block;width:auto}.dropdown-menu.full-width .link-list li:focus,.dropdown-menu.full-width .link-list li:hover{background:none;text-decoration:underline}.dropdown-menu .link-list{margin-bottom:0}.dropdown-menu .link-list h3{line-height:2.3em;margin-bottom:0}.dropdown-menu:before{content:"";position:absolute;top:-6px;left:24px;width:18px;height:18px;border-radius:4px;background-color:#fff;-webkit-transform:rotate(45deg);transform:rotate(45deg)}.dropdown-menu[x-placement=top-start]{border-radius:4px 4px 0 0}.dropdown-menu[x-placement=top-start]:before{bottom:-6px;top:auto}.dropdown-menu.dark{background-color:#435a70}.dropdown-menu.dark .link-list-wrapper ul span.divider{background:#2e465e}.dropdown-menu.dark .link-list-wrapper ul li a:hover span,.dropdown-menu.dark .link-list-wrapper ul li a span,.dropdown-menu.dark .link-list-wrapper ul li h3,.dropdown-menu.dark .link-list-wrapper ul li i{color:#fff}.dropdown-menu.dark .link-list-wrapper ul li a:not(.active):not(.disabled):hover i{color:#4fe0dc}.dropdown-menu.dark .link-list-wrapper ul li a.disabled span{color:#adb2b8}.dropdown-menu.dark:before{background-color:#435a70}nav.pagination-wrapper{display:-webkit-box;display:-ms-flexbox;display:flex}nav.pagination-wrapper,nav.pagination-wrapper.pagination-total{-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}nav.pagination-wrapper.pagination-total{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}nav.pagination-wrapper.pagination-total ul{margin-bottom:.5rem}nav.pagination-wrapper.pagination-total p{font-size:14.222px;font-size:.8888888889rem;color:#5b6f82;margin-bottom:1rem;font-weight:600;text-align:center}nav.pagination-wrapper .form-group{margin-left:2.5rem;width:72px;width:4.5rem;margin-top:0}nav.pagination-wrapper .form-group label{font-size:14.222px;font-size:.8888888889rem;color:#9da2a6}nav.pagination-wrapper .form-group.active label{font-size:12.8px;font-size:.8rem}nav.pagination-wrapper .btn.dropdown-toggle{font-size:14.222px;font-size:.8888888889rem;color:#5b6f82;font-weight:600;padding:12px;height:40px;height:2.5rem;border:none;width:100%}nav.pagination-wrapper .btn.dropdown-toggle:after{color:#0073e6;margin-left:.5rem}.pagination{-ms-flex-wrap:wrap;flex-wrap:wrap}.pagination .page-item{margin-right:5px}.pagination .page-item.disabled a.page-link,.pagination .page-item.disabled a.page-link i[class^=it-]{color:#c2c7cc}.pagination .page-item span.page-link{pointer-events:none}.pagination .page-item .page-link{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;height:40px;height:2.5rem;min-width:40px;min-width:2.5rem;border-radius:4px;border:none;font-size:14.222px;font-size:.8888888889rem;font-weight:600;color:#5b6f82;background-color:transparent}.pagination .page-item .page-link[aria-current]{border:1px solid #06c;color:#06c;pointer-events:none}.pagination .page-item .page-link.text,.pagination .page-item .page-link i[class^=it-]{color:#0073e6}.pagination .page-item .page-link i[class^=it-]{font-size:11.2px;font-size:.7rem}.pagination .page-item .page-link span.d-inline-block{margin-right:.5rem}.pagination .page-item .page-link:hover{color:#06c;background-color:transparent}.pagination .page-item .page-link:hover i[class^=it-]{color:#06c}@media (min-width:576px){.pagination .page-item .page-link{height:2.6666666667rem;min-width:2.6666666667rem}nav.pagination-wrapper .btn.dropdown-toggle{height:2.6666666667rem}}@media (min-width:768px){nav.pagination-wrapper{-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}nav.pagination-wrapper .dropdown{margin-left:2.6666666667rem}}@media (max-width:767.98px){.offcanvas-collapse{position:fixed;top:56px;bottom:0;left:1em;width:100%;overflow-y:auto;background-color:#323333;-webkit-transition:-webkit-transform .3s ease-in-out;transition:-webkit-transform .3s ease-in-out;transition:transform .3s ease-in-out;transition:transform .3s ease-in-out,-webkit-transform .3s ease-in-out;-webkit-transform:translateX(100%);transform:translateX(100%)}.offcanvas-collapse.open{-webkit-transform:translateX(-1rem);transform:translateX(-1rem)}}.nav-tabs{position:relative;background-color:#fff;border-bottom:0}.nav-tabs:after{content:"";position:absolute;z-index:-1;-webkit-box-shadow:0 0 2rem rgba(0,0,0,.15);box-shadow:0 0 2rem rgba(0,0,0,.15);bottom:0;left:10%;right:10%;width:80%;height:50%;border-radius:100%}.nav-tabs .nav-link{border-radius:0;font-weight:600;color:#5c6f82;border:none;border-bottom:2px solid transparent}.nav-tabs .nav-link.disabled{color:#b1b1b3;font-weight:400}.nav-tabs .nav-item.show .nav-link,.nav-tabs .nav-link.active{border-bottom:2px solid #06c;color:#06c;cursor:inherit}.nav-tabs .nav-item{margin-bottom:0}.nav-tabs.nav-dark{background-color:#455b71}.nav-tabs.nav-dark .nav-link{color:#c7d1d0}.nav-tabs.nav-dark .nav-item.show .nav-link,.nav-tabs.nav-dark .nav-link.active{background-color:#455b71;color:#00fff7;border-bottom:2px solid #00fff7}.it-ico-sm{font-size:28px;font-size:1.75rem}.it-ico{font-size:20px;font-size:1.25rem}.it-ico-lg{font-size:24px;font-size:1.5rem}.cookiebar{bottom:0;left:0;right:0;display:none;position:fixed;width:100%;z-index:1100}.cookiebar.cookiebar-top{bottom:auto;top:0}.cookiebar.show{display:block}.hero{padding:1rem;margin-bottom:1rem;background-color:#cacacc;border-radius:0}@media (min-width:576px){.hero{padding:1rem}}.hero .hero-heading{font-size:32px;font-size:2rem;font-weight:700;color:#00264d;margin-bottom:.8rem}.hero-fluid{padding-right:0;padding-left:0;border-radius:0}.forward{display:block;text-align:center;font-size:48px;font-size:3rem;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.forward:hover{text-decoration:none}.return-to-top{position:fixed;bottom:16px;right:16px;background:#0073e6;background:rgba(0,115,230,.7);width:48px;height:48px;display:block;text-decoration:none;border-radius:50%;display:none;text-align:center;z-index:1}.return-to-top,.return-to-top i{-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.return-to-top i{color:#fff;margin:0;position:relative;top:8px;font-size:20px}.return-to-top i:before{margin:0}.return-to-top:hover{background:rgba(0,115,230,.9);text-decoration:none}.return-to-top:hover i{color:#fff;top:4px}.autocomplete-clear{visibility:hidden;position:absolute;z-index:2;right:4px;right:.25rem;top:8px;top:.5rem;background:transparent;border:none;cursor:pointer}.autocomplete-clear svg{fill:#a6a6a6}.autocomplete-wrap{position:absolute;left:0;right:0;background:#fff;-webkit-box-shadow:0 2px 5px rgba(0,0,0,.25);box-shadow:0 2px 5px rgba(0,0,0,.25);z-index:100;max-height:240px;overflow-y:auto;padding-left:0;list-style-type:none}.autocomplete-wrap li{cursor:pointer;padding:12px 16px;font-size:14px;font-size:.875rem}.autocomplete-wrap li:hover{background:#eee}.link-list-wrapper ul{padding:0;list-style-type:none}.link-list-wrapper ul.link-sublist{padding-left:24px}.link-list-wrapper ul li a{font-size:.889em;line-height:2.3em;display:block;padding:0 24px;position:relative}.link-list-wrapper ul li a:hover:not(.disabled){text-decoration:none}.link-list-wrapper ul li a:hover:not(.disabled) span{color:#06c;text-decoration:underline}.link-list-wrapper ul li a:hover:not(.disabled) p{color:#06c;text-decoration:none}.link-list-wrapper ul li a.disabled:hover{text-decoration:none}.link-list-wrapper ul li a.medium{font-weight:600}.link-list-wrapper ul li a span{color:#06c;display:block;margin-right:24px}.link-list-wrapper ul li a.right-icon i.right{position:absolute;top:0;right:24px;-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s}.link-list-wrapper ul li a.right-icon i.right.secondary{color:#9da2a6}.link-list-wrapper ul li a.right-icon[aria-expanded=true] i.right{-webkit-transform:scaleY(-1);transform:scaleY(-1)}.link-list-wrapper ul li a.active span{color:#17324d;text-decoration:underline}.link-list-wrapper ul li a.disabled{cursor:not-allowed}.link-list-wrapper ul li a.disabled.left-icon i,.link-list-wrapper ul li a.disabled.left-icon i.secondary,.link-list-wrapper ul li a.disabled.right-icon i,.link-list-wrapper ul li a.disabled.right-icon i.secondary,.link-list-wrapper ul li a.disabled span{color:#adb2b8}.link-list-wrapper ul li a.left-icon{display:-webkit-box;display:-ms-flexbox;display:flex}.link-list-wrapper ul li a.left-icon i.left{margin-right:8px}.link-list-wrapper ul li a.large{font-size:1em}.link-list-wrapper ul li a p{font-size:.778em;line-height:normal;color:#5b6f82}.link-list-wrapper ul li a.avatar{display:-webkit-box;display:-ms-flexbox;display:flex;margin-bottom:8px}.link-list-wrapper ul li a.avatar .avatar{display:block;border-radius:50px;margin-right:8px}.link-list-wrapper ul li h3{font-size:1em;color:#17324d;padding:0 24px}.link-list-wrapper ul li h3 a{line-height:inherit;font-size:1em;padding:0}.link-list-wrapper ul .divider{display:block;height:1px;background:#ebeced;margin:8px 0}.link-list-wrapper ul .toggles label{padding:0 24px;font-size:.889em;line-height:2.3em;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;height:auto;font-weight:inherit;margin:0}.link-list-wrapper ul .toggles input[type=checkbox]+.lever{margin:8px 0 0}.link-list-wrapper ul .form-check.form-check-group{padding:0 24px;-webkit-box-shadow:none;box-shadow:none}.link-list-wrapper ul .form-check.form-check-group [type=checkbox]+label{padding-left:0;font-size:.889em;line-height:2.3em;height:inherit;margin-bottom:0}.link-list-wrapper ul .form-check.form-check-group [type=checkbox]+label:after{right:24px}.link-list-wrapper ul .form-check.form-check-group [type=checkbox]+label:before{right:35px}.link-list-wrapper ul .form-check.form-check-group [type=checkbox][disabled]+label{color:#adb2b8}@media (min-width:576px){.link-list-wrapper ul li a.large{font-size:1em;line-height:2.7em}}@media (min-width:768px){.link-list-wrapper ul li a.large{line-height:2.7em}}@-webkit-keyframes megamenuFadeIn{0%{opacity:0;margin-top:16px}to{opacity:1;margin-top:16px}}@keyframes megamenuFadeIn{0%{opacity:0;margin-top:16px}to{opacity:1;margin-top:16px}}.navbar{background:#06c}.navbar .navbar-collapsable{position:fixed;top:0;right:0;left:0;bottom:0;z-index:10;background:rgba(0,0,0,.6);display:none}.navbar .navbar-collapsable .menu-wrapper{background:#06c;position:absolute;top:0;bottom:0;right:0;left:48px;pointer-events:all;overflow-y:auto;-webkit-transform:translateX(100%);transform:translateX(100%);-webkit-transition:all .3s;transition:all .3s}.navbar .navbar-collapsable .navbar-nav{margin-top:102px;padding:24px 0}.navbar .navbar-collapsable .navbar-nav li a.nav-link{color:#fff;font-weight:400;padding:12px 24px;position:relative}.navbar .navbar-collapsable .navbar-nav li a.nav-link.active{border-left:2px solid #fff}.navbar .navbar-collapsable.expanded .close-div,.navbar .navbar-collapsable.expanded .menu-wrapper{-webkit-transform:translateX(0);transform:translateX(0)}.navbar .close-div{-webkit-transform:translateX(100%);transform:translateX(100%);padding:24px;position:fixed;left:48px;right:0;top:0;background:#06c;z-index:10;-webkit-transition:all .3s;transition:all .3s}.navbar .close-div .close-menu{background:transparent;color:#fff;text-align:center;font-size:.75em;text-transform:uppercase;padding:0}.navbar .close-div .close-menu span{display:block;text-align:center;font-size:2em}.navbar .close-div .close-menu span:before{margin-right:0}.navbar .dropdown-menu{background:transparent;-webkit-box-shadow:none;box-shadow:none}.navbar .dropdown-menu:before{display:none}.navbar .dropdown-menu .link-list-wrapper{padding-left:24px;padding-right:24px}.navbar .dropdown-menu .link-list-wrapper ul li a h3,.navbar .dropdown-menu .link-list-wrapper ul li a span,.navbar .dropdown-menu .link-list-wrapper ul li h3{color:#fff}.navbar .dropdown-toggle{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between}.navbar .dropdown-toggle:after{font-family:italia-icon-font;font-style:normal;font-weight:400;speak:none;display:inline-block;text-decoration:inherit;width:auto;height:auto;margin-right:.2em;text-align:center;font-variant:normal;text-transform:none;line-height:1em;content:"\e818";vertical-align:auto;border:none;border-bottom:0;font-size:.8em;line-height:2em;-webkit-transform-origin:center;transform-origin:center;-webkit-transition:all .3s;transition:all .3s}.navbar .dropdown-toggle[aria-expanded=true]:after{-webkit-transform:scaleY(-1);transform:scaleY(-1)}.custom-navbar-toggler{background:none;border:none}.custom-navbar-toggler span{color:#fff;font-size:1.625em}.inline-menu .link-list-wrapper .link-list,.inline-menu .link-list-wrapper .link-list li a{position:relative}.inline-menu .link-list-wrapper .link-list li a i{color:#6aaaeb}.inline-menu .link-list-wrapper .link-list li a:after{content:"";display:block;width:2px;background:#06c;position:absolute;right:0;top:0;height:100%;-webkit-transform-origin:center;transform-origin:center;-webkit-transform:scaleY(0);transform:scaleY(0);-webkit-transition:all .3s;transition:all .3s;z-index:1}.inline-menu .link-list-wrapper .link-list li a.active span{color:#06c;text-decoration:none}.inline-menu .link-list-wrapper .link-list li a[aria-expanded=true]:after{-webkit-transform:scaleY(1);transform:scaleY(1)}.inline-menu .link-list-wrapper .link-list:after{content:"";display:block;width:2px;background:-webkit-gradient(linear,left top,left bottom,from(#e6ecf2),to(rgba(230,236,242,.3)));background:linear-gradient(180deg,#e6ecf2 0,rgba(230,236,242,.3));position:absolute;right:0;top:0;height:100%}@media (min-width:992px){.navbar{background:#06c;padding:0}.navbar .navbar-collapsable{position:relative;z-index:auto;background:none;display:block!important}.navbar .navbar-collapsable,.navbar .navbar-collapsable .menu-wrapper{top:auto;right:auto;left:auto;bottom:auto;-webkit-transition:none;transition:none}.navbar .navbar-collapsable .menu-wrapper{position:inherit;overflow-y:visible;-webkit-transform:none;transform:none}.navbar .navbar-collapsable .navbar-nav{margin-top:0;padding:0 24px}.navbar .navbar-collapsable .navbar-nav li a.nav-link{font-weight:400;padding:12px 24px}.navbar .navbar-collapsable .navbar-nav li a.nav-link.active{border-left:0;border-bottom:2px solid #fff}.navbar .navbar-collapsable .navbar-nav li a.nav-link.disabled{opacity:.5;cursor:not-allowed}.navbar .close-div{display:none}.navbar .dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;float:left;min-width:10rem;padding:.5rem 0;margin:.125rem 0 0;font-size:1rem;color:#19191a;text-align:left;list-style:none;background-color:#fff;background-clip:padding-box;border:0 solid transparent;border-radius:4px;-webkit-box-shadow:0 0 30px 5px rgba(0,0,0,.05);box-shadow:0 0 30px 5px rgba(0,0,0,.05)}.navbar .dropdown-menu.show{-webkit-animation:dropdownFadeIn .3s forwards;animation:dropdownFadeIn .3s forwards;top:calc(100% - 16px)}.navbar .dropdown-menu:before{display:block}.navbar .dropdown-menu .link-list-wrapper{padding-left:0;padding-right:0}.navbar .dropdown-menu .link-list-wrapper ul li a h3,.navbar .dropdown-menu .link-list-wrapper ul li a span{color:#06c}.navbar .dropdown-menu .link-list-wrapper ul li h3{color:#19191a}.navbar .dropdown-toggle{display:block;-webkit-box-pack:inherit;-ms-flex-pack:inherit;justify-content:inherit}.navbar .dropdown-toggle:after{content:"";font-size:.8rem;font-family:italia-icon-font;font-style:normal;font-weight:400;speak:none;border:none;display:inline-block;vertical-align:0;width:auto;height:auto;-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s}.navbar.megamenu .navbar-collapsable{width:100%}.navbar.megamenu .navbar-collapsable .nav-item{position:static}.navbar.megamenu .navbar-collapsable .nav-item a{position:relative}.navbar.megamenu .navbar-collapsable .nav-item a:before{content:"";position:absolute;top:auto;bottom:-12px;left:24px;width:18px;height:18px;border-radius:4px;background-color:#fff;-webkit-transform:rotate(45deg);transform:rotate(45deg);opacity:0;-webkit-transition:opacity .3s;transition:opacity .3s}.navbar.megamenu .navbar-collapsable .nav-item.show a:before{opacity:1}.navbar.megamenu .navbar-collapsable .dropdown-menu{min-width:auto;left:24px;right:24px}.navbar.megamenu .navbar-collapsable .dropdown-menu:before{display:none}.navbar.megamenu .navbar-collapsable .dropdown-menu.show{-webkit-animation:megamenuFadeIn .3s forwards;animation:megamenuFadeIn .3s forwards}.custom-navbar-toggler{display:none}}.skiplinks{background-color:#0bd9d2;text-align:center}.skiplinks a{display:inline-block;padding:.5rem;display:block;font-weight:600;color:#5b6f82;text-decoration:underline}.componente-base{background-color:#0073e6;color:#fff;cursor:pointer;padding:8px}.focus--keyboard,.form-check [type=checkbox]:focus+label,.toggles label input[type=checkbox]:focus+.lever{border-color:#f90;-webkit-box-shadow:0 0 6px 2px #f90;box-shadow:0 0 6px 2px #f90;outline:none}.focus--mouse,.form-check [type=checkbox]:focus.focus--mouse+label,.toggles label input[type=checkbox]:focus.focus--mouse+.lever{border-color:inherit;-webkit-box-shadow:none;box-shadow:none;outline:none}.bg-primary--dark{background-color:#06c}.bg-primary--mid-dark{background-color:#004e95}.bg-primary--darken{background-color:#002b4d}.text-grey{color:#ccc}.text-sans-serif{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}.text-serif{font-family:Lora,serif}.text-light-blue{color:#e6f3fe}.text-blue{color:#0073e6}.border-dark-blue{border-color:#193e5e!important}.border-medium-blue{border-color:#06c!important}.border-grey-light{border-color:#eaebed!important}.border-width-2{border-width:2px!important}.stopScrolling--vertical{overflow-y:hidden}.deactive{display:none!important}@font-face{font-family:docs-icons;src:url(../font/docs.eot);src:url(../font/docs-italia.eot#iefix) format("embedded-opentype"),url(../font/docs-italia.ttf) format("truetype"),url(../font/docs-italia.woff) format("woff"),url(../font/docs-italia.svg#docs) format("svg");font-weight:400;font-style:normal}[class*=" docs-icon-"],[class^=docs-icon-]{font-family:docs-icons!important;speak:none;font-style:normal;font-weight:400;font-variant:normal;text-transform:none;line-height:1;vertical-align:middle;color:inherit;font-size:20.8px;font-size:1.3rem;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.docs-icon-more:before{content:""}.docs-icon-expand:before{content:""}.docs-icon-collapse:before{content:""}.docs-icon-plus:before{content:""}.docs-icon-minus:before{content:""}.docs-icon-document:before{content:""}.docs-icon-edit:before{content:""}.docs-icon-download:before{content:""}.docs-icon-info:before{content:""}.docs-icon-compare:before{content:""}.docs-icon-github:before{content:""}.docs-icon-share:before{content:""}.docs-icon-search:before{content:""}.docs-icon-link:before{content:""}.docs-icon-external-link:before{content:""}.docs-icon-comment:before{content:""}.docs-icon-attention:before,.docs-icon-warning:before{content:""}.docs-icon-example:before{content:""}.docs-icon-procedure:before{content:""}.docs-icon-hint:before{content:""}.docs-icon-note:before{content:""}.docs-icon-step:before{content:""}.docs-icon-pdf:before{content:""}.docs-icon-html:before{content:""}.docs-icon-project:before{content:""}.docs-icon-publisher:before{content:""}.docs-icon-docs:before{content:""}.docs-icon-user:before{content:""}.small{font-size:14px}.navbar-dark--text-white{color:#fff}.navbar-dark .lang-selector .nav-link,.navbar-dark .navbar-nav .nav-link{color:#fff!important}.navbar.bg-white{background-color:#fff}.navbar.primary-bg-a7{background-color:#0059b3}@media (min-width:992px){.dropdown-menu.dropdown-menu-right:before{right:24px;left:auto}}@media (min-width:992px){.navbar .dropdown-menu.dropdown-menu-right{left:auto;right:0}}@media (max-width:991.98px){.dropdown-menu-right{right:auto;left:auto}}.btn-group.show .dropdown-menu[x-placement=bottom-start],.dropdown.show .dropdown-menu[x-placement=bottom-start]{-webkit-animation:dropdownFadeIn .3s forwards;animation:dropdownFadeIn .3s forwards}.btn-group.show .dropdown-menu[x-placement=top-start],.dropdown.show .dropdown-menu[x-placement=top-start]{-webkit-animation:dropdownFadeInTop .3s forwards;animation:dropdownFadeInTop .3s forwards}.dropdown-menu[x-placement^=bottom],.dropdown-menu[x-placement^=left],.dropdown-menu[x-placement^=right],.dropdown-menu[x-placement^=top]{right:auto;bottom:auto}.dropdown-menu:before{z-index:-1}.injected{display:none}body{color:#596771;background-color:#002b4d}body.no-scroll{overflow-y:hidden}p{font-family:Lora,serif}h1,h2,h3,h4,h5{color:#000;margin-bottom:2rem}img{max-width:100%;height:auto}.container-fluid--desktop{max-width:1450px}@-webkit-keyframes pulsate{0%{-webkit-transform:scale(.1);transform:scale(.1);opacity:0}50%{opacity:1}to{-webkit-transform:scale(1.2);transform:scale(1.2);opacity:0}}@keyframes pulsate{0%{-webkit-transform:scale(.1);transform:scale(.1);opacity:0}50%{opacity:1}to{-webkit-transform:scale(1.2);transform:scale(1.2);opacity:0}}.loading{overflow:hidden}.loading:after{position:absolute;background:#0073e6;height:100%;width:100%;z-index:10;content:"";left:0;top:0}.loading:before{border:5px solid #fff;margin:-15px 0 0 -15px;border-radius:30px;position:absolute;content:"";z-index:11;height:30px;left:50%;top:50%;opacity:0;width:30px;-webkit-animation:pulsate 1s ease-out;animation:pulsate 1s ease-out;-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite}.loading.no-bg:after{background:none;position:relative}.dropdown-menu{background-color:#fff;padding:.5rem;margin:0;border-radius:.2rem;-webkit-box-shadow:2px 2px 8px 0 rgba(0,0,0,.35);box-shadow:2px 2px 8px 0 rgba(0,0,0,.35);z-index:100}.dropdown-menu .dropdown-item{color:#0073e6}.dropdown-menu .dropdown-item.active,.dropdown-menu .dropdown-item:active{font-weight:600;text-decoration:inherit;background-color:inherit}#version-list .dropdown-toggle .current-version{max-width:8em;text-overflow:ellipsis;overflow:hidden;display:inline-block;font-size:inherit;font-weight:400}#version-list .version-list-wrapper{max-height:10.2em;max-width:18em;overflow-y:scroll}#version-list .dropdown-item{text-overflow:ellipsis;max-width:16em;overflow-x:hidden}.document-actions .dropdown-toggle:after{vertical-align:middle;line-height:1.5}@media (max-width:767.98px){.document-actions .dropdown-toggle:after{font-family:italia-icon-font!important;border:none;margin:0 2em 0 0;width:auto;height:auto;float:right;content:"\e818";vertical-align:middle;font-size:.8em;line-height:2em;-webkit-transform-origin:center;transform-origin:center;-webkit-transition:all .3s;transition:all .3s}.document-actions .dropdown-toggle[aria-expanded=true]:after{-webkit-transform:scaleY(-1);transform:scaleY(-1)}.document-actions .dropdown-toggle:hover{text-decoration:none}.document-actions .dropdown-menu.show{position:static!important;-webkit-transform:none!important;transform:none!important;-webkit-box-shadow:none;box-shadow:none;padding:0;margin-top:16px;-webkit-animation:none;animation:none}.document-actions .dropdown-menu.show:before{display:none}}.header{font-size:16px;font-size:1rem}.header .navbar-brand{font-size:14.224px;font-size:.889rem;font-weight:600}.header .navbar-brand a{text-decoration:none}.header .navbar .dropdown-toggle:after{margin:0 .2rem;font-size:11.2px;font-size:.7rem}.header .nav-item{margin-left:.2rem}@media (min-width:992px){.header .nav-item{border-left:0;margin-left:0}}.header .nav-item.active{font-weight:600}.header .nav-item:not(.nav-text):not(.nav-item--no-underline).active,.header .nav-item:not(.nav-text):not(.nav-item--no-underline):hover{border-left:.2rem solid #fff;margin-left:0}@media (min-width:992px){.header .nav-item:not(.nav-text):not(.nav-item--no-underline).active,.header .nav-item:not(.nav-text):not(.nav-item--no-underline):hover{border-left:0;margin-left:0;border-bottom:2px solid #fff;margin-bottom:0}}.slim-header{font-size:14.224px;font-size:.889rem}.slim-header .navbar-toggler .navbar__icon{font-size:11.2px;font-size:.7rem;line-height:3em;display:inline-block;-webkit-transform:scaleY(-1);transform:scaleY(-1);-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s}.slim-header .navbar-toggler.collapsed .navbar__icon{-webkit-transform:scaleY(1);transform:scaleY(1)}.slim-header .navbar-toggler .dropdown-toggle:after{content:""}.slim-header.navbar .divider{border-top:.05rem solid #799ebc;padding-right:1px;width:10%;margin-top:.75rem;margin-bottom:1rem;margin-left:.2rem;padding-bottom:1px}.slim-header.navbar .divider:first-child{margin-top:1px}.slim-header.navbar .divider.divider--w-100{width:100%}@media (min-width:992px){.slim-header.navbar .divider.divider--w-100{width:inherit}}@media (min-width:992px){.slim-header.navbar .divider{border-top:0;width:inherit;margin-top:inherit;margin-bottom:inherit;border-right:.05rem solid #06c;padding-right:1px;margin-left:0}}.secondary-nav{font-weight:600}@media (max-width:991.98px){.secondary-nav.secondary-nav--offcanvas{-webkit-transform:translateX(-100%);transform:translateX(-100%);z-index:10;background-color:#fff;color:#06c;-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s;-webkit-transition-timing-function:ease-in-out;transition-timing-function:ease-in-out;position:fixed;top:0;left:0;bottom:0;right:25%;overflow-y:auto}.secondary-nav.secondary-nav--offcanvas.active{-webkit-transform:translateX(0);transform:translateX(0)}}.secondary-nav .navbar-nav li{padding:.5rem;border-bottom:.2rem solid transparent}.secondary-nav .nav-item:not(.nav-text):not(.nav-item--no-underline).active,.secondary-nav .nav-item:not(.nav-text):not(.nav-item--no-underline):hover{border-bottom:.2rem solid #fff}@media (max-width:991.98px){.article-intro-more .dropdown.show:before{content:"";width:100vw;height:100%;position:fixed;top:0;left:0;background-color:rgba(0,0,0,.5);z-index:999}}.article-intro-more .dropdown .dropdown-toggle:after{display:none}.article-intro-more .dropdown .dropdown-menu{background-color:#fff;padding:.5rem;margin:0;border-radius:.2rem;-webkit-box-shadow:2px 2px 8px 0 rgba(0,0,0,.35);box-shadow:2px 2px 8px 0 rgba(0,0,0,.35);z-index:100}@media (max-width:991.98px){.article-intro-more .dropdown .dropdown-menu{position:fixed!important;z-index:1001!important;top:calc(50% - 140px)!important;left:calc(50% - 140px)!important;-webkit-transform:none!important;transform:none!important}.article-intro-more .dropdown .dropdown-menu:before{display:none}}.article-intro-more .dropdown .dropdown-menu .dropdown-item{color:#0073e6}@media (max-width:991.98px){.lang-selector .dropdown.show:before{content:"";width:100vw;height:100%;position:fixed;top:0;left:0;background-color:rgba(0,0,0,.5);z-index:999}}.lang-selector .dropdown .dropdown-menu{background-color:#fff;padding:.5rem;margin:0;border-radius:.2rem;-webkit-box-shadow:2px 2px 8px 0 rgba(0,0,0,.35);box-shadow:2px 2px 8px 0 rgba(0,0,0,.35);z-index:100}@media (max-width:991.98px){.lang-selector .dropdown .dropdown-menu{position:fixed!important;z-index:1001!important;top:calc(50% - 80px)!important;left:calc(50% - 80px)!important;-webkit-transform:none!important;transform:none!important}.lang-selector .dropdown .dropdown-menu:before{display:none}}.lang-selector .dropdown .dropdown-menu .dropdown-item{color:#0073e6}.lang-selector .dropdown .dropdown-menu .dropdown-item.active,.lang-selector .dropdown .dropdown-menu .dropdown-item:active{font-weight:600;text-decoration:inherit;background-color:inherit}.h1--header{font-size:21.328px;font-size:1.333rem;font-weight:600;line-height:1.2;letter-spacing:unset}@media (min-width:576px){.h1--header{font-size:1.8rem}}.h1--header span{font-size:11.2px;font-size:.7rem;font-weight:400}.svg--header{width:39px;height:36px}@media (min-width:576px){.svg--header{width:65px;height:60px}}.h2--header{font-size:14px;font-weight:300;letter-spacing:unset}.docs__document-info{color:#fff;font-size:14.4px;font-size:.9rem;vertical-align:bottom}.docs__document-info .docs__document-info__icon{font-size:19.2px;font-size:1.2rem;vertical-align:bottom}.docs__document-info .docs__document-info__ownership .docs__document-info__label{font-size:12.8px;font-size:.8rem}.docs__document-info .docs__document-info__ownership .docs__document-info__icon{font-size:16px;font-size:1rem}.doc-header{-webkit-box-shadow:0 0 120px 0 rgba(0,0,0,.1);box-shadow:0 0 120px 0 rgba(0,0,0,.1);position:relative;z-index:10;color:#0073e6;font-size:16px;font-weight:600}.doc-header .progress-container{width:100%;height:4px;height:.25rem;background:#e6f3fe}.doc-header .progress-bar{height:4px;height:.25rem;background:#06c;width:0}.docs-italia #cerca{border:1px solid #ccc;font-size:12.8px;font-size:.8rem;font-weight:100}.docs-italia #cerca::-webkit-input-placeholder{color:#ccc}.docs-italia #cerca::-moz-placeholder{color:#ccc}.docs-italia #cerca::-ms-input-placeholder{color:#ccc}.docs-italia #cerca::placeholder{color:#ccc}.social{color:#fff}.social .social__label{font-size:15.2px;font-size:.95rem}.social .social__link{color:#fff;font-size:16px;font-size:1rem}.social .social__link:active,.social .social__link:hover{text-decoration:none}#rtd-search-form{border:1px solid #ccc}#rtd-search-form input[type=text]{border:none;height:100%}#rtd-search-form .input-group-append button{background-color:#fff}#rtd-search-form .input-group-append button .docs-icon-search{font-size:19.2px;font-size:1.2rem}#documentInfo .tag{font-family:Titillium Web,Geneva,Tahoma,sans-serif}.offcanvas-menu{position:fixed;z-index:1000;width:100vw;height:100vh;top:0;left:0;right:0;bottom:0}.offcanvas-menu.animate--left{-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0);-webkit-transition:-webkit-transform .4s;transition:-webkit-transform .4s;transition:transform .4s;transition:transform .4s,-webkit-transform .4s;-webkit-transition-timing-function:cubic-bezier(.7,0,.3,1);transition-timing-function:cubic-bezier(.7,0,.3,1)}.offcanvas-menu.js-active{-webkit-transform:translateZ(0);transform:translateZ(0);-webkit-transition:-webkit-transform .8s;transition:-webkit-transform .8s;transition:transform .8s;transition:transform .8s,-webkit-transform .8s;-webkit-transition-timing-function:cubic-bezier(.7,0,.3,1);transition-timing-function:cubic-bezier(.7,0,.3,1)}.offcanvas-menu .offcanvas-menu__inner{width:80%;background-color:#fff;height:100vh;-webkit-transform:translateX(0);transform:translateX(0);-webkit-transition:all .5s ease-out;transition:all .5s ease-out}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__header{padding:1.5rem 1.8rem 1rem}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__header .offcanvas-menu__title{font-weight:600;font-size:19.2px;font-size:1.2rem}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav{padding:.5rem 0 0;margin:0}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav .offcanvas-menu__nav__item{list-style:none;margin:0;padding:.5rem 1rem}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav .offcanvas-menu__nav__item:first-child,.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav .offcanvas-menu__nav__item:nth-child(4){position:relative}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav .offcanvas-menu__nav__item:first-child:before,.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav .offcanvas-menu__nav__item:nth-child(4):before{content:"";width:64px;height:1px;left:32px;left:2rem;border-top:1px solid rgba(0,102,204,.2);position:absolute;top:0}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav .offcanvas-menu__nav__item .offcanvas-menu__nav__link{padding:.5rem 1rem;font-size:16px;font-size:1rem;display:block}.offcanvas-menu.deactive .offcanvas-menu__inner{margin-left:-80%;overflow:hidden}.offcanvas-menu .offcanvas-menu__extra{width:20%;height:100vh;position:fixed;right:0;top:0}body:before{position:fixed;top:0;left:0;z-index:999;bottom:0;right:0;background:rgba(0,0,0,.5);content:"";opacity:0;-webkit-transform:translate3d(100%,0,0);transform:translate3d(100%,0,0);-webkit-transition:opacity .4s,-webkit-transform 0s .4s;transition:opacity .4s,-webkit-transform 0s .4s;transition:opacity .4s,transform 0s .4s;transition:opacity .4s,transform 0s .4s,-webkit-transform 0s .4s;-webkit-transition-timing-function:cubic-bezier(.7,0,.3,1);transition-timing-function:cubic-bezier(.7,0,.3,1)}body.show-menu:before{opacity:1;-webkit-transition:opacity .8s;transition:opacity .8s;-webkit-transition-timing-function:cubic-bezier(.7,0,.3,1);transition-timing-function:cubic-bezier(.7,0,.3,1);-webkit-transform:translateZ(0);transform:translateZ(0)}#desktop-menu{-webkit-transform:translate(0);transform:translate(0);-webkit-transform:translateZ(0);transform:translateZ(0);will-change:position,transform;padding-bottom:5rem}#desktop-menu>button:first-of-type{margin-top:1.5rem}.col--nav{width:100%}@media (min-width:768px){.col--nav{width:420px;float:left;border-right:1px solid #eeeff0;padding-left:4.5rem}}.docs-menu{will-change:min-height;display:none}@media (min-width:768px){.docs-menu{display:block}}@media (max-width:767.98px){.docs-offcanvas-menu{-webkit-transform:translateX(100%);transform:translateX(100%);z-index:10;background-color:#fff;-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s;-webkit-transition-timing-function:ease-in-out;transition-timing-function:ease-in-out;position:fixed;top:0;left:0;bottom:0;right:0;overflow-y:auto}.docs-offcanvas-menu.active{-webkit-transform:translateX(0);transform:translateX(0)}}@media (min-width:768px){.docs-offcanvas-menu{display:none}}.navbar-toggler--wrap{position:fixed;bottom:0;left:0;right:0;z-index:9;background-color:#fff;-webkit-box-shadow:-1px -2px 62px -13px rgba(0,0,0,.25);box-shadow:-1px -2px 62px -13px rgba(0,0,0,.25)}@media (min-width:768px){.navbar-toggler--wrap{display:none}}.navbar-toggler{color:#06c;padding:1rem 1rem 1rem 2rem}.navbar-toggler__chapter{color:#000;font-size:12.8px;font-size:.8rem}.sidebar-tabs{position:fixed;top:0;left:0;right:0;background-color:#fff;-webkit-transform:translateX(100%);transform:translateX(100%);-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s;-webkit-transition-timing-function:ease-in-out;transition-timing-function:ease-in-out;z-index:11;-webkit-box-shadow:-1px -2px 62px -13px rgba(0,0,0,.25);box-shadow:-1px -2px 62px -13px rgba(0,0,0,.25)}.sidebar-tabs.active{-webkit-transform:translateX(0);transform:translateX(0)}@media (min-width:768px){.sidebar-tabs{display:none}}.sidebar-btn{text-transform:uppercase;color:#06c;font-weight:700;cursor:pointer;border:0;border-bottom:3px solid #0073e6;background:none}@media (min-width:768px){.sidebar-btn{border-bottom:2px solid #bbd8f1}}.sidebar-btn.sidebar-btn--mobile{display:inline-block;font-size:11.2px;font-size:.7rem;text-align:center;border:0}.sidebar-btn.sidebar-btn--mobile.active.show{border-bottom:3px solid #0073e6;text-decoration:none}@media (min-width:768px){.sidebar-btn.sidebar-btn--mobile.active.show{border-bottom:2px solid #bbd8f1}}.form-check [type=checkbox]:focus.focus--mouse+label.sidebar-btn,.sidebar-btn.focus--mouse,.toggles label input[type=checkbox]:focus.focus--mouse+.sidebar-btn.lever{border-color:#0073e6!important}@media (min-width:768px){.form-check [type=checkbox]:focus.focus--mouse+label.sidebar-btn,.sidebar-btn.focus--mouse,.toggles label input[type=checkbox]:focus.focus--mouse+.sidebar-btn.lever{border-color:#bbd8f1!important}}.sidebar-btn .it-collapse,.sidebar-btn .it-expand{font-size:9.6px;font-size:.6rem;line-height:2.5}.sidebar-btn .it-expand{display:inline-block}.sidebar-btn.collapsed .it-expand,.sidebar-btn .it-collapse{display:none}.sidebar-btn.collapsed .it-collapse{display:inline-block}@media (min-width:768px){.sidebar-btn{display:block;width:100%;text-align:left}}@media (max-width:767.98px){.sidebar-btn.collapsed .it-collapse,.sidebar-btn.collapsed .it-expand,.sidebar-btn .it-collapse,.sidebar-btn .it-expand{display:none}}.main-container{overflow:hidden;position:relative;background-color:#fff}.doc-content__consultation{position:absolute;right:0;left:0;top:0;background-color:#4bd4d6;text-align:left;text-transform:uppercase;font-weight:700;color:#000;padding:.5rem 0 .5rem 2rem}@media (min-width:992px){.doc-content__consultation{padding-left:4rem}}@media (min-width:1200px){.doc-content__consultation{-webkit-transform:rotate(45deg) translate(45px,-125px);transform:rotate(45deg) translate(45px,-125px);width:320px;-webkit-transform-origin:left;transform-origin:left;z-index:1;left:auto;text-align:center;padding-left:0}}.col-content{padding:4rem 2rem}@media (min-width:992px){.col-content{padding:4rem 4rem 5rem}}.caption-wrap{clear:both}.caption-wrap .caption--table{margin-top:1rem;margin-bottom:1rem;display:block;font-family:Lora,serif;font-style:italic;font-size:12px;font-size:.75rem;padding:0}@media (min-width:992px){.caption-wrap .caption--table{width:calc(100% - 200px);float:left}}.caption-wrap .reference--wrap{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;margin-top:1rem;margin-bottom:2rem;font-size:.9em}@media (min-width:768px){.caption-wrap .reference--wrap{width:200px;float:right;padding-left:2rem}}.caption-number{font-weight:700;color:#000}.chapter-header{margin-bottom:1rem;margin-left:.5rem}.chapter-nav{position:relative}@media (min-width:992px){.chapter-nav{width:200px;float:left}}.figure-fixed-wrap{display:block;width:100%;overflow-x:auto}.figure-fixed{max-width:none}.title__background{width:100%;background-color:#e6f3fe;position:absolute;top:-1px;height:auto;left:-8px;left:-.5rem;display:none;right:0;z-index:0}.title__background:after{content:"";position:absolute;left:100%;-webkit-transform:translateX(-50%);transform:translateX(-50%);top:0;bottom:0;width:0;height:0;border-left:20px solid transparent;border-right:20px solid transparent;border-top:20px solid #e6f3fe}.std-term{background-color:#bffffd;color:#000;padding:.2rem}.footer-buttons--next{clear:both;margin-top:4rem}.footer-buttons--next a{background-color:#0073e6;color:#fff;padding:.5rem 1rem;border-radius:.2rem;font-weight:700;display:inline-block}.footer-buttons--prev{margin-bottom:2.5rem}.reference-icon{vertical-align:middle;display:inline-block}#doc-content{width:100%;position:relative}@media (min-width:768px){#doc-content{width:calc(100% - 420px);float:left}}#doc-content a.reference[href]{text-decoration:underline}#doc-content .useful-docs .mimetype{display:none}#doc-content .useful-docs ul{list-style-type:none;padding-left:0}#doc-content .useful-docs li{border-top:1px solid #ccc;padding-top:1rem;padding-bottom:1rem;vertical-align:middle}#doc-content .useful-docs li:after{display:none}#doc-content .useful-docs [class*=" docs-icon-"],#doc-content .useful-docs [class^=docs-icon-]{font-size:30.4px;font-size:1.9rem;color:#0073e6}#doc-content ul.simple,#doc-content ul.simple ul{list-style-type:disc}#doc-content ul.simple li,#doc-content ul.simple ul li{position:relative;margin-bottom:.5rem;font-size:14.4px;font-size:.9rem}#doc-content ul.simple li ul li,#doc-content ul.simple ul li ul li{margin-top:.5rem}#doc-content .section{clear:both}#doc-content .section:after{content:"";display:table;clear:both}@media (min-width:992px){#doc-content .section>*{width:calc(100% - 200px);float:left;clear:left}}@media (min-width:992px){#doc-content .section .caption-wrap,#doc-content .section .chapter-header,#doc-content .section .figure,#doc-content .section .full-width,#doc-content .section .section,#doc-content .section .table-responsive,#doc-content .section>.toctree-wrapper.compound{width:100%}}#doc-content .section .figure{width:100%}#doc-content .section .figure[id],#doc-content .section .rubric.ref[id],#doc-content .section .section[id],#doc-content .section .table[id]{border-top:4.2rem solid transparent}#doc-content .section .glossary dt:not([id=""]){margin-top:-4em;padding-top:4em}#doc-content .section ol.loweralpha,#doc-content .section ol.loweralpha li{list-style:lower-alpha}#doc-content .section ol.upperalpha,#doc-content .section ol.upperalpha li{list-style:upper-alpha}#doc-content .section ol.upperroman,#doc-content .section ol.upperroman li{list-style:upper-roman}#doc-content .section ol,#doc-content .section ol.arabic{list-style:decimal}#doc-content .topic-title{color:#000;font-weight:700;font-size:22.4px;font-size:1.4rem;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}#doc-content .topic.procedure{margin-bottom:3rem}#doc-content .topic.procedure em{font-weight:700}#doc-content .topic.procedure ol{padding-left:1rem}#doc-content .topic.procedure ol li{position:relative;margin-bottom:1rem;padding-left:1rem;counter-increment:list;list-style-type:none;font-family:Lora,serif}#doc-content .topic.procedure ol li:after{position:absolute;left:-16px;left:-1rem;top:0;width:16px;width:1rem;height:24px;height:1.5rem;z-index:1;content:counter(list);color:#fff;text-align:center;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;font-weight:600}#doc-content .topic.procedure .topic-title{text-transform:uppercase;font-size:17.6px;font-size:1.1rem;font-weight:700;color:#002b4d;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;padding-bottom:.2rem;background:-webkit-gradient(linear,left top,left bottom,from(#004e95),to(#004e95)) no-repeat 100% 100%/calc(100% - 2rem) 2px;background:linear-gradient(#004e95,#004e95) no-repeat 100% 100%/calc(100% - 2rem) 2px;margin-bottom:1rem}#doc-content .topic.procedure .topic-title [class*=" docs-icon-"],#doc-content .topic.procedure .topic-title [class^=docs-icon-]{margin-right:.5rem}#doc-content .topic.procedure .procedure__img{padding-left:1.5rem;margin-bottom:2rem;margin-left:.5rem;margin-top:2rem;border-left:1px solid #799ebc}#doc-content .topic.procedure .procedure__img img{-webkit-box-shadow:0 0 61px 0 rgba(0,0,0,.15);box-shadow:0 0 61px 0 rgba(0,0,0,.15)}#doc-content .topic.procedure .procedure-internal-title{text-transform:uppercase;color:#000;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;font-size:12.8px;font-size:.8rem;font-weight:700}#doc-content .topic.procedure .docs-icon-step{color:#004e95;position:absolute;left:-24px;left:-1.5rem;font-size:32px;font-size:2rem}@media (min-width:992px){#doc-content .title-wrap{width:calc(100% - 200px);float:left;clear:left;position:relative}#doc-content .title-wrap h2{line-height:60px}#doc-content .title-wrap h3{line-height:46px}#doc-content .title-wrap h1,#doc-content .title-wrap h2,#doc-content .title-wrap h3{display:inline;cursor:pointer;position:relative;color:#000;box-shadow:.5rem 0 0 #fff,-.5rem 0 0 #fff;-webkit-box-shadow:.5rem 0 0 #fff,-.5rem 0 0 #fff;-webkit-box-decoration-break:clone;-ms-box-decoration-break:clone;-o-box-decoration-break:clone;box-decoration-break:clone;left:-.5rem;z-index:1}#doc-content .title-wrap h1 .title__chapter,#doc-content .title-wrap h2 .title__chapter,#doc-content .title-wrap h3 .title__chapter{position:relative;color:#0073e6}#doc-content .title-wrap h1{line-height:71px}#doc-content .title-wrap h1 .title__chapter{position:relative;background-color:#0073e6;color:#fff;margin-right:.5rem;padding-left:.5rem;padding-right:.5rem;display:inline-block;z-index:1}#doc-content .title-wrap h1 .title__chapter:after,#doc-content .title-wrap h1 .title__chapter:before{content:"";top:0;bottom:0;width:.5rem;background-color:#0073e6;position:absolute}#doc-content .title-wrap h1 .title__chapter:after{right:100%}#doc-content .title-wrap h1 .title__chapter:before{left:100%}}#doc-content .title-wrap.active h1,#doc-content .title-wrap.active h2,#doc-content .title-wrap.active h3{-webkit-box-shadow:.5rem 0 0 #e6f3fe,-.5rem 0 0 #e6f3fe;box-shadow:.5rem 0 0 #e6f3fe,-.5rem 0 0 #e6f3fe;background-color:#e6f3fe}#doc-content .title-wrap.active .title__background{display:block}#doc-content .headerlink{display:none}#doc-content .document-info{padding:0}#doc-content .document-info .docutils.field-list{width:100%;margin-bottom:2rem;border-bottom:1px solid #ccc;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;display:grid}#doc-content .document-info .docutils.field-list tr{display:block;margin-bottom:2rem}@media (min-width:576px){#doc-content .document-info .docutils.field-list tr{width:50%;float:left}}#doc-content .document-info .docutils.field-list .field-body,#doc-content .document-info .docutils.field-list .field-name{display:block;font-weight:400}#doc-content .document-info .docutils.field-list .field-body{color:#06c;text-decoration:underline}#doc-content dd>p{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}#doc-content .highlights{font-size:24px;font-size:1.5rem;font-family:Lora,serif}#doc-content blockquote.epigraph{margin-top:2rem;padding-left:2rem;border-left:4px solid #00c4c8;color:#596771;font-size:19.2px;font-size:1.2rem;margin-bottom:2rem}#doc-content blockquote.epigraph .attribution{margin-bottom:0;font-size:16px;font-size:1rem}#doc-content .question-and-answers blockquote{margin-top:.5rem;margin-bottom:0}#doc-content .question-and-answers blockquote>div{font-weight:700;font-family:Lora,serif}#doc-content .question-and-answers .pull-quote{max-width:490px;margin-bottom:2rem}#doc-content .question-and-answers .pull-quote ul{list-style-type:none;padding-left:1.5rem}#doc-content .question-and-answers .pull-quote ul li{display:inline-block;margin-top:1rem}#doc-content .question-and-answers .pull-quote ul li:after{display:none}#doc-content .question-and-answers .pull-quote ul li a{padding:.2rem .5rem;margin-right:.2rem;background-color:#bffffd;color:#000;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;border-bottom:2px dotted #ccc}#doc-content .question-and-answers .pull-quote>div>p{text-transform:uppercase;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;color:#0b0b0b;margin-bottom:0;font-weight:100}#doc-content .question-and-answers .pull-quote:nth-of-type(odd){float:left;clear:right}#doc-content .question-and-answers .pull-quote:nth-of-type(odd) blockquote>div,#doc-content .question-and-answers .pull-quote:nth-of-type(odd) ul{padding-left:1.5rem;border-left:5px solid #00c4c8}#doc-content .question-and-answers .pull-quote:nth-of-type(2n){float:right;text-align:right;clear:left}#doc-content .question-and-answers .pull-quote:nth-of-type(2n) blockquote>div,#doc-content .question-and-answers .pull-quote:nth-of-type(2n) ul{padding-right:1.5rem;border-right:5px solid #00c4c8}#doc-content .question-and-answers .glossary.docutils{display:none}#doc-content .highlighted{background:#bffffd;display:inline-block;font-weight:700}.highlight{padding:1rem;margin-bottom:1em}.highlight pre{margin:0;padding-bottom:1em}.highlighttable .highlight{padding:0}.code .highlight{background:none}code:not(.download) .pre{background-color:#efc;padding:.2rem}code.download{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;font-size:100%}#doc-content .admonition{margin-bottom:2rem;margin-top:2rem;padding-left:2rem;border-left:4px solid;color:#596771}#doc-content .admonition .more{padding:0}#doc-content .admonition .admonition-title{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;text-transform:uppercase;font-weight:700}#doc-content .admonition .admonition-title [class*=" docs-icon-"],#doc-content .admonition .admonition-title [class^=docs-icon-]{font-size:24px;font-size:1.5rem;margin-right:.5rem}#doc-content .admonition .admonition__hidden-paragraph{display:none}#doc-content .admonition .admonition__toggle-wrap{border-top:1px solid #ccc;padding-top:1rem;margin-top:1.5rem}#doc-content .admonition .admonition__toggle-btn{cursor:pointer;background:none;border:none;color:#0073e6;padding-left:0}#doc-content .admonition .admonition__toggle-btn [class*=" docs-icon-"],#doc-content .admonition .admonition__toggle-btn [class^=docs-icon-]{font-size:9.6px;font-size:.6rem;margin-left:.5rem;position:relative}#doc-content .admonition .admonition__toggle-btn [class*=" docs-icon-"]:after,#doc-content .admonition .admonition__toggle-btn [class^=docs-icon-]:after{content:"";width:16px;width:1rem;height:16px;height:1rem;border:2px solid #0073e6;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);transform:translate(-50%,-50%);position:absolute;border-radius:50%}#doc-content .admonition .admonition__toggle-btn .admonition__toggle-show-less:first-letter,#doc-content .admonition .admonition__toggle-btn .admonition__toggle-show-more:first-letter{text-transform:uppercase}#doc-content .admonition .admonition__toggle-btn .admonition__toggle-show-less{display:none}#doc-content .admonition .admonition__toggle-btn .admonition__toggle-show-more{display:inline-block}#doc-content .admonition .admonition__toggle-btn.active .admonition__toggle-show-more{display:none}#doc-content .admonition .admonition__toggle-btn.active .admonition__toggle-show-less{display:inline-block}#doc-content .admonition.display-page{background-color:#f9fafb;padding:2rem;position:relative;border:none}#doc-content .admonition.display-page:after,#doc-content .admonition.display-page:before{content:"";width:0;height:0;right:0;top:0;position:absolute;z-index:1}#doc-content .admonition.display-page:before{border-bottom:50px solid transparent;border-right:50px solid #fff}#doc-content .admonition.display-page:after{border-top:50px solid transparent;border-bottom:50px solid #ccc;border-right:50px solid transparent;-webkit-transform:translateY(-50%);transform:translateY(-50%)}#doc-content .admonition.display-page .admonition__hidden-paragraph p,#doc-content .admonition.display-page>p,#doc-content .admonition.display-page li{font-size:12.8px;font-size:.8rem;color:#002b4d}#doc-content .admonition.display-page ol{counter-reset:list}#doc-content .admonition.display-page ol li{margin-bottom:1rem;position:relative;list-style-type:none;counter-increment:list;color:#002b4d;font-family:Lora,serif;text-indent:16px;text-indent:1rem}#doc-content .admonition.display-page ol li:after{position:absolute;left:-16px;left:-1rem;top:0;width:17.6px;width:1.1rem;height:24px;height:1.5rem;z-index:1;content:counter(list) ".";text-align:center;font-weight:700}#doc-content .admonition.display-page ol li:before{position:absolute;left:-32px;left:-2rem;top:.65em;height:1px;z-index:1;content:"";font-weight:700;background-color:#002b4d;width:16px;width:1rem}#doc-content .admonition.display-page .admonition-title,#doc-content .admonition.display-page .code-block__header{color:#004e95;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}#doc-content .admonition.display-page .admonition-title{padding-bottom:.2rem;display:inline-block;background:-webkit-gradient(linear,left top,left bottom,from(#004e95),to(#004e95)) no-repeat 100% 100%/calc(100% - 2.2rem) 2px;background:linear-gradient(#004e95,#004e95) no-repeat 100% 100%/calc(100% - 2.2rem) 2px;margin-bottom:1rem;overflow:hidden}#doc-content .admonition.display-page .admonition-internal-title{text-transform:uppercase;font-size:12.8px;font-size:.8rem;font-weight:700;color:#002b4d;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}#doc-content .admonition.display-page .linenodiv pre{color:#8998a5;font-weight:400}#doc-content .admonition.display-page .highlighttable pre{font-size:12.8px;font-size:.8rem}#doc-content .admonition.admonition-consultation{padding-bottom:1rem;border-bottom:1px solid #ccc;position:relative}#doc-content .admonition.admonition-consultation a{text-decoration:underline}#doc-content .admonition.admonition-consultation .last{font-family:Lora,serif}#doc-content .admonition.admonition-consultation .admonition-title{color:#000;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}#doc-content .admonition.admonition-consultation .admonition-title [class*=" docs-icon-"],#doc-content .admonition.admonition-consultation .admonition-title [class^=docs-icon-]{font-size:19.2px;font-size:1.2rem}#doc-content .admonition.error{border-color:#d83750}#doc-content .admonition.error .admonition-title{color:#d83750}#doc-content .admonition.note{border-color:#004e95}#doc-content .admonition.note .admonition-title{color:#004e95}#doc-content .admonition.attention,#doc-content .admonition.warning{border-color:#df7d26}#doc-content .admonition.attention .admonition-title,#doc-content .admonition.warning .admonition-title{color:#df7d26}#doc-content .admonition.important{border-color:#008255}#doc-content .admonition.important .admonition-title{color:#008255}#doc-content .admonition.important .last{font-weight:700;font-size:19.2px;font-size:1.2rem}#doc-content .admonition.hint{border-color:#008255}#doc-content .admonition.hint .admonition-title{color:#008255}#doc-content .admonition.hint .reference.internal{font-size:12.8px;font-size:.8rem;position:relative}#doc-content .admonition.hint .reference.internal:after{content:"";width:6.4px;width:.4rem;height:6.4px;height:.4rem;border-top:1px solid #0073e6;border-right:1px solid #0073e6;left:100%;-webkit-transform:rotate(45deg) translateY(-50%);transform:rotate(45deg) translateY(-50%);position:absolute;top:50%}#doc-content .admonition.admonition-may,#doc-content .admonition.admonition-must,#doc-content .admonition.admonition-must-not,#doc-content .admonition.admonition-should,#doc-content .admonition.admonition-should-not,#doc-content .admonition.admonition-use,#doc-content .admonition.admonition-use-not{margin-top:2rem;border:2px solid;border-radius:1em;padding:2em;position:relative}#doc-content .admonition.admonition-may .admonition__header,#doc-content .admonition.admonition-must-not .admonition__header,#doc-content .admonition.admonition-must .admonition__header,#doc-content .admonition.admonition-should-not .admonition__header,#doc-content .admonition.admonition-should .admonition__header,#doc-content .admonition.admonition-use-not .admonition__header,#doc-content .admonition.admonition-use .admonition__header{display:inline-block;position:relative;padding:0 1em;background:#fff}#doc-content .admonition.admonition-may .admonition__header .admonition-title,#doc-content .admonition.admonition-must-not .admonition__header .admonition-title,#doc-content .admonition.admonition-must .admonition__header .admonition-title,#doc-content .admonition.admonition-should-not .admonition__header .admonition-title,#doc-content .admonition.admonition-should .admonition__header .admonition-title,#doc-content .admonition.admonition-use-not .admonition__header .admonition-title,#doc-content .admonition.admonition-use .admonition__header .admonition-title{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;margin:0}#doc-content .admonition.admonition-may:before,#doc-content .admonition.admonition-must-not:before,#doc-content .admonition.admonition-must:before,#doc-content .admonition.admonition-should-not:before,#doc-content .admonition.admonition-should:before,#doc-content .admonition.admonition-use-not:before,#doc-content .admonition.admonition-use:before{position:absolute;right:4em;top:-.65em;width:6em;padding:0 1em;display:inline-block;background-color:#fff}#doc-content .admonition.admonition-may,#doc-content .admonition.admonition-must,#doc-content .admonition.admonition-must-not,#doc-content .admonition.admonition-should,#doc-content .admonition.admonition-should-not{border-color:#004080}#doc-content .admonition.admonition-may .admonition__header,#doc-content .admonition.admonition-must-not .admonition__header,#doc-content .admonition.admonition-must .admonition__header,#doc-content .admonition.admonition-should-not .admonition__header,#doc-content .admonition.admonition-should .admonition__header{top:-2.8em}#doc-content .admonition.admonition-may .admonition__header .admonition-title,#doc-content .admonition.admonition-must-not .admonition__header .admonition-title,#doc-content .admonition.admonition-must .admonition__header .admonition-title,#doc-content .admonition.admonition-should-not .admonition__header .admonition-title,#doc-content .admonition.admonition-should .admonition__header .admonition-title{color:#004080}#doc-content .admonition.admonition-use{border-color:#00cf86}#doc-content .admonition.admonition-use .admonition__header .admonition-title{color:#00cf86}#doc-content .admonition.admonition-use .admonition__header .admonition-title:before{content:""}#doc-content .admonition.admonition-use-not{border-color:#d1344c}#doc-content .admonition.admonition-use-not .admonition__header .admonition-title{color:#d1344c}#doc-content .admonition.admonition-use-not .admonition__header .admonition-title:before{content:""}#doc-content .admonition.admonition-use-not .admonition__header,#doc-content .admonition.admonition-use .admonition__header{top:-3.2em}#doc-content .admonition.admonition-use-not .admonition__header .admonition-title:before,#doc-content .admonition.admonition-use .admonition__header .admonition-title:before{font-family:docs-icons;margin-right:.5rem;font-size:1.6em;vertical-align:middle}#doc-content .admonition.admonition-must:before{content:url(../images/must.svg)}#doc-content .admonition.admonition-should:before{content:url(../images/should.svg)}#doc-content .admonition.admonition-must-not:before{content:url(../images/must_not.svg)}#doc-content .admonition.admonition-should-not:before{content:url(../images/should_not.svg)}#doc-content .admonition.admonition-may:before{content:url(../images/may.svg)}.footer *{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}.footer a:hover{text-decoration:none}.footer .in-collaboration{font-size:.8em}.footer .team-logo--icon{width:54px}.footer .team-logo--text{font-size:16px;font-size:1rem;line-height:18px;max-width:160px;text-transform:uppercase}.footer .agid-logo--icon{width:8em}@media (min-width:768px){.footer .agid-logo--icon{width:10em}}.footer .agid-logo--separator{border-left-width:2px!important;height:30px}@media (min-width:768px){.footer .agid-logo--separator{height:40px}}.footer .agid-logo--text{width:112px;width:7rem;line-height:1.2;font-size:1em;display:inline-block;vertical-align:middle}@media (min-width:768px){.footer .agid-logo--text{font-size:1.1em;width:8rem}}.footer .small-prints{color:#00fff8;font-weight:600}.footer .social{font-size:1em;color:#fff}.footer .social .icon{color:#00264d;background-color:#fff;padding:.3em;border-radius:100%;font-size:22px}.footer .colophon{border-top:1px solid hsla(0,0%,100%,.1);margin-top:1.5em}@media (min-width:992px){.footer .colophon{margin-top:2em}}.footer-menu__link:hover{color:#fff}.t_translate-wrap{display:none}.doc-tooltip{background-color:#fff;font-family:Lora,serif;-webkit-box-shadow:0 0 100px 0 rgba(0,0,0,.15);box-shadow:0 0 100px 0 rgba(0,0,0,.15)}.doc-tooltip.bs-popover-auto[x-placement^=bottom]:before,.doc-tooltip.bs-popover-auto[x-placement^=top]:before,.doc-tooltip.bs-popover-bottom:before,.doc-tooltip.bs-popover-top:before{content:"";width:0;height:0;border-top:40px solid transparent;border-bottom:40px solid transparent;border-left:40px solid #fff;position:absolute;left:0;z-index:-1}.doc-tooltip.bs-popover-auto[x-placement^=top]:before,.doc-tooltip.bs-popover-top:before{bottom:-40px}.doc-tooltip.bs-popover-auto[x-placement^=bottom]:before,.doc-tooltip.bs-popover-bottom:before{top:-40px}.doc-tooltip.bs-popover-auto[x-placement^=bottom]:after,.doc-tooltip.bs-popover-auto[x-placement^=top]:after,.doc-tooltip.bs-popover-bottom:after,.doc-tooltip.bs-popover-top:after{content:"";width:15px;height:15px;-webkit-transform:rotate(45deg);transform:rotate(45deg);position:absolute;left:5px;z-index:-2}.doc-tooltip.bs-popover-auto[x-placement^=top]:after,.doc-tooltip.bs-popover-top:after{-webkit-box-shadow:5px 5px 70px 8px rgba(0,0,0,.15);box-shadow:5px 5px 70px 8px rgba(0,0,0,.15);bottom:-20px}.doc-tooltip.bs-popover-auto[x-placement^=bottom]:after,.doc-tooltip.bs-popover-bottom:after{-webkit-box-shadow:-5px -5px 70px 8px rgba(0,0,0,.15);box-shadow:-5px -5px 70px 8px rgba(0,0,0,.15);top:-20px}.doc-tooltip.doc-tooltip--note:after,.doc-tooltip.doc-tooltip--note:before{content:none}.tooltip__wrap{overflow:hidden;width:330px;padding:2rem;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}.tooltip__title{overflow:hidden;font-style:italic;margin-bottom:.5rem;font-size:1em;letter-spacing:0}.tooltip__content{font-size:14.4px;font-size:.9rem;font-style:italic;margin-bottom:0}.tooltip__close-btn{position:absolute;top:16px;top:1rem;right:16px;right:1rem;width:20px;height:20px;padding:0;background:none;border:0;cursor:pointer}.tooltip__close-btn:after,.tooltip__close-btn:before{content:"";position:absolute;height:20px;width:1px;background-color:#0073e6;top:0;left:50%}.tooltip__close-btn:after{-webkit-transform:rotate(45deg) translateX(-50%);transform:rotate(45deg) translateX(-50%)}.tooltip__close-btn:before{-webkit-transform:rotate(-45deg) translateX(-50%);transform:rotate(-45deg) translateX(-50%)}.tooltip__link{color:#0073e6;font-size:12.8px;font-size:.8rem;font-weight:100;text-transform:uppercase;letter-spacing:0;position:relative;display:inline-block;margin-top:1rem}.tooltip__link:after{content:"";position:absolute;left:100%;top:0;width:30px;background-image:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAsAAAAGCAYAAAAVMmT4AAAABmJLR0QAAAAAAAD5Q7t/AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4gUPDDQNy1r5IQAAAH5JREFUGNNj+I8HTD704v+ZR1/gfCYGPODNlz8MLv3XGc4+/srAwMDAwHjx6df//jNuYVX84esfhg9f/jAI8LAw3G4yYGD8+vPv/ztvfmBVPP3wK4YZ+14wdIfJM5Q4SzIw/v///z8uZzRsf8rAw8bEUOIsCRHA58EXn36h8AF2435mx6vmAAAAAABJRU5ErkJggg==");background-repeat:no-repeat;bottom:0;background-position:50%}@media (max-width:991.98px){.chapter-nav__list--hidden:not(.show){display:none}}@media (min-width:992px){.chapter-nav__list--hidden{visibility:hidden;opacity:0;-webkit-transition:visibility .35s,opacity .35s;transition:visibility .35s,opacity .35s}.chapter-nav__list--hidden.active{visibility:visible;opacity:1}}@media (max-width:991.98px){.chapter-nav__list-wrap{max-width:300px;margin-left:auto;margin-right:auto;border-radius:4px}}@media (min-width:992px){.chapter-nav__wrap{position:absolute;left:2rem;top:1rem}}.chapter-link{background:none;border:none;color:#0073e6;padding:0;display:inline-block;font-size:.9em;font-weight:400;cursor:pointer;vertical-align:middle}.chapter-link:hover{text-decoration:underline}.chapter-link__title{float:left}.chapter-link__counter{margin-right:.3rem;display:inline-block;float:left}.chapter-nav__list{list-style-type:none;margin-bottom:0;padding:1rem}@media (min-width:992px){.chapter-nav__list{padding:0}}.chapter-nav__title{padding:1rem;color:#000;font-size:12.8px;font-size:.8rem;font-weight:700;border-bottom:1px solid #ccc}.chapter-nav__title .title__chapter{color:#8998a5}@media (min-width:992px){.chapter-nav__title{display:none}}.chapter-nav__item:not(:last-child){margin-bottom:1rem}@media (min-width:992px){.chapter-nav__item:not(:last-child){margin-bottom:0}}.chapter-nav__list--visible{margin-top:1rem}@media (min-width:992px){.chapter-nav__list--visible{margin-top:-.5rem}}.chapter-nav__list--visible .chapter-nav__item{display:inline-block}@media (min-width:992px){.chapter-nav__list--visible .chapter-nav__item{display:block}}#doc-content ::-webkit-scrollbar{width:1em;height:14px}#doc-content ::-webkit-scrollbar-track{background-color:#e6f3fe;border-radius:7px;border:2px solid #fff}#doc-content ::-webkit-scrollbar-thumb{background-color:#0073e6;border-radius:7px;background-image:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAHCAYAAAABIM1CAAAALUlEQVQoU2N88+m/hggf4w0GLODJp//CLEwMUhI8jJexyT/7/l+OcdSAQRAGABbrTN6F2sNMAAAAAElFTkSuQmCC");background-repeat:no-repeat;background-position:50%}#doc-content table:not(.footnote){border:0}#doc-content table:not(.footnote) td{border-right:0;border-left:0}#doc-content table:not(.footnote):not(.highlighttable) td{min-width:220px}#doc-content table:not(.footnote) thead .head{border-right:0;border-left:0;text-transform:uppercase;color:#000;font-size:12px;font-size:.75rem;vertical-align:top}#doc-content table:not(.footnote) tr{font-size:12px;font-size:.75rem}#doc-content .footnote-reference{color:#193e5e;border:1px solid #193e5e;border-radius:3px;padding:0 .4rem;line-height:1.4}#doc-content .note-action{margin-top:.5rem}#doc-content .note-back-btn,#doc-content .note-close-btn{background:none;border:0;display:inline-block;color:#0073e6;font-size:1.2em;cursor:pointer}#doc-content .note-back-btn{position:relative}#doc-content .note-back-btn:before{content:"";top:0;bottom:0;width:1px;position:absolute;background-color:#0073e6;left:0}#doc-content .note-back-btn:hover{text-decoration:underline}#doc-content .docutils.footnote{color:#000;font-size:12.8px;font-size:.8rem;display:none;margin-bottom:2rem}#doc-content .docutils.footnote td{width:100%;float:left}#doc-content .docutils.footnote .fn-backref{color:#193e5e;border:1px solid #193e5e;border-radius:3px;padding:.2rem;line-height:1;display:inline-block;margin-bottom:.5rem}.block-comments{margin-top:4.4rem;padding-bottom:2rem}.block-comments__body p{font-family:Titillium Web,Geneva,Tahoma,sans-serif}.block-comments__header{border-bottom-color:#ccc!important;border-top-color:#eeeff0!important}.block-comments__header h6{color:#06c}.block-comments__img{width:56px}.block-comments__reply-anchor{margin-top:-5em;padding-top:5em}.block-comments__logout-link{display:none;padding-top:.25em}.block-comments__logout-link--icon{position:absolute;top:50%;left:50%;-webkit-transform:translate(-50%,-50%);transform:translate(-50%,-50%);color:#d83750;text-shadow:0 0 20px #000}.block-comments__logout-link--icon:hover{color:#fff}.block-comments__logout-link:hover{text-decoration:none}.block-comments__logout-link--visible{display:block;position:relative}.block-comments__input{margin-bottom:1em!important}.block-comments__toggle-btn{background:none;width:32px;width:2rem;height:32px;height:2rem}.block-comments__toggle-btn .docs-icon-minus,.block-comments__toggle-btn .docs-icon-plus{color:#06c;position:absolute;top:50%;left:50%;-webkit-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.block-comments__toggle-btn .docs-icon-plus{display:none}.block-comments__toggle-btn.collapsed .docs-icon-plus{display:block}.block-comments__toggle-btn.collapsed .docs-icon-minus{display:none}.block-comments__item-btn{background:none;width:32px;width:2rem;height:24px;height:1.5rem;border:0}.block-comments__item-btn .it-collapse,.block-comments__item-btn .it-expand{color:#06c}.block-comments__item-btn.collapsed .it-collapse,.block-comments__item-btn .it-expand{display:none}.block-comments__item-btn.collapsed .it-expand{display:inline-block}.block-comments__item{padding-top:1em}.block-comments__item.hidden{opacity:.5}.block-comments__item.is-new{background-color:#e6f3fe;-webkit-animation:background-fade-highlight 2s ease-out 1 forwards;animation:background-fade-highlight 2s ease-out 1 forwards}.block-comments__content{word-wrap:break-word}.block-comments__name{color:#06c;font-weight:400;font-size:16px;font-size:1rem;letter-spacing:0}.block-comments__date,.block-comments__role{font-size:14px;line-height:21px}.block-comments__role{letter-spacing:.88px}.block-comments__paragraph{font-size:14px;line-height:21px}.block-comments__paragraph a{text-decoration:underline}.box-comment{position:relative;width:100%}.box-comment:not(.sending) .loading{display:none}.box-comment.sending .loading{margin-left:1em;display:inline-block!important;position:relative;overflow:visible;width:40px;z-index:1}.box-comment.sending .loading:before{border:5px solid #0073e6!important;top:60%}.box-comment textarea{min-height:5em;font-weight:400;border:1px solid #eeeff0;border-radius:5px}.box-comment textarea:focus{border:1px solid #596771}.box-comment textarea::-webkit-input-placeholder{color:#ccc}.box-comment textarea::-moz-placeholder{color:#ccc}.box-comment textarea::-ms-input-placeholder{color:#ccc}.box-comment textarea::placeholder{color:#ccc}.box-comment__login{display:-webkit-box;display:-ms-flexbox;display:flex;border:1px solid #edf5fc;border-radius:5px;padding:1em}.box-comment__legend{font-size:12px}.box-comment__user-image{border-radius:50%;position:relative;height:56px;width:56px;float:left}.box-comment__user-image--anon{margin:.25em .75em .25em .25em;background-color:#e8f2fc}.box-comment__user-image i{position:absolute;top:50%;left:50%;-webkit-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.box-comment__buttons{float:left}.box-comment__required{float:right}.box-comment__required>span{font-size:.8em}.box-comment__submit{position:relative;overflow:hidden}.box-comment__submit .loading.no-bg{display:none;width:30px;height:0;content:" ";overflow:visible;margin-bottom:5px;margin-left:-15px;margin-right:5px}.box-comment__submit .loading.no-bg:before{left:auto}.box-comment__submit>div:not(.loading){display:inline}.box-comment__suggestions__tooltip .tooltip__content{font-style:normal;padding-left:1.75em;font-size:.95em}.missing_permission{width:100%}.missing_permission__text{border:1px solid #edf5fc;border-radius:5px;padding:1em}@-webkit-keyframes background-fade-highlight{to{background-color:transparent}}@keyframes background-fade-highlight{to{background-color:transparent}}@media (max-width:767.98px){.sidebar-nav{padding-top:5.5rem}}.sidebar-nav a{text-decoration:none;color:#596771;font-size:14.4px;font-size:.9rem;display:block;line-height:1.6;margin-bottom:1rem;margin-top:1rem}.sidebar-nav a.current_item{position:relative;z-index:1;margin-bottom:1rem;margin-top:1rem;-webkit-transition:margin-bottom .3s,margin-top .3s;transition:margin-bottom .3s,margin-top .3s}.sidebar-nav a.current_item:before{content:"";position:absolute;top:-8px;top:-.5rem;bottom:-8px;bottom:-.5rem;left:-8px;left:-.5rem;right:-8px;right:-.5rem;background-color:#bffffd;z-index:-1}.sidebar-nav a:focus,.sidebar-nav a:hover{text-decoration:underline}.sidebar-nav>.sidebar-list--wrapper{padding:1rem}@media (min-width:768px){.sidebar-nav>.sidebar-list--wrapper{padding:0}}.sidebar-nav>.sidebar-list--wrapper>ul>li{padding:.1rem 3rem .1rem 1rem}.sidebar-nav>.sidebar-list--wrapper>ul>li>a{font-weight:700}.sidebar-nav>.sidebar-list--wrapper ul{list-style-type:none;padding-left:0;margin-bottom:0}.sidebar-nav>.sidebar-list--wrapper ul.current>li.current{background-color:#f6fbff}.sidebar-nav>.sidebar-list--wrapper ul.current>li.current a{color:#004e95}.sidebar-nav>.sidebar-list--wrapper ul ul{padding-left:1rem}.sidebar-nav>.sidebar-list--wrapper.figures-index--menu,.sidebar-nav>.sidebar-list--wrapper.glossary-mobile--menu,.sidebar-nav>.sidebar-list--wrapper.table-index--menu{padding-top:1rem}.sidebar-nav>.sidebar-list--wrapper.figures-index--menu>ul>li,.sidebar-nav>.sidebar-list--wrapper.glossary-mobile--menu>ul>li,.sidebar-nav>.sidebar-list--wrapper.table-index--menu>ul>li{padding-bottom:0;padding-top:.5rem}#glossary-page>.chapter-header{display:none}#glossary-page .chapter-header{padding-top:2rem;padding-bottom:2rem;padding-left:.5rem;overflow:hidden}#glossary-page .chapter-header h2{font-size:128px;font-size:8rem;font-family:Lora,serif;line-height:1}#glossary-page .glossary-page__btn{border:0;background:none;cursor:pointer;color:#0073e6;display:block;width:100%;text-align:left;text-transform:uppercase;-webkit-transition:color .3s;transition:color .3s}#glossary-page .glossary-page__btn .docs-icon-minus,#glossary-page .glossary-page__btn .docs-icon-plus{color:#0073e6}#glossary-page .glossary-page__btn .docs-icon-minus{display:inline-block}#glossary-page .glossary-page__btn .docs-icon-plus{display:none}#glossary-page .glossary-page__btn.collapsed{color:#596771}#glossary-page .glossary-page__btn.collapsed .docs-icon-minus{display:none}#glossary-page .glossary-page__btn.collapsed .docs-icon-plus{display:inline-block}#glossary-page .term-content{padding-left:2.3rem}#glossary-page .term-content,#glossary-page .term-content p{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}#glossary-page .term-content:last-of-type.show,#glossary-page dt:last-of-type .glossary-page__btn.collapsed{border-bottom:2px solid #eaebed}.glossary-page__copy-link-wrap{color:#0073e6}.glossary-page__copy-link{background:none;border:none;color:#0073e6;cursor:pointer}@media (max-width:767.98px){.return-to-top{bottom:4rem}}.return-to-top i:before{margin:0}@media (max-width:767.98px){.modal.modal-sm-full .modal-dialog{margin:0;max-width:none}.modal.modal-sm-full .modal-dialog .modal-content{margin:0;width:100vw;height:100vh;border-radius:0!important;border:none}}@font-face{font-family:italia-icon-font;src:url(../font/italia-icon-font.eot?94539880);src:url(../font/italia-icon-font.eot?94539880#iefix) format("embedded-opentype"),url(../font/italia-icon-font.woff2?94539880) format("woff2"),url(../font/italia-icon-font.woff?94539880) format("woff"),url(../font/italia-icon-font.ttf?94539880) format("truetype"),url(../font/italia-icon-font.svg?94539880#italia-icon-font) format("svg");font-weight:400;font-style:normal}[class*=" it-"]:before,[class^=it-]:before{font-family:italia-icon-font;font-style:normal;font-weight:400;speak:none;display:inline-block;text-decoration:inherit;width:1em;margin-right:.2em;text-align:center;font-variant:normal;text-transform:none;line-height:1em;font-smoothing:antialiased}.it-app:before{content:"\e800"}.it-app-1:before{content:"\e801"}.it-arrow-down:before{content:"\e802"}.it-arrow-left:before{content:"\e803"}.it-arrow-right:before{content:"\e804"}.it-arrow-up:before{content:"\e805"}.it-behance:before{content:"\e806"}.it-calendar:before{content:"\e807"}.it-camera:before{content:"\e808"}.it-cancel:before{content:"\e809"}.it-check:before{content:"\e80a"}.it-chevron-left:before{content:"\e80d"}.it-chevron-right:before{content:"\e80e"}.it-close:before{content:"\e80f"}.it-collapse:before{content:"\e810"}.it-comment:before{content:"\e811"}.it-copy:before{content:"\e812"}.it-download:before{content:"\e813"}.it-drop-down:before{content:"\e814"}.it-drop-up:before{content:"\e815"}.it-help:before{content:"\e816"}.it-expand-media:before{content:"\e817"}.it-expand:before{content:"\e818"}.it-external-link:before{content:"\e819"}.it-facebook:before{content:"\e81a"}.it-favorite:before{content:"\e81b"}.it-file:before{content:"\e81c"}.it-flickr:before{content:"\e81d"}.it-github:before{content:"\e81e"}.it-googleplus:before{content:"\e81f"}.it-no:before{content:"\e820"}.it-instagram:before{content:"\e821"}.it-link:before{content:"\e822"}.it-linkedin:before{content:"\e823"}.it-list:before{content:"\e824"}.it-lock:before{content:"\e825"}.it-mail:before{content:"\e826"}.it-medium:before{content:"\e827"}.it-more-actions:before{content:"\e828"}.it-more-items:before{content:"\e829"}.it-pdf:before{content:"\e82a"}.it-pin:before{content:"\e82b"}.it-print:before{content:"\e82c"}.it-refresh:before{content:"\e82f"}.it-rss:before{content:"\e830"}.it-search:before{content:"\e831"}.it-settings:before{content:"\e832"}.it-share:before{content:"\e833"}.it-slideshare:before{content:"\e834"}.it-twitter:before{content:"\e835"}.it-unlock:before{content:"\e836"}.it-upload:before{content:"\e837"}.it-video:before{content:"\e838"}.it-warning:before{content:"\e839"}.it-whatsapp:before{content:"\e83a"}.it-youtube-text:before{content:"\e83b"}.it-youtube:before{content:"\e83c"}.it-zoom-in:before{content:"\e83d"}.it-zoom-out:before{content:"\e83e"}.it-error:before{content:"\e83f"}.it-info:before{content:"\e840"}.it-paper-plane:before{content:"\e841"} \ No newline at end of file diff --git a/refs/pull/201/merge/en/_static/data/glossary.json b/refs/pull/201/merge/en/_static/data/glossary.json new file mode 100644 index 000000000..9e26dfeeb --- /dev/null +++ b/refs/pull/201/merge/en/_static/data/glossary.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/refs/pull/201/merge/en/_static/doctools.js b/refs/pull/201/merge/en/_static/doctools.js new file mode 100644 index 000000000..c3db08d1c --- /dev/null +++ b/refs/pull/201/merge/en/_static/doctools.js @@ -0,0 +1,264 @@ +/* + * doctools.js + * ~~~~~~~~~~~ + * + * Base JavaScript utilities for all Sphinx HTML documentation. + * + * :copyright: Copyright 2007-2022 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ +"use strict"; + +const _ready = (callback) => { + if (document.readyState !== "loading") { + callback(); + } else { + document.addEventListener("DOMContentLoaded", callback); + } +}; + +/** + * highlight a given string on a node by wrapping it in + * span elements with the given class name. + */ +const _highlight = (node, addItems, text, className) => { + if (node.nodeType === Node.TEXT_NODE) { + const val = node.nodeValue; + const parent = node.parentNode; + const pos = val.toLowerCase().indexOf(text); + if ( + pos >= 0 && + !parent.classList.contains(className) && + !parent.classList.contains("nohighlight") + ) { + let span; + + const closestNode = parent.closest("body, svg, foreignObject"); + const isInSVG = closestNode && closestNode.matches("svg"); + if (isInSVG) { + span = document.createElementNS("http://www.w3.org/2000/svg", "tspan"); + } else { + span = document.createElement("span"); + span.classList.add(className); + } + + span.appendChild(document.createTextNode(val.substr(pos, text.length))); + parent.insertBefore( + span, + parent.insertBefore( + document.createTextNode(val.substr(pos + text.length)), + node.nextSibling + ) + ); + node.nodeValue = val.substr(0, pos); + + if (isInSVG) { + const rect = document.createElementNS( + "http://www.w3.org/2000/svg", + "rect" + ); + const bbox = parent.getBBox(); + rect.x.baseVal.value = bbox.x; + rect.y.baseVal.value = bbox.y; + rect.width.baseVal.value = bbox.width; + rect.height.baseVal.value = bbox.height; + rect.setAttribute("class", className); + addItems.push({ parent: parent, target: rect }); + } + } + } else if (node.matches && !node.matches("button, select, textarea")) { + node.childNodes.forEach((el) => _highlight(el, addItems, text, className)); + } +}; +const _highlightText = (thisNode, text, className) => { + let addItems = []; + _highlight(thisNode, addItems, text, className); + addItems.forEach((obj) => + obj.parent.insertAdjacentElement("beforebegin", obj.target) + ); +}; + +/** + * Small JavaScript module for the documentation. + */ +const Documentation = { + init: () => { + Documentation.highlightSearchWords(); + Documentation.initDomainIndexTable(); + Documentation.initOnKeyListeners(); + }, + + /** + * i18n support + */ + TRANSLATIONS: {}, + PLURAL_EXPR: (n) => (n === 1 ? 0 : 1), + LOCALE: "unknown", + + // gettext and ngettext don't access this so that the functions + // can safely bound to a different name (_ = Documentation.gettext) + gettext: (string) => { + const translated = Documentation.TRANSLATIONS[string]; + switch (typeof translated) { + case "undefined": + return string; // no translation + case "string": + return translated; // translation exists + default: + return translated[0]; // (singular, plural) translation tuple exists + } + }, + + ngettext: (singular, plural, n) => { + const translated = Documentation.TRANSLATIONS[singular]; + if (typeof translated !== "undefined") + return translated[Documentation.PLURAL_EXPR(n)]; + return n === 1 ? singular : plural; + }, + + addTranslations: (catalog) => { + Object.assign(Documentation.TRANSLATIONS, catalog.messages); + Documentation.PLURAL_EXPR = new Function( + "n", + `return (${catalog.plural_expr})` + ); + Documentation.LOCALE = catalog.locale; + }, + + /** + * highlight the search words provided in the url in the text + */ + highlightSearchWords: () => { + const highlight = + new URLSearchParams(window.location.search).get("highlight") || ""; + const terms = highlight.toLowerCase().split(/\s+/).filter(x => x); + if (terms.length === 0) return; // nothing to do + + // There should never be more than one element matching "div.body" + const divBody = document.querySelectorAll("div.body"); + const body = divBody.length ? divBody[0] : document.querySelector("body"); + window.setTimeout(() => { + terms.forEach((term) => _highlightText(body, term, "highlighted")); + }, 10); + + const searchBox = document.getElementById("searchbox"); + if (searchBox === null) return; + searchBox.appendChild( + document + .createRange() + .createContextualFragment( + '

' + + '' + + Documentation.gettext("Hide Search Matches") + + "

" + ) + ); + }, + + /** + * helper function to hide the search marks again + */ + hideSearchWords: () => { + document + .querySelectorAll("#searchbox .highlight-link") + .forEach((el) => el.remove()); + document + .querySelectorAll("span.highlighted") + .forEach((el) => el.classList.remove("highlighted")); + const url = new URL(window.location); + url.searchParams.delete("highlight"); + window.history.replaceState({}, "", url); + }, + + /** + * helper function to focus on search bar + */ + focusSearchBar: () => { + document.querySelectorAll("input[name=q]")[0]?.focus(); + }, + + /** + * Initialise the domain index toggle buttons + */ + initDomainIndexTable: () => { + const toggler = (el) => { + const idNumber = el.id.substr(7); + const toggledRows = document.querySelectorAll(`tr.cg-${idNumber}`); + if (el.src.substr(-9) === "minus.png") { + el.src = `${el.src.substr(0, el.src.length - 9)}plus.png`; + toggledRows.forEach((el) => (el.style.display = "none")); + } else { + el.src = `${el.src.substr(0, el.src.length - 8)}minus.png`; + toggledRows.forEach((el) => (el.style.display = "")); + } + }; + + const togglerElements = document.querySelectorAll("img.toggler"); + togglerElements.forEach((el) => + el.addEventListener("click", (event) => toggler(event.currentTarget)) + ); + togglerElements.forEach((el) => (el.style.display = "")); + if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) togglerElements.forEach(toggler); + }, + + initOnKeyListeners: () => { + // only install a listener if it is really needed + if ( + !DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS && + !DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS + ) + return; + + const blacklistedElements = new Set([ + "TEXTAREA", + "INPUT", + "SELECT", + "BUTTON", + ]); + document.addEventListener("keydown", (event) => { + if (blacklistedElements.has(document.activeElement.tagName)) return; // bail for input elements + if (event.altKey || event.ctrlKey || event.metaKey) return; // bail with special keys + + if (!event.shiftKey) { + switch (event.key) { + case "ArrowLeft": + if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break; + + const prevLink = document.querySelector('link[rel="prev"]'); + if (prevLink && prevLink.href) { + window.location.href = prevLink.href; + event.preventDefault(); + } + break; + case "ArrowRight": + if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break; + + const nextLink = document.querySelector('link[rel="next"]'); + if (nextLink && nextLink.href) { + window.location.href = nextLink.href; + event.preventDefault(); + } + break; + case "Escape": + if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) break; + Documentation.hideSearchWords(); + event.preventDefault(); + } + } + + // some keyboard layouts may need Shift to get / + switch (event.key) { + case "/": + if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) break; + Documentation.focusSearchBar(); + event.preventDefault(); + } + }); + }, +}; + +// quick alias for translations +const _ = Documentation.gettext; + +_ready(Documentation.init); diff --git a/refs/pull/201/merge/en/_static/documentation_options.js b/refs/pull/201/merge/en/_static/documentation_options.js new file mode 100644 index 000000000..860ac2179 --- /dev/null +++ b/refs/pull/201/merge/en/_static/documentation_options.js @@ -0,0 +1,14 @@ +var DOCUMENTATION_OPTIONS = { + URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'), + VERSION: 'version: latest', + LANGUAGE: 'en', + COLLAPSE_INDEX: false, + BUILDER: 'html', + FILE_SUFFIX: '.html', + LINK_SUFFIX: '.html', + HAS_SOURCE: true, + SOURCELINK_SUFFIX: '.txt', + NAVIGATION_WITH_KEYS: false, + SHOW_SEARCH_SUMMARY: true, + ENABLE_SEARCH_SHORTCUTS: false, +}; \ No newline at end of file diff --git a/refs/pull/201/merge/en/_static/file.png b/refs/pull/201/merge/en/_static/file.png new file mode 100644 index 000000000..a858a410e Binary files /dev/null and b/refs/pull/201/merge/en/_static/file.png differ diff --git a/refs/pull/201/merge/en/_static/font/docs-italia.eot b/refs/pull/201/merge/en/_static/font/docs-italia.eot new file mode 100644 index 000000000..169c6163b Binary files /dev/null and b/refs/pull/201/merge/en/_static/font/docs-italia.eot differ diff --git a/refs/pull/201/merge/en/_static/font/docs-italia.svg b/refs/pull/201/merge/en/_static/font/docs-italia.svg new file mode 100644 index 000000000..aac6164e3 --- /dev/null +++ b/refs/pull/201/merge/en/_static/font/docs-italia.svg @@ -0,0 +1,68 @@ + + + +Generated by IcoMoon + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/_static/font/docs-italia.ttf b/refs/pull/201/merge/en/_static/font/docs-italia.ttf new file mode 100644 index 000000000..96a7767f4 Binary files /dev/null and b/refs/pull/201/merge/en/_static/font/docs-italia.ttf differ diff --git a/refs/pull/201/merge/en/_static/font/docs-italia.woff b/refs/pull/201/merge/en/_static/font/docs-italia.woff new file mode 100644 index 000000000..cda2cacb9 Binary files /dev/null and b/refs/pull/201/merge/en/_static/font/docs-italia.woff differ diff --git a/refs/pull/201/merge/en/_static/font/italia-icon-font.eot b/refs/pull/201/merge/en/_static/font/italia-icon-font.eot new file mode 100644 index 000000000..5242e5383 Binary files /dev/null and b/refs/pull/201/merge/en/_static/font/italia-icon-font.eot differ diff --git a/refs/pull/201/merge/en/_static/font/italia-icon-font.svg b/refs/pull/201/merge/en/_static/font/italia-icon-font.svg new file mode 100644 index 000000000..183080348 --- /dev/null +++ b/refs/pull/201/merge/en/_static/font/italia-icon-font.svg @@ -0,0 +1,134 @@ + + + +Copyright (C) 2018 by original authors @ fontello.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/_static/font/italia-icon-font.ttf b/refs/pull/201/merge/en/_static/font/italia-icon-font.ttf new file mode 100644 index 000000000..f290bd6e0 Binary files /dev/null and b/refs/pull/201/merge/en/_static/font/italia-icon-font.ttf differ diff --git a/refs/pull/201/merge/en/_static/font/italia-icon-font.woff b/refs/pull/201/merge/en/_static/font/italia-icon-font.woff new file mode 100644 index 000000000..101f487bc Binary files /dev/null and b/refs/pull/201/merge/en/_static/font/italia-icon-font.woff differ diff --git a/refs/pull/201/merge/en/_static/font/italia-icon-font.woff2 b/refs/pull/201/merge/en/_static/font/italia-icon-font.woff2 new file mode 100644 index 000000000..4598d5a99 Binary files /dev/null and b/refs/pull/201/merge/en/_static/font/italia-icon-font.woff2 differ diff --git a/refs/pull/201/merge/en/_static/images/agid-logo.svg b/refs/pull/201/merge/en/_static/images/agid-logo.svg new file mode 100644 index 000000000..a81f5eb84 --- /dev/null +++ b/refs/pull/201/merge/en/_static/images/agid-logo.svg @@ -0,0 +1,25 @@ + + + +Logo dell&Agenzia per l&Italia Digitale +Emblema della Repubblica Italiana con accanto l&acronimo AGID + + + + + + + + + + + + + + + + + diff --git a/refs/pull/201/merge/en/_static/images/may.svg b/refs/pull/201/merge/en/_static/images/may.svg new file mode 100644 index 000000000..53670ba97 --- /dev/null +++ b/refs/pull/201/merge/en/_static/images/may.svg @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + + + + + + + diff --git a/refs/pull/201/merge/en/_static/images/must.svg b/refs/pull/201/merge/en/_static/images/must.svg new file mode 100644 index 000000000..177c3c51e --- /dev/null +++ b/refs/pull/201/merge/en/_static/images/must.svg @@ -0,0 +1,71 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/refs/pull/201/merge/en/_static/images/must_not.svg b/refs/pull/201/merge/en/_static/images/must_not.svg new file mode 100644 index 000000000..8c0c0d852 --- /dev/null +++ b/refs/pull/201/merge/en/_static/images/must_not.svg @@ -0,0 +1,65 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/refs/pull/201/merge/en/_static/images/should.svg b/refs/pull/201/merge/en/_static/images/should.svg new file mode 100644 index 000000000..c1f35d655 --- /dev/null +++ b/refs/pull/201/merge/en/_static/images/should.svg @@ -0,0 +1,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/refs/pull/201/merge/en/_static/images/should_not.svg b/refs/pull/201/merge/en/_static/images/should_not.svg new file mode 100644 index 000000000..88e64a64c --- /dev/null +++ b/refs/pull/201/merge/en/_static/images/should_not.svg @@ -0,0 +1,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/refs/pull/201/merge/en/_static/images/team-digitale-logo.svg b/refs/pull/201/merge/en/_static/images/team-digitale-logo.svg new file mode 100644 index 000000000..fa557011d --- /dev/null +++ b/refs/pull/201/merge/en/_static/images/team-digitale-logo.svg @@ -0,0 +1,15 @@ + + + + + + + + + diff --git a/refs/pull/201/merge/en/_static/jquery-3.6.0.js b/refs/pull/201/merge/en/_static/jquery-3.6.0.js new file mode 100644 index 000000000..fc6c299b7 --- /dev/null +++ b/refs/pull/201/merge/en/_static/jquery-3.6.0.js @@ -0,0 +1,10881 @@ +/*! + * jQuery JavaScript Library v3.6.0 + * https://jquery.com/ + * + * Includes Sizzle.js + * https://sizzlejs.com/ + * + * Copyright OpenJS Foundation and other contributors + * Released under the MIT license + * https://jquery.org/license + * + * Date: 2021-03-02T17:08Z + */ +( function( global, factory ) { + + "use strict"; + + if ( typeof module === "object" && typeof module.exports === "object" ) { + + // For CommonJS and CommonJS-like environments where a proper `window` + // is present, execute the factory and get jQuery. + // For environments that do not have a `window` with a `document` + // (such as Node.js), expose a factory as module.exports. + // This accentuates the need for the creation of a real `window`. + // e.g. var jQuery = require("jquery")(window); + // See ticket #14549 for more info. + module.exports = global.document ? + factory( global, true ) : + function( w ) { + if ( !w.document ) { + throw new Error( "jQuery requires a window with a document" ); + } + return factory( w ); + }; + } else { + factory( global ); + } + +// Pass this if window is not defined yet +} )( typeof window !== "undefined" ? window : this, function( window, noGlobal ) { + +// Edge <= 12 - 13+, Firefox <=18 - 45+, IE 10 - 11, Safari 5.1 - 9+, iOS 6 - 9.1 +// throw exceptions when non-strict code (e.g., ASP.NET 4.5) accesses strict mode +// arguments.callee.caller (trac-13335). But as of jQuery 3.0 (2016), strict mode should be common +// enough that all such attempts are guarded in a try block. +"use strict"; + +var arr = []; + +var getProto = Object.getPrototypeOf; + +var slice = arr.slice; + +var flat = arr.flat ? function( array ) { + return arr.flat.call( array ); +} : function( array ) { + return arr.concat.apply( [], array ); +}; + + +var push = arr.push; + +var indexOf = arr.indexOf; + +var class2type = {}; + +var toString = class2type.toString; + +var hasOwn = class2type.hasOwnProperty; + +var fnToString = hasOwn.toString; + +var ObjectFunctionString = fnToString.call( Object ); + +var support = {}; + +var isFunction = function isFunction( obj ) { + + // Support: Chrome <=57, Firefox <=52 + // In some browsers, typeof returns "function" for HTML elements + // (i.e., `typeof document.createElement( "object" ) === "function"`). + // We don't want to classify *any* DOM node as a function. + // Support: QtWeb <=3.8.5, WebKit <=534.34, wkhtmltopdf tool <=0.12.5 + // Plus for old WebKit, typeof returns "function" for HTML collections + // (e.g., `typeof document.getElementsByTagName("div") === "function"`). (gh-4756) + return typeof obj === "function" && typeof obj.nodeType !== "number" && + typeof obj.item !== "function"; + }; + + +var isWindow = function isWindow( obj ) { + return obj != null && obj === obj.window; + }; + + +var document = window.document; + + + + var preservedScriptAttributes = { + type: true, + src: true, + nonce: true, + noModule: true + }; + + function DOMEval( code, node, doc ) { + doc = doc || document; + + var i, val, + script = doc.createElement( "script" ); + + script.text = code; + if ( node ) { + for ( i in preservedScriptAttributes ) { + + // Support: Firefox 64+, Edge 18+ + // Some browsers don't support the "nonce" property on scripts. + // On the other hand, just using `getAttribute` is not enough as + // the `nonce` attribute is reset to an empty string whenever it + // becomes browsing-context connected. + // See https://github.com/whatwg/html/issues/2369 + // See https://html.spec.whatwg.org/#nonce-attributes + // The `node.getAttribute` check was added for the sake of + // `jQuery.globalEval` so that it can fake a nonce-containing node + // via an object. + val = node[ i ] || node.getAttribute && node.getAttribute( i ); + if ( val ) { + script.setAttribute( i, val ); + } + } + } + doc.head.appendChild( script ).parentNode.removeChild( script ); + } + + +function toType( obj ) { + if ( obj == null ) { + return obj + ""; + } + + // Support: Android <=2.3 only (functionish RegExp) + return typeof obj === "object" || typeof obj === "function" ? + class2type[ toString.call( obj ) ] || "object" : + typeof obj; +} +/* global Symbol */ +// Defining this global in .eslintrc.json would create a danger of using the global +// unguarded in another place, it seems safer to define global only for this module + + + +var + version = "3.6.0", + + // Define a local copy of jQuery + jQuery = function( selector, context ) { + + // The jQuery object is actually just the init constructor 'enhanced' + // Need init if jQuery is called (just allow error to be thrown if not included) + return new jQuery.fn.init( selector, context ); + }; + +jQuery.fn = jQuery.prototype = { + + // The current version of jQuery being used + jquery: version, + + constructor: jQuery, + + // The default length of a jQuery object is 0 + length: 0, + + toArray: function() { + return slice.call( this ); + }, + + // Get the Nth element in the matched element set OR + // Get the whole matched element set as a clean array + get: function( num ) { + + // Return all the elements in a clean array + if ( num == null ) { + return slice.call( this ); + } + + // Return just the one element from the set + return num < 0 ? this[ num + this.length ] : this[ num ]; + }, + + // Take an array of elements and push it onto the stack + // (returning the new matched element set) + pushStack: function( elems ) { + + // Build a new jQuery matched element set + var ret = jQuery.merge( this.constructor(), elems ); + + // Add the old object onto the stack (as a reference) + ret.prevObject = this; + + // Return the newly-formed element set + return ret; + }, + + // Execute a callback for every element in the matched set. + each: function( callback ) { + return jQuery.each( this, callback ); + }, + + map: function( callback ) { + return this.pushStack( jQuery.map( this, function( elem, i ) { + return callback.call( elem, i, elem ); + } ) ); + }, + + slice: function() { + return this.pushStack( slice.apply( this, arguments ) ); + }, + + first: function() { + return this.eq( 0 ); + }, + + last: function() { + return this.eq( -1 ); + }, + + even: function() { + return this.pushStack( jQuery.grep( this, function( _elem, i ) { + return ( i + 1 ) % 2; + } ) ); + }, + + odd: function() { + return this.pushStack( jQuery.grep( this, function( _elem, i ) { + return i % 2; + } ) ); + }, + + eq: function( i ) { + var len = this.length, + j = +i + ( i < 0 ? len : 0 ); + return this.pushStack( j >= 0 && j < len ? [ this[ j ] ] : [] ); + }, + + end: function() { + return this.prevObject || this.constructor(); + }, + + // For internal use only. + // Behaves like an Array's method, not like a jQuery method. + push: push, + sort: arr.sort, + splice: arr.splice +}; + +jQuery.extend = jQuery.fn.extend = function() { + var options, name, src, copy, copyIsArray, clone, + target = arguments[ 0 ] || {}, + i = 1, + length = arguments.length, + deep = false; + + // Handle a deep copy situation + if ( typeof target === "boolean" ) { + deep = target; + + // Skip the boolean and the target + target = arguments[ i ] || {}; + i++; + } + + // Handle case when target is a string or something (possible in deep copy) + if ( typeof target !== "object" && !isFunction( target ) ) { + target = {}; + } + + // Extend jQuery itself if only one argument is passed + if ( i === length ) { + target = this; + i--; + } + + for ( ; i < length; i++ ) { + + // Only deal with non-null/undefined values + if ( ( options = arguments[ i ] ) != null ) { + + // Extend the base object + for ( name in options ) { + copy = options[ name ]; + + // Prevent Object.prototype pollution + // Prevent never-ending loop + if ( name === "__proto__" || target === copy ) { + continue; + } + + // Recurse if we're merging plain objects or arrays + if ( deep && copy && ( jQuery.isPlainObject( copy ) || + ( copyIsArray = Array.isArray( copy ) ) ) ) { + src = target[ name ]; + + // Ensure proper type for the source value + if ( copyIsArray && !Array.isArray( src ) ) { + clone = []; + } else if ( !copyIsArray && !jQuery.isPlainObject( src ) ) { + clone = {}; + } else { + clone = src; + } + copyIsArray = false; + + // Never move original objects, clone them + target[ name ] = jQuery.extend( deep, clone, copy ); + + // Don't bring in undefined values + } else if ( copy !== undefined ) { + target[ name ] = copy; + } + } + } + } + + // Return the modified object + return target; +}; + +jQuery.extend( { + + // Unique for each copy of jQuery on the page + expando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ), + + // Assume jQuery is ready without the ready module + isReady: true, + + error: function( msg ) { + throw new Error( msg ); + }, + + noop: function() {}, + + isPlainObject: function( obj ) { + var proto, Ctor; + + // Detect obvious negatives + // Use toString instead of jQuery.type to catch host objects + if ( !obj || toString.call( obj ) !== "[object Object]" ) { + return false; + } + + proto = getProto( obj ); + + // Objects with no prototype (e.g., `Object.create( null )`) are plain + if ( !proto ) { + return true; + } + + // Objects with prototype are plain iff they were constructed by a global Object function + Ctor = hasOwn.call( proto, "constructor" ) && proto.constructor; + return typeof Ctor === "function" && fnToString.call( Ctor ) === ObjectFunctionString; + }, + + isEmptyObject: function( obj ) { + var name; + + for ( name in obj ) { + return false; + } + return true; + }, + + // Evaluates a script in a provided context; falls back to the global one + // if not specified. + globalEval: function( code, options, doc ) { + DOMEval( code, { nonce: options && options.nonce }, doc ); + }, + + each: function( obj, callback ) { + var length, i = 0; + + if ( isArrayLike( obj ) ) { + length = obj.length; + for ( ; i < length; i++ ) { + if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { + break; + } + } + } else { + for ( i in obj ) { + if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { + break; + } + } + } + + return obj; + }, + + // results is for internal usage only + makeArray: function( arr, results ) { + var ret = results || []; + + if ( arr != null ) { + if ( isArrayLike( Object( arr ) ) ) { + jQuery.merge( ret, + typeof arr === "string" ? + [ arr ] : arr + ); + } else { + push.call( ret, arr ); + } + } + + return ret; + }, + + inArray: function( elem, arr, i ) { + return arr == null ? -1 : indexOf.call( arr, elem, i ); + }, + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + merge: function( first, second ) { + var len = +second.length, + j = 0, + i = first.length; + + for ( ; j < len; j++ ) { + first[ i++ ] = second[ j ]; + } + + first.length = i; + + return first; + }, + + grep: function( elems, callback, invert ) { + var callbackInverse, + matches = [], + i = 0, + length = elems.length, + callbackExpect = !invert; + + // Go through the array, only saving the items + // that pass the validator function + for ( ; i < length; i++ ) { + callbackInverse = !callback( elems[ i ], i ); + if ( callbackInverse !== callbackExpect ) { + matches.push( elems[ i ] ); + } + } + + return matches; + }, + + // arg is for internal usage only + map: function( elems, callback, arg ) { + var length, value, + i = 0, + ret = []; + + // Go through the array, translating each of the items to their new values + if ( isArrayLike( elems ) ) { + length = elems.length; + for ( ; i < length; i++ ) { + value = callback( elems[ i ], i, arg ); + + if ( value != null ) { + ret.push( value ); + } + } + + // Go through every key on the object, + } else { + for ( i in elems ) { + value = callback( elems[ i ], i, arg ); + + if ( value != null ) { + ret.push( value ); + } + } + } + + // Flatten any nested arrays + return flat( ret ); + }, + + // A global GUID counter for objects + guid: 1, + + // jQuery.support is not used in Core but other projects attach their + // properties to it so it needs to exist. + support: support +} ); + +if ( typeof Symbol === "function" ) { + jQuery.fn[ Symbol.iterator ] = arr[ Symbol.iterator ]; +} + +// Populate the class2type map +jQuery.each( "Boolean Number String Function Array Date RegExp Object Error Symbol".split( " " ), + function( _i, name ) { + class2type[ "[object " + name + "]" ] = name.toLowerCase(); + } ); + +function isArrayLike( obj ) { + + // Support: real iOS 8.2 only (not reproducible in simulator) + // `in` check used to prevent JIT error (gh-2145) + // hasOwn isn't used here due to false negatives + // regarding Nodelist length in IE + var length = !!obj && "length" in obj && obj.length, + type = toType( obj ); + + if ( isFunction( obj ) || isWindow( obj ) ) { + return false; + } + + return type === "array" || length === 0 || + typeof length === "number" && length > 0 && ( length - 1 ) in obj; +} +var Sizzle = +/*! + * Sizzle CSS Selector Engine v2.3.6 + * https://sizzlejs.com/ + * + * Copyright JS Foundation and other contributors + * Released under the MIT license + * https://js.foundation/ + * + * Date: 2021-02-16 + */ +( function( window ) { +var i, + support, + Expr, + getText, + isXML, + tokenize, + compile, + select, + outermostContext, + sortInput, + hasDuplicate, + + // Local document vars + setDocument, + document, + docElem, + documentIsHTML, + rbuggyQSA, + rbuggyMatches, + matches, + contains, + + // Instance-specific data + expando = "sizzle" + 1 * new Date(), + preferredDoc = window.document, + dirruns = 0, + done = 0, + classCache = createCache(), + tokenCache = createCache(), + compilerCache = createCache(), + nonnativeSelectorCache = createCache(), + sortOrder = function( a, b ) { + if ( a === b ) { + hasDuplicate = true; + } + return 0; + }, + + // Instance methods + hasOwn = ( {} ).hasOwnProperty, + arr = [], + pop = arr.pop, + pushNative = arr.push, + push = arr.push, + slice = arr.slice, + + // Use a stripped-down indexOf as it's faster than native + // https://jsperf.com/thor-indexof-vs-for/5 + indexOf = function( list, elem ) { + var i = 0, + len = list.length; + for ( ; i < len; i++ ) { + if ( list[ i ] === elem ) { + return i; + } + } + return -1; + }, + + booleans = "checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|" + + "ismap|loop|multiple|open|readonly|required|scoped", + + // Regular expressions + + // http://www.w3.org/TR/css3-selectors/#whitespace + whitespace = "[\\x20\\t\\r\\n\\f]", + + // https://www.w3.org/TR/css-syntax-3/#ident-token-diagram + identifier = "(?:\\\\[\\da-fA-F]{1,6}" + whitespace + + "?|\\\\[^\\r\\n\\f]|[\\w-]|[^\0-\\x7f])+", + + // Attribute selectors: http://www.w3.org/TR/selectors/#attribute-selectors + attributes = "\\[" + whitespace + "*(" + identifier + ")(?:" + whitespace + + + // Operator (capture 2) + "*([*^$|!~]?=)" + whitespace + + + // "Attribute values must be CSS identifiers [capture 5] + // or strings [capture 3 or capture 4]" + "*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|(" + identifier + "))|)" + + whitespace + "*\\]", + + pseudos = ":(" + identifier + ")(?:\\((" + + + // To reduce the number of selectors needing tokenize in the preFilter, prefer arguments: + // 1. quoted (capture 3; capture 4 or capture 5) + "('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|" + + + // 2. simple (capture 6) + "((?:\\\\.|[^\\\\()[\\]]|" + attributes + ")*)|" + + + // 3. anything else (capture 2) + ".*" + + ")\\)|)", + + // Leading and non-escaped trailing whitespace, capturing some non-whitespace characters preceding the latter + rwhitespace = new RegExp( whitespace + "+", "g" ), + rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + + whitespace + "+$", "g" ), + + rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ), + rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + + "*" ), + rdescend = new RegExp( whitespace + "|>" ), + + rpseudo = new RegExp( pseudos ), + ridentifier = new RegExp( "^" + identifier + "$" ), + + matchExpr = { + "ID": new RegExp( "^#(" + identifier + ")" ), + "CLASS": new RegExp( "^\\.(" + identifier + ")" ), + "TAG": new RegExp( "^(" + identifier + "|[*])" ), + "ATTR": new RegExp( "^" + attributes ), + "PSEUDO": new RegExp( "^" + pseudos ), + "CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + + whitespace + "*(even|odd|(([+-]|)(\\d*)n|)" + whitespace + "*(?:([+-]|)" + + whitespace + "*(\\d+)|))" + whitespace + "*\\)|)", "i" ), + "bool": new RegExp( "^(?:" + booleans + ")$", "i" ), + + // For use in libraries implementing .is() + // We use this for POS matching in `select` + "needsContext": new RegExp( "^" + whitespace + + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" + whitespace + + "*((?:-\\d)?\\d*)" + whitespace + "*\\)|)(?=[^-]|$)", "i" ) + }, + + rhtml = /HTML$/i, + rinputs = /^(?:input|select|textarea|button)$/i, + rheader = /^h\d$/i, + + rnative = /^[^{]+\{\s*\[native \w/, + + // Easily-parseable/retrievable ID or TAG or CLASS selectors + rquickExpr = /^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/, + + rsibling = /[+~]/, + + // CSS escapes + // http://www.w3.org/TR/CSS21/syndata.html#escaped-characters + runescape = new RegExp( "\\\\[\\da-fA-F]{1,6}" + whitespace + "?|\\\\([^\\r\\n\\f])", "g" ), + funescape = function( escape, nonHex ) { + var high = "0x" + escape.slice( 1 ) - 0x10000; + + return nonHex ? + + // Strip the backslash prefix from a non-hex escape sequence + nonHex : + + // Replace a hexadecimal escape sequence with the encoded Unicode code point + // Support: IE <=11+ + // For values outside the Basic Multilingual Plane (BMP), manually construct a + // surrogate pair + high < 0 ? + String.fromCharCode( high + 0x10000 ) : + String.fromCharCode( high >> 10 | 0xD800, high & 0x3FF | 0xDC00 ); + }, + + // CSS string/identifier serialization + // https://drafts.csswg.org/cssom/#common-serializing-idioms + rcssescape = /([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g, + fcssescape = function( ch, asCodePoint ) { + if ( asCodePoint ) { + + // U+0000 NULL becomes U+FFFD REPLACEMENT CHARACTER + if ( ch === "\0" ) { + return "\uFFFD"; + } + + // Control characters and (dependent upon position) numbers get escaped as code points + return ch.slice( 0, -1 ) + "\\" + + ch.charCodeAt( ch.length - 1 ).toString( 16 ) + " "; + } + + // Other potentially-special ASCII characters get backslash-escaped + return "\\" + ch; + }, + + // Used for iframes + // See setDocument() + // Removing the function wrapper causes a "Permission Denied" + // error in IE + unloadHandler = function() { + setDocument(); + }, + + inDisabledFieldset = addCombinator( + function( elem ) { + return elem.disabled === true && elem.nodeName.toLowerCase() === "fieldset"; + }, + { dir: "parentNode", next: "legend" } + ); + +// Optimize for push.apply( _, NodeList ) +try { + push.apply( + ( arr = slice.call( preferredDoc.childNodes ) ), + preferredDoc.childNodes + ); + + // Support: Android<4.0 + // Detect silently failing push.apply + // eslint-disable-next-line no-unused-expressions + arr[ preferredDoc.childNodes.length ].nodeType; +} catch ( e ) { + push = { apply: arr.length ? + + // Leverage slice if possible + function( target, els ) { + pushNative.apply( target, slice.call( els ) ); + } : + + // Support: IE<9 + // Otherwise append directly + function( target, els ) { + var j = target.length, + i = 0; + + // Can't trust NodeList.length + while ( ( target[ j++ ] = els[ i++ ] ) ) {} + target.length = j - 1; + } + }; +} + +function Sizzle( selector, context, results, seed ) { + var m, i, elem, nid, match, groups, newSelector, + newContext = context && context.ownerDocument, + + // nodeType defaults to 9, since context defaults to document + nodeType = context ? context.nodeType : 9; + + results = results || []; + + // Return early from calls with invalid selector or context + if ( typeof selector !== "string" || !selector || + nodeType !== 1 && nodeType !== 9 && nodeType !== 11 ) { + + return results; + } + + // Try to shortcut find operations (as opposed to filters) in HTML documents + if ( !seed ) { + setDocument( context ); + context = context || document; + + if ( documentIsHTML ) { + + // If the selector is sufficiently simple, try using a "get*By*" DOM method + // (excepting DocumentFragment context, where the methods don't exist) + if ( nodeType !== 11 && ( match = rquickExpr.exec( selector ) ) ) { + + // ID selector + if ( ( m = match[ 1 ] ) ) { + + // Document context + if ( nodeType === 9 ) { + if ( ( elem = context.getElementById( m ) ) ) { + + // Support: IE, Opera, Webkit + // TODO: identify versions + // getElementById can match elements by name instead of ID + if ( elem.id === m ) { + results.push( elem ); + return results; + } + } else { + return results; + } + + // Element context + } else { + + // Support: IE, Opera, Webkit + // TODO: identify versions + // getElementById can match elements by name instead of ID + if ( newContext && ( elem = newContext.getElementById( m ) ) && + contains( context, elem ) && + elem.id === m ) { + + results.push( elem ); + return results; + } + } + + // Type selector + } else if ( match[ 2 ] ) { + push.apply( results, context.getElementsByTagName( selector ) ); + return results; + + // Class selector + } else if ( ( m = match[ 3 ] ) && support.getElementsByClassName && + context.getElementsByClassName ) { + + push.apply( results, context.getElementsByClassName( m ) ); + return results; + } + } + + // Take advantage of querySelectorAll + if ( support.qsa && + !nonnativeSelectorCache[ selector + " " ] && + ( !rbuggyQSA || !rbuggyQSA.test( selector ) ) && + + // Support: IE 8 only + // Exclude object elements + ( nodeType !== 1 || context.nodeName.toLowerCase() !== "object" ) ) { + + newSelector = selector; + newContext = context; + + // qSA considers elements outside a scoping root when evaluating child or + // descendant combinators, which is not what we want. + // In such cases, we work around the behavior by prefixing every selector in the + // list with an ID selector referencing the scope context. + // The technique has to be used as well when a leading combinator is used + // as such selectors are not recognized by querySelectorAll. + // Thanks to Andrew Dupont for this technique. + if ( nodeType === 1 && + ( rdescend.test( selector ) || rcombinators.test( selector ) ) ) { + + // Expand context for sibling selectors + newContext = rsibling.test( selector ) && testContext( context.parentNode ) || + context; + + // We can use :scope instead of the ID hack if the browser + // supports it & if we're not changing the context. + if ( newContext !== context || !support.scope ) { + + // Capture the context ID, setting it first if necessary + if ( ( nid = context.getAttribute( "id" ) ) ) { + nid = nid.replace( rcssescape, fcssescape ); + } else { + context.setAttribute( "id", ( nid = expando ) ); + } + } + + // Prefix every selector in the list + groups = tokenize( selector ); + i = groups.length; + while ( i-- ) { + groups[ i ] = ( nid ? "#" + nid : ":scope" ) + " " + + toSelector( groups[ i ] ); + } + newSelector = groups.join( "," ); + } + + try { + push.apply( results, + newContext.querySelectorAll( newSelector ) + ); + return results; + } catch ( qsaError ) { + nonnativeSelectorCache( selector, true ); + } finally { + if ( nid === expando ) { + context.removeAttribute( "id" ); + } + } + } + } + } + + // All others + return select( selector.replace( rtrim, "$1" ), context, results, seed ); +} + +/** + * Create key-value caches of limited size + * @returns {function(string, object)} Returns the Object data after storing it on itself with + * property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength) + * deleting the oldest entry + */ +function createCache() { + var keys = []; + + function cache( key, value ) { + + // Use (key + " ") to avoid collision with native prototype properties (see Issue #157) + if ( keys.push( key + " " ) > Expr.cacheLength ) { + + // Only keep the most recent entries + delete cache[ keys.shift() ]; + } + return ( cache[ key + " " ] = value ); + } + return cache; +} + +/** + * Mark a function for special use by Sizzle + * @param {Function} fn The function to mark + */ +function markFunction( fn ) { + fn[ expando ] = true; + return fn; +} + +/** + * Support testing using an element + * @param {Function} fn Passed the created element and returns a boolean result + */ +function assert( fn ) { + var el = document.createElement( "fieldset" ); + + try { + return !!fn( el ); + } catch ( e ) { + return false; + } finally { + + // Remove from its parent by default + if ( el.parentNode ) { + el.parentNode.removeChild( el ); + } + + // release memory in IE + el = null; + } +} + +/** + * Adds the same handler for all of the specified attrs + * @param {String} attrs Pipe-separated list of attributes + * @param {Function} handler The method that will be applied + */ +function addHandle( attrs, handler ) { + var arr = attrs.split( "|" ), + i = arr.length; + + while ( i-- ) { + Expr.attrHandle[ arr[ i ] ] = handler; + } +} + +/** + * Checks document order of two siblings + * @param {Element} a + * @param {Element} b + * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b + */ +function siblingCheck( a, b ) { + var cur = b && a, + diff = cur && a.nodeType === 1 && b.nodeType === 1 && + a.sourceIndex - b.sourceIndex; + + // Use IE sourceIndex if available on both nodes + if ( diff ) { + return diff; + } + + // Check if b follows a + if ( cur ) { + while ( ( cur = cur.nextSibling ) ) { + if ( cur === b ) { + return -1; + } + } + } + + return a ? 1 : -1; +} + +/** + * Returns a function to use in pseudos for input types + * @param {String} type + */ +function createInputPseudo( type ) { + return function( elem ) { + var name = elem.nodeName.toLowerCase(); + return name === "input" && elem.type === type; + }; +} + +/** + * Returns a function to use in pseudos for buttons + * @param {String} type + */ +function createButtonPseudo( type ) { + return function( elem ) { + var name = elem.nodeName.toLowerCase(); + return ( name === "input" || name === "button" ) && elem.type === type; + }; +} + +/** + * Returns a function to use in pseudos for :enabled/:disabled + * @param {Boolean} disabled true for :disabled; false for :enabled + */ +function createDisabledPseudo( disabled ) { + + // Known :disabled false positives: fieldset[disabled] > legend:nth-of-type(n+2) :can-disable + return function( elem ) { + + // Only certain elements can match :enabled or :disabled + // https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled + // https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled + if ( "form" in elem ) { + + // Check for inherited disabledness on relevant non-disabled elements: + // * listed form-associated elements in a disabled fieldset + // https://html.spec.whatwg.org/multipage/forms.html#category-listed + // https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled + // * option elements in a disabled optgroup + // https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled + // All such elements have a "form" property. + if ( elem.parentNode && elem.disabled === false ) { + + // Option elements defer to a parent optgroup if present + if ( "label" in elem ) { + if ( "label" in elem.parentNode ) { + return elem.parentNode.disabled === disabled; + } else { + return elem.disabled === disabled; + } + } + + // Support: IE 6 - 11 + // Use the isDisabled shortcut property to check for disabled fieldset ancestors + return elem.isDisabled === disabled || + + // Where there is no isDisabled, check manually + /* jshint -W018 */ + elem.isDisabled !== !disabled && + inDisabledFieldset( elem ) === disabled; + } + + return elem.disabled === disabled; + + // Try to winnow out elements that can't be disabled before trusting the disabled property. + // Some victims get caught in our net (label, legend, menu, track), but it shouldn't + // even exist on them, let alone have a boolean value. + } else if ( "label" in elem ) { + return elem.disabled === disabled; + } + + // Remaining elements are neither :enabled nor :disabled + return false; + }; +} + +/** + * Returns a function to use in pseudos for positionals + * @param {Function} fn + */ +function createPositionalPseudo( fn ) { + return markFunction( function( argument ) { + argument = +argument; + return markFunction( function( seed, matches ) { + var j, + matchIndexes = fn( [], seed.length, argument ), + i = matchIndexes.length; + + // Match elements found at the specified indexes + while ( i-- ) { + if ( seed[ ( j = matchIndexes[ i ] ) ] ) { + seed[ j ] = !( matches[ j ] = seed[ j ] ); + } + } + } ); + } ); +} + +/** + * Checks a node for validity as a Sizzle context + * @param {Element|Object=} context + * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value + */ +function testContext( context ) { + return context && typeof context.getElementsByTagName !== "undefined" && context; +} + +// Expose support vars for convenience +support = Sizzle.support = {}; + +/** + * Detects XML nodes + * @param {Element|Object} elem An element or a document + * @returns {Boolean} True iff elem is a non-HTML XML node + */ +isXML = Sizzle.isXML = function( elem ) { + var namespace = elem && elem.namespaceURI, + docElem = elem && ( elem.ownerDocument || elem ).documentElement; + + // Support: IE <=8 + // Assume HTML when documentElement doesn't yet exist, such as inside loading iframes + // https://bugs.jquery.com/ticket/4833 + return !rhtml.test( namespace || docElem && docElem.nodeName || "HTML" ); +}; + +/** + * Sets document-related variables once based on the current document + * @param {Element|Object} [doc] An element or document object to use to set the document + * @returns {Object} Returns the current document + */ +setDocument = Sizzle.setDocument = function( node ) { + var hasCompare, subWindow, + doc = node ? node.ownerDocument || node : preferredDoc; + + // Return early if doc is invalid or already selected + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( doc == document || doc.nodeType !== 9 || !doc.documentElement ) { + return document; + } + + // Update global variables + document = doc; + docElem = document.documentElement; + documentIsHTML = !isXML( document ); + + // Support: IE 9 - 11+, Edge 12 - 18+ + // Accessing iframe documents after unload throws "permission denied" errors (jQuery #13936) + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( preferredDoc != document && + ( subWindow = document.defaultView ) && subWindow.top !== subWindow ) { + + // Support: IE 11, Edge + if ( subWindow.addEventListener ) { + subWindow.addEventListener( "unload", unloadHandler, false ); + + // Support: IE 9 - 10 only + } else if ( subWindow.attachEvent ) { + subWindow.attachEvent( "onunload", unloadHandler ); + } + } + + // Support: IE 8 - 11+, Edge 12 - 18+, Chrome <=16 - 25 only, Firefox <=3.6 - 31 only, + // Safari 4 - 5 only, Opera <=11.6 - 12.x only + // IE/Edge & older browsers don't support the :scope pseudo-class. + // Support: Safari 6.0 only + // Safari 6.0 supports :scope but it's an alias of :root there. + support.scope = assert( function( el ) { + docElem.appendChild( el ).appendChild( document.createElement( "div" ) ); + return typeof el.querySelectorAll !== "undefined" && + !el.querySelectorAll( ":scope fieldset div" ).length; + } ); + + /* Attributes + ---------------------------------------------------------------------- */ + + // Support: IE<8 + // Verify that getAttribute really returns attributes and not properties + // (excepting IE8 booleans) + support.attributes = assert( function( el ) { + el.className = "i"; + return !el.getAttribute( "className" ); + } ); + + /* getElement(s)By* + ---------------------------------------------------------------------- */ + + // Check if getElementsByTagName("*") returns only elements + support.getElementsByTagName = assert( function( el ) { + el.appendChild( document.createComment( "" ) ); + return !el.getElementsByTagName( "*" ).length; + } ); + + // Support: IE<9 + support.getElementsByClassName = rnative.test( document.getElementsByClassName ); + + // Support: IE<10 + // Check if getElementById returns elements by name + // The broken getElementById methods don't pick up programmatically-set names, + // so use a roundabout getElementsByName test + support.getById = assert( function( el ) { + docElem.appendChild( el ).id = expando; + return !document.getElementsByName || !document.getElementsByName( expando ).length; + } ); + + // ID filter and find + if ( support.getById ) { + Expr.filter[ "ID" ] = function( id ) { + var attrId = id.replace( runescape, funescape ); + return function( elem ) { + return elem.getAttribute( "id" ) === attrId; + }; + }; + Expr.find[ "ID" ] = function( id, context ) { + if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { + var elem = context.getElementById( id ); + return elem ? [ elem ] : []; + } + }; + } else { + Expr.filter[ "ID" ] = function( id ) { + var attrId = id.replace( runescape, funescape ); + return function( elem ) { + var node = typeof elem.getAttributeNode !== "undefined" && + elem.getAttributeNode( "id" ); + return node && node.value === attrId; + }; + }; + + // Support: IE 6 - 7 only + // getElementById is not reliable as a find shortcut + Expr.find[ "ID" ] = function( id, context ) { + if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { + var node, i, elems, + elem = context.getElementById( id ); + + if ( elem ) { + + // Verify the id attribute + node = elem.getAttributeNode( "id" ); + if ( node && node.value === id ) { + return [ elem ]; + } + + // Fall back on getElementsByName + elems = context.getElementsByName( id ); + i = 0; + while ( ( elem = elems[ i++ ] ) ) { + node = elem.getAttributeNode( "id" ); + if ( node && node.value === id ) { + return [ elem ]; + } + } + } + + return []; + } + }; + } + + // Tag + Expr.find[ "TAG" ] = support.getElementsByTagName ? + function( tag, context ) { + if ( typeof context.getElementsByTagName !== "undefined" ) { + return context.getElementsByTagName( tag ); + + // DocumentFragment nodes don't have gEBTN + } else if ( support.qsa ) { + return context.querySelectorAll( tag ); + } + } : + + function( tag, context ) { + var elem, + tmp = [], + i = 0, + + // By happy coincidence, a (broken) gEBTN appears on DocumentFragment nodes too + results = context.getElementsByTagName( tag ); + + // Filter out possible comments + if ( tag === "*" ) { + while ( ( elem = results[ i++ ] ) ) { + if ( elem.nodeType === 1 ) { + tmp.push( elem ); + } + } + + return tmp; + } + return results; + }; + + // Class + Expr.find[ "CLASS" ] = support.getElementsByClassName && function( className, context ) { + if ( typeof context.getElementsByClassName !== "undefined" && documentIsHTML ) { + return context.getElementsByClassName( className ); + } + }; + + /* QSA/matchesSelector + ---------------------------------------------------------------------- */ + + // QSA and matchesSelector support + + // matchesSelector(:active) reports false when true (IE9/Opera 11.5) + rbuggyMatches = []; + + // qSa(:focus) reports false when true (Chrome 21) + // We allow this because of a bug in IE8/9 that throws an error + // whenever `document.activeElement` is accessed on an iframe + // So, we allow :focus to pass through QSA all the time to avoid the IE error + // See https://bugs.jquery.com/ticket/13378 + rbuggyQSA = []; + + if ( ( support.qsa = rnative.test( document.querySelectorAll ) ) ) { + + // Build QSA regex + // Regex strategy adopted from Diego Perini + assert( function( el ) { + + var input; + + // Select is set to empty string on purpose + // This is to test IE's treatment of not explicitly + // setting a boolean content attribute, + // since its presence should be enough + // https://bugs.jquery.com/ticket/12359 + docElem.appendChild( el ).innerHTML = "" + + ""; + + // Support: IE8, Opera 11-12.16 + // Nothing should be selected when empty strings follow ^= or $= or *= + // The test attribute must be unknown in Opera but "safe" for WinRT + // https://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section + if ( el.querySelectorAll( "[msallowcapture^='']" ).length ) { + rbuggyQSA.push( "[*^$]=" + whitespace + "*(?:''|\"\")" ); + } + + // Support: IE8 + // Boolean attributes and "value" are not treated correctly + if ( !el.querySelectorAll( "[selected]" ).length ) { + rbuggyQSA.push( "\\[" + whitespace + "*(?:value|" + booleans + ")" ); + } + + // Support: Chrome<29, Android<4.4, Safari<7.0+, iOS<7.0+, PhantomJS<1.9.8+ + if ( !el.querySelectorAll( "[id~=" + expando + "-]" ).length ) { + rbuggyQSA.push( "~=" ); + } + + // Support: IE 11+, Edge 15 - 18+ + // IE 11/Edge don't find elements on a `[name='']` query in some cases. + // Adding a temporary attribute to the document before the selection works + // around the issue. + // Interestingly, IE 10 & older don't seem to have the issue. + input = document.createElement( "input" ); + input.setAttribute( "name", "" ); + el.appendChild( input ); + if ( !el.querySelectorAll( "[name='']" ).length ) { + rbuggyQSA.push( "\\[" + whitespace + "*name" + whitespace + "*=" + + whitespace + "*(?:''|\"\")" ); + } + + // Webkit/Opera - :checked should return selected option elements + // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked + // IE8 throws error here and will not see later tests + if ( !el.querySelectorAll( ":checked" ).length ) { + rbuggyQSA.push( ":checked" ); + } + + // Support: Safari 8+, iOS 8+ + // https://bugs.webkit.org/show_bug.cgi?id=136851 + // In-page `selector#id sibling-combinator selector` fails + if ( !el.querySelectorAll( "a#" + expando + "+*" ).length ) { + rbuggyQSA.push( ".#.+[+~]" ); + } + + // Support: Firefox <=3.6 - 5 only + // Old Firefox doesn't throw on a badly-escaped identifier. + el.querySelectorAll( "\\\f" ); + rbuggyQSA.push( "[\\r\\n\\f]" ); + } ); + + assert( function( el ) { + el.innerHTML = "" + + ""; + + // Support: Windows 8 Native Apps + // The type and name attributes are restricted during .innerHTML assignment + var input = document.createElement( "input" ); + input.setAttribute( "type", "hidden" ); + el.appendChild( input ).setAttribute( "name", "D" ); + + // Support: IE8 + // Enforce case-sensitivity of name attribute + if ( el.querySelectorAll( "[name=d]" ).length ) { + rbuggyQSA.push( "name" + whitespace + "*[*^$|!~]?=" ); + } + + // FF 3.5 - :enabled/:disabled and hidden elements (hidden elements are still enabled) + // IE8 throws error here and will not see later tests + if ( el.querySelectorAll( ":enabled" ).length !== 2 ) { + rbuggyQSA.push( ":enabled", ":disabled" ); + } + + // Support: IE9-11+ + // IE's :disabled selector does not pick up the children of disabled fieldsets + docElem.appendChild( el ).disabled = true; + if ( el.querySelectorAll( ":disabled" ).length !== 2 ) { + rbuggyQSA.push( ":enabled", ":disabled" ); + } + + // Support: Opera 10 - 11 only + // Opera 10-11 does not throw on post-comma invalid pseudos + el.querySelectorAll( "*,:x" ); + rbuggyQSA.push( ",.*:" ); + } ); + } + + if ( ( support.matchesSelector = rnative.test( ( matches = docElem.matches || + docElem.webkitMatchesSelector || + docElem.mozMatchesSelector || + docElem.oMatchesSelector || + docElem.msMatchesSelector ) ) ) ) { + + assert( function( el ) { + + // Check to see if it's possible to do matchesSelector + // on a disconnected node (IE 9) + support.disconnectedMatch = matches.call( el, "*" ); + + // This should fail with an exception + // Gecko does not error, returns false instead + matches.call( el, "[s!='']:x" ); + rbuggyMatches.push( "!=", pseudos ); + } ); + } + + rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join( "|" ) ); + rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join( "|" ) ); + + /* Contains + ---------------------------------------------------------------------- */ + hasCompare = rnative.test( docElem.compareDocumentPosition ); + + // Element contains another + // Purposefully self-exclusive + // As in, an element does not contain itself + contains = hasCompare || rnative.test( docElem.contains ) ? + function( a, b ) { + var adown = a.nodeType === 9 ? a.documentElement : a, + bup = b && b.parentNode; + return a === bup || !!( bup && bup.nodeType === 1 && ( + adown.contains ? + adown.contains( bup ) : + a.compareDocumentPosition && a.compareDocumentPosition( bup ) & 16 + ) ); + } : + function( a, b ) { + if ( b ) { + while ( ( b = b.parentNode ) ) { + if ( b === a ) { + return true; + } + } + } + return false; + }; + + /* Sorting + ---------------------------------------------------------------------- */ + + // Document order sorting + sortOrder = hasCompare ? + function( a, b ) { + + // Flag for duplicate removal + if ( a === b ) { + hasDuplicate = true; + return 0; + } + + // Sort on method existence if only one input has compareDocumentPosition + var compare = !a.compareDocumentPosition - !b.compareDocumentPosition; + if ( compare ) { + return compare; + } + + // Calculate position if both inputs belong to the same document + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + compare = ( a.ownerDocument || a ) == ( b.ownerDocument || b ) ? + a.compareDocumentPosition( b ) : + + // Otherwise we know they are disconnected + 1; + + // Disconnected nodes + if ( compare & 1 || + ( !support.sortDetached && b.compareDocumentPosition( a ) === compare ) ) { + + // Choose the first element that is related to our preferred document + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( a == document || a.ownerDocument == preferredDoc && + contains( preferredDoc, a ) ) { + return -1; + } + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( b == document || b.ownerDocument == preferredDoc && + contains( preferredDoc, b ) ) { + return 1; + } + + // Maintain original order + return sortInput ? + ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : + 0; + } + + return compare & 4 ? -1 : 1; + } : + function( a, b ) { + + // Exit early if the nodes are identical + if ( a === b ) { + hasDuplicate = true; + return 0; + } + + var cur, + i = 0, + aup = a.parentNode, + bup = b.parentNode, + ap = [ a ], + bp = [ b ]; + + // Parentless nodes are either documents or disconnected + if ( !aup || !bup ) { + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + /* eslint-disable eqeqeq */ + return a == document ? -1 : + b == document ? 1 : + /* eslint-enable eqeqeq */ + aup ? -1 : + bup ? 1 : + sortInput ? + ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : + 0; + + // If the nodes are siblings, we can do a quick check + } else if ( aup === bup ) { + return siblingCheck( a, b ); + } + + // Otherwise we need full lists of their ancestors for comparison + cur = a; + while ( ( cur = cur.parentNode ) ) { + ap.unshift( cur ); + } + cur = b; + while ( ( cur = cur.parentNode ) ) { + bp.unshift( cur ); + } + + // Walk down the tree looking for a discrepancy + while ( ap[ i ] === bp[ i ] ) { + i++; + } + + return i ? + + // Do a sibling check if the nodes have a common ancestor + siblingCheck( ap[ i ], bp[ i ] ) : + + // Otherwise nodes in our document sort first + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + /* eslint-disable eqeqeq */ + ap[ i ] == preferredDoc ? -1 : + bp[ i ] == preferredDoc ? 1 : + /* eslint-enable eqeqeq */ + 0; + }; + + return document; +}; + +Sizzle.matches = function( expr, elements ) { + return Sizzle( expr, null, null, elements ); +}; + +Sizzle.matchesSelector = function( elem, expr ) { + setDocument( elem ); + + if ( support.matchesSelector && documentIsHTML && + !nonnativeSelectorCache[ expr + " " ] && + ( !rbuggyMatches || !rbuggyMatches.test( expr ) ) && + ( !rbuggyQSA || !rbuggyQSA.test( expr ) ) ) { + + try { + var ret = matches.call( elem, expr ); + + // IE 9's matchesSelector returns false on disconnected nodes + if ( ret || support.disconnectedMatch || + + // As well, disconnected nodes are said to be in a document + // fragment in IE 9 + elem.document && elem.document.nodeType !== 11 ) { + return ret; + } + } catch ( e ) { + nonnativeSelectorCache( expr, true ); + } + } + + return Sizzle( expr, document, null, [ elem ] ).length > 0; +}; + +Sizzle.contains = function( context, elem ) { + + // Set document vars if needed + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( ( context.ownerDocument || context ) != document ) { + setDocument( context ); + } + return contains( context, elem ); +}; + +Sizzle.attr = function( elem, name ) { + + // Set document vars if needed + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( ( elem.ownerDocument || elem ) != document ) { + setDocument( elem ); + } + + var fn = Expr.attrHandle[ name.toLowerCase() ], + + // Don't get fooled by Object.prototype properties (jQuery #13807) + val = fn && hasOwn.call( Expr.attrHandle, name.toLowerCase() ) ? + fn( elem, name, !documentIsHTML ) : + undefined; + + return val !== undefined ? + val : + support.attributes || !documentIsHTML ? + elem.getAttribute( name ) : + ( val = elem.getAttributeNode( name ) ) && val.specified ? + val.value : + null; +}; + +Sizzle.escape = function( sel ) { + return ( sel + "" ).replace( rcssescape, fcssescape ); +}; + +Sizzle.error = function( msg ) { + throw new Error( "Syntax error, unrecognized expression: " + msg ); +}; + +/** + * Document sorting and removing duplicates + * @param {ArrayLike} results + */ +Sizzle.uniqueSort = function( results ) { + var elem, + duplicates = [], + j = 0, + i = 0; + + // Unless we *know* we can detect duplicates, assume their presence + hasDuplicate = !support.detectDuplicates; + sortInput = !support.sortStable && results.slice( 0 ); + results.sort( sortOrder ); + + if ( hasDuplicate ) { + while ( ( elem = results[ i++ ] ) ) { + if ( elem === results[ i ] ) { + j = duplicates.push( i ); + } + } + while ( j-- ) { + results.splice( duplicates[ j ], 1 ); + } + } + + // Clear input after sorting to release objects + // See https://github.com/jquery/sizzle/pull/225 + sortInput = null; + + return results; +}; + +/** + * Utility function for retrieving the text value of an array of DOM nodes + * @param {Array|Element} elem + */ +getText = Sizzle.getText = function( elem ) { + var node, + ret = "", + i = 0, + nodeType = elem.nodeType; + + if ( !nodeType ) { + + // If no nodeType, this is expected to be an array + while ( ( node = elem[ i++ ] ) ) { + + // Do not traverse comment nodes + ret += getText( node ); + } + } else if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) { + + // Use textContent for elements + // innerText usage removed for consistency of new lines (jQuery #11153) + if ( typeof elem.textContent === "string" ) { + return elem.textContent; + } else { + + // Traverse its children + for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { + ret += getText( elem ); + } + } + } else if ( nodeType === 3 || nodeType === 4 ) { + return elem.nodeValue; + } + + // Do not include comment or processing instruction nodes + + return ret; +}; + +Expr = Sizzle.selectors = { + + // Can be adjusted by the user + cacheLength: 50, + + createPseudo: markFunction, + + match: matchExpr, + + attrHandle: {}, + + find: {}, + + relative: { + ">": { dir: "parentNode", first: true }, + " ": { dir: "parentNode" }, + "+": { dir: "previousSibling", first: true }, + "~": { dir: "previousSibling" } + }, + + preFilter: { + "ATTR": function( match ) { + match[ 1 ] = match[ 1 ].replace( runescape, funescape ); + + // Move the given value to match[3] whether quoted or unquoted + match[ 3 ] = ( match[ 3 ] || match[ 4 ] || + match[ 5 ] || "" ).replace( runescape, funescape ); + + if ( match[ 2 ] === "~=" ) { + match[ 3 ] = " " + match[ 3 ] + " "; + } + + return match.slice( 0, 4 ); + }, + + "CHILD": function( match ) { + + /* matches from matchExpr["CHILD"] + 1 type (only|nth|...) + 2 what (child|of-type) + 3 argument (even|odd|\d*|\d*n([+-]\d+)?|...) + 4 xn-component of xn+y argument ([+-]?\d*n|) + 5 sign of xn-component + 6 x of xn-component + 7 sign of y-component + 8 y of y-component + */ + match[ 1 ] = match[ 1 ].toLowerCase(); + + if ( match[ 1 ].slice( 0, 3 ) === "nth" ) { + + // nth-* requires argument + if ( !match[ 3 ] ) { + Sizzle.error( match[ 0 ] ); + } + + // numeric x and y parameters for Expr.filter.CHILD + // remember that false/true cast respectively to 0/1 + match[ 4 ] = +( match[ 4 ] ? + match[ 5 ] + ( match[ 6 ] || 1 ) : + 2 * ( match[ 3 ] === "even" || match[ 3 ] === "odd" ) ); + match[ 5 ] = +( ( match[ 7 ] + match[ 8 ] ) || match[ 3 ] === "odd" ); + + // other types prohibit arguments + } else if ( match[ 3 ] ) { + Sizzle.error( match[ 0 ] ); + } + + return match; + }, + + "PSEUDO": function( match ) { + var excess, + unquoted = !match[ 6 ] && match[ 2 ]; + + if ( matchExpr[ "CHILD" ].test( match[ 0 ] ) ) { + return null; + } + + // Accept quoted arguments as-is + if ( match[ 3 ] ) { + match[ 2 ] = match[ 4 ] || match[ 5 ] || ""; + + // Strip excess characters from unquoted arguments + } else if ( unquoted && rpseudo.test( unquoted ) && + + // Get excess from tokenize (recursively) + ( excess = tokenize( unquoted, true ) ) && + + // advance to the next closing parenthesis + ( excess = unquoted.indexOf( ")", unquoted.length - excess ) - unquoted.length ) ) { + + // excess is a negative index + match[ 0 ] = match[ 0 ].slice( 0, excess ); + match[ 2 ] = unquoted.slice( 0, excess ); + } + + // Return only captures needed by the pseudo filter method (type and argument) + return match.slice( 0, 3 ); + } + }, + + filter: { + + "TAG": function( nodeNameSelector ) { + var nodeName = nodeNameSelector.replace( runescape, funescape ).toLowerCase(); + return nodeNameSelector === "*" ? + function() { + return true; + } : + function( elem ) { + return elem.nodeName && elem.nodeName.toLowerCase() === nodeName; + }; + }, + + "CLASS": function( className ) { + var pattern = classCache[ className + " " ]; + + return pattern || + ( pattern = new RegExp( "(^|" + whitespace + + ")" + className + "(" + whitespace + "|$)" ) ) && classCache( + className, function( elem ) { + return pattern.test( + typeof elem.className === "string" && elem.className || + typeof elem.getAttribute !== "undefined" && + elem.getAttribute( "class" ) || + "" + ); + } ); + }, + + "ATTR": function( name, operator, check ) { + return function( elem ) { + var result = Sizzle.attr( elem, name ); + + if ( result == null ) { + return operator === "!="; + } + if ( !operator ) { + return true; + } + + result += ""; + + /* eslint-disable max-len */ + + return operator === "=" ? result === check : + operator === "!=" ? result !== check : + operator === "^=" ? check && result.indexOf( check ) === 0 : + operator === "*=" ? check && result.indexOf( check ) > -1 : + operator === "$=" ? check && result.slice( -check.length ) === check : + operator === "~=" ? ( " " + result.replace( rwhitespace, " " ) + " " ).indexOf( check ) > -1 : + operator === "|=" ? result === check || result.slice( 0, check.length + 1 ) === check + "-" : + false; + /* eslint-enable max-len */ + + }; + }, + + "CHILD": function( type, what, _argument, first, last ) { + var simple = type.slice( 0, 3 ) !== "nth", + forward = type.slice( -4 ) !== "last", + ofType = what === "of-type"; + + return first === 1 && last === 0 ? + + // Shortcut for :nth-*(n) + function( elem ) { + return !!elem.parentNode; + } : + + function( elem, _context, xml ) { + var cache, uniqueCache, outerCache, node, nodeIndex, start, + dir = simple !== forward ? "nextSibling" : "previousSibling", + parent = elem.parentNode, + name = ofType && elem.nodeName.toLowerCase(), + useCache = !xml && !ofType, + diff = false; + + if ( parent ) { + + // :(first|last|only)-(child|of-type) + if ( simple ) { + while ( dir ) { + node = elem; + while ( ( node = node[ dir ] ) ) { + if ( ofType ? + node.nodeName.toLowerCase() === name : + node.nodeType === 1 ) { + + return false; + } + } + + // Reverse direction for :only-* (if we haven't yet done so) + start = dir = type === "only" && !start && "nextSibling"; + } + return true; + } + + start = [ forward ? parent.firstChild : parent.lastChild ]; + + // non-xml :nth-child(...) stores cache data on `parent` + if ( forward && useCache ) { + + // Seek `elem` from a previously-cached index + + // ...in a gzip-friendly way + node = parent; + outerCache = node[ expando ] || ( node[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + ( outerCache[ node.uniqueID ] = {} ); + + cache = uniqueCache[ type ] || []; + nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; + diff = nodeIndex && cache[ 2 ]; + node = nodeIndex && parent.childNodes[ nodeIndex ]; + + while ( ( node = ++nodeIndex && node && node[ dir ] || + + // Fallback to seeking `elem` from the start + ( diff = nodeIndex = 0 ) || start.pop() ) ) { + + // When found, cache indexes on `parent` and break + if ( node.nodeType === 1 && ++diff && node === elem ) { + uniqueCache[ type ] = [ dirruns, nodeIndex, diff ]; + break; + } + } + + } else { + + // Use previously-cached element index if available + if ( useCache ) { + + // ...in a gzip-friendly way + node = elem; + outerCache = node[ expando ] || ( node[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + ( outerCache[ node.uniqueID ] = {} ); + + cache = uniqueCache[ type ] || []; + nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; + diff = nodeIndex; + } + + // xml :nth-child(...) + // or :nth-last-child(...) or :nth(-last)?-of-type(...) + if ( diff === false ) { + + // Use the same loop as above to seek `elem` from the start + while ( ( node = ++nodeIndex && node && node[ dir ] || + ( diff = nodeIndex = 0 ) || start.pop() ) ) { + + if ( ( ofType ? + node.nodeName.toLowerCase() === name : + node.nodeType === 1 ) && + ++diff ) { + + // Cache the index of each encountered element + if ( useCache ) { + outerCache = node[ expando ] || + ( node[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + ( outerCache[ node.uniqueID ] = {} ); + + uniqueCache[ type ] = [ dirruns, diff ]; + } + + if ( node === elem ) { + break; + } + } + } + } + } + + // Incorporate the offset, then check against cycle size + diff -= last; + return diff === first || ( diff % first === 0 && diff / first >= 0 ); + } + }; + }, + + "PSEUDO": function( pseudo, argument ) { + + // pseudo-class names are case-insensitive + // http://www.w3.org/TR/selectors/#pseudo-classes + // Prioritize by case sensitivity in case custom pseudos are added with uppercase letters + // Remember that setFilters inherits from pseudos + var args, + fn = Expr.pseudos[ pseudo ] || Expr.setFilters[ pseudo.toLowerCase() ] || + Sizzle.error( "unsupported pseudo: " + pseudo ); + + // The user may use createPseudo to indicate that + // arguments are needed to create the filter function + // just as Sizzle does + if ( fn[ expando ] ) { + return fn( argument ); + } + + // But maintain support for old signatures + if ( fn.length > 1 ) { + args = [ pseudo, pseudo, "", argument ]; + return Expr.setFilters.hasOwnProperty( pseudo.toLowerCase() ) ? + markFunction( function( seed, matches ) { + var idx, + matched = fn( seed, argument ), + i = matched.length; + while ( i-- ) { + idx = indexOf( seed, matched[ i ] ); + seed[ idx ] = !( matches[ idx ] = matched[ i ] ); + } + } ) : + function( elem ) { + return fn( elem, 0, args ); + }; + } + + return fn; + } + }, + + pseudos: { + + // Potentially complex pseudos + "not": markFunction( function( selector ) { + + // Trim the selector passed to compile + // to avoid treating leading and trailing + // spaces as combinators + var input = [], + results = [], + matcher = compile( selector.replace( rtrim, "$1" ) ); + + return matcher[ expando ] ? + markFunction( function( seed, matches, _context, xml ) { + var elem, + unmatched = matcher( seed, null, xml, [] ), + i = seed.length; + + // Match elements unmatched by `matcher` + while ( i-- ) { + if ( ( elem = unmatched[ i ] ) ) { + seed[ i ] = !( matches[ i ] = elem ); + } + } + } ) : + function( elem, _context, xml ) { + input[ 0 ] = elem; + matcher( input, null, xml, results ); + + // Don't keep the element (issue #299) + input[ 0 ] = null; + return !results.pop(); + }; + } ), + + "has": markFunction( function( selector ) { + return function( elem ) { + return Sizzle( selector, elem ).length > 0; + }; + } ), + + "contains": markFunction( function( text ) { + text = text.replace( runescape, funescape ); + return function( elem ) { + return ( elem.textContent || getText( elem ) ).indexOf( text ) > -1; + }; + } ), + + // "Whether an element is represented by a :lang() selector + // is based solely on the element's language value + // being equal to the identifier C, + // or beginning with the identifier C immediately followed by "-". + // The matching of C against the element's language value is performed case-insensitively. + // The identifier C does not have to be a valid language name." + // http://www.w3.org/TR/selectors/#lang-pseudo + "lang": markFunction( function( lang ) { + + // lang value must be a valid identifier + if ( !ridentifier.test( lang || "" ) ) { + Sizzle.error( "unsupported lang: " + lang ); + } + lang = lang.replace( runescape, funescape ).toLowerCase(); + return function( elem ) { + var elemLang; + do { + if ( ( elemLang = documentIsHTML ? + elem.lang : + elem.getAttribute( "xml:lang" ) || elem.getAttribute( "lang" ) ) ) { + + elemLang = elemLang.toLowerCase(); + return elemLang === lang || elemLang.indexOf( lang + "-" ) === 0; + } + } while ( ( elem = elem.parentNode ) && elem.nodeType === 1 ); + return false; + }; + } ), + + // Miscellaneous + "target": function( elem ) { + var hash = window.location && window.location.hash; + return hash && hash.slice( 1 ) === elem.id; + }, + + "root": function( elem ) { + return elem === docElem; + }, + + "focus": function( elem ) { + return elem === document.activeElement && + ( !document.hasFocus || document.hasFocus() ) && + !!( elem.type || elem.href || ~elem.tabIndex ); + }, + + // Boolean properties + "enabled": createDisabledPseudo( false ), + "disabled": createDisabledPseudo( true ), + + "checked": function( elem ) { + + // In CSS3, :checked should return both checked and selected elements + // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked + var nodeName = elem.nodeName.toLowerCase(); + return ( nodeName === "input" && !!elem.checked ) || + ( nodeName === "option" && !!elem.selected ); + }, + + "selected": function( elem ) { + + // Accessing this property makes selected-by-default + // options in Safari work properly + if ( elem.parentNode ) { + // eslint-disable-next-line no-unused-expressions + elem.parentNode.selectedIndex; + } + + return elem.selected === true; + }, + + // Contents + "empty": function( elem ) { + + // http://www.w3.org/TR/selectors/#empty-pseudo + // :empty is negated by element (1) or content nodes (text: 3; cdata: 4; entity ref: 5), + // but not by others (comment: 8; processing instruction: 7; etc.) + // nodeType < 6 works because attributes (2) do not appear as children + for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { + if ( elem.nodeType < 6 ) { + return false; + } + } + return true; + }, + + "parent": function( elem ) { + return !Expr.pseudos[ "empty" ]( elem ); + }, + + // Element/input types + "header": function( elem ) { + return rheader.test( elem.nodeName ); + }, + + "input": function( elem ) { + return rinputs.test( elem.nodeName ); + }, + + "button": function( elem ) { + var name = elem.nodeName.toLowerCase(); + return name === "input" && elem.type === "button" || name === "button"; + }, + + "text": function( elem ) { + var attr; + return elem.nodeName.toLowerCase() === "input" && + elem.type === "text" && + + // Support: IE<8 + // New HTML5 attribute values (e.g., "search") appear with elem.type === "text" + ( ( attr = elem.getAttribute( "type" ) ) == null || + attr.toLowerCase() === "text" ); + }, + + // Position-in-collection + "first": createPositionalPseudo( function() { + return [ 0 ]; + } ), + + "last": createPositionalPseudo( function( _matchIndexes, length ) { + return [ length - 1 ]; + } ), + + "eq": createPositionalPseudo( function( _matchIndexes, length, argument ) { + return [ argument < 0 ? argument + length : argument ]; + } ), + + "even": createPositionalPseudo( function( matchIndexes, length ) { + var i = 0; + for ( ; i < length; i += 2 ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ), + + "odd": createPositionalPseudo( function( matchIndexes, length ) { + var i = 1; + for ( ; i < length; i += 2 ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ), + + "lt": createPositionalPseudo( function( matchIndexes, length, argument ) { + var i = argument < 0 ? + argument + length : + argument > length ? + length : + argument; + for ( ; --i >= 0; ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ), + + "gt": createPositionalPseudo( function( matchIndexes, length, argument ) { + var i = argument < 0 ? argument + length : argument; + for ( ; ++i < length; ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ) + } +}; + +Expr.pseudos[ "nth" ] = Expr.pseudos[ "eq" ]; + +// Add button/input type pseudos +for ( i in { radio: true, checkbox: true, file: true, password: true, image: true } ) { + Expr.pseudos[ i ] = createInputPseudo( i ); +} +for ( i in { submit: true, reset: true } ) { + Expr.pseudos[ i ] = createButtonPseudo( i ); +} + +// Easy API for creating new setFilters +function setFilters() {} +setFilters.prototype = Expr.filters = Expr.pseudos; +Expr.setFilters = new setFilters(); + +tokenize = Sizzle.tokenize = function( selector, parseOnly ) { + var matched, match, tokens, type, + soFar, groups, preFilters, + cached = tokenCache[ selector + " " ]; + + if ( cached ) { + return parseOnly ? 0 : cached.slice( 0 ); + } + + soFar = selector; + groups = []; + preFilters = Expr.preFilter; + + while ( soFar ) { + + // Comma and first run + if ( !matched || ( match = rcomma.exec( soFar ) ) ) { + if ( match ) { + + // Don't consume trailing commas as valid + soFar = soFar.slice( match[ 0 ].length ) || soFar; + } + groups.push( ( tokens = [] ) ); + } + + matched = false; + + // Combinators + if ( ( match = rcombinators.exec( soFar ) ) ) { + matched = match.shift(); + tokens.push( { + value: matched, + + // Cast descendant combinators to space + type: match[ 0 ].replace( rtrim, " " ) + } ); + soFar = soFar.slice( matched.length ); + } + + // Filters + for ( type in Expr.filter ) { + if ( ( match = matchExpr[ type ].exec( soFar ) ) && ( !preFilters[ type ] || + ( match = preFilters[ type ]( match ) ) ) ) { + matched = match.shift(); + tokens.push( { + value: matched, + type: type, + matches: match + } ); + soFar = soFar.slice( matched.length ); + } + } + + if ( !matched ) { + break; + } + } + + // Return the length of the invalid excess + // if we're just parsing + // Otherwise, throw an error or return tokens + return parseOnly ? + soFar.length : + soFar ? + Sizzle.error( selector ) : + + // Cache the tokens + tokenCache( selector, groups ).slice( 0 ); +}; + +function toSelector( tokens ) { + var i = 0, + len = tokens.length, + selector = ""; + for ( ; i < len; i++ ) { + selector += tokens[ i ].value; + } + return selector; +} + +function addCombinator( matcher, combinator, base ) { + var dir = combinator.dir, + skip = combinator.next, + key = skip || dir, + checkNonElements = base && key === "parentNode", + doneName = done++; + + return combinator.first ? + + // Check against closest ancestor/preceding element + function( elem, context, xml ) { + while ( ( elem = elem[ dir ] ) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + return matcher( elem, context, xml ); + } + } + return false; + } : + + // Check against all ancestor/preceding elements + function( elem, context, xml ) { + var oldCache, uniqueCache, outerCache, + newCache = [ dirruns, doneName ]; + + // We can't set arbitrary data on XML nodes, so they don't benefit from combinator caching + if ( xml ) { + while ( ( elem = elem[ dir ] ) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + if ( matcher( elem, context, xml ) ) { + return true; + } + } + } + } else { + while ( ( elem = elem[ dir ] ) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + outerCache = elem[ expando ] || ( elem[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ elem.uniqueID ] || + ( outerCache[ elem.uniqueID ] = {} ); + + if ( skip && skip === elem.nodeName.toLowerCase() ) { + elem = elem[ dir ] || elem; + } else if ( ( oldCache = uniqueCache[ key ] ) && + oldCache[ 0 ] === dirruns && oldCache[ 1 ] === doneName ) { + + // Assign to newCache so results back-propagate to previous elements + return ( newCache[ 2 ] = oldCache[ 2 ] ); + } else { + + // Reuse newcache so results back-propagate to previous elements + uniqueCache[ key ] = newCache; + + // A match means we're done; a fail means we have to keep checking + if ( ( newCache[ 2 ] = matcher( elem, context, xml ) ) ) { + return true; + } + } + } + } + } + return false; + }; +} + +function elementMatcher( matchers ) { + return matchers.length > 1 ? + function( elem, context, xml ) { + var i = matchers.length; + while ( i-- ) { + if ( !matchers[ i ]( elem, context, xml ) ) { + return false; + } + } + return true; + } : + matchers[ 0 ]; +} + +function multipleContexts( selector, contexts, results ) { + var i = 0, + len = contexts.length; + for ( ; i < len; i++ ) { + Sizzle( selector, contexts[ i ], results ); + } + return results; +} + +function condense( unmatched, map, filter, context, xml ) { + var elem, + newUnmatched = [], + i = 0, + len = unmatched.length, + mapped = map != null; + + for ( ; i < len; i++ ) { + if ( ( elem = unmatched[ i ] ) ) { + if ( !filter || filter( elem, context, xml ) ) { + newUnmatched.push( elem ); + if ( mapped ) { + map.push( i ); + } + } + } + } + + return newUnmatched; +} + +function setMatcher( preFilter, selector, matcher, postFilter, postFinder, postSelector ) { + if ( postFilter && !postFilter[ expando ] ) { + postFilter = setMatcher( postFilter ); + } + if ( postFinder && !postFinder[ expando ] ) { + postFinder = setMatcher( postFinder, postSelector ); + } + return markFunction( function( seed, results, context, xml ) { + var temp, i, elem, + preMap = [], + postMap = [], + preexisting = results.length, + + // Get initial elements from seed or context + elems = seed || multipleContexts( + selector || "*", + context.nodeType ? [ context ] : context, + [] + ), + + // Prefilter to get matcher input, preserving a map for seed-results synchronization + matcherIn = preFilter && ( seed || !selector ) ? + condense( elems, preMap, preFilter, context, xml ) : + elems, + + matcherOut = matcher ? + + // If we have a postFinder, or filtered seed, or non-seed postFilter or preexisting results, + postFinder || ( seed ? preFilter : preexisting || postFilter ) ? + + // ...intermediate processing is necessary + [] : + + // ...otherwise use results directly + results : + matcherIn; + + // Find primary matches + if ( matcher ) { + matcher( matcherIn, matcherOut, context, xml ); + } + + // Apply postFilter + if ( postFilter ) { + temp = condense( matcherOut, postMap ); + postFilter( temp, [], context, xml ); + + // Un-match failing elements by moving them back to matcherIn + i = temp.length; + while ( i-- ) { + if ( ( elem = temp[ i ] ) ) { + matcherOut[ postMap[ i ] ] = !( matcherIn[ postMap[ i ] ] = elem ); + } + } + } + + if ( seed ) { + if ( postFinder || preFilter ) { + if ( postFinder ) { + + // Get the final matcherOut by condensing this intermediate into postFinder contexts + temp = []; + i = matcherOut.length; + while ( i-- ) { + if ( ( elem = matcherOut[ i ] ) ) { + + // Restore matcherIn since elem is not yet a final match + temp.push( ( matcherIn[ i ] = elem ) ); + } + } + postFinder( null, ( matcherOut = [] ), temp, xml ); + } + + // Move matched elements from seed to results to keep them synchronized + i = matcherOut.length; + while ( i-- ) { + if ( ( elem = matcherOut[ i ] ) && + ( temp = postFinder ? indexOf( seed, elem ) : preMap[ i ] ) > -1 ) { + + seed[ temp ] = !( results[ temp ] = elem ); + } + } + } + + // Add elements to results, through postFinder if defined + } else { + matcherOut = condense( + matcherOut === results ? + matcherOut.splice( preexisting, matcherOut.length ) : + matcherOut + ); + if ( postFinder ) { + postFinder( null, results, matcherOut, xml ); + } else { + push.apply( results, matcherOut ); + } + } + } ); +} + +function matcherFromTokens( tokens ) { + var checkContext, matcher, j, + len = tokens.length, + leadingRelative = Expr.relative[ tokens[ 0 ].type ], + implicitRelative = leadingRelative || Expr.relative[ " " ], + i = leadingRelative ? 1 : 0, + + // The foundational matcher ensures that elements are reachable from top-level context(s) + matchContext = addCombinator( function( elem ) { + return elem === checkContext; + }, implicitRelative, true ), + matchAnyContext = addCombinator( function( elem ) { + return indexOf( checkContext, elem ) > -1; + }, implicitRelative, true ), + matchers = [ function( elem, context, xml ) { + var ret = ( !leadingRelative && ( xml || context !== outermostContext ) ) || ( + ( checkContext = context ).nodeType ? + matchContext( elem, context, xml ) : + matchAnyContext( elem, context, xml ) ); + + // Avoid hanging onto element (issue #299) + checkContext = null; + return ret; + } ]; + + for ( ; i < len; i++ ) { + if ( ( matcher = Expr.relative[ tokens[ i ].type ] ) ) { + matchers = [ addCombinator( elementMatcher( matchers ), matcher ) ]; + } else { + matcher = Expr.filter[ tokens[ i ].type ].apply( null, tokens[ i ].matches ); + + // Return special upon seeing a positional matcher + if ( matcher[ expando ] ) { + + // Find the next relative operator (if any) for proper handling + j = ++i; + for ( ; j < len; j++ ) { + if ( Expr.relative[ tokens[ j ].type ] ) { + break; + } + } + return setMatcher( + i > 1 && elementMatcher( matchers ), + i > 1 && toSelector( + + // If the preceding token was a descendant combinator, insert an implicit any-element `*` + tokens + .slice( 0, i - 1 ) + .concat( { value: tokens[ i - 2 ].type === " " ? "*" : "" } ) + ).replace( rtrim, "$1" ), + matcher, + i < j && matcherFromTokens( tokens.slice( i, j ) ), + j < len && matcherFromTokens( ( tokens = tokens.slice( j ) ) ), + j < len && toSelector( tokens ) + ); + } + matchers.push( matcher ); + } + } + + return elementMatcher( matchers ); +} + +function matcherFromGroupMatchers( elementMatchers, setMatchers ) { + var bySet = setMatchers.length > 0, + byElement = elementMatchers.length > 0, + superMatcher = function( seed, context, xml, results, outermost ) { + var elem, j, matcher, + matchedCount = 0, + i = "0", + unmatched = seed && [], + setMatched = [], + contextBackup = outermostContext, + + // We must always have either seed elements or outermost context + elems = seed || byElement && Expr.find[ "TAG" ]( "*", outermost ), + + // Use integer dirruns iff this is the outermost matcher + dirrunsUnique = ( dirruns += contextBackup == null ? 1 : Math.random() || 0.1 ), + len = elems.length; + + if ( outermost ) { + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + outermostContext = context == document || context || outermost; + } + + // Add elements passing elementMatchers directly to results + // Support: IE<9, Safari + // Tolerate NodeList properties (IE: "length"; Safari: ) matching elements by id + for ( ; i !== len && ( elem = elems[ i ] ) != null; i++ ) { + if ( byElement && elem ) { + j = 0; + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( !context && elem.ownerDocument != document ) { + setDocument( elem ); + xml = !documentIsHTML; + } + while ( ( matcher = elementMatchers[ j++ ] ) ) { + if ( matcher( elem, context || document, xml ) ) { + results.push( elem ); + break; + } + } + if ( outermost ) { + dirruns = dirrunsUnique; + } + } + + // Track unmatched elements for set filters + if ( bySet ) { + + // They will have gone through all possible matchers + if ( ( elem = !matcher && elem ) ) { + matchedCount--; + } + + // Lengthen the array for every element, matched or not + if ( seed ) { + unmatched.push( elem ); + } + } + } + + // `i` is now the count of elements visited above, and adding it to `matchedCount` + // makes the latter nonnegative. + matchedCount += i; + + // Apply set filters to unmatched elements + // NOTE: This can be skipped if there are no unmatched elements (i.e., `matchedCount` + // equals `i`), unless we didn't visit _any_ elements in the above loop because we have + // no element matchers and no seed. + // Incrementing an initially-string "0" `i` allows `i` to remain a string only in that + // case, which will result in a "00" `matchedCount` that differs from `i` but is also + // numerically zero. + if ( bySet && i !== matchedCount ) { + j = 0; + while ( ( matcher = setMatchers[ j++ ] ) ) { + matcher( unmatched, setMatched, context, xml ); + } + + if ( seed ) { + + // Reintegrate element matches to eliminate the need for sorting + if ( matchedCount > 0 ) { + while ( i-- ) { + if ( !( unmatched[ i ] || setMatched[ i ] ) ) { + setMatched[ i ] = pop.call( results ); + } + } + } + + // Discard index placeholder values to get only actual matches + setMatched = condense( setMatched ); + } + + // Add matches to results + push.apply( results, setMatched ); + + // Seedless set matches succeeding multiple successful matchers stipulate sorting + if ( outermost && !seed && setMatched.length > 0 && + ( matchedCount + setMatchers.length ) > 1 ) { + + Sizzle.uniqueSort( results ); + } + } + + // Override manipulation of globals by nested matchers + if ( outermost ) { + dirruns = dirrunsUnique; + outermostContext = contextBackup; + } + + return unmatched; + }; + + return bySet ? + markFunction( superMatcher ) : + superMatcher; +} + +compile = Sizzle.compile = function( selector, match /* Internal Use Only */ ) { + var i, + setMatchers = [], + elementMatchers = [], + cached = compilerCache[ selector + " " ]; + + if ( !cached ) { + + // Generate a function of recursive functions that can be used to check each element + if ( !match ) { + match = tokenize( selector ); + } + i = match.length; + while ( i-- ) { + cached = matcherFromTokens( match[ i ] ); + if ( cached[ expando ] ) { + setMatchers.push( cached ); + } else { + elementMatchers.push( cached ); + } + } + + // Cache the compiled function + cached = compilerCache( + selector, + matcherFromGroupMatchers( elementMatchers, setMatchers ) + ); + + // Save selector and tokenization + cached.selector = selector; + } + return cached; +}; + +/** + * A low-level selection function that works with Sizzle's compiled + * selector functions + * @param {String|Function} selector A selector or a pre-compiled + * selector function built with Sizzle.compile + * @param {Element} context + * @param {Array} [results] + * @param {Array} [seed] A set of elements to match against + */ +select = Sizzle.select = function( selector, context, results, seed ) { + var i, tokens, token, type, find, + compiled = typeof selector === "function" && selector, + match = !seed && tokenize( ( selector = compiled.selector || selector ) ); + + results = results || []; + + // Try to minimize operations if there is only one selector in the list and no seed + // (the latter of which guarantees us context) + if ( match.length === 1 ) { + + // Reduce context if the leading compound selector is an ID + tokens = match[ 0 ] = match[ 0 ].slice( 0 ); + if ( tokens.length > 2 && ( token = tokens[ 0 ] ).type === "ID" && + context.nodeType === 9 && documentIsHTML && Expr.relative[ tokens[ 1 ].type ] ) { + + context = ( Expr.find[ "ID" ]( token.matches[ 0 ] + .replace( runescape, funescape ), context ) || [] )[ 0 ]; + if ( !context ) { + return results; + + // Precompiled matchers will still verify ancestry, so step up a level + } else if ( compiled ) { + context = context.parentNode; + } + + selector = selector.slice( tokens.shift().value.length ); + } + + // Fetch a seed set for right-to-left matching + i = matchExpr[ "needsContext" ].test( selector ) ? 0 : tokens.length; + while ( i-- ) { + token = tokens[ i ]; + + // Abort if we hit a combinator + if ( Expr.relative[ ( type = token.type ) ] ) { + break; + } + if ( ( find = Expr.find[ type ] ) ) { + + // Search, expanding context for leading sibling combinators + if ( ( seed = find( + token.matches[ 0 ].replace( runescape, funescape ), + rsibling.test( tokens[ 0 ].type ) && testContext( context.parentNode ) || + context + ) ) ) { + + // If seed is empty or no tokens remain, we can return early + tokens.splice( i, 1 ); + selector = seed.length && toSelector( tokens ); + if ( !selector ) { + push.apply( results, seed ); + return results; + } + + break; + } + } + } + } + + // Compile and execute a filtering function if one is not provided + // Provide `match` to avoid retokenization if we modified the selector above + ( compiled || compile( selector, match ) )( + seed, + context, + !documentIsHTML, + results, + !context || rsibling.test( selector ) && testContext( context.parentNode ) || context + ); + return results; +}; + +// One-time assignments + +// Sort stability +support.sortStable = expando.split( "" ).sort( sortOrder ).join( "" ) === expando; + +// Support: Chrome 14-35+ +// Always assume duplicates if they aren't passed to the comparison function +support.detectDuplicates = !!hasDuplicate; + +// Initialize against the default document +setDocument(); + +// Support: Webkit<537.32 - Safari 6.0.3/Chrome 25 (fixed in Chrome 27) +// Detached nodes confoundingly follow *each other* +support.sortDetached = assert( function( el ) { + + // Should return 1, but returns 4 (following) + return el.compareDocumentPosition( document.createElement( "fieldset" ) ) & 1; +} ); + +// Support: IE<8 +// Prevent attribute/property "interpolation" +// https://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx +if ( !assert( function( el ) { + el.innerHTML = ""; + return el.firstChild.getAttribute( "href" ) === "#"; +} ) ) { + addHandle( "type|href|height|width", function( elem, name, isXML ) { + if ( !isXML ) { + return elem.getAttribute( name, name.toLowerCase() === "type" ? 1 : 2 ); + } + } ); +} + +// Support: IE<9 +// Use defaultValue in place of getAttribute("value") +if ( !support.attributes || !assert( function( el ) { + el.innerHTML = ""; + el.firstChild.setAttribute( "value", "" ); + return el.firstChild.getAttribute( "value" ) === ""; +} ) ) { + addHandle( "value", function( elem, _name, isXML ) { + if ( !isXML && elem.nodeName.toLowerCase() === "input" ) { + return elem.defaultValue; + } + } ); +} + +// Support: IE<9 +// Use getAttributeNode to fetch booleans when getAttribute lies +if ( !assert( function( el ) { + return el.getAttribute( "disabled" ) == null; +} ) ) { + addHandle( booleans, function( elem, name, isXML ) { + var val; + if ( !isXML ) { + return elem[ name ] === true ? name.toLowerCase() : + ( val = elem.getAttributeNode( name ) ) && val.specified ? + val.value : + null; + } + } ); +} + +return Sizzle; + +} )( window ); + + + +jQuery.find = Sizzle; +jQuery.expr = Sizzle.selectors; + +// Deprecated +jQuery.expr[ ":" ] = jQuery.expr.pseudos; +jQuery.uniqueSort = jQuery.unique = Sizzle.uniqueSort; +jQuery.text = Sizzle.getText; +jQuery.isXMLDoc = Sizzle.isXML; +jQuery.contains = Sizzle.contains; +jQuery.escapeSelector = Sizzle.escape; + + + + +var dir = function( elem, dir, until ) { + var matched = [], + truncate = until !== undefined; + + while ( ( elem = elem[ dir ] ) && elem.nodeType !== 9 ) { + if ( elem.nodeType === 1 ) { + if ( truncate && jQuery( elem ).is( until ) ) { + break; + } + matched.push( elem ); + } + } + return matched; +}; + + +var siblings = function( n, elem ) { + var matched = []; + + for ( ; n; n = n.nextSibling ) { + if ( n.nodeType === 1 && n !== elem ) { + matched.push( n ); + } + } + + return matched; +}; + + +var rneedsContext = jQuery.expr.match.needsContext; + + + +function nodeName( elem, name ) { + + return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase(); + +} +var rsingleTag = ( /^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i ); + + + +// Implement the identical functionality for filter and not +function winnow( elements, qualifier, not ) { + if ( isFunction( qualifier ) ) { + return jQuery.grep( elements, function( elem, i ) { + return !!qualifier.call( elem, i, elem ) !== not; + } ); + } + + // Single element + if ( qualifier.nodeType ) { + return jQuery.grep( elements, function( elem ) { + return ( elem === qualifier ) !== not; + } ); + } + + // Arraylike of elements (jQuery, arguments, Array) + if ( typeof qualifier !== "string" ) { + return jQuery.grep( elements, function( elem ) { + return ( indexOf.call( qualifier, elem ) > -1 ) !== not; + } ); + } + + // Filtered directly for both simple and complex selectors + return jQuery.filter( qualifier, elements, not ); +} + +jQuery.filter = function( expr, elems, not ) { + var elem = elems[ 0 ]; + + if ( not ) { + expr = ":not(" + expr + ")"; + } + + if ( elems.length === 1 && elem.nodeType === 1 ) { + return jQuery.find.matchesSelector( elem, expr ) ? [ elem ] : []; + } + + return jQuery.find.matches( expr, jQuery.grep( elems, function( elem ) { + return elem.nodeType === 1; + } ) ); +}; + +jQuery.fn.extend( { + find: function( selector ) { + var i, ret, + len = this.length, + self = this; + + if ( typeof selector !== "string" ) { + return this.pushStack( jQuery( selector ).filter( function() { + for ( i = 0; i < len; i++ ) { + if ( jQuery.contains( self[ i ], this ) ) { + return true; + } + } + } ) ); + } + + ret = this.pushStack( [] ); + + for ( i = 0; i < len; i++ ) { + jQuery.find( selector, self[ i ], ret ); + } + + return len > 1 ? jQuery.uniqueSort( ret ) : ret; + }, + filter: function( selector ) { + return this.pushStack( winnow( this, selector || [], false ) ); + }, + not: function( selector ) { + return this.pushStack( winnow( this, selector || [], true ) ); + }, + is: function( selector ) { + return !!winnow( + this, + + // If this is a positional/relative selector, check membership in the returned set + // so $("p:first").is("p:last") won't return true for a doc with two "p". + typeof selector === "string" && rneedsContext.test( selector ) ? + jQuery( selector ) : + selector || [], + false + ).length; + } +} ); + + +// Initialize a jQuery object + + +// A central reference to the root jQuery(document) +var rootjQuery, + + // A simple way to check for HTML strings + // Prioritize #id over to avoid XSS via location.hash (#9521) + // Strict HTML recognition (#11290: must start with <) + // Shortcut simple #id case for speed + rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/, + + init = jQuery.fn.init = function( selector, context, root ) { + var match, elem; + + // HANDLE: $(""), $(null), $(undefined), $(false) + if ( !selector ) { + return this; + } + + // Method init() accepts an alternate rootjQuery + // so migrate can support jQuery.sub (gh-2101) + root = root || rootjQuery; + + // Handle HTML strings + if ( typeof selector === "string" ) { + if ( selector[ 0 ] === "<" && + selector[ selector.length - 1 ] === ">" && + selector.length >= 3 ) { + + // Assume that strings that start and end with <> are HTML and skip the regex check + match = [ null, selector, null ]; + + } else { + match = rquickExpr.exec( selector ); + } + + // Match html or make sure no context is specified for #id + if ( match && ( match[ 1 ] || !context ) ) { + + // HANDLE: $(html) -> $(array) + if ( match[ 1 ] ) { + context = context instanceof jQuery ? context[ 0 ] : context; + + // Option to run scripts is true for back-compat + // Intentionally let the error be thrown if parseHTML is not present + jQuery.merge( this, jQuery.parseHTML( + match[ 1 ], + context && context.nodeType ? context.ownerDocument || context : document, + true + ) ); + + // HANDLE: $(html, props) + if ( rsingleTag.test( match[ 1 ] ) && jQuery.isPlainObject( context ) ) { + for ( match in context ) { + + // Properties of context are called as methods if possible + if ( isFunction( this[ match ] ) ) { + this[ match ]( context[ match ] ); + + // ...and otherwise set as attributes + } else { + this.attr( match, context[ match ] ); + } + } + } + + return this; + + // HANDLE: $(#id) + } else { + elem = document.getElementById( match[ 2 ] ); + + if ( elem ) { + + // Inject the element directly into the jQuery object + this[ 0 ] = elem; + this.length = 1; + } + return this; + } + + // HANDLE: $(expr, $(...)) + } else if ( !context || context.jquery ) { + return ( context || root ).find( selector ); + + // HANDLE: $(expr, context) + // (which is just equivalent to: $(context).find(expr) + } else { + return this.constructor( context ).find( selector ); + } + + // HANDLE: $(DOMElement) + } else if ( selector.nodeType ) { + this[ 0 ] = selector; + this.length = 1; + return this; + + // HANDLE: $(function) + // Shortcut for document ready + } else if ( isFunction( selector ) ) { + return root.ready !== undefined ? + root.ready( selector ) : + + // Execute immediately if ready is not present + selector( jQuery ); + } + + return jQuery.makeArray( selector, this ); + }; + +// Give the init function the jQuery prototype for later instantiation +init.prototype = jQuery.fn; + +// Initialize central reference +rootjQuery = jQuery( document ); + + +var rparentsprev = /^(?:parents|prev(?:Until|All))/, + + // Methods guaranteed to produce a unique set when starting from a unique set + guaranteedUnique = { + children: true, + contents: true, + next: true, + prev: true + }; + +jQuery.fn.extend( { + has: function( target ) { + var targets = jQuery( target, this ), + l = targets.length; + + return this.filter( function() { + var i = 0; + for ( ; i < l; i++ ) { + if ( jQuery.contains( this, targets[ i ] ) ) { + return true; + } + } + } ); + }, + + closest: function( selectors, context ) { + var cur, + i = 0, + l = this.length, + matched = [], + targets = typeof selectors !== "string" && jQuery( selectors ); + + // Positional selectors never match, since there's no _selection_ context + if ( !rneedsContext.test( selectors ) ) { + for ( ; i < l; i++ ) { + for ( cur = this[ i ]; cur && cur !== context; cur = cur.parentNode ) { + + // Always skip document fragments + if ( cur.nodeType < 11 && ( targets ? + targets.index( cur ) > -1 : + + // Don't pass non-elements to Sizzle + cur.nodeType === 1 && + jQuery.find.matchesSelector( cur, selectors ) ) ) { + + matched.push( cur ); + break; + } + } + } + } + + return this.pushStack( matched.length > 1 ? jQuery.uniqueSort( matched ) : matched ); + }, + + // Determine the position of an element within the set + index: function( elem ) { + + // No argument, return index in parent + if ( !elem ) { + return ( this[ 0 ] && this[ 0 ].parentNode ) ? this.first().prevAll().length : -1; + } + + // Index in selector + if ( typeof elem === "string" ) { + return indexOf.call( jQuery( elem ), this[ 0 ] ); + } + + // Locate the position of the desired element + return indexOf.call( this, + + // If it receives a jQuery object, the first element is used + elem.jquery ? elem[ 0 ] : elem + ); + }, + + add: function( selector, context ) { + return this.pushStack( + jQuery.uniqueSort( + jQuery.merge( this.get(), jQuery( selector, context ) ) + ) + ); + }, + + addBack: function( selector ) { + return this.add( selector == null ? + this.prevObject : this.prevObject.filter( selector ) + ); + } +} ); + +function sibling( cur, dir ) { + while ( ( cur = cur[ dir ] ) && cur.nodeType !== 1 ) {} + return cur; +} + +jQuery.each( { + parent: function( elem ) { + var parent = elem.parentNode; + return parent && parent.nodeType !== 11 ? parent : null; + }, + parents: function( elem ) { + return dir( elem, "parentNode" ); + }, + parentsUntil: function( elem, _i, until ) { + return dir( elem, "parentNode", until ); + }, + next: function( elem ) { + return sibling( elem, "nextSibling" ); + }, + prev: function( elem ) { + return sibling( elem, "previousSibling" ); + }, + nextAll: function( elem ) { + return dir( elem, "nextSibling" ); + }, + prevAll: function( elem ) { + return dir( elem, "previousSibling" ); + }, + nextUntil: function( elem, _i, until ) { + return dir( elem, "nextSibling", until ); + }, + prevUntil: function( elem, _i, until ) { + return dir( elem, "previousSibling", until ); + }, + siblings: function( elem ) { + return siblings( ( elem.parentNode || {} ).firstChild, elem ); + }, + children: function( elem ) { + return siblings( elem.firstChild ); + }, + contents: function( elem ) { + if ( elem.contentDocument != null && + + // Support: IE 11+ + // elements with no `data` attribute has an object + // `contentDocument` with a `null` prototype. + getProto( elem.contentDocument ) ) { + + return elem.contentDocument; + } + + // Support: IE 9 - 11 only, iOS 7 only, Android Browser <=4.3 only + // Treat the template element as a regular one in browsers that + // don't support it. + if ( nodeName( elem, "template" ) ) { + elem = elem.content || elem; + } + + return jQuery.merge( [], elem.childNodes ); + } +}, function( name, fn ) { + jQuery.fn[ name ] = function( until, selector ) { + var matched = jQuery.map( this, fn, until ); + + if ( name.slice( -5 ) !== "Until" ) { + selector = until; + } + + if ( selector && typeof selector === "string" ) { + matched = jQuery.filter( selector, matched ); + } + + if ( this.length > 1 ) { + + // Remove duplicates + if ( !guaranteedUnique[ name ] ) { + jQuery.uniqueSort( matched ); + } + + // Reverse order for parents* and prev-derivatives + if ( rparentsprev.test( name ) ) { + matched.reverse(); + } + } + + return this.pushStack( matched ); + }; +} ); +var rnothtmlwhite = ( /[^\x20\t\r\n\f]+/g ); + + + +// Convert String-formatted options into Object-formatted ones +function createOptions( options ) { + var object = {}; + jQuery.each( options.match( rnothtmlwhite ) || [], function( _, flag ) { + object[ flag ] = true; + } ); + return object; +} + +/* + * Create a callback list using the following parameters: + * + * options: an optional list of space-separated options that will change how + * the callback list behaves or a more traditional option object + * + * By default a callback list will act like an event callback list and can be + * "fired" multiple times. + * + * Possible options: + * + * once: will ensure the callback list can only be fired once (like a Deferred) + * + * memory: will keep track of previous values and will call any callback added + * after the list has been fired right away with the latest "memorized" + * values (like a Deferred) + * + * unique: will ensure a callback can only be added once (no duplicate in the list) + * + * stopOnFalse: interrupt callings when a callback returns false + * + */ +jQuery.Callbacks = function( options ) { + + // Convert options from String-formatted to Object-formatted if needed + // (we check in cache first) + options = typeof options === "string" ? + createOptions( options ) : + jQuery.extend( {}, options ); + + var // Flag to know if list is currently firing + firing, + + // Last fire value for non-forgettable lists + memory, + + // Flag to know if list was already fired + fired, + + // Flag to prevent firing + locked, + + // Actual callback list + list = [], + + // Queue of execution data for repeatable lists + queue = [], + + // Index of currently firing callback (modified by add/remove as needed) + firingIndex = -1, + + // Fire callbacks + fire = function() { + + // Enforce single-firing + locked = locked || options.once; + + // Execute callbacks for all pending executions, + // respecting firingIndex overrides and runtime changes + fired = firing = true; + for ( ; queue.length; firingIndex = -1 ) { + memory = queue.shift(); + while ( ++firingIndex < list.length ) { + + // Run callback and check for early termination + if ( list[ firingIndex ].apply( memory[ 0 ], memory[ 1 ] ) === false && + options.stopOnFalse ) { + + // Jump to end and forget the data so .add doesn't re-fire + firingIndex = list.length; + memory = false; + } + } + } + + // Forget the data if we're done with it + if ( !options.memory ) { + memory = false; + } + + firing = false; + + // Clean up if we're done firing for good + if ( locked ) { + + // Keep an empty list if we have data for future add calls + if ( memory ) { + list = []; + + // Otherwise, this object is spent + } else { + list = ""; + } + } + }, + + // Actual Callbacks object + self = { + + // Add a callback or a collection of callbacks to the list + add: function() { + if ( list ) { + + // If we have memory from a past run, we should fire after adding + if ( memory && !firing ) { + firingIndex = list.length - 1; + queue.push( memory ); + } + + ( function add( args ) { + jQuery.each( args, function( _, arg ) { + if ( isFunction( arg ) ) { + if ( !options.unique || !self.has( arg ) ) { + list.push( arg ); + } + } else if ( arg && arg.length && toType( arg ) !== "string" ) { + + // Inspect recursively + add( arg ); + } + } ); + } )( arguments ); + + if ( memory && !firing ) { + fire(); + } + } + return this; + }, + + // Remove a callback from the list + remove: function() { + jQuery.each( arguments, function( _, arg ) { + var index; + while ( ( index = jQuery.inArray( arg, list, index ) ) > -1 ) { + list.splice( index, 1 ); + + // Handle firing indexes + if ( index <= firingIndex ) { + firingIndex--; + } + } + } ); + return this; + }, + + // Check if a given callback is in the list. + // If no argument is given, return whether or not list has callbacks attached. + has: function( fn ) { + return fn ? + jQuery.inArray( fn, list ) > -1 : + list.length > 0; + }, + + // Remove all callbacks from the list + empty: function() { + if ( list ) { + list = []; + } + return this; + }, + + // Disable .fire and .add + // Abort any current/pending executions + // Clear all callbacks and values + disable: function() { + locked = queue = []; + list = memory = ""; + return this; + }, + disabled: function() { + return !list; + }, + + // Disable .fire + // Also disable .add unless we have memory (since it would have no effect) + // Abort any pending executions + lock: function() { + locked = queue = []; + if ( !memory && !firing ) { + list = memory = ""; + } + return this; + }, + locked: function() { + return !!locked; + }, + + // Call all callbacks with the given context and arguments + fireWith: function( context, args ) { + if ( !locked ) { + args = args || []; + args = [ context, args.slice ? args.slice() : args ]; + queue.push( args ); + if ( !firing ) { + fire(); + } + } + return this; + }, + + // Call all the callbacks with the given arguments + fire: function() { + self.fireWith( this, arguments ); + return this; + }, + + // To know if the callbacks have already been called at least once + fired: function() { + return !!fired; + } + }; + + return self; +}; + + +function Identity( v ) { + return v; +} +function Thrower( ex ) { + throw ex; +} + +function adoptValue( value, resolve, reject, noValue ) { + var method; + + try { + + // Check for promise aspect first to privilege synchronous behavior + if ( value && isFunction( ( method = value.promise ) ) ) { + method.call( value ).done( resolve ).fail( reject ); + + // Other thenables + } else if ( value && isFunction( ( method = value.then ) ) ) { + method.call( value, resolve, reject ); + + // Other non-thenables + } else { + + // Control `resolve` arguments by letting Array#slice cast boolean `noValue` to integer: + // * false: [ value ].slice( 0 ) => resolve( value ) + // * true: [ value ].slice( 1 ) => resolve() + resolve.apply( undefined, [ value ].slice( noValue ) ); + } + + // For Promises/A+, convert exceptions into rejections + // Since jQuery.when doesn't unwrap thenables, we can skip the extra checks appearing in + // Deferred#then to conditionally suppress rejection. + } catch ( value ) { + + // Support: Android 4.0 only + // Strict mode functions invoked without .call/.apply get global-object context + reject.apply( undefined, [ value ] ); + } +} + +jQuery.extend( { + + Deferred: function( func ) { + var tuples = [ + + // action, add listener, callbacks, + // ... .then handlers, argument index, [final state] + [ "notify", "progress", jQuery.Callbacks( "memory" ), + jQuery.Callbacks( "memory" ), 2 ], + [ "resolve", "done", jQuery.Callbacks( "once memory" ), + jQuery.Callbacks( "once memory" ), 0, "resolved" ], + [ "reject", "fail", jQuery.Callbacks( "once memory" ), + jQuery.Callbacks( "once memory" ), 1, "rejected" ] + ], + state = "pending", + promise = { + state: function() { + return state; + }, + always: function() { + deferred.done( arguments ).fail( arguments ); + return this; + }, + "catch": function( fn ) { + return promise.then( null, fn ); + }, + + // Keep pipe for back-compat + pipe: function( /* fnDone, fnFail, fnProgress */ ) { + var fns = arguments; + + return jQuery.Deferred( function( newDefer ) { + jQuery.each( tuples, function( _i, tuple ) { + + // Map tuples (progress, done, fail) to arguments (done, fail, progress) + var fn = isFunction( fns[ tuple[ 4 ] ] ) && fns[ tuple[ 4 ] ]; + + // deferred.progress(function() { bind to newDefer or newDefer.notify }) + // deferred.done(function() { bind to newDefer or newDefer.resolve }) + // deferred.fail(function() { bind to newDefer or newDefer.reject }) + deferred[ tuple[ 1 ] ]( function() { + var returned = fn && fn.apply( this, arguments ); + if ( returned && isFunction( returned.promise ) ) { + returned.promise() + .progress( newDefer.notify ) + .done( newDefer.resolve ) + .fail( newDefer.reject ); + } else { + newDefer[ tuple[ 0 ] + "With" ]( + this, + fn ? [ returned ] : arguments + ); + } + } ); + } ); + fns = null; + } ).promise(); + }, + then: function( onFulfilled, onRejected, onProgress ) { + var maxDepth = 0; + function resolve( depth, deferred, handler, special ) { + return function() { + var that = this, + args = arguments, + mightThrow = function() { + var returned, then; + + // Support: Promises/A+ section 2.3.3.3.3 + // https://promisesaplus.com/#point-59 + // Ignore double-resolution attempts + if ( depth < maxDepth ) { + return; + } + + returned = handler.apply( that, args ); + + // Support: Promises/A+ section 2.3.1 + // https://promisesaplus.com/#point-48 + if ( returned === deferred.promise() ) { + throw new TypeError( "Thenable self-resolution" ); + } + + // Support: Promises/A+ sections 2.3.3.1, 3.5 + // https://promisesaplus.com/#point-54 + // https://promisesaplus.com/#point-75 + // Retrieve `then` only once + then = returned && + + // Support: Promises/A+ section 2.3.4 + // https://promisesaplus.com/#point-64 + // Only check objects and functions for thenability + ( typeof returned === "object" || + typeof returned === "function" ) && + returned.then; + + // Handle a returned thenable + if ( isFunction( then ) ) { + + // Special processors (notify) just wait for resolution + if ( special ) { + then.call( + returned, + resolve( maxDepth, deferred, Identity, special ), + resolve( maxDepth, deferred, Thrower, special ) + ); + + // Normal processors (resolve) also hook into progress + } else { + + // ...and disregard older resolution values + maxDepth++; + + then.call( + returned, + resolve( maxDepth, deferred, Identity, special ), + resolve( maxDepth, deferred, Thrower, special ), + resolve( maxDepth, deferred, Identity, + deferred.notifyWith ) + ); + } + + // Handle all other returned values + } else { + + // Only substitute handlers pass on context + // and multiple values (non-spec behavior) + if ( handler !== Identity ) { + that = undefined; + args = [ returned ]; + } + + // Process the value(s) + // Default process is resolve + ( special || deferred.resolveWith )( that, args ); + } + }, + + // Only normal processors (resolve) catch and reject exceptions + process = special ? + mightThrow : + function() { + try { + mightThrow(); + } catch ( e ) { + + if ( jQuery.Deferred.exceptionHook ) { + jQuery.Deferred.exceptionHook( e, + process.stackTrace ); + } + + // Support: Promises/A+ section 2.3.3.3.4.1 + // https://promisesaplus.com/#point-61 + // Ignore post-resolution exceptions + if ( depth + 1 >= maxDepth ) { + + // Only substitute handlers pass on context + // and multiple values (non-spec behavior) + if ( handler !== Thrower ) { + that = undefined; + args = [ e ]; + } + + deferred.rejectWith( that, args ); + } + } + }; + + // Support: Promises/A+ section 2.3.3.3.1 + // https://promisesaplus.com/#point-57 + // Re-resolve promises immediately to dodge false rejection from + // subsequent errors + if ( depth ) { + process(); + } else { + + // Call an optional hook to record the stack, in case of exception + // since it's otherwise lost when execution goes async + if ( jQuery.Deferred.getStackHook ) { + process.stackTrace = jQuery.Deferred.getStackHook(); + } + window.setTimeout( process ); + } + }; + } + + return jQuery.Deferred( function( newDefer ) { + + // progress_handlers.add( ... ) + tuples[ 0 ][ 3 ].add( + resolve( + 0, + newDefer, + isFunction( onProgress ) ? + onProgress : + Identity, + newDefer.notifyWith + ) + ); + + // fulfilled_handlers.add( ... ) + tuples[ 1 ][ 3 ].add( + resolve( + 0, + newDefer, + isFunction( onFulfilled ) ? + onFulfilled : + Identity + ) + ); + + // rejected_handlers.add( ... ) + tuples[ 2 ][ 3 ].add( + resolve( + 0, + newDefer, + isFunction( onRejected ) ? + onRejected : + Thrower + ) + ); + } ).promise(); + }, + + // Get a promise for this deferred + // If obj is provided, the promise aspect is added to the object + promise: function( obj ) { + return obj != null ? jQuery.extend( obj, promise ) : promise; + } + }, + deferred = {}; + + // Add list-specific methods + jQuery.each( tuples, function( i, tuple ) { + var list = tuple[ 2 ], + stateString = tuple[ 5 ]; + + // promise.progress = list.add + // promise.done = list.add + // promise.fail = list.add + promise[ tuple[ 1 ] ] = list.add; + + // Handle state + if ( stateString ) { + list.add( + function() { + + // state = "resolved" (i.e., fulfilled) + // state = "rejected" + state = stateString; + }, + + // rejected_callbacks.disable + // fulfilled_callbacks.disable + tuples[ 3 - i ][ 2 ].disable, + + // rejected_handlers.disable + // fulfilled_handlers.disable + tuples[ 3 - i ][ 3 ].disable, + + // progress_callbacks.lock + tuples[ 0 ][ 2 ].lock, + + // progress_handlers.lock + tuples[ 0 ][ 3 ].lock + ); + } + + // progress_handlers.fire + // fulfilled_handlers.fire + // rejected_handlers.fire + list.add( tuple[ 3 ].fire ); + + // deferred.notify = function() { deferred.notifyWith(...) } + // deferred.resolve = function() { deferred.resolveWith(...) } + // deferred.reject = function() { deferred.rejectWith(...) } + deferred[ tuple[ 0 ] ] = function() { + deferred[ tuple[ 0 ] + "With" ]( this === deferred ? undefined : this, arguments ); + return this; + }; + + // deferred.notifyWith = list.fireWith + // deferred.resolveWith = list.fireWith + // deferred.rejectWith = list.fireWith + deferred[ tuple[ 0 ] + "With" ] = list.fireWith; + } ); + + // Make the deferred a promise + promise.promise( deferred ); + + // Call given func if any + if ( func ) { + func.call( deferred, deferred ); + } + + // All done! + return deferred; + }, + + // Deferred helper + when: function( singleValue ) { + var + + // count of uncompleted subordinates + remaining = arguments.length, + + // count of unprocessed arguments + i = remaining, + + // subordinate fulfillment data + resolveContexts = Array( i ), + resolveValues = slice.call( arguments ), + + // the primary Deferred + primary = jQuery.Deferred(), + + // subordinate callback factory + updateFunc = function( i ) { + return function( value ) { + resolveContexts[ i ] = this; + resolveValues[ i ] = arguments.length > 1 ? slice.call( arguments ) : value; + if ( !( --remaining ) ) { + primary.resolveWith( resolveContexts, resolveValues ); + } + }; + }; + + // Single- and empty arguments are adopted like Promise.resolve + if ( remaining <= 1 ) { + adoptValue( singleValue, primary.done( updateFunc( i ) ).resolve, primary.reject, + !remaining ); + + // Use .then() to unwrap secondary thenables (cf. gh-3000) + if ( primary.state() === "pending" || + isFunction( resolveValues[ i ] && resolveValues[ i ].then ) ) { + + return primary.then(); + } + } + + // Multiple arguments are aggregated like Promise.all array elements + while ( i-- ) { + adoptValue( resolveValues[ i ], updateFunc( i ), primary.reject ); + } + + return primary.promise(); + } +} ); + + +// These usually indicate a programmer mistake during development, +// warn about them ASAP rather than swallowing them by default. +var rerrorNames = /^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/; + +jQuery.Deferred.exceptionHook = function( error, stack ) { + + // Support: IE 8 - 9 only + // Console exists when dev tools are open, which can happen at any time + if ( window.console && window.console.warn && error && rerrorNames.test( error.name ) ) { + window.console.warn( "jQuery.Deferred exception: " + error.message, error.stack, stack ); + } +}; + + + + +jQuery.readyException = function( error ) { + window.setTimeout( function() { + throw error; + } ); +}; + + + + +// The deferred used on DOM ready +var readyList = jQuery.Deferred(); + +jQuery.fn.ready = function( fn ) { + + readyList + .then( fn ) + + // Wrap jQuery.readyException in a function so that the lookup + // happens at the time of error handling instead of callback + // registration. + .catch( function( error ) { + jQuery.readyException( error ); + } ); + + return this; +}; + +jQuery.extend( { + + // Is the DOM ready to be used? Set to true once it occurs. + isReady: false, + + // A counter to track how many items to wait for before + // the ready event fires. See #6781 + readyWait: 1, + + // Handle when the DOM is ready + ready: function( wait ) { + + // Abort if there are pending holds or we're already ready + if ( wait === true ? --jQuery.readyWait : jQuery.isReady ) { + return; + } + + // Remember that the DOM is ready + jQuery.isReady = true; + + // If a normal DOM Ready event fired, decrement, and wait if need be + if ( wait !== true && --jQuery.readyWait > 0 ) { + return; + } + + // If there are functions bound, to execute + readyList.resolveWith( document, [ jQuery ] ); + } +} ); + +jQuery.ready.then = readyList.then; + +// The ready event handler and self cleanup method +function completed() { + document.removeEventListener( "DOMContentLoaded", completed ); + window.removeEventListener( "load", completed ); + jQuery.ready(); +} + +// Catch cases where $(document).ready() is called +// after the browser event has already occurred. +// Support: IE <=9 - 10 only +// Older IE sometimes signals "interactive" too soon +if ( document.readyState === "complete" || + ( document.readyState !== "loading" && !document.documentElement.doScroll ) ) { + + // Handle it asynchronously to allow scripts the opportunity to delay ready + window.setTimeout( jQuery.ready ); + +} else { + + // Use the handy event callback + document.addEventListener( "DOMContentLoaded", completed ); + + // A fallback to window.onload, that will always work + window.addEventListener( "load", completed ); +} + + + + +// Multifunctional method to get and set values of a collection +// The value/s can optionally be executed if it's a function +var access = function( elems, fn, key, value, chainable, emptyGet, raw ) { + var i = 0, + len = elems.length, + bulk = key == null; + + // Sets many values + if ( toType( key ) === "object" ) { + chainable = true; + for ( i in key ) { + access( elems, fn, i, key[ i ], true, emptyGet, raw ); + } + + // Sets one value + } else if ( value !== undefined ) { + chainable = true; + + if ( !isFunction( value ) ) { + raw = true; + } + + if ( bulk ) { + + // Bulk operations run against the entire set + if ( raw ) { + fn.call( elems, value ); + fn = null; + + // ...except when executing function values + } else { + bulk = fn; + fn = function( elem, _key, value ) { + return bulk.call( jQuery( elem ), value ); + }; + } + } + + if ( fn ) { + for ( ; i < len; i++ ) { + fn( + elems[ i ], key, raw ? + value : + value.call( elems[ i ], i, fn( elems[ i ], key ) ) + ); + } + } + } + + if ( chainable ) { + return elems; + } + + // Gets + if ( bulk ) { + return fn.call( elems ); + } + + return len ? fn( elems[ 0 ], key ) : emptyGet; +}; + + +// Matches dashed string for camelizing +var rmsPrefix = /^-ms-/, + rdashAlpha = /-([a-z])/g; + +// Used by camelCase as callback to replace() +function fcamelCase( _all, letter ) { + return letter.toUpperCase(); +} + +// Convert dashed to camelCase; used by the css and data modules +// Support: IE <=9 - 11, Edge 12 - 15 +// Microsoft forgot to hump their vendor prefix (#9572) +function camelCase( string ) { + return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase ); +} +var acceptData = function( owner ) { + + // Accepts only: + // - Node + // - Node.ELEMENT_NODE + // - Node.DOCUMENT_NODE + // - Object + // - Any + return owner.nodeType === 1 || owner.nodeType === 9 || !( +owner.nodeType ); +}; + + + + +function Data() { + this.expando = jQuery.expando + Data.uid++; +} + +Data.uid = 1; + +Data.prototype = { + + cache: function( owner ) { + + // Check if the owner object already has a cache + var value = owner[ this.expando ]; + + // If not, create one + if ( !value ) { + value = {}; + + // We can accept data for non-element nodes in modern browsers, + // but we should not, see #8335. + // Always return an empty object. + if ( acceptData( owner ) ) { + + // If it is a node unlikely to be stringify-ed or looped over + // use plain assignment + if ( owner.nodeType ) { + owner[ this.expando ] = value; + + // Otherwise secure it in a non-enumerable property + // configurable must be true to allow the property to be + // deleted when data is removed + } else { + Object.defineProperty( owner, this.expando, { + value: value, + configurable: true + } ); + } + } + } + + return value; + }, + set: function( owner, data, value ) { + var prop, + cache = this.cache( owner ); + + // Handle: [ owner, key, value ] args + // Always use camelCase key (gh-2257) + if ( typeof data === "string" ) { + cache[ camelCase( data ) ] = value; + + // Handle: [ owner, { properties } ] args + } else { + + // Copy the properties one-by-one to the cache object + for ( prop in data ) { + cache[ camelCase( prop ) ] = data[ prop ]; + } + } + return cache; + }, + get: function( owner, key ) { + return key === undefined ? + this.cache( owner ) : + + // Always use camelCase key (gh-2257) + owner[ this.expando ] && owner[ this.expando ][ camelCase( key ) ]; + }, + access: function( owner, key, value ) { + + // In cases where either: + // + // 1. No key was specified + // 2. A string key was specified, but no value provided + // + // Take the "read" path and allow the get method to determine + // which value to return, respectively either: + // + // 1. The entire cache object + // 2. The data stored at the key + // + if ( key === undefined || + ( ( key && typeof key === "string" ) && value === undefined ) ) { + + return this.get( owner, key ); + } + + // When the key is not a string, or both a key and value + // are specified, set or extend (existing objects) with either: + // + // 1. An object of properties + // 2. A key and value + // + this.set( owner, key, value ); + + // Since the "set" path can have two possible entry points + // return the expected data based on which path was taken[*] + return value !== undefined ? value : key; + }, + remove: function( owner, key ) { + var i, + cache = owner[ this.expando ]; + + if ( cache === undefined ) { + return; + } + + if ( key !== undefined ) { + + // Support array or space separated string of keys + if ( Array.isArray( key ) ) { + + // If key is an array of keys... + // We always set camelCase keys, so remove that. + key = key.map( camelCase ); + } else { + key = camelCase( key ); + + // If a key with the spaces exists, use it. + // Otherwise, create an array by matching non-whitespace + key = key in cache ? + [ key ] : + ( key.match( rnothtmlwhite ) || [] ); + } + + i = key.length; + + while ( i-- ) { + delete cache[ key[ i ] ]; + } + } + + // Remove the expando if there's no more data + if ( key === undefined || jQuery.isEmptyObject( cache ) ) { + + // Support: Chrome <=35 - 45 + // Webkit & Blink performance suffers when deleting properties + // from DOM nodes, so set to undefined instead + // https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted) + if ( owner.nodeType ) { + owner[ this.expando ] = undefined; + } else { + delete owner[ this.expando ]; + } + } + }, + hasData: function( owner ) { + var cache = owner[ this.expando ]; + return cache !== undefined && !jQuery.isEmptyObject( cache ); + } +}; +var dataPriv = new Data(); + +var dataUser = new Data(); + + + +// Implementation Summary +// +// 1. Enforce API surface and semantic compatibility with 1.9.x branch +// 2. Improve the module's maintainability by reducing the storage +// paths to a single mechanism. +// 3. Use the same single mechanism to support "private" and "user" data. +// 4. _Never_ expose "private" data to user code (TODO: Drop _data, _removeData) +// 5. Avoid exposing implementation details on user objects (eg. expando properties) +// 6. Provide a clear path for implementation upgrade to WeakMap in 2014 + +var rbrace = /^(?:\{[\w\W]*\}|\[[\w\W]*\])$/, + rmultiDash = /[A-Z]/g; + +function getData( data ) { + if ( data === "true" ) { + return true; + } + + if ( data === "false" ) { + return false; + } + + if ( data === "null" ) { + return null; + } + + // Only convert to a number if it doesn't change the string + if ( data === +data + "" ) { + return +data; + } + + if ( rbrace.test( data ) ) { + return JSON.parse( data ); + } + + return data; +} + +function dataAttr( elem, key, data ) { + var name; + + // If nothing was found internally, try to fetch any + // data from the HTML5 data-* attribute + if ( data === undefined && elem.nodeType === 1 ) { + name = "data-" + key.replace( rmultiDash, "-$&" ).toLowerCase(); + data = elem.getAttribute( name ); + + if ( typeof data === "string" ) { + try { + data = getData( data ); + } catch ( e ) {} + + // Make sure we set the data so it isn't changed later + dataUser.set( elem, key, data ); + } else { + data = undefined; + } + } + return data; +} + +jQuery.extend( { + hasData: function( elem ) { + return dataUser.hasData( elem ) || dataPriv.hasData( elem ); + }, + + data: function( elem, name, data ) { + return dataUser.access( elem, name, data ); + }, + + removeData: function( elem, name ) { + dataUser.remove( elem, name ); + }, + + // TODO: Now that all calls to _data and _removeData have been replaced + // with direct calls to dataPriv methods, these can be deprecated. + _data: function( elem, name, data ) { + return dataPriv.access( elem, name, data ); + }, + + _removeData: function( elem, name ) { + dataPriv.remove( elem, name ); + } +} ); + +jQuery.fn.extend( { + data: function( key, value ) { + var i, name, data, + elem = this[ 0 ], + attrs = elem && elem.attributes; + + // Gets all values + if ( key === undefined ) { + if ( this.length ) { + data = dataUser.get( elem ); + + if ( elem.nodeType === 1 && !dataPriv.get( elem, "hasDataAttrs" ) ) { + i = attrs.length; + while ( i-- ) { + + // Support: IE 11 only + // The attrs elements can be null (#14894) + if ( attrs[ i ] ) { + name = attrs[ i ].name; + if ( name.indexOf( "data-" ) === 0 ) { + name = camelCase( name.slice( 5 ) ); + dataAttr( elem, name, data[ name ] ); + } + } + } + dataPriv.set( elem, "hasDataAttrs", true ); + } + } + + return data; + } + + // Sets multiple values + if ( typeof key === "object" ) { + return this.each( function() { + dataUser.set( this, key ); + } ); + } + + return access( this, function( value ) { + var data; + + // The calling jQuery object (element matches) is not empty + // (and therefore has an element appears at this[ 0 ]) and the + // `value` parameter was not undefined. An empty jQuery object + // will result in `undefined` for elem = this[ 0 ] which will + // throw an exception if an attempt to read a data cache is made. + if ( elem && value === undefined ) { + + // Attempt to get data from the cache + // The key will always be camelCased in Data + data = dataUser.get( elem, key ); + if ( data !== undefined ) { + return data; + } + + // Attempt to "discover" the data in + // HTML5 custom data-* attrs + data = dataAttr( elem, key ); + if ( data !== undefined ) { + return data; + } + + // We tried really hard, but the data doesn't exist. + return; + } + + // Set the data... + this.each( function() { + + // We always store the camelCased key + dataUser.set( this, key, value ); + } ); + }, null, value, arguments.length > 1, null, true ); + }, + + removeData: function( key ) { + return this.each( function() { + dataUser.remove( this, key ); + } ); + } +} ); + + +jQuery.extend( { + queue: function( elem, type, data ) { + var queue; + + if ( elem ) { + type = ( type || "fx" ) + "queue"; + queue = dataPriv.get( elem, type ); + + // Speed up dequeue by getting out quickly if this is just a lookup + if ( data ) { + if ( !queue || Array.isArray( data ) ) { + queue = dataPriv.access( elem, type, jQuery.makeArray( data ) ); + } else { + queue.push( data ); + } + } + return queue || []; + } + }, + + dequeue: function( elem, type ) { + type = type || "fx"; + + var queue = jQuery.queue( elem, type ), + startLength = queue.length, + fn = queue.shift(), + hooks = jQuery._queueHooks( elem, type ), + next = function() { + jQuery.dequeue( elem, type ); + }; + + // If the fx queue is dequeued, always remove the progress sentinel + if ( fn === "inprogress" ) { + fn = queue.shift(); + startLength--; + } + + if ( fn ) { + + // Add a progress sentinel to prevent the fx queue from being + // automatically dequeued + if ( type === "fx" ) { + queue.unshift( "inprogress" ); + } + + // Clear up the last queue stop function + delete hooks.stop; + fn.call( elem, next, hooks ); + } + + if ( !startLength && hooks ) { + hooks.empty.fire(); + } + }, + + // Not public - generate a queueHooks object, or return the current one + _queueHooks: function( elem, type ) { + var key = type + "queueHooks"; + return dataPriv.get( elem, key ) || dataPriv.access( elem, key, { + empty: jQuery.Callbacks( "once memory" ).add( function() { + dataPriv.remove( elem, [ type + "queue", key ] ); + } ) + } ); + } +} ); + +jQuery.fn.extend( { + queue: function( type, data ) { + var setter = 2; + + if ( typeof type !== "string" ) { + data = type; + type = "fx"; + setter--; + } + + if ( arguments.length < setter ) { + return jQuery.queue( this[ 0 ], type ); + } + + return data === undefined ? + this : + this.each( function() { + var queue = jQuery.queue( this, type, data ); + + // Ensure a hooks for this queue + jQuery._queueHooks( this, type ); + + if ( type === "fx" && queue[ 0 ] !== "inprogress" ) { + jQuery.dequeue( this, type ); + } + } ); + }, + dequeue: function( type ) { + return this.each( function() { + jQuery.dequeue( this, type ); + } ); + }, + clearQueue: function( type ) { + return this.queue( type || "fx", [] ); + }, + + // Get a promise resolved when queues of a certain type + // are emptied (fx is the type by default) + promise: function( type, obj ) { + var tmp, + count = 1, + defer = jQuery.Deferred(), + elements = this, + i = this.length, + resolve = function() { + if ( !( --count ) ) { + defer.resolveWith( elements, [ elements ] ); + } + }; + + if ( typeof type !== "string" ) { + obj = type; + type = undefined; + } + type = type || "fx"; + + while ( i-- ) { + tmp = dataPriv.get( elements[ i ], type + "queueHooks" ); + if ( tmp && tmp.empty ) { + count++; + tmp.empty.add( resolve ); + } + } + resolve(); + return defer.promise( obj ); + } +} ); +var pnum = ( /[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/ ).source; + +var rcssNum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" ); + + +var cssExpand = [ "Top", "Right", "Bottom", "Left" ]; + +var documentElement = document.documentElement; + + + + var isAttached = function( elem ) { + return jQuery.contains( elem.ownerDocument, elem ); + }, + composed = { composed: true }; + + // Support: IE 9 - 11+, Edge 12 - 18+, iOS 10.0 - 10.2 only + // Check attachment across shadow DOM boundaries when possible (gh-3504) + // Support: iOS 10.0-10.2 only + // Early iOS 10 versions support `attachShadow` but not `getRootNode`, + // leading to errors. We need to check for `getRootNode`. + if ( documentElement.getRootNode ) { + isAttached = function( elem ) { + return jQuery.contains( elem.ownerDocument, elem ) || + elem.getRootNode( composed ) === elem.ownerDocument; + }; + } +var isHiddenWithinTree = function( elem, el ) { + + // isHiddenWithinTree might be called from jQuery#filter function; + // in that case, element will be second argument + elem = el || elem; + + // Inline style trumps all + return elem.style.display === "none" || + elem.style.display === "" && + + // Otherwise, check computed style + // Support: Firefox <=43 - 45 + // Disconnected elements can have computed display: none, so first confirm that elem is + // in the document. + isAttached( elem ) && + + jQuery.css( elem, "display" ) === "none"; + }; + + + +function adjustCSS( elem, prop, valueParts, tween ) { + var adjusted, scale, + maxIterations = 20, + currentValue = tween ? + function() { + return tween.cur(); + } : + function() { + return jQuery.css( elem, prop, "" ); + }, + initial = currentValue(), + unit = valueParts && valueParts[ 3 ] || ( jQuery.cssNumber[ prop ] ? "" : "px" ), + + // Starting value computation is required for potential unit mismatches + initialInUnit = elem.nodeType && + ( jQuery.cssNumber[ prop ] || unit !== "px" && +initial ) && + rcssNum.exec( jQuery.css( elem, prop ) ); + + if ( initialInUnit && initialInUnit[ 3 ] !== unit ) { + + // Support: Firefox <=54 + // Halve the iteration target value to prevent interference from CSS upper bounds (gh-2144) + initial = initial / 2; + + // Trust units reported by jQuery.css + unit = unit || initialInUnit[ 3 ]; + + // Iteratively approximate from a nonzero starting point + initialInUnit = +initial || 1; + + while ( maxIterations-- ) { + + // Evaluate and update our best guess (doubling guesses that zero out). + // Finish if the scale equals or crosses 1 (making the old*new product non-positive). + jQuery.style( elem, prop, initialInUnit + unit ); + if ( ( 1 - scale ) * ( 1 - ( scale = currentValue() / initial || 0.5 ) ) <= 0 ) { + maxIterations = 0; + } + initialInUnit = initialInUnit / scale; + + } + + initialInUnit = initialInUnit * 2; + jQuery.style( elem, prop, initialInUnit + unit ); + + // Make sure we update the tween properties later on + valueParts = valueParts || []; + } + + if ( valueParts ) { + initialInUnit = +initialInUnit || +initial || 0; + + // Apply relative offset (+=/-=) if specified + adjusted = valueParts[ 1 ] ? + initialInUnit + ( valueParts[ 1 ] + 1 ) * valueParts[ 2 ] : + +valueParts[ 2 ]; + if ( tween ) { + tween.unit = unit; + tween.start = initialInUnit; + tween.end = adjusted; + } + } + return adjusted; +} + + +var defaultDisplayMap = {}; + +function getDefaultDisplay( elem ) { + var temp, + doc = elem.ownerDocument, + nodeName = elem.nodeName, + display = defaultDisplayMap[ nodeName ]; + + if ( display ) { + return display; + } + + temp = doc.body.appendChild( doc.createElement( nodeName ) ); + display = jQuery.css( temp, "display" ); + + temp.parentNode.removeChild( temp ); + + if ( display === "none" ) { + display = "block"; + } + defaultDisplayMap[ nodeName ] = display; + + return display; +} + +function showHide( elements, show ) { + var display, elem, + values = [], + index = 0, + length = elements.length; + + // Determine new display value for elements that need to change + for ( ; index < length; index++ ) { + elem = elements[ index ]; + if ( !elem.style ) { + continue; + } + + display = elem.style.display; + if ( show ) { + + // Since we force visibility upon cascade-hidden elements, an immediate (and slow) + // check is required in this first loop unless we have a nonempty display value (either + // inline or about-to-be-restored) + if ( display === "none" ) { + values[ index ] = dataPriv.get( elem, "display" ) || null; + if ( !values[ index ] ) { + elem.style.display = ""; + } + } + if ( elem.style.display === "" && isHiddenWithinTree( elem ) ) { + values[ index ] = getDefaultDisplay( elem ); + } + } else { + if ( display !== "none" ) { + values[ index ] = "none"; + + // Remember what we're overwriting + dataPriv.set( elem, "display", display ); + } + } + } + + // Set the display of the elements in a second loop to avoid constant reflow + for ( index = 0; index < length; index++ ) { + if ( values[ index ] != null ) { + elements[ index ].style.display = values[ index ]; + } + } + + return elements; +} + +jQuery.fn.extend( { + show: function() { + return showHide( this, true ); + }, + hide: function() { + return showHide( this ); + }, + toggle: function( state ) { + if ( typeof state === "boolean" ) { + return state ? this.show() : this.hide(); + } + + return this.each( function() { + if ( isHiddenWithinTree( this ) ) { + jQuery( this ).show(); + } else { + jQuery( this ).hide(); + } + } ); + } +} ); +var rcheckableType = ( /^(?:checkbox|radio)$/i ); + +var rtagName = ( /<([a-z][^\/\0>\x20\t\r\n\f]*)/i ); + +var rscriptType = ( /^$|^module$|\/(?:java|ecma)script/i ); + + + +( function() { + var fragment = document.createDocumentFragment(), + div = fragment.appendChild( document.createElement( "div" ) ), + input = document.createElement( "input" ); + + // Support: Android 4.0 - 4.3 only + // Check state lost if the name is set (#11217) + // Support: Windows Web Apps (WWA) + // `name` and `type` must use .setAttribute for WWA (#14901) + input.setAttribute( "type", "radio" ); + input.setAttribute( "checked", "checked" ); + input.setAttribute( "name", "t" ); + + div.appendChild( input ); + + // Support: Android <=4.1 only + // Older WebKit doesn't clone checked state correctly in fragments + support.checkClone = div.cloneNode( true ).cloneNode( true ).lastChild.checked; + + // Support: IE <=11 only + // Make sure textarea (and checkbox) defaultValue is properly cloned + div.innerHTML = ""; + support.noCloneChecked = !!div.cloneNode( true ).lastChild.defaultValue; + + // Support: IE <=9 only + // IE <=9 replaces "; + support.option = !!div.lastChild; +} )(); + + +// We have to close these tags to support XHTML (#13200) +var wrapMap = { + + // XHTML parsers do not magically insert elements in the + // same way that tag soup parsers do. So we cannot shorten + // this by omitting or other required elements. + thead: [ 1, "", "
" ], + col: [ 2, "", "
" ], + tr: [ 2, "", "
" ], + td: [ 3, "", "
" ], + + _default: [ 0, "", "" ] +}; + +wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead; +wrapMap.th = wrapMap.td; + +// Support: IE <=9 only +if ( !support.option ) { + wrapMap.optgroup = wrapMap.option = [ 1, "" ]; +} + + +function getAll( context, tag ) { + + // Support: IE <=9 - 11 only + // Use typeof to avoid zero-argument method invocation on host objects (#15151) + var ret; + + if ( typeof context.getElementsByTagName !== "undefined" ) { + ret = context.getElementsByTagName( tag || "*" ); + + } else if ( typeof context.querySelectorAll !== "undefined" ) { + ret = context.querySelectorAll( tag || "*" ); + + } else { + ret = []; + } + + if ( tag === undefined || tag && nodeName( context, tag ) ) { + return jQuery.merge( [ context ], ret ); + } + + return ret; +} + + +// Mark scripts as having already been evaluated +function setGlobalEval( elems, refElements ) { + var i = 0, + l = elems.length; + + for ( ; i < l; i++ ) { + dataPriv.set( + elems[ i ], + "globalEval", + !refElements || dataPriv.get( refElements[ i ], "globalEval" ) + ); + } +} + + +var rhtml = /<|&#?\w+;/; + +function buildFragment( elems, context, scripts, selection, ignored ) { + var elem, tmp, tag, wrap, attached, j, + fragment = context.createDocumentFragment(), + nodes = [], + i = 0, + l = elems.length; + + for ( ; i < l; i++ ) { + elem = elems[ i ]; + + if ( elem || elem === 0 ) { + + // Add nodes directly + if ( toType( elem ) === "object" ) { + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( nodes, elem.nodeType ? [ elem ] : elem ); + + // Convert non-html into a text node + } else if ( !rhtml.test( elem ) ) { + nodes.push( context.createTextNode( elem ) ); + + // Convert html into DOM nodes + } else { + tmp = tmp || fragment.appendChild( context.createElement( "div" ) ); + + // Deserialize a standard representation + tag = ( rtagName.exec( elem ) || [ "", "" ] )[ 1 ].toLowerCase(); + wrap = wrapMap[ tag ] || wrapMap._default; + tmp.innerHTML = wrap[ 1 ] + jQuery.htmlPrefilter( elem ) + wrap[ 2 ]; + + // Descend through wrappers to the right content + j = wrap[ 0 ]; + while ( j-- ) { + tmp = tmp.lastChild; + } + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( nodes, tmp.childNodes ); + + // Remember the top-level container + tmp = fragment.firstChild; + + // Ensure the created nodes are orphaned (#12392) + tmp.textContent = ""; + } + } + } + + // Remove wrapper from fragment + fragment.textContent = ""; + + i = 0; + while ( ( elem = nodes[ i++ ] ) ) { + + // Skip elements already in the context collection (trac-4087) + if ( selection && jQuery.inArray( elem, selection ) > -1 ) { + if ( ignored ) { + ignored.push( elem ); + } + continue; + } + + attached = isAttached( elem ); + + // Append to fragment + tmp = getAll( fragment.appendChild( elem ), "script" ); + + // Preserve script evaluation history + if ( attached ) { + setGlobalEval( tmp ); + } + + // Capture executables + if ( scripts ) { + j = 0; + while ( ( elem = tmp[ j++ ] ) ) { + if ( rscriptType.test( elem.type || "" ) ) { + scripts.push( elem ); + } + } + } + } + + return fragment; +} + + +var rtypenamespace = /^([^.]*)(?:\.(.+)|)/; + +function returnTrue() { + return true; +} + +function returnFalse() { + return false; +} + +// Support: IE <=9 - 11+ +// focus() and blur() are asynchronous, except when they are no-op. +// So expect focus to be synchronous when the element is already active, +// and blur to be synchronous when the element is not already active. +// (focus and blur are always synchronous in other supported browsers, +// this just defines when we can count on it). +function expectSync( elem, type ) { + return ( elem === safeActiveElement() ) === ( type === "focus" ); +} + +// Support: IE <=9 only +// Accessing document.activeElement can throw unexpectedly +// https://bugs.jquery.com/ticket/13393 +function safeActiveElement() { + try { + return document.activeElement; + } catch ( err ) { } +} + +function on( elem, types, selector, data, fn, one ) { + var origFn, type; + + // Types can be a map of types/handlers + if ( typeof types === "object" ) { + + // ( types-Object, selector, data ) + if ( typeof selector !== "string" ) { + + // ( types-Object, data ) + data = data || selector; + selector = undefined; + } + for ( type in types ) { + on( elem, type, selector, data, types[ type ], one ); + } + return elem; + } + + if ( data == null && fn == null ) { + + // ( types, fn ) + fn = selector; + data = selector = undefined; + } else if ( fn == null ) { + if ( typeof selector === "string" ) { + + // ( types, selector, fn ) + fn = data; + data = undefined; + } else { + + // ( types, data, fn ) + fn = data; + data = selector; + selector = undefined; + } + } + if ( fn === false ) { + fn = returnFalse; + } else if ( !fn ) { + return elem; + } + + if ( one === 1 ) { + origFn = fn; + fn = function( event ) { + + // Can use an empty set, since event contains the info + jQuery().off( event ); + return origFn.apply( this, arguments ); + }; + + // Use same guid so caller can remove using origFn + fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ ); + } + return elem.each( function() { + jQuery.event.add( this, types, fn, data, selector ); + } ); +} + +/* + * Helper functions for managing events -- not part of the public interface. + * Props to Dean Edwards' addEvent library for many of the ideas. + */ +jQuery.event = { + + global: {}, + + add: function( elem, types, handler, data, selector ) { + + var handleObjIn, eventHandle, tmp, + events, t, handleObj, + special, handlers, type, namespaces, origType, + elemData = dataPriv.get( elem ); + + // Only attach events to objects that accept data + if ( !acceptData( elem ) ) { + return; + } + + // Caller can pass in an object of custom data in lieu of the handler + if ( handler.handler ) { + handleObjIn = handler; + handler = handleObjIn.handler; + selector = handleObjIn.selector; + } + + // Ensure that invalid selectors throw exceptions at attach time + // Evaluate against documentElement in case elem is a non-element node (e.g., document) + if ( selector ) { + jQuery.find.matchesSelector( documentElement, selector ); + } + + // Make sure that the handler has a unique ID, used to find/remove it later + if ( !handler.guid ) { + handler.guid = jQuery.guid++; + } + + // Init the element's event structure and main handler, if this is the first + if ( !( events = elemData.events ) ) { + events = elemData.events = Object.create( null ); + } + if ( !( eventHandle = elemData.handle ) ) { + eventHandle = elemData.handle = function( e ) { + + // Discard the second event of a jQuery.event.trigger() and + // when an event is called after a page has unloaded + return typeof jQuery !== "undefined" && jQuery.event.triggered !== e.type ? + jQuery.event.dispatch.apply( elem, arguments ) : undefined; + }; + } + + // Handle multiple events separated by a space + types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; + t = types.length; + while ( t-- ) { + tmp = rtypenamespace.exec( types[ t ] ) || []; + type = origType = tmp[ 1 ]; + namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); + + // There *must* be a type, no attaching namespace-only handlers + if ( !type ) { + continue; + } + + // If event changes its type, use the special event handlers for the changed type + special = jQuery.event.special[ type ] || {}; + + // If selector defined, determine special event api type, otherwise given type + type = ( selector ? special.delegateType : special.bindType ) || type; + + // Update special based on newly reset type + special = jQuery.event.special[ type ] || {}; + + // handleObj is passed to all event handlers + handleObj = jQuery.extend( { + type: type, + origType: origType, + data: data, + handler: handler, + guid: handler.guid, + selector: selector, + needsContext: selector && jQuery.expr.match.needsContext.test( selector ), + namespace: namespaces.join( "." ) + }, handleObjIn ); + + // Init the event handler queue if we're the first + if ( !( handlers = events[ type ] ) ) { + handlers = events[ type ] = []; + handlers.delegateCount = 0; + + // Only use addEventListener if the special events handler returns false + if ( !special.setup || + special.setup.call( elem, data, namespaces, eventHandle ) === false ) { + + if ( elem.addEventListener ) { + elem.addEventListener( type, eventHandle ); + } + } + } + + if ( special.add ) { + special.add.call( elem, handleObj ); + + if ( !handleObj.handler.guid ) { + handleObj.handler.guid = handler.guid; + } + } + + // Add to the element's handler list, delegates in front + if ( selector ) { + handlers.splice( handlers.delegateCount++, 0, handleObj ); + } else { + handlers.push( handleObj ); + } + + // Keep track of which events have ever been used, for event optimization + jQuery.event.global[ type ] = true; + } + + }, + + // Detach an event or set of events from an element + remove: function( elem, types, handler, selector, mappedTypes ) { + + var j, origCount, tmp, + events, t, handleObj, + special, handlers, type, namespaces, origType, + elemData = dataPriv.hasData( elem ) && dataPriv.get( elem ); + + if ( !elemData || !( events = elemData.events ) ) { + return; + } + + // Once for each type.namespace in types; type may be omitted + types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; + t = types.length; + while ( t-- ) { + tmp = rtypenamespace.exec( types[ t ] ) || []; + type = origType = tmp[ 1 ]; + namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); + + // Unbind all events (on this namespace, if provided) for the element + if ( !type ) { + for ( type in events ) { + jQuery.event.remove( elem, type + types[ t ], handler, selector, true ); + } + continue; + } + + special = jQuery.event.special[ type ] || {}; + type = ( selector ? special.delegateType : special.bindType ) || type; + handlers = events[ type ] || []; + tmp = tmp[ 2 ] && + new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ); + + // Remove matching events + origCount = j = handlers.length; + while ( j-- ) { + handleObj = handlers[ j ]; + + if ( ( mappedTypes || origType === handleObj.origType ) && + ( !handler || handler.guid === handleObj.guid ) && + ( !tmp || tmp.test( handleObj.namespace ) ) && + ( !selector || selector === handleObj.selector || + selector === "**" && handleObj.selector ) ) { + handlers.splice( j, 1 ); + + if ( handleObj.selector ) { + handlers.delegateCount--; + } + if ( special.remove ) { + special.remove.call( elem, handleObj ); + } + } + } + + // Remove generic event handler if we removed something and no more handlers exist + // (avoids potential for endless recursion during removal of special event handlers) + if ( origCount && !handlers.length ) { + if ( !special.teardown || + special.teardown.call( elem, namespaces, elemData.handle ) === false ) { + + jQuery.removeEvent( elem, type, elemData.handle ); + } + + delete events[ type ]; + } + } + + // Remove data and the expando if it's no longer used + if ( jQuery.isEmptyObject( events ) ) { + dataPriv.remove( elem, "handle events" ); + } + }, + + dispatch: function( nativeEvent ) { + + var i, j, ret, matched, handleObj, handlerQueue, + args = new Array( arguments.length ), + + // Make a writable jQuery.Event from the native event object + event = jQuery.event.fix( nativeEvent ), + + handlers = ( + dataPriv.get( this, "events" ) || Object.create( null ) + )[ event.type ] || [], + special = jQuery.event.special[ event.type ] || {}; + + // Use the fix-ed jQuery.Event rather than the (read-only) native event + args[ 0 ] = event; + + for ( i = 1; i < arguments.length; i++ ) { + args[ i ] = arguments[ i ]; + } + + event.delegateTarget = this; + + // Call the preDispatch hook for the mapped type, and let it bail if desired + if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) { + return; + } + + // Determine handlers + handlerQueue = jQuery.event.handlers.call( this, event, handlers ); + + // Run delegates first; they may want to stop propagation beneath us + i = 0; + while ( ( matched = handlerQueue[ i++ ] ) && !event.isPropagationStopped() ) { + event.currentTarget = matched.elem; + + j = 0; + while ( ( handleObj = matched.handlers[ j++ ] ) && + !event.isImmediatePropagationStopped() ) { + + // If the event is namespaced, then each handler is only invoked if it is + // specially universal or its namespaces are a superset of the event's. + if ( !event.rnamespace || handleObj.namespace === false || + event.rnamespace.test( handleObj.namespace ) ) { + + event.handleObj = handleObj; + event.data = handleObj.data; + + ret = ( ( jQuery.event.special[ handleObj.origType ] || {} ).handle || + handleObj.handler ).apply( matched.elem, args ); + + if ( ret !== undefined ) { + if ( ( event.result = ret ) === false ) { + event.preventDefault(); + event.stopPropagation(); + } + } + } + } + } + + // Call the postDispatch hook for the mapped type + if ( special.postDispatch ) { + special.postDispatch.call( this, event ); + } + + return event.result; + }, + + handlers: function( event, handlers ) { + var i, handleObj, sel, matchedHandlers, matchedSelectors, + handlerQueue = [], + delegateCount = handlers.delegateCount, + cur = event.target; + + // Find delegate handlers + if ( delegateCount && + + // Support: IE <=9 + // Black-hole SVG instance trees (trac-13180) + cur.nodeType && + + // Support: Firefox <=42 + // Suppress spec-violating clicks indicating a non-primary pointer button (trac-3861) + // https://www.w3.org/TR/DOM-Level-3-Events/#event-type-click + // Support: IE 11 only + // ...but not arrow key "clicks" of radio inputs, which can have `button` -1 (gh-2343) + !( event.type === "click" && event.button >= 1 ) ) { + + for ( ; cur !== this; cur = cur.parentNode || this ) { + + // Don't check non-elements (#13208) + // Don't process clicks on disabled elements (#6911, #8165, #11382, #11764) + if ( cur.nodeType === 1 && !( event.type === "click" && cur.disabled === true ) ) { + matchedHandlers = []; + matchedSelectors = {}; + for ( i = 0; i < delegateCount; i++ ) { + handleObj = handlers[ i ]; + + // Don't conflict with Object.prototype properties (#13203) + sel = handleObj.selector + " "; + + if ( matchedSelectors[ sel ] === undefined ) { + matchedSelectors[ sel ] = handleObj.needsContext ? + jQuery( sel, this ).index( cur ) > -1 : + jQuery.find( sel, this, null, [ cur ] ).length; + } + if ( matchedSelectors[ sel ] ) { + matchedHandlers.push( handleObj ); + } + } + if ( matchedHandlers.length ) { + handlerQueue.push( { elem: cur, handlers: matchedHandlers } ); + } + } + } + } + + // Add the remaining (directly-bound) handlers + cur = this; + if ( delegateCount < handlers.length ) { + handlerQueue.push( { elem: cur, handlers: handlers.slice( delegateCount ) } ); + } + + return handlerQueue; + }, + + addProp: function( name, hook ) { + Object.defineProperty( jQuery.Event.prototype, name, { + enumerable: true, + configurable: true, + + get: isFunction( hook ) ? + function() { + if ( this.originalEvent ) { + return hook( this.originalEvent ); + } + } : + function() { + if ( this.originalEvent ) { + return this.originalEvent[ name ]; + } + }, + + set: function( value ) { + Object.defineProperty( this, name, { + enumerable: true, + configurable: true, + writable: true, + value: value + } ); + } + } ); + }, + + fix: function( originalEvent ) { + return originalEvent[ jQuery.expando ] ? + originalEvent : + new jQuery.Event( originalEvent ); + }, + + special: { + load: { + + // Prevent triggered image.load events from bubbling to window.load + noBubble: true + }, + click: { + + // Utilize native event to ensure correct state for checkable inputs + setup: function( data ) { + + // For mutual compressibility with _default, replace `this` access with a local var. + // `|| data` is dead code meant only to preserve the variable through minification. + var el = this || data; + + // Claim the first handler + if ( rcheckableType.test( el.type ) && + el.click && nodeName( el, "input" ) ) { + + // dataPriv.set( el, "click", ... ) + leverageNative( el, "click", returnTrue ); + } + + // Return false to allow normal processing in the caller + return false; + }, + trigger: function( data ) { + + // For mutual compressibility with _default, replace `this` access with a local var. + // `|| data` is dead code meant only to preserve the variable through minification. + var el = this || data; + + // Force setup before triggering a click + if ( rcheckableType.test( el.type ) && + el.click && nodeName( el, "input" ) ) { + + leverageNative( el, "click" ); + } + + // Return non-false to allow normal event-path propagation + return true; + }, + + // For cross-browser consistency, suppress native .click() on links + // Also prevent it if we're currently inside a leveraged native-event stack + _default: function( event ) { + var target = event.target; + return rcheckableType.test( target.type ) && + target.click && nodeName( target, "input" ) && + dataPriv.get( target, "click" ) || + nodeName( target, "a" ); + } + }, + + beforeunload: { + postDispatch: function( event ) { + + // Support: Firefox 20+ + // Firefox doesn't alert if the returnValue field is not set. + if ( event.result !== undefined && event.originalEvent ) { + event.originalEvent.returnValue = event.result; + } + } + } + } +}; + +// Ensure the presence of an event listener that handles manually-triggered +// synthetic events by interrupting progress until reinvoked in response to +// *native* events that it fires directly, ensuring that state changes have +// already occurred before other listeners are invoked. +function leverageNative( el, type, expectSync ) { + + // Missing expectSync indicates a trigger call, which must force setup through jQuery.event.add + if ( !expectSync ) { + if ( dataPriv.get( el, type ) === undefined ) { + jQuery.event.add( el, type, returnTrue ); + } + return; + } + + // Register the controller as a special universal handler for all event namespaces + dataPriv.set( el, type, false ); + jQuery.event.add( el, type, { + namespace: false, + handler: function( event ) { + var notAsync, result, + saved = dataPriv.get( this, type ); + + if ( ( event.isTrigger & 1 ) && this[ type ] ) { + + // Interrupt processing of the outer synthetic .trigger()ed event + // Saved data should be false in such cases, but might be a leftover capture object + // from an async native handler (gh-4350) + if ( !saved.length ) { + + // Store arguments for use when handling the inner native event + // There will always be at least one argument (an event object), so this array + // will not be confused with a leftover capture object. + saved = slice.call( arguments ); + dataPriv.set( this, type, saved ); + + // Trigger the native event and capture its result + // Support: IE <=9 - 11+ + // focus() and blur() are asynchronous + notAsync = expectSync( this, type ); + this[ type ](); + result = dataPriv.get( this, type ); + if ( saved !== result || notAsync ) { + dataPriv.set( this, type, false ); + } else { + result = {}; + } + if ( saved !== result ) { + + // Cancel the outer synthetic event + event.stopImmediatePropagation(); + event.preventDefault(); + + // Support: Chrome 86+ + // In Chrome, if an element having a focusout handler is blurred by + // clicking outside of it, it invokes the handler synchronously. If + // that handler calls `.remove()` on the element, the data is cleared, + // leaving `result` undefined. We need to guard against this. + return result && result.value; + } + + // If this is an inner synthetic event for an event with a bubbling surrogate + // (focus or blur), assume that the surrogate already propagated from triggering the + // native event and prevent that from happening again here. + // This technically gets the ordering wrong w.r.t. to `.trigger()` (in which the + // bubbling surrogate propagates *after* the non-bubbling base), but that seems + // less bad than duplication. + } else if ( ( jQuery.event.special[ type ] || {} ).delegateType ) { + event.stopPropagation(); + } + + // If this is a native event triggered above, everything is now in order + // Fire an inner synthetic event with the original arguments + } else if ( saved.length ) { + + // ...and capture the result + dataPriv.set( this, type, { + value: jQuery.event.trigger( + + // Support: IE <=9 - 11+ + // Extend with the prototype to reset the above stopImmediatePropagation() + jQuery.extend( saved[ 0 ], jQuery.Event.prototype ), + saved.slice( 1 ), + this + ) + } ); + + // Abort handling of the native event + event.stopImmediatePropagation(); + } + } + } ); +} + +jQuery.removeEvent = function( elem, type, handle ) { + + // This "if" is needed for plain objects + if ( elem.removeEventListener ) { + elem.removeEventListener( type, handle ); + } +}; + +jQuery.Event = function( src, props ) { + + // Allow instantiation without the 'new' keyword + if ( !( this instanceof jQuery.Event ) ) { + return new jQuery.Event( src, props ); + } + + // Event object + if ( src && src.type ) { + this.originalEvent = src; + this.type = src.type; + + // Events bubbling up the document may have been marked as prevented + // by a handler lower down the tree; reflect the correct value. + this.isDefaultPrevented = src.defaultPrevented || + src.defaultPrevented === undefined && + + // Support: Android <=2.3 only + src.returnValue === false ? + returnTrue : + returnFalse; + + // Create target properties + // Support: Safari <=6 - 7 only + // Target should not be a text node (#504, #13143) + this.target = ( src.target && src.target.nodeType === 3 ) ? + src.target.parentNode : + src.target; + + this.currentTarget = src.currentTarget; + this.relatedTarget = src.relatedTarget; + + // Event type + } else { + this.type = src; + } + + // Put explicitly provided properties onto the event object + if ( props ) { + jQuery.extend( this, props ); + } + + // Create a timestamp if incoming event doesn't have one + this.timeStamp = src && src.timeStamp || Date.now(); + + // Mark it as fixed + this[ jQuery.expando ] = true; +}; + +// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding +// https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html +jQuery.Event.prototype = { + constructor: jQuery.Event, + isDefaultPrevented: returnFalse, + isPropagationStopped: returnFalse, + isImmediatePropagationStopped: returnFalse, + isSimulated: false, + + preventDefault: function() { + var e = this.originalEvent; + + this.isDefaultPrevented = returnTrue; + + if ( e && !this.isSimulated ) { + e.preventDefault(); + } + }, + stopPropagation: function() { + var e = this.originalEvent; + + this.isPropagationStopped = returnTrue; + + if ( e && !this.isSimulated ) { + e.stopPropagation(); + } + }, + stopImmediatePropagation: function() { + var e = this.originalEvent; + + this.isImmediatePropagationStopped = returnTrue; + + if ( e && !this.isSimulated ) { + e.stopImmediatePropagation(); + } + + this.stopPropagation(); + } +}; + +// Includes all common event props including KeyEvent and MouseEvent specific props +jQuery.each( { + altKey: true, + bubbles: true, + cancelable: true, + changedTouches: true, + ctrlKey: true, + detail: true, + eventPhase: true, + metaKey: true, + pageX: true, + pageY: true, + shiftKey: true, + view: true, + "char": true, + code: true, + charCode: true, + key: true, + keyCode: true, + button: true, + buttons: true, + clientX: true, + clientY: true, + offsetX: true, + offsetY: true, + pointerId: true, + pointerType: true, + screenX: true, + screenY: true, + targetTouches: true, + toElement: true, + touches: true, + which: true +}, jQuery.event.addProp ); + +jQuery.each( { focus: "focusin", blur: "focusout" }, function( type, delegateType ) { + jQuery.event.special[ type ] = { + + // Utilize native event if possible so blur/focus sequence is correct + setup: function() { + + // Claim the first handler + // dataPriv.set( this, "focus", ... ) + // dataPriv.set( this, "blur", ... ) + leverageNative( this, type, expectSync ); + + // Return false to allow normal processing in the caller + return false; + }, + trigger: function() { + + // Force setup before trigger + leverageNative( this, type ); + + // Return non-false to allow normal event-path propagation + return true; + }, + + // Suppress native focus or blur as it's already being fired + // in leverageNative. + _default: function() { + return true; + }, + + delegateType: delegateType + }; +} ); + +// Create mouseenter/leave events using mouseover/out and event-time checks +// so that event delegation works in jQuery. +// Do the same for pointerenter/pointerleave and pointerover/pointerout +// +// Support: Safari 7 only +// Safari sends mouseenter too often; see: +// https://bugs.chromium.org/p/chromium/issues/detail?id=470258 +// for the description of the bug (it existed in older Chrome versions as well). +jQuery.each( { + mouseenter: "mouseover", + mouseleave: "mouseout", + pointerenter: "pointerover", + pointerleave: "pointerout" +}, function( orig, fix ) { + jQuery.event.special[ orig ] = { + delegateType: fix, + bindType: fix, + + handle: function( event ) { + var ret, + target = this, + related = event.relatedTarget, + handleObj = event.handleObj; + + // For mouseenter/leave call the handler if related is outside the target. + // NB: No relatedTarget if the mouse left/entered the browser window + if ( !related || ( related !== target && !jQuery.contains( target, related ) ) ) { + event.type = handleObj.origType; + ret = handleObj.handler.apply( this, arguments ); + event.type = fix; + } + return ret; + } + }; +} ); + +jQuery.fn.extend( { + + on: function( types, selector, data, fn ) { + return on( this, types, selector, data, fn ); + }, + one: function( types, selector, data, fn ) { + return on( this, types, selector, data, fn, 1 ); + }, + off: function( types, selector, fn ) { + var handleObj, type; + if ( types && types.preventDefault && types.handleObj ) { + + // ( event ) dispatched jQuery.Event + handleObj = types.handleObj; + jQuery( types.delegateTarget ).off( + handleObj.namespace ? + handleObj.origType + "." + handleObj.namespace : + handleObj.origType, + handleObj.selector, + handleObj.handler + ); + return this; + } + if ( typeof types === "object" ) { + + // ( types-object [, selector] ) + for ( type in types ) { + this.off( type, selector, types[ type ] ); + } + return this; + } + if ( selector === false || typeof selector === "function" ) { + + // ( types [, fn] ) + fn = selector; + selector = undefined; + } + if ( fn === false ) { + fn = returnFalse; + } + return this.each( function() { + jQuery.event.remove( this, types, fn, selector ); + } ); + } +} ); + + +var + + // Support: IE <=10 - 11, Edge 12 - 13 only + // In IE/Edge using regex groups here causes severe slowdowns. + // See https://connect.microsoft.com/IE/feedback/details/1736512/ + rnoInnerhtml = /\s*$/g; + +// Prefer a tbody over its parent table for containing new rows +function manipulationTarget( elem, content ) { + if ( nodeName( elem, "table" ) && + nodeName( content.nodeType !== 11 ? content : content.firstChild, "tr" ) ) { + + return jQuery( elem ).children( "tbody" )[ 0 ] || elem; + } + + return elem; +} + +// Replace/restore the type attribute of script elements for safe DOM manipulation +function disableScript( elem ) { + elem.type = ( elem.getAttribute( "type" ) !== null ) + "/" + elem.type; + return elem; +} +function restoreScript( elem ) { + if ( ( elem.type || "" ).slice( 0, 5 ) === "true/" ) { + elem.type = elem.type.slice( 5 ); + } else { + elem.removeAttribute( "type" ); + } + + return elem; +} + +function cloneCopyEvent( src, dest ) { + var i, l, type, pdataOld, udataOld, udataCur, events; + + if ( dest.nodeType !== 1 ) { + return; + } + + // 1. Copy private data: events, handlers, etc. + if ( dataPriv.hasData( src ) ) { + pdataOld = dataPriv.get( src ); + events = pdataOld.events; + + if ( events ) { + dataPriv.remove( dest, "handle events" ); + + for ( type in events ) { + for ( i = 0, l = events[ type ].length; i < l; i++ ) { + jQuery.event.add( dest, type, events[ type ][ i ] ); + } + } + } + } + + // 2. Copy user data + if ( dataUser.hasData( src ) ) { + udataOld = dataUser.access( src ); + udataCur = jQuery.extend( {}, udataOld ); + + dataUser.set( dest, udataCur ); + } +} + +// Fix IE bugs, see support tests +function fixInput( src, dest ) { + var nodeName = dest.nodeName.toLowerCase(); + + // Fails to persist the checked state of a cloned checkbox or radio button. + if ( nodeName === "input" && rcheckableType.test( src.type ) ) { + dest.checked = src.checked; + + // Fails to return the selected option to the default selected state when cloning options + } else if ( nodeName === "input" || nodeName === "textarea" ) { + dest.defaultValue = src.defaultValue; + } +} + +function domManip( collection, args, callback, ignored ) { + + // Flatten any nested arrays + args = flat( args ); + + var fragment, first, scripts, hasScripts, node, doc, + i = 0, + l = collection.length, + iNoClone = l - 1, + value = args[ 0 ], + valueIsFunction = isFunction( value ); + + // We can't cloneNode fragments that contain checked, in WebKit + if ( valueIsFunction || + ( l > 1 && typeof value === "string" && + !support.checkClone && rchecked.test( value ) ) ) { + return collection.each( function( index ) { + var self = collection.eq( index ); + if ( valueIsFunction ) { + args[ 0 ] = value.call( this, index, self.html() ); + } + domManip( self, args, callback, ignored ); + } ); + } + + if ( l ) { + fragment = buildFragment( args, collection[ 0 ].ownerDocument, false, collection, ignored ); + first = fragment.firstChild; + + if ( fragment.childNodes.length === 1 ) { + fragment = first; + } + + // Require either new content or an interest in ignored elements to invoke the callback + if ( first || ignored ) { + scripts = jQuery.map( getAll( fragment, "script" ), disableScript ); + hasScripts = scripts.length; + + // Use the original fragment for the last item + // instead of the first because it can end up + // being emptied incorrectly in certain situations (#8070). + for ( ; i < l; i++ ) { + node = fragment; + + if ( i !== iNoClone ) { + node = jQuery.clone( node, true, true ); + + // Keep references to cloned scripts for later restoration + if ( hasScripts ) { + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( scripts, getAll( node, "script" ) ); + } + } + + callback.call( collection[ i ], node, i ); + } + + if ( hasScripts ) { + doc = scripts[ scripts.length - 1 ].ownerDocument; + + // Reenable scripts + jQuery.map( scripts, restoreScript ); + + // Evaluate executable scripts on first document insertion + for ( i = 0; i < hasScripts; i++ ) { + node = scripts[ i ]; + if ( rscriptType.test( node.type || "" ) && + !dataPriv.access( node, "globalEval" ) && + jQuery.contains( doc, node ) ) { + + if ( node.src && ( node.type || "" ).toLowerCase() !== "module" ) { + + // Optional AJAX dependency, but won't run scripts if not present + if ( jQuery._evalUrl && !node.noModule ) { + jQuery._evalUrl( node.src, { + nonce: node.nonce || node.getAttribute( "nonce" ) + }, doc ); + } + } else { + DOMEval( node.textContent.replace( rcleanScript, "" ), node, doc ); + } + } + } + } + } + } + + return collection; +} + +function remove( elem, selector, keepData ) { + var node, + nodes = selector ? jQuery.filter( selector, elem ) : elem, + i = 0; + + for ( ; ( node = nodes[ i ] ) != null; i++ ) { + if ( !keepData && node.nodeType === 1 ) { + jQuery.cleanData( getAll( node ) ); + } + + if ( node.parentNode ) { + if ( keepData && isAttached( node ) ) { + setGlobalEval( getAll( node, "script" ) ); + } + node.parentNode.removeChild( node ); + } + } + + return elem; +} + +jQuery.extend( { + htmlPrefilter: function( html ) { + return html; + }, + + clone: function( elem, dataAndEvents, deepDataAndEvents ) { + var i, l, srcElements, destElements, + clone = elem.cloneNode( true ), + inPage = isAttached( elem ); + + // Fix IE cloning issues + if ( !support.noCloneChecked && ( elem.nodeType === 1 || elem.nodeType === 11 ) && + !jQuery.isXMLDoc( elem ) ) { + + // We eschew Sizzle here for performance reasons: https://jsperf.com/getall-vs-sizzle/2 + destElements = getAll( clone ); + srcElements = getAll( elem ); + + for ( i = 0, l = srcElements.length; i < l; i++ ) { + fixInput( srcElements[ i ], destElements[ i ] ); + } + } + + // Copy the events from the original to the clone + if ( dataAndEvents ) { + if ( deepDataAndEvents ) { + srcElements = srcElements || getAll( elem ); + destElements = destElements || getAll( clone ); + + for ( i = 0, l = srcElements.length; i < l; i++ ) { + cloneCopyEvent( srcElements[ i ], destElements[ i ] ); + } + } else { + cloneCopyEvent( elem, clone ); + } + } + + // Preserve script evaluation history + destElements = getAll( clone, "script" ); + if ( destElements.length > 0 ) { + setGlobalEval( destElements, !inPage && getAll( elem, "script" ) ); + } + + // Return the cloned set + return clone; + }, + + cleanData: function( elems ) { + var data, elem, type, + special = jQuery.event.special, + i = 0; + + for ( ; ( elem = elems[ i ] ) !== undefined; i++ ) { + if ( acceptData( elem ) ) { + if ( ( data = elem[ dataPriv.expando ] ) ) { + if ( data.events ) { + for ( type in data.events ) { + if ( special[ type ] ) { + jQuery.event.remove( elem, type ); + + // This is a shortcut to avoid jQuery.event.remove's overhead + } else { + jQuery.removeEvent( elem, type, data.handle ); + } + } + } + + // Support: Chrome <=35 - 45+ + // Assign undefined instead of using delete, see Data#remove + elem[ dataPriv.expando ] = undefined; + } + if ( elem[ dataUser.expando ] ) { + + // Support: Chrome <=35 - 45+ + // Assign undefined instead of using delete, see Data#remove + elem[ dataUser.expando ] = undefined; + } + } + } + } +} ); + +jQuery.fn.extend( { + detach: function( selector ) { + return remove( this, selector, true ); + }, + + remove: function( selector ) { + return remove( this, selector ); + }, + + text: function( value ) { + return access( this, function( value ) { + return value === undefined ? + jQuery.text( this ) : + this.empty().each( function() { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + this.textContent = value; + } + } ); + }, null, value, arguments.length ); + }, + + append: function() { + return domManip( this, arguments, function( elem ) { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + var target = manipulationTarget( this, elem ); + target.appendChild( elem ); + } + } ); + }, + + prepend: function() { + return domManip( this, arguments, function( elem ) { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + var target = manipulationTarget( this, elem ); + target.insertBefore( elem, target.firstChild ); + } + } ); + }, + + before: function() { + return domManip( this, arguments, function( elem ) { + if ( this.parentNode ) { + this.parentNode.insertBefore( elem, this ); + } + } ); + }, + + after: function() { + return domManip( this, arguments, function( elem ) { + if ( this.parentNode ) { + this.parentNode.insertBefore( elem, this.nextSibling ); + } + } ); + }, + + empty: function() { + var elem, + i = 0; + + for ( ; ( elem = this[ i ] ) != null; i++ ) { + if ( elem.nodeType === 1 ) { + + // Prevent memory leaks + jQuery.cleanData( getAll( elem, false ) ); + + // Remove any remaining nodes + elem.textContent = ""; + } + } + + return this; + }, + + clone: function( dataAndEvents, deepDataAndEvents ) { + dataAndEvents = dataAndEvents == null ? false : dataAndEvents; + deepDataAndEvents = deepDataAndEvents == null ? dataAndEvents : deepDataAndEvents; + + return this.map( function() { + return jQuery.clone( this, dataAndEvents, deepDataAndEvents ); + } ); + }, + + html: function( value ) { + return access( this, function( value ) { + var elem = this[ 0 ] || {}, + i = 0, + l = this.length; + + if ( value === undefined && elem.nodeType === 1 ) { + return elem.innerHTML; + } + + // See if we can take a shortcut and just use innerHTML + if ( typeof value === "string" && !rnoInnerhtml.test( value ) && + !wrapMap[ ( rtagName.exec( value ) || [ "", "" ] )[ 1 ].toLowerCase() ] ) { + + value = jQuery.htmlPrefilter( value ); + + try { + for ( ; i < l; i++ ) { + elem = this[ i ] || {}; + + // Remove element nodes and prevent memory leaks + if ( elem.nodeType === 1 ) { + jQuery.cleanData( getAll( elem, false ) ); + elem.innerHTML = value; + } + } + + elem = 0; + + // If using innerHTML throws an exception, use the fallback method + } catch ( e ) {} + } + + if ( elem ) { + this.empty().append( value ); + } + }, null, value, arguments.length ); + }, + + replaceWith: function() { + var ignored = []; + + // Make the changes, replacing each non-ignored context element with the new content + return domManip( this, arguments, function( elem ) { + var parent = this.parentNode; + + if ( jQuery.inArray( this, ignored ) < 0 ) { + jQuery.cleanData( getAll( this ) ); + if ( parent ) { + parent.replaceChild( elem, this ); + } + } + + // Force callback invocation + }, ignored ); + } +} ); + +jQuery.each( { + appendTo: "append", + prependTo: "prepend", + insertBefore: "before", + insertAfter: "after", + replaceAll: "replaceWith" +}, function( name, original ) { + jQuery.fn[ name ] = function( selector ) { + var elems, + ret = [], + insert = jQuery( selector ), + last = insert.length - 1, + i = 0; + + for ( ; i <= last; i++ ) { + elems = i === last ? this : this.clone( true ); + jQuery( insert[ i ] )[ original ]( elems ); + + // Support: Android <=4.0 only, PhantomJS 1 only + // .get() because push.apply(_, arraylike) throws on ancient WebKit + push.apply( ret, elems.get() ); + } + + return this.pushStack( ret ); + }; +} ); +var rnumnonpx = new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" ); + +var getStyles = function( elem ) { + + // Support: IE <=11 only, Firefox <=30 (#15098, #14150) + // IE throws on elements created in popups + // FF meanwhile throws on frame elements through "defaultView.getComputedStyle" + var view = elem.ownerDocument.defaultView; + + if ( !view || !view.opener ) { + view = window; + } + + return view.getComputedStyle( elem ); + }; + +var swap = function( elem, options, callback ) { + var ret, name, + old = {}; + + // Remember the old values, and insert the new ones + for ( name in options ) { + old[ name ] = elem.style[ name ]; + elem.style[ name ] = options[ name ]; + } + + ret = callback.call( elem ); + + // Revert the old values + for ( name in options ) { + elem.style[ name ] = old[ name ]; + } + + return ret; +}; + + +var rboxStyle = new RegExp( cssExpand.join( "|" ), "i" ); + + + +( function() { + + // Executing both pixelPosition & boxSizingReliable tests require only one layout + // so they're executed at the same time to save the second computation. + function computeStyleTests() { + + // This is a singleton, we need to execute it only once + if ( !div ) { + return; + } + + container.style.cssText = "position:absolute;left:-11111px;width:60px;" + + "margin-top:1px;padding:0;border:0"; + div.style.cssText = + "position:relative;display:block;box-sizing:border-box;overflow:scroll;" + + "margin:auto;border:1px;padding:1px;" + + "width:60%;top:1%"; + documentElement.appendChild( container ).appendChild( div ); + + var divStyle = window.getComputedStyle( div ); + pixelPositionVal = divStyle.top !== "1%"; + + // Support: Android 4.0 - 4.3 only, Firefox <=3 - 44 + reliableMarginLeftVal = roundPixelMeasures( divStyle.marginLeft ) === 12; + + // Support: Android 4.0 - 4.3 only, Safari <=9.1 - 10.1, iOS <=7.0 - 9.3 + // Some styles come back with percentage values, even though they shouldn't + div.style.right = "60%"; + pixelBoxStylesVal = roundPixelMeasures( divStyle.right ) === 36; + + // Support: IE 9 - 11 only + // Detect misreporting of content dimensions for box-sizing:border-box elements + boxSizingReliableVal = roundPixelMeasures( divStyle.width ) === 36; + + // Support: IE 9 only + // Detect overflow:scroll screwiness (gh-3699) + // Support: Chrome <=64 + // Don't get tricked when zoom affects offsetWidth (gh-4029) + div.style.position = "absolute"; + scrollboxSizeVal = roundPixelMeasures( div.offsetWidth / 3 ) === 12; + + documentElement.removeChild( container ); + + // Nullify the div so it wouldn't be stored in the memory and + // it will also be a sign that checks already performed + div = null; + } + + function roundPixelMeasures( measure ) { + return Math.round( parseFloat( measure ) ); + } + + var pixelPositionVal, boxSizingReliableVal, scrollboxSizeVal, pixelBoxStylesVal, + reliableTrDimensionsVal, reliableMarginLeftVal, + container = document.createElement( "div" ), + div = document.createElement( "div" ); + + // Finish early in limited (non-browser) environments + if ( !div.style ) { + return; + } + + // Support: IE <=9 - 11 only + // Style of cloned element affects source element cloned (#8908) + div.style.backgroundClip = "content-box"; + div.cloneNode( true ).style.backgroundClip = ""; + support.clearCloneStyle = div.style.backgroundClip === "content-box"; + + jQuery.extend( support, { + boxSizingReliable: function() { + computeStyleTests(); + return boxSizingReliableVal; + }, + pixelBoxStyles: function() { + computeStyleTests(); + return pixelBoxStylesVal; + }, + pixelPosition: function() { + computeStyleTests(); + return pixelPositionVal; + }, + reliableMarginLeft: function() { + computeStyleTests(); + return reliableMarginLeftVal; + }, + scrollboxSize: function() { + computeStyleTests(); + return scrollboxSizeVal; + }, + + // Support: IE 9 - 11+, Edge 15 - 18+ + // IE/Edge misreport `getComputedStyle` of table rows with width/height + // set in CSS while `offset*` properties report correct values. + // Behavior in IE 9 is more subtle than in newer versions & it passes + // some versions of this test; make sure not to make it pass there! + // + // Support: Firefox 70+ + // Only Firefox includes border widths + // in computed dimensions. (gh-4529) + reliableTrDimensions: function() { + var table, tr, trChild, trStyle; + if ( reliableTrDimensionsVal == null ) { + table = document.createElement( "table" ); + tr = document.createElement( "tr" ); + trChild = document.createElement( "div" ); + + table.style.cssText = "position:absolute;left:-11111px;border-collapse:separate"; + tr.style.cssText = "border:1px solid"; + + // Support: Chrome 86+ + // Height set through cssText does not get applied. + // Computed height then comes back as 0. + tr.style.height = "1px"; + trChild.style.height = "9px"; + + // Support: Android 8 Chrome 86+ + // In our bodyBackground.html iframe, + // display for all div elements is set to "inline", + // which causes a problem only in Android 8 Chrome 86. + // Ensuring the div is display: block + // gets around this issue. + trChild.style.display = "block"; + + documentElement + .appendChild( table ) + .appendChild( tr ) + .appendChild( trChild ); + + trStyle = window.getComputedStyle( tr ); + reliableTrDimensionsVal = ( parseInt( trStyle.height, 10 ) + + parseInt( trStyle.borderTopWidth, 10 ) + + parseInt( trStyle.borderBottomWidth, 10 ) ) === tr.offsetHeight; + + documentElement.removeChild( table ); + } + return reliableTrDimensionsVal; + } + } ); +} )(); + + +function curCSS( elem, name, computed ) { + var width, minWidth, maxWidth, ret, + + // Support: Firefox 51+ + // Retrieving style before computed somehow + // fixes an issue with getting wrong values + // on detached elements + style = elem.style; + + computed = computed || getStyles( elem ); + + // getPropertyValue is needed for: + // .css('filter') (IE 9 only, #12537) + // .css('--customProperty) (#3144) + if ( computed ) { + ret = computed.getPropertyValue( name ) || computed[ name ]; + + if ( ret === "" && !isAttached( elem ) ) { + ret = jQuery.style( elem, name ); + } + + // A tribute to the "awesome hack by Dean Edwards" + // Android Browser returns percentage for some values, + // but width seems to be reliably pixels. + // This is against the CSSOM draft spec: + // https://drafts.csswg.org/cssom/#resolved-values + if ( !support.pixelBoxStyles() && rnumnonpx.test( ret ) && rboxStyle.test( name ) ) { + + // Remember the original values + width = style.width; + minWidth = style.minWidth; + maxWidth = style.maxWidth; + + // Put in the new values to get a computed value out + style.minWidth = style.maxWidth = style.width = ret; + ret = computed.width; + + // Revert the changed values + style.width = width; + style.minWidth = minWidth; + style.maxWidth = maxWidth; + } + } + + return ret !== undefined ? + + // Support: IE <=9 - 11 only + // IE returns zIndex value as an integer. + ret + "" : + ret; +} + + +function addGetHookIf( conditionFn, hookFn ) { + + // Define the hook, we'll check on the first run if it's really needed. + return { + get: function() { + if ( conditionFn() ) { + + // Hook not needed (or it's not possible to use it due + // to missing dependency), remove it. + delete this.get; + return; + } + + // Hook needed; redefine it so that the support test is not executed again. + return ( this.get = hookFn ).apply( this, arguments ); + } + }; +} + + +var cssPrefixes = [ "Webkit", "Moz", "ms" ], + emptyStyle = document.createElement( "div" ).style, + vendorProps = {}; + +// Return a vendor-prefixed property or undefined +function vendorPropName( name ) { + + // Check for vendor prefixed names + var capName = name[ 0 ].toUpperCase() + name.slice( 1 ), + i = cssPrefixes.length; + + while ( i-- ) { + name = cssPrefixes[ i ] + capName; + if ( name in emptyStyle ) { + return name; + } + } +} + +// Return a potentially-mapped jQuery.cssProps or vendor prefixed property +function finalPropName( name ) { + var final = jQuery.cssProps[ name ] || vendorProps[ name ]; + + if ( final ) { + return final; + } + if ( name in emptyStyle ) { + return name; + } + return vendorProps[ name ] = vendorPropName( name ) || name; +} + + +var + + // Swappable if display is none or starts with table + // except "table", "table-cell", or "table-caption" + // See here for display values: https://developer.mozilla.org/en-US/docs/CSS/display + rdisplayswap = /^(none|table(?!-c[ea]).+)/, + rcustomProp = /^--/, + cssShow = { position: "absolute", visibility: "hidden", display: "block" }, + cssNormalTransform = { + letterSpacing: "0", + fontWeight: "400" + }; + +function setPositiveNumber( _elem, value, subtract ) { + + // Any relative (+/-) values have already been + // normalized at this point + var matches = rcssNum.exec( value ); + return matches ? + + // Guard against undefined "subtract", e.g., when used as in cssHooks + Math.max( 0, matches[ 2 ] - ( subtract || 0 ) ) + ( matches[ 3 ] || "px" ) : + value; +} + +function boxModelAdjustment( elem, dimension, box, isBorderBox, styles, computedVal ) { + var i = dimension === "width" ? 1 : 0, + extra = 0, + delta = 0; + + // Adjustment may not be necessary + if ( box === ( isBorderBox ? "border" : "content" ) ) { + return 0; + } + + for ( ; i < 4; i += 2 ) { + + // Both box models exclude margin + if ( box === "margin" ) { + delta += jQuery.css( elem, box + cssExpand[ i ], true, styles ); + } + + // If we get here with a content-box, we're seeking "padding" or "border" or "margin" + if ( !isBorderBox ) { + + // Add padding + delta += jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); + + // For "border" or "margin", add border + if ( box !== "padding" ) { + delta += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + + // But still keep track of it otherwise + } else { + extra += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + } + + // If we get here with a border-box (content + padding + border), we're seeking "content" or + // "padding" or "margin" + } else { + + // For "content", subtract padding + if ( box === "content" ) { + delta -= jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); + } + + // For "content" or "padding", subtract border + if ( box !== "margin" ) { + delta -= jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + } + } + } + + // Account for positive content-box scroll gutter when requested by providing computedVal + if ( !isBorderBox && computedVal >= 0 ) { + + // offsetWidth/offsetHeight is a rounded sum of content, padding, scroll gutter, and border + // Assuming integer scroll gutter, subtract the rest and round down + delta += Math.max( 0, Math.ceil( + elem[ "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ) ] - + computedVal - + delta - + extra - + 0.5 + + // If offsetWidth/offsetHeight is unknown, then we can't determine content-box scroll gutter + // Use an explicit zero to avoid NaN (gh-3964) + ) ) || 0; + } + + return delta; +} + +function getWidthOrHeight( elem, dimension, extra ) { + + // Start with computed style + var styles = getStyles( elem ), + + // To avoid forcing a reflow, only fetch boxSizing if we need it (gh-4322). + // Fake content-box until we know it's needed to know the true value. + boxSizingNeeded = !support.boxSizingReliable() || extra, + isBorderBox = boxSizingNeeded && + jQuery.css( elem, "boxSizing", false, styles ) === "border-box", + valueIsBorderBox = isBorderBox, + + val = curCSS( elem, dimension, styles ), + offsetProp = "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ); + + // Support: Firefox <=54 + // Return a confounding non-pixel value or feign ignorance, as appropriate. + if ( rnumnonpx.test( val ) ) { + if ( !extra ) { + return val; + } + val = "auto"; + } + + + // Support: IE 9 - 11 only + // Use offsetWidth/offsetHeight for when box sizing is unreliable. + // In those cases, the computed value can be trusted to be border-box. + if ( ( !support.boxSizingReliable() && isBorderBox || + + // Support: IE 10 - 11+, Edge 15 - 18+ + // IE/Edge misreport `getComputedStyle` of table rows with width/height + // set in CSS while `offset*` properties report correct values. + // Interestingly, in some cases IE 9 doesn't suffer from this issue. + !support.reliableTrDimensions() && nodeName( elem, "tr" ) || + + // Fall back to offsetWidth/offsetHeight when value is "auto" + // This happens for inline elements with no explicit setting (gh-3571) + val === "auto" || + + // Support: Android <=4.1 - 4.3 only + // Also use offsetWidth/offsetHeight for misreported inline dimensions (gh-3602) + !parseFloat( val ) && jQuery.css( elem, "display", false, styles ) === "inline" ) && + + // Make sure the element is visible & connected + elem.getClientRects().length ) { + + isBorderBox = jQuery.css( elem, "boxSizing", false, styles ) === "border-box"; + + // Where available, offsetWidth/offsetHeight approximate border box dimensions. + // Where not available (e.g., SVG), assume unreliable box-sizing and interpret the + // retrieved value as a content box dimension. + valueIsBorderBox = offsetProp in elem; + if ( valueIsBorderBox ) { + val = elem[ offsetProp ]; + } + } + + // Normalize "" and auto + val = parseFloat( val ) || 0; + + // Adjust for the element's box model + return ( val + + boxModelAdjustment( + elem, + dimension, + extra || ( isBorderBox ? "border" : "content" ), + valueIsBorderBox, + styles, + + // Provide the current computed size to request scroll gutter calculation (gh-3589) + val + ) + ) + "px"; +} + +jQuery.extend( { + + // Add in style property hooks for overriding the default + // behavior of getting and setting a style property + cssHooks: { + opacity: { + get: function( elem, computed ) { + if ( computed ) { + + // We should always get a number back from opacity + var ret = curCSS( elem, "opacity" ); + return ret === "" ? "1" : ret; + } + } + } + }, + + // Don't automatically add "px" to these possibly-unitless properties + cssNumber: { + "animationIterationCount": true, + "columnCount": true, + "fillOpacity": true, + "flexGrow": true, + "flexShrink": true, + "fontWeight": true, + "gridArea": true, + "gridColumn": true, + "gridColumnEnd": true, + "gridColumnStart": true, + "gridRow": true, + "gridRowEnd": true, + "gridRowStart": true, + "lineHeight": true, + "opacity": true, + "order": true, + "orphans": true, + "widows": true, + "zIndex": true, + "zoom": true + }, + + // Add in properties whose names you wish to fix before + // setting or getting the value + cssProps: {}, + + // Get and set the style property on a DOM Node + style: function( elem, name, value, extra ) { + + // Don't set styles on text and comment nodes + if ( !elem || elem.nodeType === 3 || elem.nodeType === 8 || !elem.style ) { + return; + } + + // Make sure that we're working with the right name + var ret, type, hooks, + origName = camelCase( name ), + isCustomProp = rcustomProp.test( name ), + style = elem.style; + + // Make sure that we're working with the right name. We don't + // want to query the value if it is a CSS custom property + // since they are user-defined. + if ( !isCustomProp ) { + name = finalPropName( origName ); + } + + // Gets hook for the prefixed version, then unprefixed version + hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; + + // Check if we're setting a value + if ( value !== undefined ) { + type = typeof value; + + // Convert "+=" or "-=" to relative numbers (#7345) + if ( type === "string" && ( ret = rcssNum.exec( value ) ) && ret[ 1 ] ) { + value = adjustCSS( elem, name, ret ); + + // Fixes bug #9237 + type = "number"; + } + + // Make sure that null and NaN values aren't set (#7116) + if ( value == null || value !== value ) { + return; + } + + // If a number was passed in, add the unit (except for certain CSS properties) + // The isCustomProp check can be removed in jQuery 4.0 when we only auto-append + // "px" to a few hardcoded values. + if ( type === "number" && !isCustomProp ) { + value += ret && ret[ 3 ] || ( jQuery.cssNumber[ origName ] ? "" : "px" ); + } + + // background-* props affect original clone's values + if ( !support.clearCloneStyle && value === "" && name.indexOf( "background" ) === 0 ) { + style[ name ] = "inherit"; + } + + // If a hook was provided, use that value, otherwise just set the specified value + if ( !hooks || !( "set" in hooks ) || + ( value = hooks.set( elem, value, extra ) ) !== undefined ) { + + if ( isCustomProp ) { + style.setProperty( name, value ); + } else { + style[ name ] = value; + } + } + + } else { + + // If a hook was provided get the non-computed value from there + if ( hooks && "get" in hooks && + ( ret = hooks.get( elem, false, extra ) ) !== undefined ) { + + return ret; + } + + // Otherwise just get the value from the style object + return style[ name ]; + } + }, + + css: function( elem, name, extra, styles ) { + var val, num, hooks, + origName = camelCase( name ), + isCustomProp = rcustomProp.test( name ); + + // Make sure that we're working with the right name. We don't + // want to modify the value if it is a CSS custom property + // since they are user-defined. + if ( !isCustomProp ) { + name = finalPropName( origName ); + } + + // Try prefixed name followed by the unprefixed name + hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; + + // If a hook was provided get the computed value from there + if ( hooks && "get" in hooks ) { + val = hooks.get( elem, true, extra ); + } + + // Otherwise, if a way to get the computed value exists, use that + if ( val === undefined ) { + val = curCSS( elem, name, styles ); + } + + // Convert "normal" to computed value + if ( val === "normal" && name in cssNormalTransform ) { + val = cssNormalTransform[ name ]; + } + + // Make numeric if forced or a qualifier was provided and val looks numeric + if ( extra === "" || extra ) { + num = parseFloat( val ); + return extra === true || isFinite( num ) ? num || 0 : val; + } + + return val; + } +} ); + +jQuery.each( [ "height", "width" ], function( _i, dimension ) { + jQuery.cssHooks[ dimension ] = { + get: function( elem, computed, extra ) { + if ( computed ) { + + // Certain elements can have dimension info if we invisibly show them + // but it must have a current display style that would benefit + return rdisplayswap.test( jQuery.css( elem, "display" ) ) && + + // Support: Safari 8+ + // Table columns in Safari have non-zero offsetWidth & zero + // getBoundingClientRect().width unless display is changed. + // Support: IE <=11 only + // Running getBoundingClientRect on a disconnected node + // in IE throws an error. + ( !elem.getClientRects().length || !elem.getBoundingClientRect().width ) ? + swap( elem, cssShow, function() { + return getWidthOrHeight( elem, dimension, extra ); + } ) : + getWidthOrHeight( elem, dimension, extra ); + } + }, + + set: function( elem, value, extra ) { + var matches, + styles = getStyles( elem ), + + // Only read styles.position if the test has a chance to fail + // to avoid forcing a reflow. + scrollboxSizeBuggy = !support.scrollboxSize() && + styles.position === "absolute", + + // To avoid forcing a reflow, only fetch boxSizing if we need it (gh-3991) + boxSizingNeeded = scrollboxSizeBuggy || extra, + isBorderBox = boxSizingNeeded && + jQuery.css( elem, "boxSizing", false, styles ) === "border-box", + subtract = extra ? + boxModelAdjustment( + elem, + dimension, + extra, + isBorderBox, + styles + ) : + 0; + + // Account for unreliable border-box dimensions by comparing offset* to computed and + // faking a content-box to get border and padding (gh-3699) + if ( isBorderBox && scrollboxSizeBuggy ) { + subtract -= Math.ceil( + elem[ "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ) ] - + parseFloat( styles[ dimension ] ) - + boxModelAdjustment( elem, dimension, "border", false, styles ) - + 0.5 + ); + } + + // Convert to pixels if value adjustment is needed + if ( subtract && ( matches = rcssNum.exec( value ) ) && + ( matches[ 3 ] || "px" ) !== "px" ) { + + elem.style[ dimension ] = value; + value = jQuery.css( elem, dimension ); + } + + return setPositiveNumber( elem, value, subtract ); + } + }; +} ); + +jQuery.cssHooks.marginLeft = addGetHookIf( support.reliableMarginLeft, + function( elem, computed ) { + if ( computed ) { + return ( parseFloat( curCSS( elem, "marginLeft" ) ) || + elem.getBoundingClientRect().left - + swap( elem, { marginLeft: 0 }, function() { + return elem.getBoundingClientRect().left; + } ) + ) + "px"; + } + } +); + +// These hooks are used by animate to expand properties +jQuery.each( { + margin: "", + padding: "", + border: "Width" +}, function( prefix, suffix ) { + jQuery.cssHooks[ prefix + suffix ] = { + expand: function( value ) { + var i = 0, + expanded = {}, + + // Assumes a single number if not a string + parts = typeof value === "string" ? value.split( " " ) : [ value ]; + + for ( ; i < 4; i++ ) { + expanded[ prefix + cssExpand[ i ] + suffix ] = + parts[ i ] || parts[ i - 2 ] || parts[ 0 ]; + } + + return expanded; + } + }; + + if ( prefix !== "margin" ) { + jQuery.cssHooks[ prefix + suffix ].set = setPositiveNumber; + } +} ); + +jQuery.fn.extend( { + css: function( name, value ) { + return access( this, function( elem, name, value ) { + var styles, len, + map = {}, + i = 0; + + if ( Array.isArray( name ) ) { + styles = getStyles( elem ); + len = name.length; + + for ( ; i < len; i++ ) { + map[ name[ i ] ] = jQuery.css( elem, name[ i ], false, styles ); + } + + return map; + } + + return value !== undefined ? + jQuery.style( elem, name, value ) : + jQuery.css( elem, name ); + }, name, value, arguments.length > 1 ); + } +} ); + + +function Tween( elem, options, prop, end, easing ) { + return new Tween.prototype.init( elem, options, prop, end, easing ); +} +jQuery.Tween = Tween; + +Tween.prototype = { + constructor: Tween, + init: function( elem, options, prop, end, easing, unit ) { + this.elem = elem; + this.prop = prop; + this.easing = easing || jQuery.easing._default; + this.options = options; + this.start = this.now = this.cur(); + this.end = end; + this.unit = unit || ( jQuery.cssNumber[ prop ] ? "" : "px" ); + }, + cur: function() { + var hooks = Tween.propHooks[ this.prop ]; + + return hooks && hooks.get ? + hooks.get( this ) : + Tween.propHooks._default.get( this ); + }, + run: function( percent ) { + var eased, + hooks = Tween.propHooks[ this.prop ]; + + if ( this.options.duration ) { + this.pos = eased = jQuery.easing[ this.easing ]( + percent, this.options.duration * percent, 0, 1, this.options.duration + ); + } else { + this.pos = eased = percent; + } + this.now = ( this.end - this.start ) * eased + this.start; + + if ( this.options.step ) { + this.options.step.call( this.elem, this.now, this ); + } + + if ( hooks && hooks.set ) { + hooks.set( this ); + } else { + Tween.propHooks._default.set( this ); + } + return this; + } +}; + +Tween.prototype.init.prototype = Tween.prototype; + +Tween.propHooks = { + _default: { + get: function( tween ) { + var result; + + // Use a property on the element directly when it is not a DOM element, + // or when there is no matching style property that exists. + if ( tween.elem.nodeType !== 1 || + tween.elem[ tween.prop ] != null && tween.elem.style[ tween.prop ] == null ) { + return tween.elem[ tween.prop ]; + } + + // Passing an empty string as a 3rd parameter to .css will automatically + // attempt a parseFloat and fallback to a string if the parse fails. + // Simple values such as "10px" are parsed to Float; + // complex values such as "rotate(1rad)" are returned as-is. + result = jQuery.css( tween.elem, tween.prop, "" ); + + // Empty strings, null, undefined and "auto" are converted to 0. + return !result || result === "auto" ? 0 : result; + }, + set: function( tween ) { + + // Use step hook for back compat. + // Use cssHook if its there. + // Use .style if available and use plain properties where available. + if ( jQuery.fx.step[ tween.prop ] ) { + jQuery.fx.step[ tween.prop ]( tween ); + } else if ( tween.elem.nodeType === 1 && ( + jQuery.cssHooks[ tween.prop ] || + tween.elem.style[ finalPropName( tween.prop ) ] != null ) ) { + jQuery.style( tween.elem, tween.prop, tween.now + tween.unit ); + } else { + tween.elem[ tween.prop ] = tween.now; + } + } + } +}; + +// Support: IE <=9 only +// Panic based approach to setting things on disconnected nodes +Tween.propHooks.scrollTop = Tween.propHooks.scrollLeft = { + set: function( tween ) { + if ( tween.elem.nodeType && tween.elem.parentNode ) { + tween.elem[ tween.prop ] = tween.now; + } + } +}; + +jQuery.easing = { + linear: function( p ) { + return p; + }, + swing: function( p ) { + return 0.5 - Math.cos( p * Math.PI ) / 2; + }, + _default: "swing" +}; + +jQuery.fx = Tween.prototype.init; + +// Back compat <1.8 extension point +jQuery.fx.step = {}; + + + + +var + fxNow, inProgress, + rfxtypes = /^(?:toggle|show|hide)$/, + rrun = /queueHooks$/; + +function schedule() { + if ( inProgress ) { + if ( document.hidden === false && window.requestAnimationFrame ) { + window.requestAnimationFrame( schedule ); + } else { + window.setTimeout( schedule, jQuery.fx.interval ); + } + + jQuery.fx.tick(); + } +} + +// Animations created synchronously will run synchronously +function createFxNow() { + window.setTimeout( function() { + fxNow = undefined; + } ); + return ( fxNow = Date.now() ); +} + +// Generate parameters to create a standard animation +function genFx( type, includeWidth ) { + var which, + i = 0, + attrs = { height: type }; + + // If we include width, step value is 1 to do all cssExpand values, + // otherwise step value is 2 to skip over Left and Right + includeWidth = includeWidth ? 1 : 0; + for ( ; i < 4; i += 2 - includeWidth ) { + which = cssExpand[ i ]; + attrs[ "margin" + which ] = attrs[ "padding" + which ] = type; + } + + if ( includeWidth ) { + attrs.opacity = attrs.width = type; + } + + return attrs; +} + +function createTween( value, prop, animation ) { + var tween, + collection = ( Animation.tweeners[ prop ] || [] ).concat( Animation.tweeners[ "*" ] ), + index = 0, + length = collection.length; + for ( ; index < length; index++ ) { + if ( ( tween = collection[ index ].call( animation, prop, value ) ) ) { + + // We're done with this property + return tween; + } + } +} + +function defaultPrefilter( elem, props, opts ) { + var prop, value, toggle, hooks, oldfire, propTween, restoreDisplay, display, + isBox = "width" in props || "height" in props, + anim = this, + orig = {}, + style = elem.style, + hidden = elem.nodeType && isHiddenWithinTree( elem ), + dataShow = dataPriv.get( elem, "fxshow" ); + + // Queue-skipping animations hijack the fx hooks + if ( !opts.queue ) { + hooks = jQuery._queueHooks( elem, "fx" ); + if ( hooks.unqueued == null ) { + hooks.unqueued = 0; + oldfire = hooks.empty.fire; + hooks.empty.fire = function() { + if ( !hooks.unqueued ) { + oldfire(); + } + }; + } + hooks.unqueued++; + + anim.always( function() { + + // Ensure the complete handler is called before this completes + anim.always( function() { + hooks.unqueued--; + if ( !jQuery.queue( elem, "fx" ).length ) { + hooks.empty.fire(); + } + } ); + } ); + } + + // Detect show/hide animations + for ( prop in props ) { + value = props[ prop ]; + if ( rfxtypes.test( value ) ) { + delete props[ prop ]; + toggle = toggle || value === "toggle"; + if ( value === ( hidden ? "hide" : "show" ) ) { + + // Pretend to be hidden if this is a "show" and + // there is still data from a stopped show/hide + if ( value === "show" && dataShow && dataShow[ prop ] !== undefined ) { + hidden = true; + + // Ignore all other no-op show/hide data + } else { + continue; + } + } + orig[ prop ] = dataShow && dataShow[ prop ] || jQuery.style( elem, prop ); + } + } + + // Bail out if this is a no-op like .hide().hide() + propTween = !jQuery.isEmptyObject( props ); + if ( !propTween && jQuery.isEmptyObject( orig ) ) { + return; + } + + // Restrict "overflow" and "display" styles during box animations + if ( isBox && elem.nodeType === 1 ) { + + // Support: IE <=9 - 11, Edge 12 - 15 + // Record all 3 overflow attributes because IE does not infer the shorthand + // from identically-valued overflowX and overflowY and Edge just mirrors + // the overflowX value there. + opts.overflow = [ style.overflow, style.overflowX, style.overflowY ]; + + // Identify a display type, preferring old show/hide data over the CSS cascade + restoreDisplay = dataShow && dataShow.display; + if ( restoreDisplay == null ) { + restoreDisplay = dataPriv.get( elem, "display" ); + } + display = jQuery.css( elem, "display" ); + if ( display === "none" ) { + if ( restoreDisplay ) { + display = restoreDisplay; + } else { + + // Get nonempty value(s) by temporarily forcing visibility + showHide( [ elem ], true ); + restoreDisplay = elem.style.display || restoreDisplay; + display = jQuery.css( elem, "display" ); + showHide( [ elem ] ); + } + } + + // Animate inline elements as inline-block + if ( display === "inline" || display === "inline-block" && restoreDisplay != null ) { + if ( jQuery.css( elem, "float" ) === "none" ) { + + // Restore the original display value at the end of pure show/hide animations + if ( !propTween ) { + anim.done( function() { + style.display = restoreDisplay; + } ); + if ( restoreDisplay == null ) { + display = style.display; + restoreDisplay = display === "none" ? "" : display; + } + } + style.display = "inline-block"; + } + } + } + + if ( opts.overflow ) { + style.overflow = "hidden"; + anim.always( function() { + style.overflow = opts.overflow[ 0 ]; + style.overflowX = opts.overflow[ 1 ]; + style.overflowY = opts.overflow[ 2 ]; + } ); + } + + // Implement show/hide animations + propTween = false; + for ( prop in orig ) { + + // General show/hide setup for this element animation + if ( !propTween ) { + if ( dataShow ) { + if ( "hidden" in dataShow ) { + hidden = dataShow.hidden; + } + } else { + dataShow = dataPriv.access( elem, "fxshow", { display: restoreDisplay } ); + } + + // Store hidden/visible for toggle so `.stop().toggle()` "reverses" + if ( toggle ) { + dataShow.hidden = !hidden; + } + + // Show elements before animating them + if ( hidden ) { + showHide( [ elem ], true ); + } + + /* eslint-disable no-loop-func */ + + anim.done( function() { + + /* eslint-enable no-loop-func */ + + // The final step of a "hide" animation is actually hiding the element + if ( !hidden ) { + showHide( [ elem ] ); + } + dataPriv.remove( elem, "fxshow" ); + for ( prop in orig ) { + jQuery.style( elem, prop, orig[ prop ] ); + } + } ); + } + + // Per-property setup + propTween = createTween( hidden ? dataShow[ prop ] : 0, prop, anim ); + if ( !( prop in dataShow ) ) { + dataShow[ prop ] = propTween.start; + if ( hidden ) { + propTween.end = propTween.start; + propTween.start = 0; + } + } + } +} + +function propFilter( props, specialEasing ) { + var index, name, easing, value, hooks; + + // camelCase, specialEasing and expand cssHook pass + for ( index in props ) { + name = camelCase( index ); + easing = specialEasing[ name ]; + value = props[ index ]; + if ( Array.isArray( value ) ) { + easing = value[ 1 ]; + value = props[ index ] = value[ 0 ]; + } + + if ( index !== name ) { + props[ name ] = value; + delete props[ index ]; + } + + hooks = jQuery.cssHooks[ name ]; + if ( hooks && "expand" in hooks ) { + value = hooks.expand( value ); + delete props[ name ]; + + // Not quite $.extend, this won't overwrite existing keys. + // Reusing 'index' because we have the correct "name" + for ( index in value ) { + if ( !( index in props ) ) { + props[ index ] = value[ index ]; + specialEasing[ index ] = easing; + } + } + } else { + specialEasing[ name ] = easing; + } + } +} + +function Animation( elem, properties, options ) { + var result, + stopped, + index = 0, + length = Animation.prefilters.length, + deferred = jQuery.Deferred().always( function() { + + // Don't match elem in the :animated selector + delete tick.elem; + } ), + tick = function() { + if ( stopped ) { + return false; + } + var currentTime = fxNow || createFxNow(), + remaining = Math.max( 0, animation.startTime + animation.duration - currentTime ), + + // Support: Android 2.3 only + // Archaic crash bug won't allow us to use `1 - ( 0.5 || 0 )` (#12497) + temp = remaining / animation.duration || 0, + percent = 1 - temp, + index = 0, + length = animation.tweens.length; + + for ( ; index < length; index++ ) { + animation.tweens[ index ].run( percent ); + } + + deferred.notifyWith( elem, [ animation, percent, remaining ] ); + + // If there's more to do, yield + if ( percent < 1 && length ) { + return remaining; + } + + // If this was an empty animation, synthesize a final progress notification + if ( !length ) { + deferred.notifyWith( elem, [ animation, 1, 0 ] ); + } + + // Resolve the animation and report its conclusion + deferred.resolveWith( elem, [ animation ] ); + return false; + }, + animation = deferred.promise( { + elem: elem, + props: jQuery.extend( {}, properties ), + opts: jQuery.extend( true, { + specialEasing: {}, + easing: jQuery.easing._default + }, options ), + originalProperties: properties, + originalOptions: options, + startTime: fxNow || createFxNow(), + duration: options.duration, + tweens: [], + createTween: function( prop, end ) { + var tween = jQuery.Tween( elem, animation.opts, prop, end, + animation.opts.specialEasing[ prop ] || animation.opts.easing ); + animation.tweens.push( tween ); + return tween; + }, + stop: function( gotoEnd ) { + var index = 0, + + // If we are going to the end, we want to run all the tweens + // otherwise we skip this part + length = gotoEnd ? animation.tweens.length : 0; + if ( stopped ) { + return this; + } + stopped = true; + for ( ; index < length; index++ ) { + animation.tweens[ index ].run( 1 ); + } + + // Resolve when we played the last frame; otherwise, reject + if ( gotoEnd ) { + deferred.notifyWith( elem, [ animation, 1, 0 ] ); + deferred.resolveWith( elem, [ animation, gotoEnd ] ); + } else { + deferred.rejectWith( elem, [ animation, gotoEnd ] ); + } + return this; + } + } ), + props = animation.props; + + propFilter( props, animation.opts.specialEasing ); + + for ( ; index < length; index++ ) { + result = Animation.prefilters[ index ].call( animation, elem, props, animation.opts ); + if ( result ) { + if ( isFunction( result.stop ) ) { + jQuery._queueHooks( animation.elem, animation.opts.queue ).stop = + result.stop.bind( result ); + } + return result; + } + } + + jQuery.map( props, createTween, animation ); + + if ( isFunction( animation.opts.start ) ) { + animation.opts.start.call( elem, animation ); + } + + // Attach callbacks from options + animation + .progress( animation.opts.progress ) + .done( animation.opts.done, animation.opts.complete ) + .fail( animation.opts.fail ) + .always( animation.opts.always ); + + jQuery.fx.timer( + jQuery.extend( tick, { + elem: elem, + anim: animation, + queue: animation.opts.queue + } ) + ); + + return animation; +} + +jQuery.Animation = jQuery.extend( Animation, { + + tweeners: { + "*": [ function( prop, value ) { + var tween = this.createTween( prop, value ); + adjustCSS( tween.elem, prop, rcssNum.exec( value ), tween ); + return tween; + } ] + }, + + tweener: function( props, callback ) { + if ( isFunction( props ) ) { + callback = props; + props = [ "*" ]; + } else { + props = props.match( rnothtmlwhite ); + } + + var prop, + index = 0, + length = props.length; + + for ( ; index < length; index++ ) { + prop = props[ index ]; + Animation.tweeners[ prop ] = Animation.tweeners[ prop ] || []; + Animation.tweeners[ prop ].unshift( callback ); + } + }, + + prefilters: [ defaultPrefilter ], + + prefilter: function( callback, prepend ) { + if ( prepend ) { + Animation.prefilters.unshift( callback ); + } else { + Animation.prefilters.push( callback ); + } + } +} ); + +jQuery.speed = function( speed, easing, fn ) { + var opt = speed && typeof speed === "object" ? jQuery.extend( {}, speed ) : { + complete: fn || !fn && easing || + isFunction( speed ) && speed, + duration: speed, + easing: fn && easing || easing && !isFunction( easing ) && easing + }; + + // Go to the end state if fx are off + if ( jQuery.fx.off ) { + opt.duration = 0; + + } else { + if ( typeof opt.duration !== "number" ) { + if ( opt.duration in jQuery.fx.speeds ) { + opt.duration = jQuery.fx.speeds[ opt.duration ]; + + } else { + opt.duration = jQuery.fx.speeds._default; + } + } + } + + // Normalize opt.queue - true/undefined/null -> "fx" + if ( opt.queue == null || opt.queue === true ) { + opt.queue = "fx"; + } + + // Queueing + opt.old = opt.complete; + + opt.complete = function() { + if ( isFunction( opt.old ) ) { + opt.old.call( this ); + } + + if ( opt.queue ) { + jQuery.dequeue( this, opt.queue ); + } + }; + + return opt; +}; + +jQuery.fn.extend( { + fadeTo: function( speed, to, easing, callback ) { + + // Show any hidden elements after setting opacity to 0 + return this.filter( isHiddenWithinTree ).css( "opacity", 0 ).show() + + // Animate to the value specified + .end().animate( { opacity: to }, speed, easing, callback ); + }, + animate: function( prop, speed, easing, callback ) { + var empty = jQuery.isEmptyObject( prop ), + optall = jQuery.speed( speed, easing, callback ), + doAnimation = function() { + + // Operate on a copy of prop so per-property easing won't be lost + var anim = Animation( this, jQuery.extend( {}, prop ), optall ); + + // Empty animations, or finishing resolves immediately + if ( empty || dataPriv.get( this, "finish" ) ) { + anim.stop( true ); + } + }; + + doAnimation.finish = doAnimation; + + return empty || optall.queue === false ? + this.each( doAnimation ) : + this.queue( optall.queue, doAnimation ); + }, + stop: function( type, clearQueue, gotoEnd ) { + var stopQueue = function( hooks ) { + var stop = hooks.stop; + delete hooks.stop; + stop( gotoEnd ); + }; + + if ( typeof type !== "string" ) { + gotoEnd = clearQueue; + clearQueue = type; + type = undefined; + } + if ( clearQueue ) { + this.queue( type || "fx", [] ); + } + + return this.each( function() { + var dequeue = true, + index = type != null && type + "queueHooks", + timers = jQuery.timers, + data = dataPriv.get( this ); + + if ( index ) { + if ( data[ index ] && data[ index ].stop ) { + stopQueue( data[ index ] ); + } + } else { + for ( index in data ) { + if ( data[ index ] && data[ index ].stop && rrun.test( index ) ) { + stopQueue( data[ index ] ); + } + } + } + + for ( index = timers.length; index--; ) { + if ( timers[ index ].elem === this && + ( type == null || timers[ index ].queue === type ) ) { + + timers[ index ].anim.stop( gotoEnd ); + dequeue = false; + timers.splice( index, 1 ); + } + } + + // Start the next in the queue if the last step wasn't forced. + // Timers currently will call their complete callbacks, which + // will dequeue but only if they were gotoEnd. + if ( dequeue || !gotoEnd ) { + jQuery.dequeue( this, type ); + } + } ); + }, + finish: function( type ) { + if ( type !== false ) { + type = type || "fx"; + } + return this.each( function() { + var index, + data = dataPriv.get( this ), + queue = data[ type + "queue" ], + hooks = data[ type + "queueHooks" ], + timers = jQuery.timers, + length = queue ? queue.length : 0; + + // Enable finishing flag on private data + data.finish = true; + + // Empty the queue first + jQuery.queue( this, type, [] ); + + if ( hooks && hooks.stop ) { + hooks.stop.call( this, true ); + } + + // Look for any active animations, and finish them + for ( index = timers.length; index--; ) { + if ( timers[ index ].elem === this && timers[ index ].queue === type ) { + timers[ index ].anim.stop( true ); + timers.splice( index, 1 ); + } + } + + // Look for any animations in the old queue and finish them + for ( index = 0; index < length; index++ ) { + if ( queue[ index ] && queue[ index ].finish ) { + queue[ index ].finish.call( this ); + } + } + + // Turn off finishing flag + delete data.finish; + } ); + } +} ); + +jQuery.each( [ "toggle", "show", "hide" ], function( _i, name ) { + var cssFn = jQuery.fn[ name ]; + jQuery.fn[ name ] = function( speed, easing, callback ) { + return speed == null || typeof speed === "boolean" ? + cssFn.apply( this, arguments ) : + this.animate( genFx( name, true ), speed, easing, callback ); + }; +} ); + +// Generate shortcuts for custom animations +jQuery.each( { + slideDown: genFx( "show" ), + slideUp: genFx( "hide" ), + slideToggle: genFx( "toggle" ), + fadeIn: { opacity: "show" }, + fadeOut: { opacity: "hide" }, + fadeToggle: { opacity: "toggle" } +}, function( name, props ) { + jQuery.fn[ name ] = function( speed, easing, callback ) { + return this.animate( props, speed, easing, callback ); + }; +} ); + +jQuery.timers = []; +jQuery.fx.tick = function() { + var timer, + i = 0, + timers = jQuery.timers; + + fxNow = Date.now(); + + for ( ; i < timers.length; i++ ) { + timer = timers[ i ]; + + // Run the timer and safely remove it when done (allowing for external removal) + if ( !timer() && timers[ i ] === timer ) { + timers.splice( i--, 1 ); + } + } + + if ( !timers.length ) { + jQuery.fx.stop(); + } + fxNow = undefined; +}; + +jQuery.fx.timer = function( timer ) { + jQuery.timers.push( timer ); + jQuery.fx.start(); +}; + +jQuery.fx.interval = 13; +jQuery.fx.start = function() { + if ( inProgress ) { + return; + } + + inProgress = true; + schedule(); +}; + +jQuery.fx.stop = function() { + inProgress = null; +}; + +jQuery.fx.speeds = { + slow: 600, + fast: 200, + + // Default speed + _default: 400 +}; + + +// Based off of the plugin by Clint Helfers, with permission. +// https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/ +jQuery.fn.delay = function( time, type ) { + time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; + type = type || "fx"; + + return this.queue( type, function( next, hooks ) { + var timeout = window.setTimeout( next, time ); + hooks.stop = function() { + window.clearTimeout( timeout ); + }; + } ); +}; + + +( function() { + var input = document.createElement( "input" ), + select = document.createElement( "select" ), + opt = select.appendChild( document.createElement( "option" ) ); + + input.type = "checkbox"; + + // Support: Android <=4.3 only + // Default value for a checkbox should be "on" + support.checkOn = input.value !== ""; + + // Support: IE <=11 only + // Must access selectedIndex to make default options select + support.optSelected = opt.selected; + + // Support: IE <=11 only + // An input loses its value after becoming a radio + input = document.createElement( "input" ); + input.value = "t"; + input.type = "radio"; + support.radioValue = input.value === "t"; +} )(); + + +var boolHook, + attrHandle = jQuery.expr.attrHandle; + +jQuery.fn.extend( { + attr: function( name, value ) { + return access( this, jQuery.attr, name, value, arguments.length > 1 ); + }, + + removeAttr: function( name ) { + return this.each( function() { + jQuery.removeAttr( this, name ); + } ); + } +} ); + +jQuery.extend( { + attr: function( elem, name, value ) { + var ret, hooks, + nType = elem.nodeType; + + // Don't get/set attributes on text, comment and attribute nodes + if ( nType === 3 || nType === 8 || nType === 2 ) { + return; + } + + // Fallback to prop when attributes are not supported + if ( typeof elem.getAttribute === "undefined" ) { + return jQuery.prop( elem, name, value ); + } + + // Attribute hooks are determined by the lowercase version + // Grab necessary hook if one is defined + if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { + hooks = jQuery.attrHooks[ name.toLowerCase() ] || + ( jQuery.expr.match.bool.test( name ) ? boolHook : undefined ); + } + + if ( value !== undefined ) { + if ( value === null ) { + jQuery.removeAttr( elem, name ); + return; + } + + if ( hooks && "set" in hooks && + ( ret = hooks.set( elem, value, name ) ) !== undefined ) { + return ret; + } + + elem.setAttribute( name, value + "" ); + return value; + } + + if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { + return ret; + } + + ret = jQuery.find.attr( elem, name ); + + // Non-existent attributes return null, we normalize to undefined + return ret == null ? undefined : ret; + }, + + attrHooks: { + type: { + set: function( elem, value ) { + if ( !support.radioValue && value === "radio" && + nodeName( elem, "input" ) ) { + var val = elem.value; + elem.setAttribute( "type", value ); + if ( val ) { + elem.value = val; + } + return value; + } + } + } + }, + + removeAttr: function( elem, value ) { + var name, + i = 0, + + // Attribute names can contain non-HTML whitespace characters + // https://html.spec.whatwg.org/multipage/syntax.html#attributes-2 + attrNames = value && value.match( rnothtmlwhite ); + + if ( attrNames && elem.nodeType === 1 ) { + while ( ( name = attrNames[ i++ ] ) ) { + elem.removeAttribute( name ); + } + } + } +} ); + +// Hooks for boolean attributes +boolHook = { + set: function( elem, value, name ) { + if ( value === false ) { + + // Remove boolean attributes when set to false + jQuery.removeAttr( elem, name ); + } else { + elem.setAttribute( name, name ); + } + return name; + } +}; + +jQuery.each( jQuery.expr.match.bool.source.match( /\w+/g ), function( _i, name ) { + var getter = attrHandle[ name ] || jQuery.find.attr; + + attrHandle[ name ] = function( elem, name, isXML ) { + var ret, handle, + lowercaseName = name.toLowerCase(); + + if ( !isXML ) { + + // Avoid an infinite loop by temporarily removing this function from the getter + handle = attrHandle[ lowercaseName ]; + attrHandle[ lowercaseName ] = ret; + ret = getter( elem, name, isXML ) != null ? + lowercaseName : + null; + attrHandle[ lowercaseName ] = handle; + } + return ret; + }; +} ); + + + + +var rfocusable = /^(?:input|select|textarea|button)$/i, + rclickable = /^(?:a|area)$/i; + +jQuery.fn.extend( { + prop: function( name, value ) { + return access( this, jQuery.prop, name, value, arguments.length > 1 ); + }, + + removeProp: function( name ) { + return this.each( function() { + delete this[ jQuery.propFix[ name ] || name ]; + } ); + } +} ); + +jQuery.extend( { + prop: function( elem, name, value ) { + var ret, hooks, + nType = elem.nodeType; + + // Don't get/set properties on text, comment and attribute nodes + if ( nType === 3 || nType === 8 || nType === 2 ) { + return; + } + + if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { + + // Fix name and attach hooks + name = jQuery.propFix[ name ] || name; + hooks = jQuery.propHooks[ name ]; + } + + if ( value !== undefined ) { + if ( hooks && "set" in hooks && + ( ret = hooks.set( elem, value, name ) ) !== undefined ) { + return ret; + } + + return ( elem[ name ] = value ); + } + + if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { + return ret; + } + + return elem[ name ]; + }, + + propHooks: { + tabIndex: { + get: function( elem ) { + + // Support: IE <=9 - 11 only + // elem.tabIndex doesn't always return the + // correct value when it hasn't been explicitly set + // https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ + // Use proper attribute retrieval(#12072) + var tabindex = jQuery.find.attr( elem, "tabindex" ); + + if ( tabindex ) { + return parseInt( tabindex, 10 ); + } + + if ( + rfocusable.test( elem.nodeName ) || + rclickable.test( elem.nodeName ) && + elem.href + ) { + return 0; + } + + return -1; + } + } + }, + + propFix: { + "for": "htmlFor", + "class": "className" + } +} ); + +// Support: IE <=11 only +// Accessing the selectedIndex property +// forces the browser to respect setting selected +// on the option +// The getter ensures a default option is selected +// when in an optgroup +// eslint rule "no-unused-expressions" is disabled for this code +// since it considers such accessions noop +if ( !support.optSelected ) { + jQuery.propHooks.selected = { + get: function( elem ) { + + /* eslint no-unused-expressions: "off" */ + + var parent = elem.parentNode; + if ( parent && parent.parentNode ) { + parent.parentNode.selectedIndex; + } + return null; + }, + set: function( elem ) { + + /* eslint no-unused-expressions: "off" */ + + var parent = elem.parentNode; + if ( parent ) { + parent.selectedIndex; + + if ( parent.parentNode ) { + parent.parentNode.selectedIndex; + } + } + } + }; +} + +jQuery.each( [ + "tabIndex", + "readOnly", + "maxLength", + "cellSpacing", + "cellPadding", + "rowSpan", + "colSpan", + "useMap", + "frameBorder", + "contentEditable" +], function() { + jQuery.propFix[ this.toLowerCase() ] = this; +} ); + + + + + // Strip and collapse whitespace according to HTML spec + // https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace + function stripAndCollapse( value ) { + var tokens = value.match( rnothtmlwhite ) || []; + return tokens.join( " " ); + } + + +function getClass( elem ) { + return elem.getAttribute && elem.getAttribute( "class" ) || ""; +} + +function classesToArray( value ) { + if ( Array.isArray( value ) ) { + return value; + } + if ( typeof value === "string" ) { + return value.match( rnothtmlwhite ) || []; + } + return []; +} + +jQuery.fn.extend( { + addClass: function( value ) { + var classes, elem, cur, curValue, clazz, j, finalValue, + i = 0; + + if ( isFunction( value ) ) { + return this.each( function( j ) { + jQuery( this ).addClass( value.call( this, j, getClass( this ) ) ); + } ); + } + + classes = classesToArray( value ); + + if ( classes.length ) { + while ( ( elem = this[ i++ ] ) ) { + curValue = getClass( elem ); + cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); + + if ( cur ) { + j = 0; + while ( ( clazz = classes[ j++ ] ) ) { + if ( cur.indexOf( " " + clazz + " " ) < 0 ) { + cur += clazz + " "; + } + } + + // Only assign if different to avoid unneeded rendering. + finalValue = stripAndCollapse( cur ); + if ( curValue !== finalValue ) { + elem.setAttribute( "class", finalValue ); + } + } + } + } + + return this; + }, + + removeClass: function( value ) { + var classes, elem, cur, curValue, clazz, j, finalValue, + i = 0; + + if ( isFunction( value ) ) { + return this.each( function( j ) { + jQuery( this ).removeClass( value.call( this, j, getClass( this ) ) ); + } ); + } + + if ( !arguments.length ) { + return this.attr( "class", "" ); + } + + classes = classesToArray( value ); + + if ( classes.length ) { + while ( ( elem = this[ i++ ] ) ) { + curValue = getClass( elem ); + + // This expression is here for better compressibility (see addClass) + cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); + + if ( cur ) { + j = 0; + while ( ( clazz = classes[ j++ ] ) ) { + + // Remove *all* instances + while ( cur.indexOf( " " + clazz + " " ) > -1 ) { + cur = cur.replace( " " + clazz + " ", " " ); + } + } + + // Only assign if different to avoid unneeded rendering. + finalValue = stripAndCollapse( cur ); + if ( curValue !== finalValue ) { + elem.setAttribute( "class", finalValue ); + } + } + } + } + + return this; + }, + + toggleClass: function( value, stateVal ) { + var type = typeof value, + isValidValue = type === "string" || Array.isArray( value ); + + if ( typeof stateVal === "boolean" && isValidValue ) { + return stateVal ? this.addClass( value ) : this.removeClass( value ); + } + + if ( isFunction( value ) ) { + return this.each( function( i ) { + jQuery( this ).toggleClass( + value.call( this, i, getClass( this ), stateVal ), + stateVal + ); + } ); + } + + return this.each( function() { + var className, i, self, classNames; + + if ( isValidValue ) { + + // Toggle individual class names + i = 0; + self = jQuery( this ); + classNames = classesToArray( value ); + + while ( ( className = classNames[ i++ ] ) ) { + + // Check each className given, space separated list + if ( self.hasClass( className ) ) { + self.removeClass( className ); + } else { + self.addClass( className ); + } + } + + // Toggle whole class name + } else if ( value === undefined || type === "boolean" ) { + className = getClass( this ); + if ( className ) { + + // Store className if set + dataPriv.set( this, "__className__", className ); + } + + // If the element has a class name or if we're passed `false`, + // then remove the whole classname (if there was one, the above saved it). + // Otherwise bring back whatever was previously saved (if anything), + // falling back to the empty string if nothing was stored. + if ( this.setAttribute ) { + this.setAttribute( "class", + className || value === false ? + "" : + dataPriv.get( this, "__className__" ) || "" + ); + } + } + } ); + }, + + hasClass: function( selector ) { + var className, elem, + i = 0; + + className = " " + selector + " "; + while ( ( elem = this[ i++ ] ) ) { + if ( elem.nodeType === 1 && + ( " " + stripAndCollapse( getClass( elem ) ) + " " ).indexOf( className ) > -1 ) { + return true; + } + } + + return false; + } +} ); + + + + +var rreturn = /\r/g; + +jQuery.fn.extend( { + val: function( value ) { + var hooks, ret, valueIsFunction, + elem = this[ 0 ]; + + if ( !arguments.length ) { + if ( elem ) { + hooks = jQuery.valHooks[ elem.type ] || + jQuery.valHooks[ elem.nodeName.toLowerCase() ]; + + if ( hooks && + "get" in hooks && + ( ret = hooks.get( elem, "value" ) ) !== undefined + ) { + return ret; + } + + ret = elem.value; + + // Handle most common string cases + if ( typeof ret === "string" ) { + return ret.replace( rreturn, "" ); + } + + // Handle cases where value is null/undef or number + return ret == null ? "" : ret; + } + + return; + } + + valueIsFunction = isFunction( value ); + + return this.each( function( i ) { + var val; + + if ( this.nodeType !== 1 ) { + return; + } + + if ( valueIsFunction ) { + val = value.call( this, i, jQuery( this ).val() ); + } else { + val = value; + } + + // Treat null/undefined as ""; convert numbers to string + if ( val == null ) { + val = ""; + + } else if ( typeof val === "number" ) { + val += ""; + + } else if ( Array.isArray( val ) ) { + val = jQuery.map( val, function( value ) { + return value == null ? "" : value + ""; + } ); + } + + hooks = jQuery.valHooks[ this.type ] || jQuery.valHooks[ this.nodeName.toLowerCase() ]; + + // If set returns undefined, fall back to normal setting + if ( !hooks || !( "set" in hooks ) || hooks.set( this, val, "value" ) === undefined ) { + this.value = val; + } + } ); + } +} ); + +jQuery.extend( { + valHooks: { + option: { + get: function( elem ) { + + var val = jQuery.find.attr( elem, "value" ); + return val != null ? + val : + + // Support: IE <=10 - 11 only + // option.text throws exceptions (#14686, #14858) + // Strip and collapse whitespace + // https://html.spec.whatwg.org/#strip-and-collapse-whitespace + stripAndCollapse( jQuery.text( elem ) ); + } + }, + select: { + get: function( elem ) { + var value, option, i, + options = elem.options, + index = elem.selectedIndex, + one = elem.type === "select-one", + values = one ? null : [], + max = one ? index + 1 : options.length; + + if ( index < 0 ) { + i = max; + + } else { + i = one ? index : 0; + } + + // Loop through all the selected options + for ( ; i < max; i++ ) { + option = options[ i ]; + + // Support: IE <=9 only + // IE8-9 doesn't update selected after form reset (#2551) + if ( ( option.selected || i === index ) && + + // Don't return options that are disabled or in a disabled optgroup + !option.disabled && + ( !option.parentNode.disabled || + !nodeName( option.parentNode, "optgroup" ) ) ) { + + // Get the specific value for the option + value = jQuery( option ).val(); + + // We don't need an array for one selects + if ( one ) { + return value; + } + + // Multi-Selects return an array + values.push( value ); + } + } + + return values; + }, + + set: function( elem, value ) { + var optionSet, option, + options = elem.options, + values = jQuery.makeArray( value ), + i = options.length; + + while ( i-- ) { + option = options[ i ]; + + /* eslint-disable no-cond-assign */ + + if ( option.selected = + jQuery.inArray( jQuery.valHooks.option.get( option ), values ) > -1 + ) { + optionSet = true; + } + + /* eslint-enable no-cond-assign */ + } + + // Force browsers to behave consistently when non-matching value is set + if ( !optionSet ) { + elem.selectedIndex = -1; + } + return values; + } + } + } +} ); + +// Radios and checkboxes getter/setter +jQuery.each( [ "radio", "checkbox" ], function() { + jQuery.valHooks[ this ] = { + set: function( elem, value ) { + if ( Array.isArray( value ) ) { + return ( elem.checked = jQuery.inArray( jQuery( elem ).val(), value ) > -1 ); + } + } + }; + if ( !support.checkOn ) { + jQuery.valHooks[ this ].get = function( elem ) { + return elem.getAttribute( "value" ) === null ? "on" : elem.value; + }; + } +} ); + + + + +// Return jQuery for attributes-only inclusion + + +support.focusin = "onfocusin" in window; + + +var rfocusMorph = /^(?:focusinfocus|focusoutblur)$/, + stopPropagationCallback = function( e ) { + e.stopPropagation(); + }; + +jQuery.extend( jQuery.event, { + + trigger: function( event, data, elem, onlyHandlers ) { + + var i, cur, tmp, bubbleType, ontype, handle, special, lastElement, + eventPath = [ elem || document ], + type = hasOwn.call( event, "type" ) ? event.type : event, + namespaces = hasOwn.call( event, "namespace" ) ? event.namespace.split( "." ) : []; + + cur = lastElement = tmp = elem = elem || document; + + // Don't do events on text and comment nodes + if ( elem.nodeType === 3 || elem.nodeType === 8 ) { + return; + } + + // focus/blur morphs to focusin/out; ensure we're not firing them right now + if ( rfocusMorph.test( type + jQuery.event.triggered ) ) { + return; + } + + if ( type.indexOf( "." ) > -1 ) { + + // Namespaced trigger; create a regexp to match event type in handle() + namespaces = type.split( "." ); + type = namespaces.shift(); + namespaces.sort(); + } + ontype = type.indexOf( ":" ) < 0 && "on" + type; + + // Caller can pass in a jQuery.Event object, Object, or just an event type string + event = event[ jQuery.expando ] ? + event : + new jQuery.Event( type, typeof event === "object" && event ); + + // Trigger bitmask: & 1 for native handlers; & 2 for jQuery (always true) + event.isTrigger = onlyHandlers ? 2 : 3; + event.namespace = namespaces.join( "." ); + event.rnamespace = event.namespace ? + new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ) : + null; + + // Clean up the event in case it is being reused + event.result = undefined; + if ( !event.target ) { + event.target = elem; + } + + // Clone any incoming data and prepend the event, creating the handler arg list + data = data == null ? + [ event ] : + jQuery.makeArray( data, [ event ] ); + + // Allow special events to draw outside the lines + special = jQuery.event.special[ type ] || {}; + if ( !onlyHandlers && special.trigger && special.trigger.apply( elem, data ) === false ) { + return; + } + + // Determine event propagation path in advance, per W3C events spec (#9951) + // Bubble up to document, then to window; watch for a global ownerDocument var (#9724) + if ( !onlyHandlers && !special.noBubble && !isWindow( elem ) ) { + + bubbleType = special.delegateType || type; + if ( !rfocusMorph.test( bubbleType + type ) ) { + cur = cur.parentNode; + } + for ( ; cur; cur = cur.parentNode ) { + eventPath.push( cur ); + tmp = cur; + } + + // Only add window if we got to document (e.g., not plain obj or detached DOM) + if ( tmp === ( elem.ownerDocument || document ) ) { + eventPath.push( tmp.defaultView || tmp.parentWindow || window ); + } + } + + // Fire handlers on the event path + i = 0; + while ( ( cur = eventPath[ i++ ] ) && !event.isPropagationStopped() ) { + lastElement = cur; + event.type = i > 1 ? + bubbleType : + special.bindType || type; + + // jQuery handler + handle = ( dataPriv.get( cur, "events" ) || Object.create( null ) )[ event.type ] && + dataPriv.get( cur, "handle" ); + if ( handle ) { + handle.apply( cur, data ); + } + + // Native handler + handle = ontype && cur[ ontype ]; + if ( handle && handle.apply && acceptData( cur ) ) { + event.result = handle.apply( cur, data ); + if ( event.result === false ) { + event.preventDefault(); + } + } + } + event.type = type; + + // If nobody prevented the default action, do it now + if ( !onlyHandlers && !event.isDefaultPrevented() ) { + + if ( ( !special._default || + special._default.apply( eventPath.pop(), data ) === false ) && + acceptData( elem ) ) { + + // Call a native DOM method on the target with the same name as the event. + // Don't do default actions on window, that's where global variables be (#6170) + if ( ontype && isFunction( elem[ type ] ) && !isWindow( elem ) ) { + + // Don't re-trigger an onFOO event when we call its FOO() method + tmp = elem[ ontype ]; + + if ( tmp ) { + elem[ ontype ] = null; + } + + // Prevent re-triggering of the same event, since we already bubbled it above + jQuery.event.triggered = type; + + if ( event.isPropagationStopped() ) { + lastElement.addEventListener( type, stopPropagationCallback ); + } + + elem[ type ](); + + if ( event.isPropagationStopped() ) { + lastElement.removeEventListener( type, stopPropagationCallback ); + } + + jQuery.event.triggered = undefined; + + if ( tmp ) { + elem[ ontype ] = tmp; + } + } + } + } + + return event.result; + }, + + // Piggyback on a donor event to simulate a different one + // Used only for `focus(in | out)` events + simulate: function( type, elem, event ) { + var e = jQuery.extend( + new jQuery.Event(), + event, + { + type: type, + isSimulated: true + } + ); + + jQuery.event.trigger( e, null, elem ); + } + +} ); + +jQuery.fn.extend( { + + trigger: function( type, data ) { + return this.each( function() { + jQuery.event.trigger( type, data, this ); + } ); + }, + triggerHandler: function( type, data ) { + var elem = this[ 0 ]; + if ( elem ) { + return jQuery.event.trigger( type, data, elem, true ); + } + } +} ); + + +// Support: Firefox <=44 +// Firefox doesn't have focus(in | out) events +// Related ticket - https://bugzilla.mozilla.org/show_bug.cgi?id=687787 +// +// Support: Chrome <=48 - 49, Safari <=9.0 - 9.1 +// focus(in | out) events fire after focus & blur events, +// which is spec violation - http://www.w3.org/TR/DOM-Level-3-Events/#events-focusevent-event-order +// Related ticket - https://bugs.chromium.org/p/chromium/issues/detail?id=449857 +if ( !support.focusin ) { + jQuery.each( { focus: "focusin", blur: "focusout" }, function( orig, fix ) { + + // Attach a single capturing handler on the document while someone wants focusin/focusout + var handler = function( event ) { + jQuery.event.simulate( fix, event.target, jQuery.event.fix( event ) ); + }; + + jQuery.event.special[ fix ] = { + setup: function() { + + // Handle: regular nodes (via `this.ownerDocument`), window + // (via `this.document`) & document (via `this`). + var doc = this.ownerDocument || this.document || this, + attaches = dataPriv.access( doc, fix ); + + if ( !attaches ) { + doc.addEventListener( orig, handler, true ); + } + dataPriv.access( doc, fix, ( attaches || 0 ) + 1 ); + }, + teardown: function() { + var doc = this.ownerDocument || this.document || this, + attaches = dataPriv.access( doc, fix ) - 1; + + if ( !attaches ) { + doc.removeEventListener( orig, handler, true ); + dataPriv.remove( doc, fix ); + + } else { + dataPriv.access( doc, fix, attaches ); + } + } + }; + } ); +} +var location = window.location; + +var nonce = { guid: Date.now() }; + +var rquery = ( /\?/ ); + + + +// Cross-browser xml parsing +jQuery.parseXML = function( data ) { + var xml, parserErrorElem; + if ( !data || typeof data !== "string" ) { + return null; + } + + // Support: IE 9 - 11 only + // IE throws on parseFromString with invalid input. + try { + xml = ( new window.DOMParser() ).parseFromString( data, "text/xml" ); + } catch ( e ) {} + + parserErrorElem = xml && xml.getElementsByTagName( "parsererror" )[ 0 ]; + if ( !xml || parserErrorElem ) { + jQuery.error( "Invalid XML: " + ( + parserErrorElem ? + jQuery.map( parserErrorElem.childNodes, function( el ) { + return el.textContent; + } ).join( "\n" ) : + data + ) ); + } + return xml; +}; + + +var + rbracket = /\[\]$/, + rCRLF = /\r?\n/g, + rsubmitterTypes = /^(?:submit|button|image|reset|file)$/i, + rsubmittable = /^(?:input|select|textarea|keygen)/i; + +function buildParams( prefix, obj, traditional, add ) { + var name; + + if ( Array.isArray( obj ) ) { + + // Serialize array item. + jQuery.each( obj, function( i, v ) { + if ( traditional || rbracket.test( prefix ) ) { + + // Treat each array item as a scalar. + add( prefix, v ); + + } else { + + // Item is non-scalar (array or object), encode its numeric index. + buildParams( + prefix + "[" + ( typeof v === "object" && v != null ? i : "" ) + "]", + v, + traditional, + add + ); + } + } ); + + } else if ( !traditional && toType( obj ) === "object" ) { + + // Serialize object item. + for ( name in obj ) { + buildParams( prefix + "[" + name + "]", obj[ name ], traditional, add ); + } + + } else { + + // Serialize scalar item. + add( prefix, obj ); + } +} + +// Serialize an array of form elements or a set of +// key/values into a query string +jQuery.param = function( a, traditional ) { + var prefix, + s = [], + add = function( key, valueOrFunction ) { + + // If value is a function, invoke it and use its return value + var value = isFunction( valueOrFunction ) ? + valueOrFunction() : + valueOrFunction; + + s[ s.length ] = encodeURIComponent( key ) + "=" + + encodeURIComponent( value == null ? "" : value ); + }; + + if ( a == null ) { + return ""; + } + + // If an array was passed in, assume that it is an array of form elements. + if ( Array.isArray( a ) || ( a.jquery && !jQuery.isPlainObject( a ) ) ) { + + // Serialize the form elements + jQuery.each( a, function() { + add( this.name, this.value ); + } ); + + } else { + + // If traditional, encode the "old" way (the way 1.3.2 or older + // did it), otherwise encode params recursively. + for ( prefix in a ) { + buildParams( prefix, a[ prefix ], traditional, add ); + } + } + + // Return the resulting serialization + return s.join( "&" ); +}; + +jQuery.fn.extend( { + serialize: function() { + return jQuery.param( this.serializeArray() ); + }, + serializeArray: function() { + return this.map( function() { + + // Can add propHook for "elements" to filter or add form elements + var elements = jQuery.prop( this, "elements" ); + return elements ? jQuery.makeArray( elements ) : this; + } ).filter( function() { + var type = this.type; + + // Use .is( ":disabled" ) so that fieldset[disabled] works + return this.name && !jQuery( this ).is( ":disabled" ) && + rsubmittable.test( this.nodeName ) && !rsubmitterTypes.test( type ) && + ( this.checked || !rcheckableType.test( type ) ); + } ).map( function( _i, elem ) { + var val = jQuery( this ).val(); + + if ( val == null ) { + return null; + } + + if ( Array.isArray( val ) ) { + return jQuery.map( val, function( val ) { + return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; + } ); + } + + return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; + } ).get(); + } +} ); + + +var + r20 = /%20/g, + rhash = /#.*$/, + rantiCache = /([?&])_=[^&]*/, + rheaders = /^(.*?):[ \t]*([^\r\n]*)$/mg, + + // #7653, #8125, #8152: local protocol detection + rlocalProtocol = /^(?:about|app|app-storage|.+-extension|file|res|widget):$/, + rnoContent = /^(?:GET|HEAD)$/, + rprotocol = /^\/\//, + + /* Prefilters + * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example) + * 2) These are called: + * - BEFORE asking for a transport + * - AFTER param serialization (s.data is a string if s.processData is true) + * 3) key is the dataType + * 4) the catchall symbol "*" can be used + * 5) execution will start with transport dataType and THEN continue down to "*" if needed + */ + prefilters = {}, + + /* Transports bindings + * 1) key is the dataType + * 2) the catchall symbol "*" can be used + * 3) selection will start with transport dataType and THEN go to "*" if needed + */ + transports = {}, + + // Avoid comment-prolog char sequence (#10098); must appease lint and evade compression + allTypes = "*/".concat( "*" ), + + // Anchor tag for parsing the document origin + originAnchor = document.createElement( "a" ); + +originAnchor.href = location.href; + +// Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport +function addToPrefiltersOrTransports( structure ) { + + // dataTypeExpression is optional and defaults to "*" + return function( dataTypeExpression, func ) { + + if ( typeof dataTypeExpression !== "string" ) { + func = dataTypeExpression; + dataTypeExpression = "*"; + } + + var dataType, + i = 0, + dataTypes = dataTypeExpression.toLowerCase().match( rnothtmlwhite ) || []; + + if ( isFunction( func ) ) { + + // For each dataType in the dataTypeExpression + while ( ( dataType = dataTypes[ i++ ] ) ) { + + // Prepend if requested + if ( dataType[ 0 ] === "+" ) { + dataType = dataType.slice( 1 ) || "*"; + ( structure[ dataType ] = structure[ dataType ] || [] ).unshift( func ); + + // Otherwise append + } else { + ( structure[ dataType ] = structure[ dataType ] || [] ).push( func ); + } + } + } + }; +} + +// Base inspection function for prefilters and transports +function inspectPrefiltersOrTransports( structure, options, originalOptions, jqXHR ) { + + var inspected = {}, + seekingTransport = ( structure === transports ); + + function inspect( dataType ) { + var selected; + inspected[ dataType ] = true; + jQuery.each( structure[ dataType ] || [], function( _, prefilterOrFactory ) { + var dataTypeOrTransport = prefilterOrFactory( options, originalOptions, jqXHR ); + if ( typeof dataTypeOrTransport === "string" && + !seekingTransport && !inspected[ dataTypeOrTransport ] ) { + + options.dataTypes.unshift( dataTypeOrTransport ); + inspect( dataTypeOrTransport ); + return false; + } else if ( seekingTransport ) { + return !( selected = dataTypeOrTransport ); + } + } ); + return selected; + } + + return inspect( options.dataTypes[ 0 ] ) || !inspected[ "*" ] && inspect( "*" ); +} + +// A special extend for ajax options +// that takes "flat" options (not to be deep extended) +// Fixes #9887 +function ajaxExtend( target, src ) { + var key, deep, + flatOptions = jQuery.ajaxSettings.flatOptions || {}; + + for ( key in src ) { + if ( src[ key ] !== undefined ) { + ( flatOptions[ key ] ? target : ( deep || ( deep = {} ) ) )[ key ] = src[ key ]; + } + } + if ( deep ) { + jQuery.extend( true, target, deep ); + } + + return target; +} + +/* Handles responses to an ajax request: + * - finds the right dataType (mediates between content-type and expected dataType) + * - returns the corresponding response + */ +function ajaxHandleResponses( s, jqXHR, responses ) { + + var ct, type, finalDataType, firstDataType, + contents = s.contents, + dataTypes = s.dataTypes; + + // Remove auto dataType and get content-type in the process + while ( dataTypes[ 0 ] === "*" ) { + dataTypes.shift(); + if ( ct === undefined ) { + ct = s.mimeType || jqXHR.getResponseHeader( "Content-Type" ); + } + } + + // Check if we're dealing with a known content-type + if ( ct ) { + for ( type in contents ) { + if ( contents[ type ] && contents[ type ].test( ct ) ) { + dataTypes.unshift( type ); + break; + } + } + } + + // Check to see if we have a response for the expected dataType + if ( dataTypes[ 0 ] in responses ) { + finalDataType = dataTypes[ 0 ]; + } else { + + // Try convertible dataTypes + for ( type in responses ) { + if ( !dataTypes[ 0 ] || s.converters[ type + " " + dataTypes[ 0 ] ] ) { + finalDataType = type; + break; + } + if ( !firstDataType ) { + firstDataType = type; + } + } + + // Or just use first one + finalDataType = finalDataType || firstDataType; + } + + // If we found a dataType + // We add the dataType to the list if needed + // and return the corresponding response + if ( finalDataType ) { + if ( finalDataType !== dataTypes[ 0 ] ) { + dataTypes.unshift( finalDataType ); + } + return responses[ finalDataType ]; + } +} + +/* Chain conversions given the request and the original response + * Also sets the responseXXX fields on the jqXHR instance + */ +function ajaxConvert( s, response, jqXHR, isSuccess ) { + var conv2, current, conv, tmp, prev, + converters = {}, + + // Work with a copy of dataTypes in case we need to modify it for conversion + dataTypes = s.dataTypes.slice(); + + // Create converters map with lowercased keys + if ( dataTypes[ 1 ] ) { + for ( conv in s.converters ) { + converters[ conv.toLowerCase() ] = s.converters[ conv ]; + } + } + + current = dataTypes.shift(); + + // Convert to each sequential dataType + while ( current ) { + + if ( s.responseFields[ current ] ) { + jqXHR[ s.responseFields[ current ] ] = response; + } + + // Apply the dataFilter if provided + if ( !prev && isSuccess && s.dataFilter ) { + response = s.dataFilter( response, s.dataType ); + } + + prev = current; + current = dataTypes.shift(); + + if ( current ) { + + // There's only work to do if current dataType is non-auto + if ( current === "*" ) { + + current = prev; + + // Convert response if prev dataType is non-auto and differs from current + } else if ( prev !== "*" && prev !== current ) { + + // Seek a direct converter + conv = converters[ prev + " " + current ] || converters[ "* " + current ]; + + // If none found, seek a pair + if ( !conv ) { + for ( conv2 in converters ) { + + // If conv2 outputs current + tmp = conv2.split( " " ); + if ( tmp[ 1 ] === current ) { + + // If prev can be converted to accepted input + conv = converters[ prev + " " + tmp[ 0 ] ] || + converters[ "* " + tmp[ 0 ] ]; + if ( conv ) { + + // Condense equivalence converters + if ( conv === true ) { + conv = converters[ conv2 ]; + + // Otherwise, insert the intermediate dataType + } else if ( converters[ conv2 ] !== true ) { + current = tmp[ 0 ]; + dataTypes.unshift( tmp[ 1 ] ); + } + break; + } + } + } + } + + // Apply converter (if not an equivalence) + if ( conv !== true ) { + + // Unless errors are allowed to bubble, catch and return them + if ( conv && s.throws ) { + response = conv( response ); + } else { + try { + response = conv( response ); + } catch ( e ) { + return { + state: "parsererror", + error: conv ? e : "No conversion from " + prev + " to " + current + }; + } + } + } + } + } + } + + return { state: "success", data: response }; +} + +jQuery.extend( { + + // Counter for holding the number of active queries + active: 0, + + // Last-Modified header cache for next request + lastModified: {}, + etag: {}, + + ajaxSettings: { + url: location.href, + type: "GET", + isLocal: rlocalProtocol.test( location.protocol ), + global: true, + processData: true, + async: true, + contentType: "application/x-www-form-urlencoded; charset=UTF-8", + + /* + timeout: 0, + data: null, + dataType: null, + username: null, + password: null, + cache: null, + throws: false, + traditional: false, + headers: {}, + */ + + accepts: { + "*": allTypes, + text: "text/plain", + html: "text/html", + xml: "application/xml, text/xml", + json: "application/json, text/javascript" + }, + + contents: { + xml: /\bxml\b/, + html: /\bhtml/, + json: /\bjson\b/ + }, + + responseFields: { + xml: "responseXML", + text: "responseText", + json: "responseJSON" + }, + + // Data converters + // Keys separate source (or catchall "*") and destination types with a single space + converters: { + + // Convert anything to text + "* text": String, + + // Text to html (true = no transformation) + "text html": true, + + // Evaluate text as a json expression + "text json": JSON.parse, + + // Parse text as xml + "text xml": jQuery.parseXML + }, + + // For options that shouldn't be deep extended: + // you can add your own custom options here if + // and when you create one that shouldn't be + // deep extended (see ajaxExtend) + flatOptions: { + url: true, + context: true + } + }, + + // Creates a full fledged settings object into target + // with both ajaxSettings and settings fields. + // If target is omitted, writes into ajaxSettings. + ajaxSetup: function( target, settings ) { + return settings ? + + // Building a settings object + ajaxExtend( ajaxExtend( target, jQuery.ajaxSettings ), settings ) : + + // Extending ajaxSettings + ajaxExtend( jQuery.ajaxSettings, target ); + }, + + ajaxPrefilter: addToPrefiltersOrTransports( prefilters ), + ajaxTransport: addToPrefiltersOrTransports( transports ), + + // Main method + ajax: function( url, options ) { + + // If url is an object, simulate pre-1.5 signature + if ( typeof url === "object" ) { + options = url; + url = undefined; + } + + // Force options to be an object + options = options || {}; + + var transport, + + // URL without anti-cache param + cacheURL, + + // Response headers + responseHeadersString, + responseHeaders, + + // timeout handle + timeoutTimer, + + // Url cleanup var + urlAnchor, + + // Request state (becomes false upon send and true upon completion) + completed, + + // To know if global events are to be dispatched + fireGlobals, + + // Loop variable + i, + + // uncached part of the url + uncached, + + // Create the final options object + s = jQuery.ajaxSetup( {}, options ), + + // Callbacks context + callbackContext = s.context || s, + + // Context for global events is callbackContext if it is a DOM node or jQuery collection + globalEventContext = s.context && + ( callbackContext.nodeType || callbackContext.jquery ) ? + jQuery( callbackContext ) : + jQuery.event, + + // Deferreds + deferred = jQuery.Deferred(), + completeDeferred = jQuery.Callbacks( "once memory" ), + + // Status-dependent callbacks + statusCode = s.statusCode || {}, + + // Headers (they are sent all at once) + requestHeaders = {}, + requestHeadersNames = {}, + + // Default abort message + strAbort = "canceled", + + // Fake xhr + jqXHR = { + readyState: 0, + + // Builds headers hashtable if needed + getResponseHeader: function( key ) { + var match; + if ( completed ) { + if ( !responseHeaders ) { + responseHeaders = {}; + while ( ( match = rheaders.exec( responseHeadersString ) ) ) { + responseHeaders[ match[ 1 ].toLowerCase() + " " ] = + ( responseHeaders[ match[ 1 ].toLowerCase() + " " ] || [] ) + .concat( match[ 2 ] ); + } + } + match = responseHeaders[ key.toLowerCase() + " " ]; + } + return match == null ? null : match.join( ", " ); + }, + + // Raw string + getAllResponseHeaders: function() { + return completed ? responseHeadersString : null; + }, + + // Caches the header + setRequestHeader: function( name, value ) { + if ( completed == null ) { + name = requestHeadersNames[ name.toLowerCase() ] = + requestHeadersNames[ name.toLowerCase() ] || name; + requestHeaders[ name ] = value; + } + return this; + }, + + // Overrides response content-type header + overrideMimeType: function( type ) { + if ( completed == null ) { + s.mimeType = type; + } + return this; + }, + + // Status-dependent callbacks + statusCode: function( map ) { + var code; + if ( map ) { + if ( completed ) { + + // Execute the appropriate callbacks + jqXHR.always( map[ jqXHR.status ] ); + } else { + + // Lazy-add the new callbacks in a way that preserves old ones + for ( code in map ) { + statusCode[ code ] = [ statusCode[ code ], map[ code ] ]; + } + } + } + return this; + }, + + // Cancel the request + abort: function( statusText ) { + var finalText = statusText || strAbort; + if ( transport ) { + transport.abort( finalText ); + } + done( 0, finalText ); + return this; + } + }; + + // Attach deferreds + deferred.promise( jqXHR ); + + // Add protocol if not provided (prefilters might expect it) + // Handle falsy url in the settings object (#10093: consistency with old signature) + // We also use the url parameter if available + s.url = ( ( url || s.url || location.href ) + "" ) + .replace( rprotocol, location.protocol + "//" ); + + // Alias method option to type as per ticket #12004 + s.type = options.method || options.type || s.method || s.type; + + // Extract dataTypes list + s.dataTypes = ( s.dataType || "*" ).toLowerCase().match( rnothtmlwhite ) || [ "" ]; + + // A cross-domain request is in order when the origin doesn't match the current origin. + if ( s.crossDomain == null ) { + urlAnchor = document.createElement( "a" ); + + // Support: IE <=8 - 11, Edge 12 - 15 + // IE throws exception on accessing the href property if url is malformed, + // e.g. http://example.com:80x/ + try { + urlAnchor.href = s.url; + + // Support: IE <=8 - 11 only + // Anchor's host property isn't correctly set when s.url is relative + urlAnchor.href = urlAnchor.href; + s.crossDomain = originAnchor.protocol + "//" + originAnchor.host !== + urlAnchor.protocol + "//" + urlAnchor.host; + } catch ( e ) { + + // If there is an error parsing the URL, assume it is crossDomain, + // it can be rejected by the transport if it is invalid + s.crossDomain = true; + } + } + + // Convert data if not already a string + if ( s.data && s.processData && typeof s.data !== "string" ) { + s.data = jQuery.param( s.data, s.traditional ); + } + + // Apply prefilters + inspectPrefiltersOrTransports( prefilters, s, options, jqXHR ); + + // If request was aborted inside a prefilter, stop there + if ( completed ) { + return jqXHR; + } + + // We can fire global events as of now if asked to + // Don't fire events if jQuery.event is undefined in an AMD-usage scenario (#15118) + fireGlobals = jQuery.event && s.global; + + // Watch for a new set of requests + if ( fireGlobals && jQuery.active++ === 0 ) { + jQuery.event.trigger( "ajaxStart" ); + } + + // Uppercase the type + s.type = s.type.toUpperCase(); + + // Determine if request has content + s.hasContent = !rnoContent.test( s.type ); + + // Save the URL in case we're toying with the If-Modified-Since + // and/or If-None-Match header later on + // Remove hash to simplify url manipulation + cacheURL = s.url.replace( rhash, "" ); + + // More options handling for requests with no content + if ( !s.hasContent ) { + + // Remember the hash so we can put it back + uncached = s.url.slice( cacheURL.length ); + + // If data is available and should be processed, append data to url + if ( s.data && ( s.processData || typeof s.data === "string" ) ) { + cacheURL += ( rquery.test( cacheURL ) ? "&" : "?" ) + s.data; + + // #9682: remove data so that it's not used in an eventual retry + delete s.data; + } + + // Add or update anti-cache param if needed + if ( s.cache === false ) { + cacheURL = cacheURL.replace( rantiCache, "$1" ); + uncached = ( rquery.test( cacheURL ) ? "&" : "?" ) + "_=" + ( nonce.guid++ ) + + uncached; + } + + // Put hash and anti-cache on the URL that will be requested (gh-1732) + s.url = cacheURL + uncached; + + // Change '%20' to '+' if this is encoded form body content (gh-2658) + } else if ( s.data && s.processData && + ( s.contentType || "" ).indexOf( "application/x-www-form-urlencoded" ) === 0 ) { + s.data = s.data.replace( r20, "+" ); + } + + // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. + if ( s.ifModified ) { + if ( jQuery.lastModified[ cacheURL ] ) { + jqXHR.setRequestHeader( "If-Modified-Since", jQuery.lastModified[ cacheURL ] ); + } + if ( jQuery.etag[ cacheURL ] ) { + jqXHR.setRequestHeader( "If-None-Match", jQuery.etag[ cacheURL ] ); + } + } + + // Set the correct header, if data is being sent + if ( s.data && s.hasContent && s.contentType !== false || options.contentType ) { + jqXHR.setRequestHeader( "Content-Type", s.contentType ); + } + + // Set the Accepts header for the server, depending on the dataType + jqXHR.setRequestHeader( + "Accept", + s.dataTypes[ 0 ] && s.accepts[ s.dataTypes[ 0 ] ] ? + s.accepts[ s.dataTypes[ 0 ] ] + + ( s.dataTypes[ 0 ] !== "*" ? ", " + allTypes + "; q=0.01" : "" ) : + s.accepts[ "*" ] + ); + + // Check for headers option + for ( i in s.headers ) { + jqXHR.setRequestHeader( i, s.headers[ i ] ); + } + + // Allow custom headers/mimetypes and early abort + if ( s.beforeSend && + ( s.beforeSend.call( callbackContext, jqXHR, s ) === false || completed ) ) { + + // Abort if not done already and return + return jqXHR.abort(); + } + + // Aborting is no longer a cancellation + strAbort = "abort"; + + // Install callbacks on deferreds + completeDeferred.add( s.complete ); + jqXHR.done( s.success ); + jqXHR.fail( s.error ); + + // Get transport + transport = inspectPrefiltersOrTransports( transports, s, options, jqXHR ); + + // If no transport, we auto-abort + if ( !transport ) { + done( -1, "No Transport" ); + } else { + jqXHR.readyState = 1; + + // Send global event + if ( fireGlobals ) { + globalEventContext.trigger( "ajaxSend", [ jqXHR, s ] ); + } + + // If request was aborted inside ajaxSend, stop there + if ( completed ) { + return jqXHR; + } + + // Timeout + if ( s.async && s.timeout > 0 ) { + timeoutTimer = window.setTimeout( function() { + jqXHR.abort( "timeout" ); + }, s.timeout ); + } + + try { + completed = false; + transport.send( requestHeaders, done ); + } catch ( e ) { + + // Rethrow post-completion exceptions + if ( completed ) { + throw e; + } + + // Propagate others as results + done( -1, e ); + } + } + + // Callback for when everything is done + function done( status, nativeStatusText, responses, headers ) { + var isSuccess, success, error, response, modified, + statusText = nativeStatusText; + + // Ignore repeat invocations + if ( completed ) { + return; + } + + completed = true; + + // Clear timeout if it exists + if ( timeoutTimer ) { + window.clearTimeout( timeoutTimer ); + } + + // Dereference transport for early garbage collection + // (no matter how long the jqXHR object will be used) + transport = undefined; + + // Cache response headers + responseHeadersString = headers || ""; + + // Set readyState + jqXHR.readyState = status > 0 ? 4 : 0; + + // Determine if successful + isSuccess = status >= 200 && status < 300 || status === 304; + + // Get response data + if ( responses ) { + response = ajaxHandleResponses( s, jqXHR, responses ); + } + + // Use a noop converter for missing script but not if jsonp + if ( !isSuccess && + jQuery.inArray( "script", s.dataTypes ) > -1 && + jQuery.inArray( "json", s.dataTypes ) < 0 ) { + s.converters[ "text script" ] = function() {}; + } + + // Convert no matter what (that way responseXXX fields are always set) + response = ajaxConvert( s, response, jqXHR, isSuccess ); + + // If successful, handle type chaining + if ( isSuccess ) { + + // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. + if ( s.ifModified ) { + modified = jqXHR.getResponseHeader( "Last-Modified" ); + if ( modified ) { + jQuery.lastModified[ cacheURL ] = modified; + } + modified = jqXHR.getResponseHeader( "etag" ); + if ( modified ) { + jQuery.etag[ cacheURL ] = modified; + } + } + + // if no content + if ( status === 204 || s.type === "HEAD" ) { + statusText = "nocontent"; + + // if not modified + } else if ( status === 304 ) { + statusText = "notmodified"; + + // If we have data, let's convert it + } else { + statusText = response.state; + success = response.data; + error = response.error; + isSuccess = !error; + } + } else { + + // Extract error from statusText and normalize for non-aborts + error = statusText; + if ( status || !statusText ) { + statusText = "error"; + if ( status < 0 ) { + status = 0; + } + } + } + + // Set data for the fake xhr object + jqXHR.status = status; + jqXHR.statusText = ( nativeStatusText || statusText ) + ""; + + // Success/Error + if ( isSuccess ) { + deferred.resolveWith( callbackContext, [ success, statusText, jqXHR ] ); + } else { + deferred.rejectWith( callbackContext, [ jqXHR, statusText, error ] ); + } + + // Status-dependent callbacks + jqXHR.statusCode( statusCode ); + statusCode = undefined; + + if ( fireGlobals ) { + globalEventContext.trigger( isSuccess ? "ajaxSuccess" : "ajaxError", + [ jqXHR, s, isSuccess ? success : error ] ); + } + + // Complete + completeDeferred.fireWith( callbackContext, [ jqXHR, statusText ] ); + + if ( fireGlobals ) { + globalEventContext.trigger( "ajaxComplete", [ jqXHR, s ] ); + + // Handle the global AJAX counter + if ( !( --jQuery.active ) ) { + jQuery.event.trigger( "ajaxStop" ); + } + } + } + + return jqXHR; + }, + + getJSON: function( url, data, callback ) { + return jQuery.get( url, data, callback, "json" ); + }, + + getScript: function( url, callback ) { + return jQuery.get( url, undefined, callback, "script" ); + } +} ); + +jQuery.each( [ "get", "post" ], function( _i, method ) { + jQuery[ method ] = function( url, data, callback, type ) { + + // Shift arguments if data argument was omitted + if ( isFunction( data ) ) { + type = type || callback; + callback = data; + data = undefined; + } + + // The url can be an options object (which then must have .url) + return jQuery.ajax( jQuery.extend( { + url: url, + type: method, + dataType: type, + data: data, + success: callback + }, jQuery.isPlainObject( url ) && url ) ); + }; +} ); + +jQuery.ajaxPrefilter( function( s ) { + var i; + for ( i in s.headers ) { + if ( i.toLowerCase() === "content-type" ) { + s.contentType = s.headers[ i ] || ""; + } + } +} ); + + +jQuery._evalUrl = function( url, options, doc ) { + return jQuery.ajax( { + url: url, + + // Make this explicit, since user can override this through ajaxSetup (#11264) + type: "GET", + dataType: "script", + cache: true, + async: false, + global: false, + + // Only evaluate the response if it is successful (gh-4126) + // dataFilter is not invoked for failure responses, so using it instead + // of the default converter is kludgy but it works. + converters: { + "text script": function() {} + }, + dataFilter: function( response ) { + jQuery.globalEval( response, options, doc ); + } + } ); +}; + + +jQuery.fn.extend( { + wrapAll: function( html ) { + var wrap; + + if ( this[ 0 ] ) { + if ( isFunction( html ) ) { + html = html.call( this[ 0 ] ); + } + + // The elements to wrap the target around + wrap = jQuery( html, this[ 0 ].ownerDocument ).eq( 0 ).clone( true ); + + if ( this[ 0 ].parentNode ) { + wrap.insertBefore( this[ 0 ] ); + } + + wrap.map( function() { + var elem = this; + + while ( elem.firstElementChild ) { + elem = elem.firstElementChild; + } + + return elem; + } ).append( this ); + } + + return this; + }, + + wrapInner: function( html ) { + if ( isFunction( html ) ) { + return this.each( function( i ) { + jQuery( this ).wrapInner( html.call( this, i ) ); + } ); + } + + return this.each( function() { + var self = jQuery( this ), + contents = self.contents(); + + if ( contents.length ) { + contents.wrapAll( html ); + + } else { + self.append( html ); + } + } ); + }, + + wrap: function( html ) { + var htmlIsFunction = isFunction( html ); + + return this.each( function( i ) { + jQuery( this ).wrapAll( htmlIsFunction ? html.call( this, i ) : html ); + } ); + }, + + unwrap: function( selector ) { + this.parent( selector ).not( "body" ).each( function() { + jQuery( this ).replaceWith( this.childNodes ); + } ); + return this; + } +} ); + + +jQuery.expr.pseudos.hidden = function( elem ) { + return !jQuery.expr.pseudos.visible( elem ); +}; +jQuery.expr.pseudos.visible = function( elem ) { + return !!( elem.offsetWidth || elem.offsetHeight || elem.getClientRects().length ); +}; + + + + +jQuery.ajaxSettings.xhr = function() { + try { + return new window.XMLHttpRequest(); + } catch ( e ) {} +}; + +var xhrSuccessStatus = { + + // File protocol always yields status code 0, assume 200 + 0: 200, + + // Support: IE <=9 only + // #1450: sometimes IE returns 1223 when it should be 204 + 1223: 204 + }, + xhrSupported = jQuery.ajaxSettings.xhr(); + +support.cors = !!xhrSupported && ( "withCredentials" in xhrSupported ); +support.ajax = xhrSupported = !!xhrSupported; + +jQuery.ajaxTransport( function( options ) { + var callback, errorCallback; + + // Cross domain only allowed if supported through XMLHttpRequest + if ( support.cors || xhrSupported && !options.crossDomain ) { + return { + send: function( headers, complete ) { + var i, + xhr = options.xhr(); + + xhr.open( + options.type, + options.url, + options.async, + options.username, + options.password + ); + + // Apply custom fields if provided + if ( options.xhrFields ) { + for ( i in options.xhrFields ) { + xhr[ i ] = options.xhrFields[ i ]; + } + } + + // Override mime type if needed + if ( options.mimeType && xhr.overrideMimeType ) { + xhr.overrideMimeType( options.mimeType ); + } + + // X-Requested-With header + // For cross-domain requests, seeing as conditions for a preflight are + // akin to a jigsaw puzzle, we simply never set it to be sure. + // (it can always be set on a per-request basis or even using ajaxSetup) + // For same-domain requests, won't change header if already provided. + if ( !options.crossDomain && !headers[ "X-Requested-With" ] ) { + headers[ "X-Requested-With" ] = "XMLHttpRequest"; + } + + // Set headers + for ( i in headers ) { + xhr.setRequestHeader( i, headers[ i ] ); + } + + // Callback + callback = function( type ) { + return function() { + if ( callback ) { + callback = errorCallback = xhr.onload = + xhr.onerror = xhr.onabort = xhr.ontimeout = + xhr.onreadystatechange = null; + + if ( type === "abort" ) { + xhr.abort(); + } else if ( type === "error" ) { + + // Support: IE <=9 only + // On a manual native abort, IE9 throws + // errors on any property access that is not readyState + if ( typeof xhr.status !== "number" ) { + complete( 0, "error" ); + } else { + complete( + + // File: protocol always yields status 0; see #8605, #14207 + xhr.status, + xhr.statusText + ); + } + } else { + complete( + xhrSuccessStatus[ xhr.status ] || xhr.status, + xhr.statusText, + + // Support: IE <=9 only + // IE9 has no XHR2 but throws on binary (trac-11426) + // For XHR2 non-text, let the caller handle it (gh-2498) + ( xhr.responseType || "text" ) !== "text" || + typeof xhr.responseText !== "string" ? + { binary: xhr.response } : + { text: xhr.responseText }, + xhr.getAllResponseHeaders() + ); + } + } + }; + }; + + // Listen to events + xhr.onload = callback(); + errorCallback = xhr.onerror = xhr.ontimeout = callback( "error" ); + + // Support: IE 9 only + // Use onreadystatechange to replace onabort + // to handle uncaught aborts + if ( xhr.onabort !== undefined ) { + xhr.onabort = errorCallback; + } else { + xhr.onreadystatechange = function() { + + // Check readyState before timeout as it changes + if ( xhr.readyState === 4 ) { + + // Allow onerror to be called first, + // but that will not handle a native abort + // Also, save errorCallback to a variable + // as xhr.onerror cannot be accessed + window.setTimeout( function() { + if ( callback ) { + errorCallback(); + } + } ); + } + }; + } + + // Create the abort callback + callback = callback( "abort" ); + + try { + + // Do send the request (this may raise an exception) + xhr.send( options.hasContent && options.data || null ); + } catch ( e ) { + + // #14683: Only rethrow if this hasn't been notified as an error yet + if ( callback ) { + throw e; + } + } + }, + + abort: function() { + if ( callback ) { + callback(); + } + } + }; + } +} ); + + + + +// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432) +jQuery.ajaxPrefilter( function( s ) { + if ( s.crossDomain ) { + s.contents.script = false; + } +} ); + +// Install script dataType +jQuery.ajaxSetup( { + accepts: { + script: "text/javascript, application/javascript, " + + "application/ecmascript, application/x-ecmascript" + }, + contents: { + script: /\b(?:java|ecma)script\b/ + }, + converters: { + "text script": function( text ) { + jQuery.globalEval( text ); + return text; + } + } +} ); + +// Handle cache's special case and crossDomain +jQuery.ajaxPrefilter( "script", function( s ) { + if ( s.cache === undefined ) { + s.cache = false; + } + if ( s.crossDomain ) { + s.type = "GET"; + } +} ); + +// Bind script tag hack transport +jQuery.ajaxTransport( "script", function( s ) { + + // This transport only deals with cross domain or forced-by-attrs requests + if ( s.crossDomain || s.scriptAttrs ) { + var script, callback; + return { + send: function( _, complete ) { + script = jQuery( " +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

Cryptographic algorithms

+

The following algorithms MUST be supported:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Algorithm

Operations

References

RS256

Signature

RFC 7518.

RS512

Signature

RFC 7518.

RSA-OAEP

Key Encryption

RFC 7518.

RSA-OAEP-256

Key Encryption

RFC 7516.

A128CBC-HS256

Content Encryption

RFC 7516.

A256CBC-HS512

Content Encryption

RFC 7516.

+

The following algorithms are RECOMMENDED to be supported:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Algorithm

Operations

References

ES256

Signature

RFC 7518.

ES512

Signature

RFC 7518.

PS256

Signature

RFC 7518.

PS512

Signature

RFC 7518.

ECDH-ES

Key Encryption

RFC 7518.

ECDH-ES+A128KW

Key Encryption

RFC 7518.

ECDH-ES+A256KW

Key Encryption

RFC 7518.

+

The following algorithms MUST NOT be supported:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Algorithm

Operations

References

none

Signature

RFC 7518.

RSA_1_5

Key Encryption

RFC 7516.

HS256

Signature

RFC 7518.

HS384

Signature

RFC 7518.

HS512

Signature

RFC 7518.

+
+

Warning

+

The length of the RSA keys MUST be equal to or greater than 2048 bits. +A length of 4096 bits is RECOMMENDED.

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/backup-restore.html b/refs/pull/201/merge/en/backup-restore.html new file mode 100644 index 000000000..645579b91 --- /dev/null +++ b/refs/pull/201/merge/en/backup-restore.html @@ -0,0 +1,1453 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | backup-restore.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

backup-restore.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/contribute.html b/refs/pull/201/merge/en/contribute.html new file mode 100644 index 000000000..8a606d920 --- /dev/null +++ b/refs/pull/201/merge/en/contribute.html @@ -0,0 +1,1455 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | How to contribute + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

How to contribute

+

The IT Wallet project, including this document, follows an open development process. This approach ensures the development process is accessible to all, inviting all interested parties to participate.

+

Consequently, stakeholders, national and international community members are not only encouraged but also heartily welcomed to contribute to the refinement of these technical rules.

+

Below are several methods available for contributing to this project:

+
    +

  • GitHub issues. By opening an issue, you can seek clarification, propose enhancements, or report editorial typos. If you are working on an issue, we encourage you to open a draft pull request and link it.

    • +

  • Pull requests. Pull requests represent active contributions to the project, typically, but not always following issue-based discussions. Once a pull request is initiated, it facilitates discussion and review of the proposed changes before they are merged into the main branch (versione-corrente).

    • +

  • Developers Italia Slack channel. Slack is a messaging application designed for businesses, connecting people to the information they need. Developers Italia is an open community based on contributions and participation from public administrations, developers, technicians, students, and citizens. Developers Italia has initiated a Slack channel that [everyone can join for free](https://slack.developers.italia.it/), where you can learn about all their activities and partake in discussions.

    • +
+
+

Acknowledgements

+

We would like to thank the following individuals for their comments, +concerns, ideas, contributions, some of which substantial, to this +implementation profile and to the initial set of implementations.

+
    +

  • Alen Horvat

    • +

  • Amir Sharif

    • +

  • Andrea Prosseda

    • +

  • Emanuele De Cupis

    • +

  • Emiliano Vernini

    • +

  • Francesco Grauso

    • +

  • Francesco Marino

    • +

  • Francesco Ventola

    • +

  • Giada Sciarretta

    • +

  • Giuseppe De Marco

    • +

  • Klaas Wierenga

    • +

  • Kristina Yasuda

    • +

  • Leif Johansson

    • +

  • Lorenzo Cerini

    • +

  • Marta Sciunnach

    • +

  • Michele Silletti

    • +

  • Nicola Saitto

    • +

  • Niels van Dijk

    • +

  • Paul Bastien

    • +

  • Pasquale De Rose

    • +

  • Peter Altmann

    • +

  • Riccardo Iaconelli

    • +

  • Roland Hedberg

    • +

  • Salvatore Laiso

    • +

  • Salvatore Manfredi

    • +

  • Stefano Alifuoco

    • +

  • Takahiko Kawasaki

    • +

  • Torsten Lodderstedt

    • +

  • Vladimir Duzhinov

    • +
+

If anyone has been forgotten, please accept our apologies with the +request to propose the modification of this page via a [Pull Request](https://github.com/italia/eudi-wallet-it-docs) +with a brief description of the contribution offered, during which +event or channel, and during which period. We will then have the opportunity +to apologize again and make amends as soon as possible, including you in the list.

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/defined-terms.html b/refs/pull/201/merge/en/defined-terms.html new file mode 100644 index 000000000..86f493c89 --- /dev/null +++ b/refs/pull/201/merge/en/defined-terms.html @@ -0,0 +1,1512 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | Normative Language and Conventions + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

Normative Language and Conventions

+

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

+
+
+

Defined Terms

+

The terms User, Trust Service, Trust Model, Trusted List, Trust Framework, Attribute, Electronic Attestations of Attributes Provider or Trust Service Provider (TSP), Person Identification Data (PID), Revocation List, Qualified Electronic Attestations of Attributes Provider or Qualified Trust Service Provider (QTSP), Electronic Attestation of Attributes (EAA), are defined in the EIDAS-ARF.

+

Below are the description of acronyms and definitions which are useful for further insights into topics that complement the it-wallet and the interacting components.

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Accreditation Body

An entity accredited by the Federation Authority, responsible for managing the process of verification and certification of accreditation requirements for ecosystem roles.

Digital Identity Provider

An entity, recognized and accredited by the State, responsible for identifying citizens for the issuance of an Electronic Identity Certificate.

Electronic Attestation of Identity

Electronic attestation of attributes referring to master data already present in Italian digital identity systems.

Digital Credential

An signed Credential whose integrity can be cryptographically verified using the public keys of its Issuer. It is also known as Credential.

Federation Authority

A public governance entity that issues guidelines and technical rules, and administers - directly or through its intermediary - Trusted Lists, services, and accreditation processes, the status of participants, and their eligibility evaluation. It also performs oversight functions.

Wallet Instance

An instance of the Wallet Solution, installed on a personal mobile device and controlled by a specific User who is its sole owner. It is the application that enables citizens to fully and autonomously manage their digital identity and EAAs.

Wallet Provider

All public and/or private entities, conforming to a technical profile and accredited by the Federation Authority, that provide citizens with an IT Wallet Instance.

Wallet Attestation

Verifiable Attestation, issued by the Wallet Provider, that proves the security compliace of the Wallet Instance.

Wallet Attestation Service

Device manufacturer service that allows you to certify the authenticity of the mobile app (Wallet Instance).

Qualified Electronic Attestation of Attributes (QEAA)

A digitally verifiable attestation in electronic form, issued by a QTSP, that substantiates a person's possession of attributes.

Qualified Electronic Signature Provider

The Electronic Trust Service Provider responsible for the issuing of Qualified Electronic Signature certificates to the User.

Relying Party

A natural or legal person that implements an authentication system requiring electronic attribute attestation submissions as an authentication mechanism.

Verifier

See Relying Party.

Trust Attestation

Electronic attestation of an entity's compliance with the national regulatory framework, which is cryptographically verifiable and cannot be repudiated over time by the entity that issued it. A Trust Attestation is always related to a particular Trust Framework.

Trust Layer

An architectural component that enables IT Wallet system participants to establish trust, in terms of reliability and compliance of all participants with the regulatory framework governing the digital identity system.

Trust Model

System defining how the participants of the ecosystem establish and maintain trust in their interactions. The Trust Model outlines the rules and the procedures for the entities (like users, systems, or applications) should validate each other's identities, authenticate, and establish the level of trust before exchanging information.

Level of Assurance

The degree of confidence in the vetting process used to establish the identity of the User and the degree of confidence that the User who presents the credential is the same User to whom the Digital Credential was issued.

Holder Key Binding

Ability of the Holder to prove legitimate possession of the private part, related to the public part attested by a Trusted Third Party.

+
+

Acronyms

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + +

Acronym

Description

OID4VP

OpenID for Verifiable Presentation

PID

Person Identification Data

VC

Verifiable Credential

VP

Verifiable Presentation

API

Application Programming Interface

LoA

Level of Assurance

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/genindex.html b/refs/pull/201/merge/en/genindex.html new file mode 100644 index 000000000..bb6f16514 --- /dev/null +++ b/refs/pull/201/merge/en/genindex.html @@ -0,0 +1,1472 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | Index + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + +

Index

+ +
+ R + +
+

R

+ + +
+ + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/index.html b/refs/pull/201/merge/en/index.html new file mode 100644 index 000000000..239b8d853 --- /dev/null +++ b/refs/pull/201/merge/en/index.html @@ -0,0 +1,1610 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | The Italian EUDI Wallet implementation profile + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + +
+

The Italian EUDI Wallet implementation profile

+
+

Introduction

+

The European Council requested the update of the +eIDAS Regulation on electronic identification and trust services by +implementing a new tool: the European Digital Identity Wallet.

+

Italy responded to the input received from the European community by creating the National digital identity Wallet solution, called IT Wallet, to be fully interoperable with all the other solutions made available by other European Member States and in full compliance to the European regulation.

+

The current Italian scenario counts 3 coexisting digital identity tools that are partially overlapping, sometimes competing, and based on different technologies. This points to a highly fragmented system which yields difficulties for users and service providers. Therefore, the IT Wallet proposes to rationalise the digital identity ecosystem in Italy in order to simplify the experience of citizens, public administrations, and businesses in accessing digital services.

+

To achieve these objectives and enhance the already active and eIDAS-notified digital identity schemes, the IT Wallet project entails a technological and governance evolution that envisages the progressive migration of the current threefold digital identification solution towards IT Wallet.

+

The purpose of the following technical rules is to define the technical architecture and reference framework to be used as a guideline by all the parties involved in the development of the IT Wallet project.

+

This documentation defines the national implementation profile of EUDI Wallet, containing the technical details about components of the Wallet ecosystem, as listed below:

+
+
    +

  • Entities of the ecosystem according to EIDAS-ARF.

    • +

  • Infrastructure of trust attesting realiability and eligibility of the participants.

    • +

  • PID and EAAs data schemes and attribute sets.

    • +

  • PID/EAA in MDL CBOR format.

    • +

  • PID/EAA in SD-JWT format.

    • +

  • Wallet Solution general architecture.

    • +

  • Wallet Attestation.

    • +

  • Issuance of PID/EAA according to OpenID4VCI.

    • +

  • Presentation of PID/EAA according to OpenID4VP.

    • +

  • Presentation of pseudonyms according to SIOPv2.

    • +

  • PID/EAA backup and restore mechanisms.

    • +

  • PID/EAA revocation lists.

    • +
+
+
+
+

Index of content

+
+ +
+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/objects.inv b/refs/pull/201/merge/en/objects.inv new file mode 100644 index 000000000..61976336f Binary files /dev/null and b/refs/pull/201/merge/en/objects.inv differ diff --git a/refs/pull/201/merge/en/pid-eaa-data-model.html b/refs/pull/201/merge/en/pid-eaa-data-model.html new file mode 100644 index 000000000..fc867f89f --- /dev/null +++ b/refs/pull/201/merge/en/pid-eaa-data-model.html @@ -0,0 +1,2713 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | PID/(Q)EAA Data Model + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

PID/(Q)EAA Data Model

+

The Person Identification Data (PID) is issued by the PID Provider according to national laws. The main scope of the PID is allowing natural persons to be authenticated for the access to a service or to a protected resource. +The User attributes provided within the Italian PID are the ones listed below:

+
+
    +

  • Current Family Name

    • +

  • Current First Name

    • +

  • Date of Birth

    • +

  • Place of Birth

    • +

  • Unique Identifier

    • +

  • Taxpayer identification number

    • +
+
+

The Italian digital Credentials, like the PID and the (Q)EAA, contains additional claims and according to the OpenID Identity Assurance Profile [OIDC.IDA], these carries the national trust framework and the identity proofing procedures underlying the issuance. In particular, these carries some relevant information about the Authentic Sources of the subject's attributes.

+

The (Q)EAAs are issued by (Q)EAA Issuers to a Wallet Instance and MUST be provided in SD-JWT-VC or MDOC-CBOR data format.

+

The PID/(Q)EAA data format and the mechanism through which a digital credential is issued to the Wallet Instance and presented to a Relying Party are described in the following sections.

+
+

SD-JWT

+

The PID/(Q)EAA is issued in the form of a digital credential. The digital credential format is Selective Disclosure JWT format as specified in [draft-terbu-sd-jwt-vc-latest].

+

An SD-JWT is a JWT that MUST be signed using the Issuer's private key. The SD-JWT payload of the MUST contain the _sd_alg claim described in [SD-JWT]. Section 5.1.2. and other claims specified in this section, some of them may be selectively disclosable claims.

+

The claim _sd_alg indicates the hash algorithm used by the Issuer to generate the digests over the salts and the claim values. The _sd_alg claim MUST be set to one of the specified algorithms in Section Cryptographic Algorithms.

+

Selectively disclosable claims are omitted from the SD-JWT. Instead, the digests of the respective disclosures and decoy digests are contained as an array in a new JWT claim, _sd.

+

Each digest value ensures the integrity of, and maps to, the respective Disclosure. Digest values are calculated using a hash function over the disclosures, each of which contains

+
+
    +

  • a random salt,

    • +

  • the claim name (only when the claim is an object property),

    • +

  • the claim value.

    • +
+
+

The Disclosures are sent to the Holder together with the SD-JWT in the Combined Format for Issuance that MUST be an ordered series of base64url-encoded values, each separated from the next by a single tilde ('~') character as follows:

+
<Issuer-Signed-JWT>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>
+
+
+

See [draft-terbu-sd-jwt-vc-latest] and [SD-JWT] for more details.

+
+

PID/(Q)EAA SD-JWT parameters

+

The JOSE header contains the following mandatory parameters:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

typ

MUST be set to vc+sd-jwt as defined in [draft-terbu-sd-jwt-vc-latest].

[RFC7515, Section 4.1.9].

alg

Signature Algorithm.

[RFC7515, Section 4.1.1].

kid

Unique identifier of the public key.

[RFC7515, Section 4.1.8].

trust_chain

JSON array containing the trust chain that proves the reliability of the issuer of the JWT.

[OIDC-FED, Section 3.2.1].

+

The following claims MUST be in the JWT payload. Some of these claims MAY be selectively disclosed, these are listed in the following tables that specify whether a claim is selectively disclosable [SD] or not [NSD].

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

iss

[NSD].URL string representing the PID/(Q)EAA Issuer unique identifier.

[RFC7519, Section 4.1.1].

sub

[NSD].Thumbprint of the JWK in the cnf parameter.

[RFC7519, Section 4.1.2].

jti

[NSD].Unique Token ID identifier of this JWT. It SHOULD be a String in uuid4 format.

[RFC7519, Section 4.1.7].

iat

[SD].UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in RFC 7519.

[RFC7519, Section 4.1.6].

exp

[NSD].UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated in RFC 7519.

[RFC7519, Section 4.1.4].

status

[NSD].HTTPS URL where the credential validity status is available.

[SD-JWT-VC. Section 4.2.2.2].

cnf

[NSD].JSON object containing the proof-of-possession key materials. By including a cnf (confirmation) claim in a JWT, the issuer of the JWT declares that the Holder is in control of the private key related to the public one defined in the cnf parameter. The recipient MUST cryptographically verify that the Holder is in control of that key.

[RFC7800, Section 3.1].

vct

[NSD].Credential type as a string, MUST be set in accordance to the type obtained from the PID/(Q)EAA Issuer metadata. For example, in the case of the PID, it MUST be set to PersonIdentificationData.

[draft-terbu-sd-jwt-vc-latest. Section Type Claim].

verified_claims

[NSD].JSON object containing the following sub-elements:

+
+
    +

  • verification;

    • +

  • claims.

    • +
+
+

[OIDC.IDA. Section 5].

+
+
+

PID/(Q)EAA Verification field

+

The verification claim contains the information regarding the trust framework used by the PID/(Q)EAA Issuer to provide the User attributes (claims).

+

The verification claim is a JSON structure with all the following mandatory sub-claims.

+ +++++ + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

trust_framework

[NSD]. It MUST be set to eidas.

[OID.IDA. Section 5.1]

assurance_level

[NSD]. MUST be set according to the LoA required. For PID credential it MUST be set to high.

[OID.IDA. Section 5.1]

evidence

[SD]. JSON Array. Each element is the electronic evidence of the User identification during the PID issuance or, in the case of (Q)EAA, with this evidence the Authentic Source assures the authenticity of the data conveyed in the (Q)EAA. It MUST contain at least the following claims:

+
+
    +

  • type: MUST be set to electronic_record

    • +

  • record: JSON object (see the table below)

    • +
+
+

[OID.IDA. Section 5.1]

+

The record MUST have at least the following sub parameters:

+ +++++ + + + + + + + + + + + + + + + + +

Claim

Description

Reference

type

It uniquely identifies the trust framework used for the provisioning of the credential. For example, in case of PID, the value https://eudi.wallet.cie.gov.it means that the CIE id identification scheme is used.

[OID.IDA. Section 5.1.1.2]

source

JSON Object cointaining the following mandatory claims:

+
    +

  • organization_name: Name of the Organization acting as Authentic Source.

    • +

  • organization_id: Identification code for the Organization. For public Organization, it MUST be set to the IPA Code, following the URN namespace urn:eudi:it:organization_id:ipa_code:<that-value>.

    • +

  • country_code: String representing country in [ISO3166-1] Alpha-2 (e.g., IT) or [ISO3166-3] syntax.

    • +
+

[OID.IDA. Section 5.1.1.2]

+
+

Warning

+

Note that the sub-claims of the evidence parameter are not selectively disclosable separately, thus, for example, the User cannot give only the record type without the disclosure of the record source value (organization name, identifier and country).

+
+
+
+

PID Claims field

+

The claims parameter contains the User attributes with the following mandatory fields:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

given_name

[SD]. Current First Name.

[OpenID Connect Core 1.0, Section 5.1]

family_name

[SD]. Current Family Name.

[OpenID Connect Core 1.0, Section 5.1]

birth_date

[SD]. Date of Birth.

birth_place

[SD]. Place of Birth. JSON Object with the following subclaims:

+
    +

  • country

    • +

  • locality

    • +
+

unique_id

[SD]. Unique citizen identifier (ID ANPR) given by the National Register of the Resident Population (ANPR). It MUST be set according to ANPR rules

tax_id_code

[SD]. National tax identification code of natural person as a String format. It MUST be set according to ETSI EN 319 412-1. For example TINIT-<ItalianTaxIdentificationNumber>

+
+
+

PID Non-normative Examples

+

In the following, the non-normative example of a PID in JSON format.

+
{
+  "iss": "https://issuer.example.org",
+  "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs",
+  "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c",
+  "iat": 1683000000,
+  "exp": 1883000000,
+  "status": "https://pidprovider.example.org/status",
+  "vct": "PidIdentificationData",
+  "verified_claims": {
+    "verification": {
+      "trust_framework": "eidas",
+      "assurance_level": "high",
+      "evidence": [
+        {
+          "type": "electronic_record",
+          "record": {
+            "type": "https://eudi.wallet.cie.gov.it",
+            "source": {
+              "organization_name": "Ministero dell'Interno",
+              "organization_id":
+                "urn:eudi:it:organization_id:ipa_code:m_it",
+              "country_code": "IT"
+            }
+          }
+        }
+      ]
+    },
+    "claims": {
+      "unique_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+      "given_name": "Mario",
+      "family_name": "Rossi",
+      "birth_date": "1980-01-10",
+      "birth_place": {
+        "country": "IT",
+        "locality": "Rome"
+      },
+      "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX"
+    }
+  }
+}
+
+
+

The corresponding SD-JWT verson for PID is given by

+
{
+   "typ":"vc+sd-jwt",
+   "alg":"RS512",
+   "kid":"dB67gL7ck3TFiIAf7N6_7SHvqk0MDYMEQcoGGlkUAAw",
+   "trust_chain" : [
+    "NEhRdERpYnlHY3M5WldWTWZ2aUhm ...",
+    "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...",
+    "IkJYdmZybG5oQU11SFIwN2FqVW1B ..."
+   ]
+}
+
+
+
{
+  "_sd": [
+    "7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc"
+  ],
+  "iss": "https://issuer.example.org",
+  "exp": 1883000000,
+  "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs",
+  "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c",
+  "status": "https://pidprovider.example.org/status",
+  "vct": "PidIdentificationData",
+  "verified_claims": {
+    "verification": {
+      "_sd": [
+        "gd8gRxKT1hg8ptnvR5fPGhae0VXllDblsiJT9adxiS8"
+      ],
+      "trust_framework": "eidas",
+      "assurance_level": "high"
+    },
+    "claims": {
+      "_sd": [
+        "4g9lBt38U1EeTA1zlvvGfFgPPcoe3zmbQ_zSRDgHQaE",
+        "EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ",
+        "EfP5vho0dBdoObBbL45cOTmMsKo6LrSuN4My72y01SE",
+        "F90SKK9nIQcHIElkHY_ult_9FGqYe-RydvY3E0qR96s",
+        "IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ",
+        "lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA"
+      ]
+    }
+  },
+  "_sd_alg": "sha-256",
+  "cnf": {
+    "jwk": {
+      "kty": "EC",
+      "crv": "P-256",
+      "x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc",
+      "y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ"
+    }
+  }
+}
+
+
+

In the following the disclosure list is given

+

Claim iat:

+
    +

  • SHA-256 Hash: 7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc

    • +

  • Disclosure: +WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd

    • +

  • Contents: ["57mvycTh5yZCrKLZ5xnfUw", "iat", 1683000000]

    • +
+

Claim source:

+
    +

  • SHA-256 Hash: ZMHbFH9SeT9CZQaOMVrXDMGWIouzXRKspKp9fDhvJ3I

    • +

  • Disclosure: +WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5p +emF0aW9uX25hbWUiOiAiTWluaXN0ZXJvIGRlbGwnSW50ZXJubyIsICJvcmdh +bml6YXRpb25faWQiOiAidXJuOmV1ZGk6aXQ6b3JnYW5pemF0aW9uX2lkOmlw +YV9jb2RlOm1faXQiLCAiY291bnRyeV9jb2RlIjogIklUIn1d

    • +

  • Contents: +["kucrBmlo_hMaIFF585RzaQ", "source", {"organization_name": +"Ministero dell'Interno", "organization_id": +"urn:eudi:it:organization_id:ipa_code:m_it", "country_code": +"IT"}]

    • +
+

Claim evidence:

+
    +

  • SHA-256 Hash: gd8gRxKT1hg8ptnvR5fPGhae0VXllDblsiJT9adxiS8

    • +

  • Disclosure: +WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImV2aWRlbmNlIiwgW3sidHlw +ZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZWNvcmQiOiB7Il9zZCI6IFsi +Wk1IYkZIOVNlVDlDWlFhT01WclhETUdXSW91elhSS3NwS3A5ZkRodkozSSJd +LCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LmNpZS5nb3YuaXQifX1d +XQ

    • +

  • Contents: ["NTNRoOiuVVRtF6CEztd9Zw", "evidence", [{"type": +"electronic_record", "record": {"_sd": +["ZMHbFH9SeT9CZQaOMVrXDMGWIouzXRKspKp9fDhvJ3I"], "type": +"https://eudi.wallet.cie.gov.it"}}]]

    • +
+

Claim unique_id:

+
    +

  • SHA-256 Hash: 4g9lBt38U1EeTA1zlvvGfFgPPcoe3zmbQ_zSRDgHQaE

    • +

  • Disclosure: +WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgInVuaXF1ZV9pZCIsICJ4eHh4 +eHh4eC14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ

    • +

  • Contents: ["FDSSPggzGBUwQLHDSE6wQQ", "unique_id", +"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]

    • +
+

Claim given_name:

+
    +

  • SHA-256 Hash: lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA

    • +

  • Disclosure: +WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImdpdmVuX25hbWUiLCAiTWFy +aW8iXQ

    • +

  • Contents: ["KZ8e5wVEtDvb1ziSPA4DzA", "given_name", "Mario"]

    • +
+

Claim family_name:

+
    +

  • SHA-256 Hash: IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ

    • +

  • Disclosure: +WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImZhbWlseV9uYW1lIiwgIlJv +c3NpIl0

    • +

  • Contents: ["pZ5MRyOxpVWZuHLoJ-yjRg", "family_name", "Rossi"]

    • +
+

Claim birth_date:

+
    +

  • SHA-256 Hash: EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ

    • +

  • Disclosure: +WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgImJpcnRoX2RhdGUiLCAiMTk4 +MC0wMS0xMCJd

    • +

  • Contents: ["jtVuKCpn7bTcHrAg_seUbQ", "birth_date", "1980-01-10"]

    • +
+

Claim birth_place:

+
    +

  • SHA-256 Hash: EfP5vho0dBdoObBbL45cOTmMsKo6LrSuN4My72y01SE

    • +

  • Disclosure: +WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgImJpcnRoX3BsYWNlIiwgeyJj +b3VudHJ5IjogIklUIiwgImxvY2FsaXR5IjogIlJvbWUifV0

    • +

  • Contents: +["WDkd6JsNhDFvLP4s1hQdyA", "birth_place", {"country": "IT", +"locality": "Rome"}]

    • +
+

Claim tax_id_code:

+
    +

  • SHA-256 Hash: F90SKK9nIQcHIElkHY_ult_9FGqYe-RydvY3E0qR96s

    • +

  • Disclosure: +WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiwgInRheF9pZF9jb2RlIiwgIlRJ +TklULVhYWFhYWFhYWFhYWFhYWFgiXQ

    • +

  • Contents: ["4ksAz6bMUKy6ZvN1h8HDuQ", "tax_id_code", +"TINIT-XXXXXXXXXXXXXXXX"]

    • +
+

The combined format for the PID issuance is given by

+
eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0.eyJfc2QiOiBb
+IjdXRzRuVDZLMjZfUjM5NzV6Y3duVndnb0hBN2I5ODhfMy12SnpiWmY2WWMiXSwgImlz
+cyI6ICJodHRwczovL2lzc3Vlci5leGFtcGxlLm9yZyIsICJleHAiOiAxODgzMDAwMDAw
+LCAic3ViIjogIk56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcyIsICJqdGki
+OiAidXJuOnV1aWQ6NmM1YzBhNDktYjU4OS00MzFkLWJhZTctMjE5MTIyYTllYzJjIiwg
+InN0YXR1cyI6ICJodHRwczovL3BpZHByb3ZpZGVyLmV4YW1wbGUub3JnL3N0YXR1cyIs
+ICJ2Y3QiOiAiUGlkSWRlbnRpZmljYXRpb25EYXRhIiwgInZlcmlmaWVkX2NsYWltcyI6
+IHsidmVyaWZpY2F0aW9uIjogeyJfc2QiOiBbImdkOGdSeEtUMWhnOHB0bnZSNWZQR2hh
+ZTBWWGxsRGJsc2lKVDlhZHhpUzgiXSwgInRydXN0X2ZyYW1ld29yayI6ICJlaWRhcyIs
+ICJhc3N1cmFuY2VfbGV2ZWwiOiAiaGlnaCJ9LCAiY2xhaW1zIjogeyJfc2QiOiBbIjRn
+OWxCdDM4VTFFZVRBMXpsdnZHZkZnUFBjb2Uzem1iUV96U1JEZ0hRYUUiLCAiRVlnekox
+aFRZV0pqaEJLMlYzYjhIVjNlX2ZFZi1VZGZmYzV5bVk3N1d0USIsICJFZlA1dmhvMGRC
+ZG9PYkJiTDQ1Y09UbU1zS282THJTdU40TXk3MnkwMVNFIiwgIkY5MFNLSzluSVFjSElF
+bGtIWV91bHRfOUZHcVllLVJ5ZHZZM0UwcVI5NnMiLCAiSWNZSFF5ZFRfQzNVMUlxYUps
+RmljeExsYUhUSHZFbHlGWjZKeGlhMjdxUSIsICJsWGd4RURBdVBlVXZta2NOR3I5Rlp1
+cW9kd0ZxVVQwMWdKajd4ZDR5RVBBIl19fSwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJj
+bmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIlRD
+QUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMiLCAieSI6ICJa
+eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.OjCk1
+G0STMjlG1eSfQRQHEcMdWxRkEDk0yF5eVahuW7x2qymvv_iLqBOLwVb4R_kGHVc4w6ju
+5hs2Pmz4diW4w~WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMD
+AwMDBd~WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5pe
+mF0aW9uX25hbWUiOiAiTWluaXN0ZXJvIGRlbGwnSW50ZXJubyIsICJvcmdhbml6YXRpb
+25faWQiOiAidXJuOmV1ZGk6aXQ6b3JnYW5pemF0aW9uX2lkOmlwYV9jb2RlOm1faXQiL
+CAiY291bnRyeV9jb2RlIjogIklUIn1d~WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3Iiwg
+ImV2aWRlbmNlIiwgW3sidHlwZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZWNvcmQi
+OiB7Il9zZCI6IFsiWk1IYkZIOVNlVDlDWlFhT01WclhETUdXSW91elhSS3NwS3A5ZkRo
+dkozSSJdLCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LmNpZS5nb3YuaXQifX1d
+XQ~WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgInVuaXF1ZV9pZCIsICJ4eHh4eHh4e
+C14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ~WyJLWjhlNXdWRXREdmIxemlTUE
+E0RHpBIiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJwWjVNUnlPeHBWV1p1SExvSi1
+5alJnIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJqdFZ1S0NwbjdiVGNIckFnX3N
+lVWJRIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd~WyJXRGtkNkpzTmhERnZMUD
+RzMWhRZHlBIiwgImJpcnRoX3BsYWNlIiwgeyJjb3VudHJ5IjogIklUIiwgImxvY2FsaX
+R5IjogIlJvbWUifV0~WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiwgInRheF9pZF9jb2
+RlIiwgIlRJTklULVhYWFhYWFhYWFhYWFhYWFgiXQ~
+
+
+
+
+

(Q)EAA Non-normative examples

+

In the following, we provide a non-normative example of (Q)EAA in JSON.

+
{
+  "iss": "https://issuer.example.org",
+  "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs",
+  "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c",
+  "iat": 1683000000,
+  "exp": 1883000000,
+  "status": "https://issuer.example.org/status",
+  "vct": "DisabilityCard",
+  "verified_claims": {
+    "verification": {
+      "trust_framework": "eidas",
+      "assurance_level": "high",
+      "evidence": [
+        {
+          "type": "electronic_record",
+          "record": {
+            "type": "https://eudi.wallet.pdnd.gov.it",
+            "source": {
+              "organization_name": "Istituto Nazionale della Previdenza Sociale",
+              "organization_id":
+                "urn:eudi:it:organization_id:ipa_code:inps",
+              "country_code": "IT"
+            }
+          }
+        }
+      ]
+    },
+    "claims": {
+      "document_number": "XXXXXXXXXX",
+      "given_name": "Mario",
+      "family_name": "Rossi",
+      "birth_date": "1980-01-10",
+      "expiry_date": "2024-01-01",
+      "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX",
+      "constant_attendance_allowance": true
+    }
+  }
+}
+
+
+

The corresponding SD-JWT for the previous data is represented as follow, as decoded JSON for both header and payload.

+
{
+   "typ":"vc+sd-jwt",
+   "alg":"RS512",
+   "kid":"d126a6a856f7724560484fa9dc59d195",
+   "trust_chain" : [
+    "NEhRdERpYnlHY3M5WldWTWZ2aUhm ...",
+    "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...",
+    "IkJYdmZybG5oQU11SFIwN2FqVW1B ..."
+   ]
+}
+
+
+
{
+  "_sd": [
+    "7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc"
+  ],
+  "iss": "https://issuer.example.org",
+  "exp": 1883000000,
+  "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs",
+  "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c",
+  "status": "https://issuer.example.org/status",
+  "vct": "DisabilityCard",
+  "verified_claims": {
+    "verification": {
+      "_sd": [
+        "sTskq0yFy31ZH3YP2nN_nFnd7H9q18dU3oEa1DC5LRc"
+      ],
+      "trust_framework": "eidas",
+      "assurance_level": "high"
+    },
+    "claims": {
+      "_sd": [
+        "3humFjiCYHdHzjL-OEd1vKnQa10ivaYEd1dCCkfRuaA",
+        "EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ",
+        "F90SKK9nIQcHIElkHY_ult_9FGqYe-RydvY3E0qR96s",
+        "IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ",
+        "dfrmUvonZDgealZCGwk3ufmc_4ept3y9N7xhWZlCyxo",
+        "ji86HS1v3D41tU5JqW4oWCwTJDuTUwp1ewqoCUzzEXk",
+        "lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA"
+      ]
+    }
+  },
+  "_sd_alg": "sha-256",
+  "cnf": {
+    "jwk": {
+      "kty": "EC",
+      "crv": "P-256",
+      "x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc",
+      "y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ"
+    }
+  }
+}
+
+
+

In the following the disclosure list is given:

+

Claim iat:

+
    +

  • SHA-256 Hash: 7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc

    • +

  • Disclosure: +WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd

    • +

  • Contents: ["57mvycTh5yZCrKLZ5xnfUw", "iat", 1683000000]

    • +
+

Claim source:

+
    +

  • SHA-256 Hash: qfuzrQuGcbBBKaE4Q9eqVCSznzJ2rNndLG8q606RLsM

    • +

  • Disclosure: +WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5p +emF0aW9uX25hbWUiOiAiSXN0aXR1dG8gTmF6aW9uYWxlIGRlbGxhIFByZXZp +ZGVuemEgU29jaWFsZSIsICJvcmdhbml6YXRpb25faWQiOiAidXJuOmV1ZGk6 +aXQ6b3JnYW5pemF0aW9uX2lkOmlwYV9jb2RlOmlucHMiLCAiY291bnRyeV9j +b2RlIjogIklUIn1d

    • +

  • Contents: +["kucrBmlo_hMaIFF585RzaQ", "source", {"organization_name": +"Istituto Nazionale della Previdenza Sociale", +"organization_id": +"urn:eudi:it:organization_id:ipa_code:inps", "country_code": +"IT"}]

    • +
+

Claim evidence:

+
    +

  • SHA-256 Hash: sTskq0yFy31ZH3YP2nN_nFnd7H9q18dU3oEa1DC5LRc

    • +

  • Disclosure: +WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImV2aWRlbmNlIiwgW3sidHlw +ZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZWNvcmQiOiB7Il9zZCI6IFsi +cWZ1enJRdUdjYkJCS2FFNFE5ZXFWQ1N6bnpKMnJObmRMRzhxNjA2UkxzTSJd +LCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LnBkbmQuZ292Lml0In19 +XV0

    • +

  • Contents: ["NTNRoOiuVVRtF6CEztd9Zw", "evidence", [{"type": +"electronic_record", "record": {"_sd": +["qfuzrQuGcbBBKaE4Q9eqVCSznzJ2rNndLG8q606RLsM"], "type": +"https://eudi.wallet.pdnd.gov.it"}}]]

    • +
+

Claim document_number:

+
    +

  • SHA-256 Hash: 3humFjiCYHdHzjL-OEd1vKnQa10ivaYEd1dCCkfRuaA

    • +

  • Disclosure: +WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImRvY3VtZW50X251bWJlciIs +ICJYWFhYWFhYWFhYIl0

    • +

  • Contents: +["FDSSPggzGBUwQLHDSE6wQQ", "document_number", "XXXXXXXXXX"]

    • +
+

Claim given_name:

+
    +

  • SHA-256 Hash: lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA

    • +

  • Disclosure: +WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImdpdmVuX25hbWUiLCAiTWFy +aW8iXQ

    • +

  • Contents: ["KZ8e5wVEtDvb1ziSPA4DzA", "given_name", "Mario"]

    • +
+

Claim family_name:

+
    +

  • SHA-256 Hash: IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ

    • +

  • Disclosure: +WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImZhbWlseV9uYW1lIiwgIlJv +c3NpIl0

    • +

  • Contents: ["pZ5MRyOxpVWZuHLoJ-yjRg", "family_name", "Rossi"]

    • +
+

Claim birth_date:

+
    +

  • SHA-256 Hash: EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ

    • +

  • Disclosure: +WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgImJpcnRoX2RhdGUiLCAiMTk4 +MC0wMS0xMCJd

    • +

  • Contents: ["jtVuKCpn7bTcHrAg_seUbQ", "birth_date", "1980-01-10"]

    • +
+

Claim expiry_date:

+
    +

  • SHA-256 Hash: dfrmUvonZDgealZCGwk3ufmc_4ept3y9N7xhWZlCyxo

    • +

  • Disclosure: +WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgImV4cGlyeV9kYXRlIiwgIjIw +MjQtMDEtMDEiXQ

    • +

  • Contents: ["WDkd6JsNhDFvLP4s1hQdyA", "expiry_date", "2024-01-01"]

    • +
+

Claim tax_id_code:

+
    +

  • SHA-256 Hash: F90SKK9nIQcHIElkHY_ult_9FGqYe-RydvY3E0qR96s

    • +

  • Disclosure: +WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiwgInRheF9pZF9jb2RlIiwgIlRJ +TklULVhYWFhYWFhYWFhYWFhYWFgiXQ

    • +

  • Contents: ["4ksAz6bMUKy6ZvN1h8HDuQ", "tax_id_code", +"TINIT-XXXXXXXXXXXXXXXX"]

    • +
+

Claim constant_attendance_allowance:

+
    +

  • SHA-256 Hash: ji86HS1v3D41tU5JqW4oWCwTJDuTUwp1ewqoCUzzEXk

    • +

  • Disclosure: +WyJEZFdxS2g3d2RJNVZBeEtTdnhzWFZRIiwgImNvbnN0YW50X2F0dGVuZGFu +Y2VfYWxsb3dhbmNlIiwgdHJ1ZV0

    • +

  • Contents: +["DdWqKh7wdI5VAxKSvxsXVQ", "constant_attendance_allowance", +true]

    • +
+

The combined format for the PID issuance is represented below:

+
eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0.eyJfc2QiOiBb
+IjdXRzRuVDZLMjZfUjM5NzV6Y3duVndnb0hBN2I5ODhfMy12SnpiWmY2WWMiXSwgImlz
+cyI6ICJodHRwczovL2lzc3Vlci5leGFtcGxlLm9yZyIsICJleHAiOiAxODgzMDAwMDAw
+LCAic3ViIjogIk56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcyIsICJqdGki
+OiAidXJuOnV1aWQ6NmM1YzBhNDktYjU4OS00MzFkLWJhZTctMjE5MTIyYTllYzJjIiwg
+InN0YXR1cyI6ICJodHRwczovL2lzc3Vlci5leGFtcGxlLm9yZy9zdGF0dXMiLCAidmN0
+IjogIkRpc2FiaWxpdHlDYXJkIiwgInZlcmlmaWVkX2NsYWltcyI6IHsidmVyaWZpY2F0
+aW9uIjogeyJfc2QiOiBbInNUc2txMHlGeTMxWkgzWVAybk5fbkZuZDdIOXExOGRVM29F
+YTFEQzVMUmMiXSwgInRydXN0X2ZyYW1ld29yayI6ICJlaWRhcyIsICJhc3N1cmFuY2Vf
+bGV2ZWwiOiAiaGlnaCJ9LCAiY2xhaW1zIjogeyJfc2QiOiBbIjNodW1GamlDWUhkSHpq
+TC1PRWQxdktuUWExMGl2YVlFZDFkQ0NrZlJ1YUEiLCAiRVlnekoxaFRZV0pqaEJLMlYz
+YjhIVjNlX2ZFZi1VZGZmYzV5bVk3N1d0USIsICJGOTBTS0s5bklRY0hJRWxrSFlfdWx0
+XzlGR3FZZS1SeWR2WTNFMHFSOTZzIiwgIkljWUhReWRUX0MzVTFJcWFKbEZpY3hMbGFI
+VEh2RWx5Rlo2SnhpYTI3cVEiLCAiZGZybVV2b25aRGdlYWxaQ0d3azN1Zm1jXzRlcHQz
+eTlON3hoV1psQ3l4byIsICJqaTg2SFMxdjNENDF0VTVKcVc0b1dDd1RKRHVUVXdwMWV3
+cW9DVXp6RVhrIiwgImxYZ3hFREF1UGVVdm1rY05HcjlGWnVxb2R3RnFVVDAxZ0pqN3hk
+NHlFUEEiXX19LCAiX3NkX2FsZyI6ICJzaGEtMjU2IiwgImNuZiI6IHsiandrIjogeyJr
+dHkiOiAiRUMiLCAiY3J2IjogIlAtMjU2IiwgIngiOiAiVENBRVIxOVp2dTNPSEY0ajRX
+NHZmU1ZvSElQMUlMaWxEbHM3dkNlR2VtYyIsICJ5IjogIlp4amlXV2JaTVFHSFZXS1ZR
+NGhiU0lpcnNWZnVlY0NFNnQ0alQ5RjJIWlEifX19.hbgWxBoQtLVpTfygYVDhrgnoCkw
+aw_hqY9GpxG4oXixejLEMvTOAwYFtqiNnYSuNaaGD6aemJW7jLSHDm9NOGA~WyI1N212
+eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd~WyJrdWNyQm1sb19
+oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5pemF0aW9uX25hbWUiOiAiSXN
+0aXR1dG8gTmF6aW9uYWxlIGRlbGxhIFByZXZpZGVuemEgU29jaWFsZSIsICJvcmdhbml
+6YXRpb25faWQiOiAidXJuOmV1ZGk6aXQ6b3JnYW5pemF0aW9uX2lkOmlwYV9jb2RlOml
+ucHMiLCAiY291bnRyeV9jb2RlIjogIklUIn1d~WyJOVE5Sb09pdVZWUnRGNkNFenRkOV
+p3IiwgImV2aWRlbmNlIiwgW3sidHlwZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZW
+NvcmQiOiB7Il9zZCI6IFsicWZ1enJRdUdjYkJCS2FFNFE5ZXFWQ1N6bnpKMnJObmRMRz
+hxNjA2UkxzTSJdLCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LnBkbmQuZ292Lm
+l0In19XV0~WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImRvY3VtZW50X251bWJlci
+IsICJYWFhYWFhYWFhYIl0~WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImdpdmVuX2
+5hbWUiLCAiTWFyaW8iXQ~WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImZhbWlseV9
+uYW1lIiwgIlJvc3NpIl0~WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgImJpcnRoX2R
+hdGUiLCAiMTk4MC0wMS0xMCJd~WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgImV4cG
+lyeV9kYXRlIiwgIjIwMjQtMDEtMDEiXQ~WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiw
+gInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWFhYWFhYWFhYWFgiXQ~WyJEZFdxS2g3
+d2RJNVZBeEtTdnhzWFZRIiwgImNvbnN0YW50X2F0dGVuZGFuY2VfYWxsb3dhbmNlIiwg
+dHJ1ZV0~
+
+
+
+
+
+

MDOC-CBOR

+

The PID/(Q)EAA MDOC-CBOR data model is defined in ISO/IEC 18013-5, the standard born for the the mobile driving license (mDL) use case.

+

The MDOC data elements MUST be encoded as defined in RFC 8949 - Concise Binary Object Representation (CBOR).

+

The PID encoded in MDOC-CBOR format uses the document type set to eu.europa.ec.eudiw.pid.1, according to the reverse domain approach defined in the +EIDAS-ARF and ISO/IEC 18013-5.

+

The document's data elements utilize a consistent namespace for the mandatory Mobile Driving License attributes, while the national PID attributes use the domestic namespace eu.europa.ec.eudiw.pid.it.1, as outlined in this implementation profile.

+

In compliance with ISO/IEC 18013-5, the MDOC data model in the domestic namespace eu.europa.ec.eudiw.pid.it.1, requires the following attributes:

+ +++++ + + + + + + + + + + + + + + + + + + + + +

Attribute name

Description

Reference

version

tstr (text string). Version of the data structure being used. It's a way to track changes and updates to the standard or to a specific implementation profile. This allows for backward compatibility and understanding of the data if the standard or implementation evolves over time.

[ISO 18013-5#8.3.2.1.2]

status

uint (unsigned int). Status code. For example "status":0 means OK (normal processing).

[ISO 18013-5#8.3.2.1.2.3]

documents

bstr (byte string). The collection of digital documents. Each document in this collection represents a specific type of data or information related to the Digital Credential.

[ISO 18013-5#8.3.2.1.2]

+

Each document within the documents collection MUST have the following structure:

+ +++++ + + + + + + + + + + + + + + + + +

Attribute name

Description

Reference

docType

tstr (text string). Document type. For the PID, the value MUST be set to eu.europa.ec.eudiw.pid.1. For an mDL, the value MUST be org.iso.18013-5.1.mDL.

[ISO 18013-5#8.3.2.1.2]

issuerSigned

bstr (byte string). It MUST contain the Mobile Security Object for Issuer data authentication and the data elements protected by Issuer data authentication.

[ISO 18013-5#8.3.2.1.2]

+

The issuerSigned object MUST have the following structure:

+ +++++ + + + + + + + + + + + + + + + + +

Attribute name

Description

Reference

nameSpaces

bstr (byte string) with tag 24 and major type 6. Returned data elements for the namespaces. It MAY be possible to have one or more namespaces. The nameSpaces MUST use the same value for the document type. However, it MAY have a domestic namespace to include attributes defined in this implementation profile. The value MUST be set to eu.europa.ec.eudiw.pid.it.1.

[ISO 18013-5#8.3.2.1.2]

issuerAuth

bstr (byte string). Contains Mobile Security Object (MSO), a COSE Sign1 Document, issued by the Credential Issuer.

[ISO 18013-5#9.1.2.4]

+

During the presentation of the MDOC-CBOR credential, in addition to the objects in the table above, a deviceSigned object MUST also be added. deviceSigned MUST NOT be included in the issued credential provided by the PID/(Q)EAA Issuer.

+ +++++ + + + + + + + + + + + + +

Attribute name

Description

Reference

deviceSigned

bstr (byte string). Data elements signed by the Wallet Instance during the presentation phase.

[ISO 18013-5#8.3.2.1.2]

+

Where the deviceSigned MUST have the following structure:

+ +++++ + + + + + + + + + + + + + + + + +

Attribute name

Description

Reference

nameSpaces

tstr (text string). Returned data elements for the namespaces. It MAY be possible to have one or more namespaces. It MAY be used for self-attested claims.

[ISO 18013-5#8.3.2.1.2]

deviceAuth

bstr (byte string). It MUST contain either the DeviceSignature or the DeviceMac element.

[ISO 18013-5#8.3.2.1.2]

+
+

Note

+

A deviceSigned object given during the presentation phase has two purposes:

+
+
    +

  1. It provides optional self-attested attributes in the nameSpaces object. If no self-attested attributes are provided by the Wallet Instance, the nameSpaces object MUST be included with an empty structure.

    2. +

  2. Provide a cryptographic proof attesting that the Holder is the legitimate owner of the Credential, by means of a deviceAuth object.

    3. +
+
+
+
+

Note

+

The issuerSigned and the deviceSigned objects contain the nameSpaces object and the Mobile Security Object. The latter is the only signed object, while the nameSpaces object is not signed.

+
+
+

nameSpaces

+

The nameSpaces object contains one or more IssuerSignedItemBytes that are encoded using CBOR bitsring 24 tag (#6.24(bstr .cbor), marked with the CBOR Tag 24(<<... >>) and represented in the example using the diagnostic format). It represents the disclosure information for each digest within the Mobile Security Object and MUST contain the following attributes:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

Name

Encoding

Description

digestID

integer

Reference value to one of the ValueDigests provided in the Mobile Security Object (issuerAuth).

random

bstr (byte string)

Random byte value used as salt for the hash function. This value SHALL be different for each IssuerSignedItem and it SHALL have a minimum length of 16 bytes.

elementIdentifier

tstr (text string)

Data element identifier.

elementValue

depends by the value, see the next table.

Data element value.

+

The elementIdentifier data that MUST be included in a PID/(Q)EAA are:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Namespace

Element identifier

Description

eu.europa.ec.eudiw.pid.1

issue_date

full-date (CBORTag 1004). Date when the PID/(Q)EAA was issued.

eu.europa.ec.eudiw.pid.1

expiry_date

full-date (CBORTag 1004). Date when the PID/(Q)EAA will expire.

eu.europa.ec.eudiw.pid.1

issuing_authority

tstr (text string). Name of administrative authority that has issued the PID/(Q)EAA.

eu.europa.ec.eudiw.pid.1

issuing_country

tstr (text string). Alpha-2 country code as defined in [ISO 3166].

eu.europa.ec.eudiw.pid.it.1

verification.evidence

bstr (byte string). As defined in the PID/(Q)EAA Verification field Section.

eu.europa.ec.eudiw.pid.it.1

verification.trust_framework

tstr (text string). As defined in the PID/(Q)EAA Verification field Section.

eu.europa.ec.eudiw.pid.it.1

verification.assurance_level

tstr (text string). As defined in the PID/(Q)EAA Verification field Section.

eu.europa.ec.eudiw.pid.it.1

status

tstr (text string). HTTPS URL where the credential validity status is available.

+

Depending on the Digital Credential type, additional elementIdentifier data MAY be added. The PID MUST support the following data:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Namespace

Element identifier

Description

eu.europa.ec.eudiw.pid.1

given_name

tstr (text string). See PID Claims fields Section.

eu.europa.ec.eudiw.pid.1

family_name

tstr (text string). See PID Claims fields Section.

eu.europa.ec.eudiw.pid.1

birth_date

full-date (CBORTag 1004). See PID Claims fields Section.

eu.europa.ec.eudiw.pid.1

birth_place

tstr (text string). See PID Claims fields Section.

eu.europa.ec.eudiw.pid.1

birth_country

tstr (text string). See PID Claims fields Section.

eu.europa.ec.eudiw.pid.1

unique_id

tstr (text string). See PID Claims fields Section.

eu.europa.ec.eudiw.pid.it.1

tax_id_code

tstr (text string). See PID Claims fields Section.

+
+
+

Mobile Security Object

+

The issuerAuth represents the Mobile Security Object which is a COSE Sign1 Document defined in RFC 9052 - CBOR Object Signing and Encryption (COSE): Structures and Process. It has the following data structure:

+
    +

  • protected header

    • +

  • unprotected header

    • +

  • payload

    • +

  • signature.

    • +
+

The protected header MUST contain the following parameter encoded in CBOR format:

+ +++++ + + + + + + + + + + + + +

Element

Description

Reference

Signature algorithm

-7 means ES256, SHA-256.

RFC8152

+
+

Note

+

Only the Signature Algorithm MUST be present in the protected headers, other elements SHOULD not be present in the protected header.

+
+

The unprotected header MUST contain the following parameter:

+ +++++ + + + + + + + + + + + + +

Element

Description

Reference

x5chain

Identified with the label 33

RFC 9360 CBOR Object Signing and Encryption (COSE) - Header Parameters for Carrying and Referencing X.509 Certificates.

+
+

Note

+

The x5chain is included in the unprotected header with the aim to make the Holder able to update the X.509 certificate chain, related to the Mobile Security Object issuer, without invalidating the signature.

+
+

The payload MUST contain the MobileSecurityObject, without the content-type COSE Sign header parameter and encoded as a byte string (bstr) using the CBOR Tag 24.

+

The MobileSecurityObjectBytes MUST have the following attributes:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Element

Description

Reference

docType

See Table.

[ISO 18013-5#9.1.2.4]

version

See Table.

[ISO 18013-5#9.1.2.4]

validityInfo.

Object containing issuance and expiration datetimes. It MUST contain the following sub-value:

+
+
    +

  • signed

    • +

  • validFrom

    • +

  • validUntil

    • +
+
+

[ISO 18013-5#9.1.2.4]

digestAlgorithm

According to the algorithm defined in the protected header.

[ISO 18013-5#9.1.2.4]

valueDigests

Mapped digest by unique id, grouped by namespace.

[ISO 18013-5#9.1.2.4]

deviceKeyInfo

It MUST contain the Wallet Instance's public key containing the following sub-values.

+
+
    +

  • deviceKey (REQUIRED).

    • +

  • keyAuthorizations (OPTIONAL).

    • +

  • keyInfo (OPTIONAL).

    • +
+
+

[ISO 18013-5#9.1.2.4]

+
+

Note

+

The private key related to the public key stored in the deviceKey object is used to sign the DeviceSignedItems object and proof the possession of the PID during the presentation phase (see the presentation phase with MDOC-CBOR).

+
+
+
+

MDOC-CBOR Examples

+

A non-normative example of a PID in MDOC-CBOR format is represented below using the AF Binary encoding:

+
A366737461747573006776657273696F6E63312E3069646F63756D656E747381A267646F6354797065781865752E6575726F70612E65632E65756469772E7069642E316C6973737565725369676E6564A26A697373756572417574688443A10126A1182159021930820215308201BCA003020102021404AD06A30C1A6DC6E93BE0E2E8F78DCAFA7907C2300A06082A8648CE3D040302305B310B3009060355040613025A45312E302C060355040A0C25465053204D6F62696C69747920616E64205472616E73706F7274206F66205A65746F706961311C301A06035504030C1349414341205A65746573436F6E666964656E73301E170D3231303932393033333034355A170D3232313130333033333034345A3050311A301806035504030C114453205A65746573436F6E666964656E7331253023060355040A0C1C5A65746F70696120436974792044657074206F662054726166666963310B3009060355040613025A453059301306072A8648CE3D020106082A8648CE3D030107034200047C5545E9A0B15F4FF3CE5015121E8AD3257C28D541C1CD0D604FC9D1E352CCC38ADEF5F7902D44B7A6FC1F99F06EEDF7B0018FD9DA716AEC2F1FFAC173356C7DA3693067301F0603551D23041830168014BBA2A53201700D3C97542EF42889556D15B7AC4630150603551D250101FF040B3009060728818C5D050102301D0603551D0E04160414CE5FD758A8E88563E625CF056BFE9F692F4296FD300E0603551D0F0101FF040403020780300A06082A8648CE3D0403020347003044022012B06A3813FFEC5679F3B8CDDB51EAA4B95B0CBB1786B09405E2000E9C46618C02202C1F778AD252285ED05D9B55469F1CB78D773671F30FE7AB815371942328317C59032AD818590325A667646F6354797065781865752E6575726F70612E65632E65756469772E7069642E316776657273696F6E63312E306C76616C6964697479496E666FA3667369676E6564C074323032332D30322D32325430363A32333A35365A6976616C696446726F6DC074323032332D30322D32325430363A32333A35365A6A76616C6964556E74696CC074323032342D30322D32325430303A30303A30305A6C76616C756544696765737473A2781865752E6575726F70612E65632E65756469772E7069642E31AC015820A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A025820CD372FB85148700FA88095E3492D3F9F5BEB43E555E5FF26D95F5A6ADC36F8E6035820E67E72111B363D80C8124D28193926000980E1211C7986CACBD26AACC5528D48045820F7D062D662826ED95869851DB06BB539B402047BAEE53A00E0AA35BFBE98265D0658202A132DBFE4784627B86AA3807CD19CFEFF487AAB3DD7A60D0AB119A72E736936075820BDCA9E8DBCA354E824E67BFE1533FA4A238B9EA832F23FB4271EBEB3A5A8F7200858202C0EAEC2F05B6C7FE7982683E3773B5D8D7A01E33D04DFCB162ADD8BD99BEE9A095820BFE220D85657CCEC3C67E7DB1DF747E9148A152334BB6D4B65B273279BCC36EC0A582018E38144F5044301D6A0B4EC9D5F98D4CD950E6EA2C29B849CBD457DA29B6AD30B58203C71D2F0EFA09D9E3FBBDFFD29204F6B292C9F79570AEF72DD86C91F7A3AA5C50C582065743D58D89D45E52044758F546034FD13A4F994BC270CDFA7844F74EB3F4B6E0D5820B4A8EB5D523BFFA17B41BDA12DDC7DA32AE1E5F7FF3DCC394A35401F16919BBF781B65752E6575726F70612E65632E65756469772E7069642E69742E31A10E58209D6C11644651126C94ACDAF0803E86D4C71D15D3B2712A14295416734EFD514D6D6465766963654B6579496E666FA1696465766963654B6579A401022001215820BA01AEA44EEE1E338EB2F04E279DBD51B34655783EE185150838C9A7A7C4DB7122582025BA0044439A3871A7B975A0994A85E79B705A9AC263B3FE899B0A93412EE8C96F646967657374416C676F726974686D675348412D32353658400813C28FD62F2602CBC14724E5865733C44A0FCA589B55C085EC9D5C725D6CCE25BA0044439A3871A7B975A0994A85E79B705A9AC263B3FE899B0A93412EE8C96A6E616D65537061636573A2781865752E6575726F70612E65632E65756469772E7069642E318DD818586DA4686469676573744944016672616E646F6D5820156DF9227AD341EAA61AABD301106FD21BDC18820E01DFC16BCF5FECC447111B71656C656D656E744964656E7469666965726B6578706972795F646174656C656C656D656E7456616C7565D903EC6A323032342D30322D3232D818586FA4686469676573744944026672616E646F6D5820A3A1F13F05544D03A5B50B5FDB78465808393BCF3B7953A345FE28F820C7BE0D71656C656D656E744964656E7469666965726D69737375616E63655F646174656C656C656D656E7456616C7565D903EC6A323032332D30322D3232D8185866A4686469676573744944036672616E646F6D5820852591F90F2C9DED57A03632E2C1322AB52A082A431E71A4149A6830C8F1AD0C71656C656D656E744964656E7469666965726F69737375696E675F636F756E7472796C656C656D656E7456616C7565624954D818587CA4686469676573744944046672616E646F6D5820D1D587B3512ACCE15C4F6B20944CEB002A464E4A158389788563408873C3FCE571656C656D656E744964656E7469666965727169737375696E675F617574686F726974796C656C656D656E7456616C7565764D696E69737465726F2064656C6C27496E7465726E6FD8185864A4686469676573744944056672616E646F6D582094FDD7609C0E73DC8589B5CAB11E1D9058CF8BFF8A336DA5F81FCBA055396A0F71656C656D656E744964656E7469666965726A676976656E5F6E616D656C656C656D656E7456616C7565654D6172696FD8185865A4686469676573744944066672616E646F6D5820660C0A7BF79E0E0261CA1547A4294FB808AA70738F424B13AB1B9440B566AE1371656C656D656E744964656E7469666965726B66616D696C795F6E616D656C656C656D656E7456616C756565526F737369D818586BA4686469676573744944076672616E646F6D5820315C53491286488FA07F5C2CE67135EF5C9959C3469C99A14E9B6DC924F9EBA571656C656D656E744964656E746966696572696269727468646174656C656C656D656E7456616C7565D903EC6A313935362D30312D3132D818587AA4686469676573744944086672616E646F6D582081C5CC04FBDF78E0F84DF72FDB87028ADE08E66DC5F31084826EBAD7AE70D84671656C656D656E744964656E7469666965726B62697274685F706C6163656C656C656D656E7456616C756581A267636F756E747279624954686C6F63616C69747964526F6D65D818587DA4686469676573744944096672616E646F6D5820764EF39C9D01F3AA6A87F441603CFE853FBA3CEE3BC2C168BCC9E96271D6E06371656C656D656E744964656E74696669657269756E697175655F69646C656C656D656E7456616C7565781E78787878787878782D7878782D787878782D787878787878787878787878D81858E8A46864696765737449440A6672616E646F6D5820AD20B3B9C67AED8089FF33ECDC108781C3B49B81CD7A3F059D2FE236977037B271656C656D656E744964656E74696669657275766572696669636174696F6E2E65766964656E63656C656C656D656E7456616C756581A2647479706571656C656374726F6E69635F7265636F7264667265636F7264A264747970656C65696461732E69742E63696566736F75726365A3716F7267616E697A6174696F6E5F6E616D656C65696461732E69742E6369656F6F7267616E697A6174696F6E5F6964646D5F69746C636F756E7472795F636F6465626974D8185879A46864696765737449440B6672616E646F6D5820C12314B3695D1401505187E2113115E2F7B4A14B135DEE320F5E6DF81275F17671656C656D656E744964656E746966696572667374617475736C656C656D656E7456616C7565781D68747470733A2F2F70696470726F76696465722E69742F737461747573D8185877A46864696765737449440C6672616E646F6D5820A7B6A9027ED97F25DF96DD0EAB8093B264A3BD6A1D5B24228F3FC5B18EF835FB71656C656D656E744964656E746966696572781C766572696669636174696F6E2E74727573745F6672616D65776F726B6C656C656D656E7456616C7565656569646173D8185876A46864696765737449440D6672616E646F6D5820C76CE2AE4E9BE1DB07A5CB397B54ACE3ECCC786D3F85E4348B923DEE059783DB71656C656D656E744964656E746966696572781C766572696669636174696F6E2E6173737572616E63655F6C6576656C6C656C656D656E7456616C75656468696768781B65752E6575726F70612E65632E65756469772E7069642E69742E3181D8185877A46864696765737449440E6672616E646F6D5820717DF3F583B1484366C33A1F869F2B5D201D466A8B589C79AB1A2D85E595432571656C656D656E744964656E7469666965726D7461785F69645F6E756D6265726C656C656D656E7456616C75657554494E49542D585858585858585858585858585858
+
+
+

The Diagnostic Notation of the above MDOC-CBOR is given below:

+
{
+  "status": 0,
+  "version": "1.0",
+  "documents": [
+    {
+    "docType": "eu.europa.ec.eudiw.pid.1",
+    "issuerSigned": {
+        "issuerAuth": [
+        << {1: -7} >>, % protected header with the value alg:ES256
+        {
+            33: h'30820215308201BCA003020102021404AD30C…'% 33->X5chain:COSE X_509
+        },
+        <<
+            24(<<
+                {
+                "docType": "eu.europa.ec.eudiw.pid.1",
+                "version": "1.0",
+                "validityInfo": {
+                    "signed": 0("2023-02-22T06:23:56Z"),
+                    "validFrom": 0("2023-02-22T06:23:56Z"),
+                    "validUntil": 0("2024-02-22T00:00:00Z")
+                },
+                "valueDigests": {
+                    "eu.europa.ec.eudiw.pid.1": {
+                        1:h'0F1571A97FFB799CC8FCDF2BA4FC2909929…',
+                        2: h'0CDFE077400432C055A2B69596C90…',
+                        3: h'E2382149255AE8E955AF9B8984395…',
+                        4: h'BBC77E6CCA981A3AD0C3E544EDF86…',
+                        6: h'BB6E6C68D1B4B4EC5A2AE9206F5t4…',
+                        7: h'F8A5966E6DAC9970E0334D8F75E25…',
+                        8: h'EAD5E8B5E543BD31F3BE57DE4ED45…',
+                        9: h'DEFDF1AA746718016EF1B94BFE5R6…'
+                    },
+                    "eu.europa.ec.eudiw.pid.it.1": {
+                        10: h'AFC5A127BE44753172844B13491D8…',
+                        11: h'AFC5A127BE44753172844B13492H4…',
+                        12: h'DJA5A127BE44753172844B13492H4…',
+                        13: h'KDL5A127BE44753172844B13492H4…',
+                        14: h'F9EE4D36F67DBD75E23311AC1C29…'
+                    }
+                },
+                "deviceKeyInfo": {
+                    "deviceKey": {
+                        1: 2, % kty:EC2 (Eliptic curves with x and y coordinate pairs)
+                        -1: 1, % crv:p256
+                        -2: h'B820963964E53AF064686DD9218303494A…', % x-coordiantes
+                        -3: h'0A6DA0AF437E2943F1836F31C678D89298E9…'% y-ccordiantes
+                    }
+                },
+                "digestAlgorithm": "SHA-256"
+                }
+            >>)
+        >>,
+        h'1AD0D6A7313EFDC38FCD765852FA2BD43DEBF48BF5A580D'
+        ],
+        "nameSpaces": {
+            "eu.europa.ec.eudiw.pid.1": [
+            24(<<
+                {
+                "digestID": 1,
+                "random": h'E0B70BCEFBD43686F345C9ED429343AA',
+                "elementIdentifier": "expiry_date",
+                "elementValue": 1004("2024-02-22")
+                }
+            >>),
+            24(<<
+                {
+                "digestID": 2,
+                "random": h'AE84834F389EE69888665B90A3E4FCCE',
+                "elementIdentifier": "issue_date",
+                "elementValue": 1004("2023-02-22")
+                }
+            >>),
+            24(<<
+                {
+                "digestID": 3,
+                "random": h'960CB15A2EA9B68E5233CE902807AA95',
+                "elementIdentifier": "issuing_country",
+                "elementValue": "IT"
+                }
+            >>),
+            24(<<
+                {
+                "digestID": 4,
+                "random": h'9D3774BD5994CCFED248674B32A4F76A',
+                "elementIdentifier": "issuing_authority",
+                "elementValue": "Ministero dell'Interno"
+                }
+            >>),
+            24(<<
+                {
+                "digestID": 5,
+                "random": h'EB12193DC66C6174530CDC29B274381F',
+                "elementIdentifier": "given_name",
+                "elementValue": "Mario"
+                }
+            >>)),
+            24(<<
+                {
+                "digestID": 6,
+                "random": h'DB143143538F3C8D41DC024F9CB25C9D',
+                "elementIdentifier": "family_name",
+                "elementValue": "Rossi"
+                }
+            >>),
+            24(<<
+                {
+                "digestID": 7,
+                "random": h'6059FF1CE27B4997B4ADE1DE7B01DC60',
+                "elementIdentifier": "birthdate",
+                "elementValue": 1004("1956-01-12")% the tag 1004 defines the value
+                                                    is a full date
+                }
+            >>),
+            24(<<
+                {
+                "digestID": 8,
+                "random": h'CAD1F6A38F603451F1FA653F81FF309D',
+                "elementIdentifier": "birth_place",
+                "elementValue": [
+                    {
+                        "country": "IT" ,
+                        "locality": "Rome"
+                    }
+                ]
+                }
+            >>),
+            24(<<
+                {
+                "digestID": 9,
+                "random": h'53C15C57B3B076E788795829190220B4',
+                "elementIdentifier": "unique_id",
+                "elementValue": "xxxxxxxx-xxx-xxxx-xxxxxxxxxxxx"
+                }
+            >>)
+            ],
+            "eu.europa.ec.eudiw.pid.it.1": [
+                24(<<
+                    {
+                    "digestID": 10,
+                    "random": h'CAD1F6A38F603451F1FA653F81FF309D',
+                    "elementIdentifier": "verification.evidence",
+                    "elementValue": [
+                        {
+                        "type": "electronic_record",
+                        "record": {
+                            "type": "eidas.it.cie",
+                            "source": {
+                                "organization_name": "eidas.it.cie",
+                                "organization_id":  "m_it",
+                                "country_code": "it",
+                            }
+                        }
+                        }
+                    ]
+                    }
+                >>),
+                24(<<
+                    {
+                    "digestID": 11,
+                    "random": h'CAD1F6A38F603451F1FA653F81FF309D,
+                    "elementIdentifier": "status",
+                    "elementValue": "https://pidprovider.example.it/status"
+                    }
+                >>),
+                24(<<
+                    {
+                    "digestID": 12,
+                    "random": h'564E3C65D46D06FEDEB0E7293A86GF',
+                    "elementIdentifier": "verification.trust_framework",
+                    "elementValue": "eidas"
+                    }
+                >>),
+                24(<<
+                    {
+                    "digestID": 13,
+                    "random": h'D884E5D5EF4CFC93FDB1E4EE8F3923',
+                    "elementIdentifier": "verification.assurance_level",
+                    "elementValue": "high"
+                    }
+                >>)
+                24(<<
+                    {
+                    "digestID": 14,
+                    "random": h'11aa7273a2d2daa973f5951f0c34c2fbae',
+                    "elementIdentifier": "tax_id_number",
+                    "elementValue": "TINIT-XXXXXXXXXXXXXXX"
+                    }
+                >>)
+            ]
+        }
+    }
+    }
+  ]
+}
+
+
+
+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/pid-eaa-issuance.html b/refs/pull/201/merge/en/pid-eaa-issuance.html new file mode 100644 index 000000000..9d32b4b29 --- /dev/null +++ b/refs/pull/201/merge/en/pid-eaa-issuance.html @@ -0,0 +1,2631 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | PID/(Q)EAA Issuance + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

PID/(Q)EAA Issuance

+

This section describes the PID and (Q)EAAs issuance flow with an high level of security. +The relevant entities and interfaces involved in the issuance flow are:

+
+
    +

  • Wallet Provider: The entity responsible for releasing an EUDI Wallet Solution. The Wallet Provider issues the Wallet Attestations to its Wallet Instances through an Attestation Service. The Wallet Attestation certifies the genuinity and authenticity of the Wallet Instance and its compliance with the security and privacy requirements.

    • +

  • Wallet Solution: Entire product and service owned by a Wallet Provider, offered to all the Users and certified as EUDI-compliant by a Conformity Assessment Body (CAB).

    • +

  • Wallet Instance: Instance of a Wallet Solution, installed on the User device. The Wallet Instance provides graphical interfaces for User interaction with Relying Parties, PID, (Q)EAA Providers and the Wallet Provider.

    • +

  • PID Provider: The entity that issues the eIDAS Person Identification Data (PID). It is composed of:

    +
    +
      +

    • OpenID4VCI Component: based on the "OpenID for Verifiable Credential Issuance" specification ` [OIDC4VCI. Draft 13] <https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html>`_ to release the PID.

      • +

    • National eID Relying Party: The component to authenticate the User with the national Digital Identity Providers, based on OpenID Connect Core 1.0 or SAML2.

      • +

    • National Identity Provider: It represents preexisting identity systems based on SAML2 or OpenID Connect Core 1.0, already in production in each Member State (eg: the Italian SPID and CIE id schemes notified eIDAS with LoA High, see SPID/CIE OpenID Connect Specifications).

      • +
    +
    +
    • +

  • (Q)EAA Provider: It represents the Issuer of (Q)EAAs. It is composed of:

    +
      +

    • OpenID4VCI Component: based on the "OpenID for Verifiable Credential Issuance" specification to release (Q)EAAs.

      • +

    • Relying Party: Component to authenticate the User with the PID. The (Q)EAA Provider acts as a Verifier by sending a presentation request to the Wallet Instance, according to [OpenID4VP]. The Wallet Instance MUST have a valid PID, obtained in a previous time, to get authenticated with the (Q)EAA Provider.

      • +
    +
    • +
+
+
+

High-Level PID flow

+

The Fig. 2 shows a general architecture and highlights the main operations involved in the issuance of a PID.

+
+_images/High-Level-Flow-ITWallet-PID-Issuance.svg
+

Fig. 2 PID Issuance - General architecture and high level flow.

+
+
+

Below the description of the steps represented in the previous picture:

+
+
    +

  1. Wallet Instance Setup: the first time the Wallet Instance is started a preliminary setup phase is carried out. It consists of the release of the Wallet Attestation issued by Wallet Attestation Service asserting the genuineness and the compliance of the Wallet Instance with the shared trust framework. The Wallet Attestation binds the public key provided by the Wallet Instance, related to one of the private keys generated by the Wallet Instance.

    2. +

  2. PID/(Q)EAA Provider Discovery: the Wallet Instance discovers the trusted Digital Credential Issuers using the Federation API (e.g.: using the Subordinate Listing Endpoint of the Trust Anchor and its Intermediates), inspecting the Credential Issuer metadata and Trust Marks for filtering the PID Provider.

    3. +

  3. PID Provider Metadata: the Wallet Instance establishes the trust to the PID Provider according to the Trust Model and obtains the Metadata that discloses the formats of the PID, the algorithms supported, and any other parameter required for interoperability needs.

    4. +

  4. PID Request: using the Authorization Code Flow defined in [OIDC4VCI. Draft 13] the Wallet Instance requests the PID to the PID Provider.

    5. +

  5. User Authentication: the PID Provider authenticates the User with LoA High, acting as an Identity and Access Management Proxy to the National eID system.

    6. +

  6. PID Issuance: the User is authenticated with LoA High and the PID Provider releases a PID bound to the key material held by the requesting Wallet Instance.

    7. +
+
+

In the following sections the steps from 1 to 5 are further expanded into more technical details.

+
+
+

High-Level (Q)EAA flow

+

The Fig. 3 shows a general architecture and highlights the main operations involved in the issuance of a (Q)EAA, following the assumptions listed below:

+
+
    +

  • the User has a valid PID stored in their own Wallet Instance;

    • +

  • the (Q)EAA requires a high security implementation profile.

    • +
+
+
+_images/High-Level-Flow-ITWallet-QEAA-Issuance.svg
+

Fig. 3 (Q)EAA Issuance - General architecture and high level flow

+
+
+

Below the description of the most relevant operations involved in the (Q)EAA issuance:

+
+
    +

  1. Discovery of the trusted (Q)EAA Provider: the Wallet Instance obtains the list of the trusted (Q)EAA Provider using the Federation API (e.g.: using the Subordinate Listing Endpoint of the Trust Anchor and its Intermediates), then inspects the metadata and Trust Mark looking for the Digital Credential capabilities of each (Q)EAA Provider.

    2. +

  2. (Q)EAA Provider Metadata: the Wallet Instance establishes the trust to the (Q)EAA Provider according to the Trust Model, obtaining the Metadata that discloses the formats of the (Q)EAA, the algorithms supported, and any other parameter required for interoperability needs.

    3. +

  3. (Q)EAA Request: using the Authorization Code Flow , defined in [OIDC4VCI. Draft 13], the Wallet Instance requests a (Q)EAA to the (Q)EAA Provider.

    4. +

  4. User Authentication: the (Q)EAA Provider, acting as a Verifier (Relying Party), authenticates the User evaluating the presentation of the PID.

    5. +

  5. (Q)EAA Issuance: the User is authenticated with a valid PID and the (Q)EAA Provider releases a (Q)EAA bound to the key material held by the requesting Wallet Instance.

    6. +
+
+
+
+

Detailed Flow

+

The PID/(Q)EAA Issuance phase uses the Authorization Code Flow with the following specifications:

+ +

In this section a Wallet Initiated Flow is outlined, where the User receives the PID/(Q)EAA directly in response to the Credential Request.

+
+

Warning

+

All the non-normative examples are referred to the PID Provider issuance flow.

+
+
+_images/Low-Level-Flow-ITWallet-PID-QEAA-Issuance.svg +
+

Fig. 4 PID/(Q)EAA Issuance - Detailed flow

+
+
+

Steps 1-4 (Discovery): The User selects the PID/(Q)EAA Provider using the Wallet Instance, the Metadata for the selected PID/(Q)EAA Provider are processed by the Wallet Instance.

+
+

Note

+

Federation Check: The Wallet Instance needs to check if the PID/(Q)EAA Provider is part of the Federation, obtaining its protocol specific Metadata. A non-normative example of a response from the endpoint .well-known/openid-federation with the Entity Configuration and the Metadata of the PID/(Q)EAA Provider is represented within the section Entity Configuration Credential Issuer.

+
+

Steps 5-6 (PAR Request): The Wallet Instance:

+
+
    +

  • creates a fresh PKCE code verifier, Wallet Attestation Proof of Possession, and state parameter for the Pushed Authorization Request.

    • +

  • provides to the PID/(Q)EAA Provider PAR endpoint the parameters previously listed above, using the request parameter (hereafter Request Object) according to RFC 9126 Section 3 to prevent Request URI swapping attack.

    • +

  • MUST create the code_verifier with enough entropy random string using the unreserved characters with a minimum length of 43 characters and a maximum length of 128 characters, making it impractical for an attacker to guess its value. The value MUST be generated following the recommendation in Section 4.1 of RFC 7636.

    • +

  • signs this request using the private key that is created during the setup phase to obtain the Wallet Attestation. The related public key that is attested by the Wallet Provider is provided within the Wallet Attestation cnf claim.

    • +

  • MUST create the value of the client_assertion parameter according to OAuth 2.0 Attestation-based Client Authentication [oauth-attestation-draft], since in this flow the Pushed Authorization Endpoint is a protected endpoint. The client_assertion value MUST NOT contain more or less than precisely two JWTs separated with the ~ character. The first JWT MUST be the Wallet Attestation JWT and the second JWT MUST be the Wallet Attestation Proof of Possession.

    • +

  • specifies the types of the requested credentials using the authorization_details [RAR RFC 9396] parameter.

    • +
+
+

The PID/(Q)EAA Provider performs the following checks upon the receipt of the PAR request:

+
+
    +

  1. It MUST validate the signature of the Request Object using the algorithm specified in the alg header parameter (RFC 9126, RFC 9101) and the public key retrieved from the Wallet Attestation (cnf.jwk) referenced in the Request Object, using the kid JWS header parameter.

    2. +

  2. It MUST check that the used algorithm for signing the request in the alg header is one of the listed within the Section Cryptographic Algorithms.

    3. +

  3. It MUST check that the client_id in the request body of the PAR request matches the client_id claim included in the Request Object.

    4. +

  4. It MUST check that the iss claim in the Request Object matches the client_id claim in the Request Object (RFC 9126, RFC 9101).

    5. +

  5. It MUST check that the aud claim in the Request Object is equal to the PID/(Q)EAA Provider authorization endpoint uri (RFC 9126, RFC 9101).

    6. +

  6. It MUST reject the PAR request, if it contains the request_uri parameter (RFC 9126).

    7. +

  7. It MUST check that the Request Object contains all the mandatory parameters which values are validated according to Table of the HTTP parameters [derived from RFC 9126].

    8. +

  8. It MUST check that the Request Object is not expired, checking the exp claim (RFC 9126).

    9. +

  9. It MUST check that the Request Object was issued in a previous time than the value exposed in the iat claim. It SHOULD reject the request if the iat claim is far from the current time (RFC 9126) of more than 5 minutes.

    10. +

  10. It MUST check that the jti claim in the Request Object has not been used before by the Wallet Instance identified by the client_id. This allows the PID/(Q)EAA Provider to mitigate replay attacks (RFC 7519).

    11. +

  11. It MUST validate the client_assertion parameter based on Sections 4.1 and 4.2 of [oauth-attestation-draft].

    12. +
+
+

Below a non-normative example of the PAR.

+
POST /as/par HTTP/1.1
+Host: pid-provider.example.org
+Content-Type: application/x-www-form-urlencoded
+
+response_type=code
+&client_id=$thumprint-of-the-jwk-in-the-cnf-wallet-attestation$
+&code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM
+&code_challenge_method=S256
+&request=eyJhbGciOiJSUzI1NiIsImtpZCI6ImsyYmRjIn0.ew0KIC Jpc3MiOiAiczZCaGRSa3F0MyIsDQogImF1ZCI6ICJodHRwczovL3NlcnZlci5leGFtcGxlLmNvbSIsDQo gInJlc3BvbnNlX3R5cGUiOiAiY29kZSBpZF90b2tlbiIsDQogImNsaWVudF9pZCI6ICJzNkJoZFJrcXQz IiwNCiAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vY2xpZW50LmV4YW1...
+&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation
+&client_assertion=$WIA~WIA-PoP
+
+
+

Below an non-normative example of the Wallet Attestation Proof of Possession without encoding and signature applied:

+
{
+  "alg": "ES256",
+  "kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
+  "typ": "jwt-client-attestation-pop",
+}
+.
+{
+  "iss": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
+  "aud": "https://pid-provider.example.org/par-endpoint",
+  "jti": "ad25868c-8377-479b-8094-46fb1e797625",
+  "iat": 1686645115,
+  "exp": 1686652315
+}
+
+
+

Below an non-normative example of the signed Request Object without encoding and signature applied:

+
{
+  "alg": "ES256",
+  "kid": "FifYx03bnosD8m6gYQIfNHNP9cM_Sam9Tc5nLloIIrc",
+}
+.
+{
+"iss":"$thumprint-of-the-jwk-in-the-cnf-wallet-attestation$",
+"aud":"https://pid-provider.example.org",
+"exp":1672422065,
+"iat": 1672418465,
+"jti":"ac80df576e7109686717bf50b869e882",
+"response_type":"code",
+"client_id":"$thumprint-of-the-jwk-in-the-cnf-wallet-attestation$",
+"state":"fyZiOL9Lf2CeKuNT2JzxiLRDink0uPcd",
+"code_challenge":"E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM",
+"code_challenge_method":"S256",
+"authorization_details":[
+  {
+    "type": "openid_credential",
+    "credential_configuration_id": "PersonIdentificationData"
+  }
+],
+"redirect_uri":"eudiw://start.wallet.example.org",
+}
+
+
+
+

Note

+

Federation Check: The PID/(Q)EAA Provider MUST check that the Wallet Provider is part of the federation.

+
+
+

Note

+

The PID/(Q)EAA Provider MUST validate the signature of the the Wallet Attestation and that it is not expired.

+
+

Step 7 (PAR Response): The PID/(Q)EAA Provider provides a one-time use request_uri value. The issued request_uri value must be bound to the client identifier (client_id) that was provided in the Request Object.

+
+

Note

+

The entropy of the request_uri MUST be sufficiently large. The adequate shortness of the validity and the entropy of the request_uri depends on the risk calculation based on the value of the resource being protected. The validity time SHOULD be less than a minute, and the request_uri MUST include a cryptographic random value of 128 bits or more (RFC 9101). The entire request_uri SHOULD NOT exceed 512 ASCII characters due to the following two main reasons (RFC 9101):

+
+
    +

  1. Many phones on the market still do not accept large payloads. The restriction is typically either 512 or 1024 ASCII characters.

    2. +

  2. On a slow connection such as a 2G mobile connection, a large URL would cause a slow response; therefore, the use of such is not advisable from the user-experience point of view.

    3. +
+
+
+

The PID/(Q)EAA Provider returns the issued request_uri to the Wallet Instance. A non-normative example of the response is shown below.

+
HTTP/1.1 201 Created
+Cache-Control: no-cache, no-store
+Content-Type: application/json
+
+{
+    "request_uri":"urn:ietf:params:oauth:request_uri:bwc4JK-ESC0w8acc191e-Y1LTC2",
+    "expires_in": 60
+}
+
+
+

Steps 8-9 (Authorization Request): The Wallet Instance sends an authorization request to the PID/(Q)EAA Provider Authorization Endpoint. Since parts of this Authorization Request content, e.g., the code_challenge parameter value, are unique to a particular Authorization Request, the Wallet Instance MUST only use a request_uri value once (RFC 9126); The PID/(Q)EAA Provider performs the following checks upon the receipt of the Authorization Request:

+
+
    +

  1. It MUST treat request_uri values as one-time use and MUST reject an expired request. However, it MAY allow for duplicate requests due to a user reloading/refreshing their user-agent (derived from RFC 9126).

    2. +

  2. It MUST identify the request as a result of the submitted PAR (derived from RFC 9126).

    3. +

  3. It MUST reject all the Authorization Requests that do not contain the request_uri parameter as the PAR is the only way to pass the Authorization Request from the Wallet Instance (derived from RFC 9126).

    4. +
+
+
GET /authorize?client_id=$thumprint-of-the-jwk-in-the-cnf-wallet-attestation$&request_uri=urn%3Aietf%3Aparams%3Aoauth%3Arequest_uri%3Abwc4JK-ESC0w8acc191e-Y1LTC2 HTTP/1.1
+Host: pid-provider.example.org
+
+
+
+

Note

+

User Authentication and Consent: The PID Provider performs the User authentication based on the requirements of eIDAS LoA High by means of national notified eIDAS scheme and requires the User consent for the PID issuance. +The (Q)EAA Provider performs the User authentication requesting a valid PID to the Wallet Instance. The (Q)EAA Provider MUST use [OpenID4VP] to dynamically request the presentation of the PID. From a protocol perspective, the (Q)EAA Provider acts as a Relying Party, providing the presentation request to the Wallet Instance. The Wallet Instance MUST have a valid PID obtained prior to start the transaction with the (Q)EAA Provider.

+
+

Steps 10-11 (Authorization Response): The PID/(Q)EAA Provider sends an authorization code together with state and iss parameters to the Wallet Instance. The Wallet Instance performs the following checks on the Authorization Response:

+
+
    +

  1. It MUST check the Authorization Response contains all the defined parameters according to Table of the HTTP Response parameters.

    2. +

  2. It MUST check the returned value by the PID/(Q)EAA Provider for state parameter is equal to the value sent by Wallet Instance in the Request Object (RFC 6749).

    3. +

  3. It MUST check that the URL of PID/(Q)EAA Provider in iss parameter is equal to the URL identifier of intended PID/(Q)EAA Provider that the Wallet Instance start the communication with (RFC 9027).

    4. +
+
+
+

Note

+

The Wallet Instance redirect URI is a universal or app link registered with the local operating system, so this latter will resolve it and pass the response to the Wallet Instance.

+
+
HTTP/1.1 302 Found
+Location: https://start.wallet.example.org?code=SplxlOBeZQQYbYS6WxSbIA&state=fyZiOL9Lf2CeKuNT2JzxiLRDink0uPcd&iss=https%3A%2F%2Fpid-provider.example.org
+
+
+

Steps 12-13 (DPoP Proof for Token Endpoint): The Wallet Instance MUST create a new key pair for the DPoP and a fresh DPoP Proof JWT following the instruction provided in Section 4 of (RFC 9449) for the token request to the PID/(Q)EAA Provider. The DPoP Proof JWT is signed using the private key for DPoP created by Wallet Instance for this scope. DPoP binds the Access Token to a certain Wallet Instance (RFC 9449) and mitigates the misuse of leaked or stolen Access Tokens at the Credential Endpoint.

+

Step 14 (Token Request): The Wallet Instance sends a token request to the PID/(Q)EAA Provider Token Endpoint with a DPoP Proof JWT and the parameters: code, code_verifier, and OAuth 2.0 Attestation based Client Authentication (client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation and client_assertion=WIA~WIA-PoP). +The client_assertion is signed using the private key that is created during the setup phase to obtain the Wallet Attestation. The related public key that is attested by the Wallet Provider is provided within the Wallet Attestation (cnf claim). The PID/(Q)EAA Provider performs the following checks on the Token Request:

+
+
    +

  1. It MUST ensure that the Authorization code is issued to the authenticated Wallet Instance (RFC 6749) and was not replied.

    2. +

  2. It MUST ensure the Authorization code is valid and has not been previously used (RFC 6749).

    3. +

  3. It MUST ensure the redirect_uri matches the value included in the previous Request Object OpenID.Core#TokenRequest.

    4. +

  4. It MUST validate the DPoP Proof JWT, according to (RFC 9449) Section 4.3.

    5. +
+
+
POST /token HTTP/1.1
+Host: pid-provider.example.org
+Content-Type: application/x-www-form-urlencoded
+DPoP: eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6Ik
+    VDIiwieCI6Imw4dEZyaHgtMzR0VjNoUklDUkRZOXpDa0RscEJoRjQyVVFVZldWQVdCR
+    nMiLCJ5IjoiOVZFNGpmX09rX282NHpiVFRsY3VOSmFqSG10NnY5VERWclUwQ2R2R1JE
+    QSIsImNydiI6IlAtMjU2In19.eyJqdGkiOiItQndDM0VTYzZhY2MybFRjIiwiaHRtIj
+    oiUE9TVCIsImh0dSI6Imh0dHBzOi8vc2VydmVyLmV4YW1wbGUuY29tL3Rva2VuIiwia
+    WF0IjoxNTYyMjYyNjE2fQ.2-GxA6T8lP4vfrg8v-FdWP0A0zdrj8igiMLvqRMUvwnQg
+    4PtFLbdLXiOSsX0x7NVY-FNyJK70nfbV37xRZT3Lg
+
+grant_type=authorization_code
+&code=SplxlOBeZQQYbYS6WxSbIA
+&code_verifier=dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk
+&redirect_uri=https://start.wallet.example.org/cb
+&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation
+&client_assertion=$WIA~WIA-PoP
+
+
+

Step 15 (Token Response): The PID/(Q)EAA Provider validates the request, if successful an Access Token (bound to the DPoP key) and a fresh c_nonce is provided to the Wallet Instance.

+
HTTP/1.1 200 OK
+Content-Type: application/json
+Cache-Control: no-store
+
+{
+    "access_token": "Kz~8mXK1EalYznwH-LC-1fBAo.4Ljp~zsPE_NeO.gxU ...",
+    "token_type": "DPoP",
+    "expires_in": 2677,
+    "c_nonce": "tZign[...]snFbp",
+    "c_nonce_expires_in": 86400,
+    "authorization_details": [
+      {
+          "type": "openid_credential",
+          "credential_configuration_id: "PersonIdentificationData"
+          }
+      }
+    ]
+}
+
+
+

Steps 16-17 (DPoP Proof for Credential Endpoint): The Wallet Instance for requesting the Digital Credential creates a proof of possession with c_nonce obtained in Step 15 and using the private key used for the DPoP, signing a DPoP Proof JWT according to (RFC 9449) Section 4. The jwk value in the proof parameter MUST be equal to the public key referenced in the DPoP.

+

Step 18 (Credential Request): The Wallet Instance requests the Digital Credential to the PID/(Q)EAA Credential endpoint. The request MUST contain the Access Token, the DPoP Proof JWT, the credential type, the proof (proof of possession of the key) and the format parameters.

+
+

Note

+

PID/(Q)EAA Credential Schema and Status registration: The PID/(Q)EAA Provider MUST register all the issued Credentials for their later revocation, if needed.

+
+
POST /credential HTTP/1.1
+Host: pid-provider.example.org
+Content-Type: application/json
+Authorization: DPoP Kz~8mXK1EalYznwH-LC-1fBAo.4Ljp~zsPE_NeO.gxU
+DPoP: eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6Ik
+    VDIiwieCI6Imw4dEZyaHgtMzR0VjNoUklDUkRZOXpDa0RscEJoRjQyVVFVZldWQVdCR
+    nMiLCJ5IjoiOVZFNGpmX09rX282NHpiVFRsY3VOSmFqSG10NnY5VERWclUwQ2R2R
+    1JEQSIsImNydiI6IlAtMjU2In19.eyJqdGkiOiJlMWozVl9iS2ljOC1MQUVCIiwiaHRtIj
+    oiR0VUIiwiaHR1IjoiaHR0cHM6Ly9yZXNvdXJjZS5leGFtcGxlLm9yZy9wcm90ZWN0Z
+    WRyZXNvdXJjZSIsImlhdCI6MTU2MjI2MjYxOCwiYXRoIjoiZlVIeU8ycjJaM0RaNTNF
+    c05yV0JiMHhXWG9hTnk1OUlpS0NBcWtzbVFFbyJ9.2oW9RP35yRqzhrtNP86L-Ey71E
+    OptxRimPPToA1plemAgR6pxHF8y6-yqyVnmcw6Fy1dqd-jfxSYoMxhAJpLjA
+{
+  "format": "vc+sd-jwt"
+  "credential_definition":{
+    "type": ["PersonIdentificationData"]
+  },
+  "proof": {
+    "proof_type": "jwt",
+    "jwt": "eyJraWQiOiJkaWQ6ZXhhbXBsZTplYm"
+  }
+}
+
+
+

Where a non-normative example of the decoded content of the jwt parameter is represented below, +without encoding and signature. The JWS header:

+
{
+  "alg": "ES256",
+  "typ": "openid4vci-proof+jwt",
+  "jwk": {
+    "kty": "EC",
+    "x": "l8tFrhx-34tV3hRICRDY9zCkDlpBhF42UQUfWVAWBFs",
+    "y": "9VE4jf_Ok_o64zbTTlcuNJajHmt6v9TDVrU0CdvGRDA",
+    "crv": "P-256"
+  }
+
+}
+
+
+

And the JWS payload:

+
{
+    "iss": "0b434530-e151-4c40-98b7-74c75a5ef760",
+    "aud": "https://pid-provider.example.org/credential",
+    "iat": 1504699136,
+    "nonce": "tZign...snFbp"
+}
+
+
+

Steps 19-21 (Credential Response): The PID/(Q)EAA Provider MUST validate the DPoP JWT Proof based on the steps defined in Section 4.3 of (RFC 9449) and whether the Access Token is valid and suitable for the requested PID/(Q)EAA. It also MUST validate the proof of possession for the key material the new credential SHALL be bound to, according to OPENID4VCI Section 7.2.2. If all checks succeed, the PID/(Q)EAA Provider creates a new Credential bound to the key material and provide it to the Wallet Instance. The Wallet Instance MUST perform the following checks before proceeding with the secure storage of the PID/(Q)EAA:

+
+
    +

  1. It MUST check that the PID Credential Response contains all the mandatory parameters and values are validated according to Table of the credential response parameters.

    2. +

  2. It MUST check the PID integrity by verifying the signature using the algorithm specified in the alg header parameter of SD-JWT (PID/(Q)EAA Data Model) and the public key that is identified using using the kid header of the SD-JWT.

    3. +

  3. It MUST check that the received PID (in credential claim) matches the schema defined in PID/(Q)EAA Data Model.

    4. +

  4. It MUST process and verify the PID in SD-JWT VC format (according to SD.JWT#Verification Section 6.) or MDOC CBOR format.

    5. +

  5. It MUST verify the Trust Chain in the header of SD-JWT VC to verify that the PID Provider is trusted.

    6. +
+
+

If the checks defined above are successful the Wallet Instance proceeds with the secure storage of the PID/(Q)EAA.

+
HTTP/1.1 200 OK
+Content-Type: application/json
+Cache-Control: no-store
+Pragma: no-cache
+
+{
+    "format": "vc+sd-jwt"
+    "credential" : "LUpixVCWJk0eOt4CXQe1NXK[...]WZwmhmn9OQp6YxX0a2L",
+    "c_nonce": "fGFF7[...]UkhLa",
+    "c_nonce_expires_in": 86400
+}
+
+
+
+
+

Pushed Authorization Request Endpoint

+
+

Pushed Authorization Request (PAR) Request

+

The requests to the PID/(Q)EAA authorization endpoint MUST use the HTTP POST method with the parameters in the message body encoded in application/x-www-form-urlencoded format. The Pushed Authorization Endpoint is protected with OAuth 2.0 Attestation-based Client Authentication [oauth-attestation-draft] and the following parameters MUST be provided:

+ + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 1 PAR http request parameters

Claim

Description

Reference

response_type

MUST be set to code.

RFC 6749

client_id

MUST be set to the thumbprint of the jwk value in the cnf parameter inside the Wallet Attestation.

RFC 6749

code_challenge

A challenge derived from the code verifier that is sent in the authorization request.

RFC 7636#section-4.2.

code_challenge_method

A method that was used to derive code challenge. It MUST be set to S256.

RFC 7636#section-4.3.

request

It MUST be a signed JWT. The private key corresponding to the public one in the cnf parameter inside the Wallet Attestation MUST be used for signing the Request Object.

OpenID Connect Core. Section 6

client_assertion_type

It MUST be set to urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation.

oauth-attestation-draft.

client_assertion

It MUST be set to a value containing the Wallet Attestation JWT and the Proof of Possession, separated with the ~ character.

oauth-attestation-draft.

+

The JWT Request Object has the following JOSE header parameters:

+ +++++ + + + + + + + + + + + + + + + + +

JOSE header

Description

Reference

alg

A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section Cryptographic Algorithms and MUST NOT be set to none or any symmetric algorithm (MAC) identifier.

RFC 7516#section-4.1.1.

kid

Unique identifier of the jwk inside the cnf claim of Wallet Attestation as base64url-encoded JWK Thumbprint value.

RFC 7638#section_3.

+
+

Note

+

The parameter typ, if omitted, assumes the implicit value JWT.

+
+

The JWT payload is given by the following parameters:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

iss

It MUST be set to the client_id.

RFC 9126 and RFC 7519.

aud

It MUST be set to the identifier of the PID/(Q)EAA Provider.

RFC 9126 and RFC 7519.

exp

UNIX Timestamp with the expiry time of the JWT.

RFC 9126 and RFC 7519.

iat

UNIX Timestamp with the time of JWT issuance.

RFC 9126 and RFC 7519.

response_type

It MUST be set as in the Table of the HTTP parameters.

See Table of the HTTP parameters.

client_id

It MUST be set as in the Table of the HTTP parameters.

See Table of the HTTP parameters.

state

Unique session identifier at the client side. This value will be returned to the client in the response, at the end of the authentication. It MUST be a random string composed by alphanumeric characters and with a minimum length of 32 digits.

See OpenID.Core#AuthRequest.

code_challenge

It MUST be set as in the Table of the HTTP parameters.

See Table of the HTTP parameters.

code_challenge_method

It MUST be set as in the Table of the HTTP parameters.

See Table of the HTTP parameters.

authorization_details

Array of JSON Objects. Each JSON Object MUST include the following claims:

+
+
    +

  • type: it MUST be set to openid_credential,

    • +

  • credential_configuration_id: JSON String. String specifying a unique identifier of the Credential being described in the credential_configurations_supported map in the Credential Issuer Metadata. For example, in the case of the PID, it MUST be set to PersonIdentificationData.

    • +
+
+

See [RAR RFC 9396] and [OIDC4VCI. Draft 13].

redirect_uri

Redirection URI to which the response is intended to be sent. It MUST be an universal or app link registered with the local operating system, so this latter will provide the response to the Wallet Instance.

See OpenID.Core#AuthRequest.

client_assertion_type

It MUST be set as in the Table of the HTTP parameters.

See Table of the HTTP parameters.

client_assertion

It MUST be set as in the Table of the HTTP parameters.

See Table of the HTTP parameters.

jti

Unique identifier of the JWT that, together with the value contained in the iss claim, prevents the reuse of the JWT (replay attack). Since the jti value alone is not collision resistant, it MUST be identified uniquely together with its issuer.

[RFC 7519].

+

The JOSE header of the Wallet Attestation proof of possession MUST contain:

+ +++++ + + + + + + + + + + + + + + + + + + + + +

JOSE header

Description

Reference

alg

A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms listed in the Section Cryptographic Algorithms and MUST NOT be set to none or any symmetric algorithm (MAC) identifier.

RFC 7516#section-4.1.1.

kid

Unique identifier of the jwk inside the cnf claim of Wallet Attestation as base64url-encoded JWK Thumbprint value.

RFC 7638#section_3.

typ

It MUST be set to jwt-client-attestation-pop

Currently under discussion in [oauth-attestation-draft].

+

The body of the Wallet Attestation proof of possession JWT MUST contain:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

iss

Thumbprint of the JWK in the cnf parameter.

RFC 9126 and RFC 7519.

aud

It MUST be set to the identifier of the PID/(Q)EAA Provider.

RFC 9126 and RFC 7519.

exp

UNIX Timestamp with the expiry time of the JWT.

RFC 9126 and RFC 7519.

iat

UNIX Timestamp with the time of JWT issuance.

RFC 9126 and RFC 7519.

jti

Unique identifier for the DPoP proof JWT. The value SHOULD be set using a UUID v4 value according to [RFC 4122].

[RFC 7519. Section 4.1.7].

+
+
+

Pushed Authorization Request (PAR) Response

+

If the verification is successful, the PID/(Q)EAA Issuer MUST provide the response with a 201 HTTP status code. The following parameters are included as top-level members in the HTTP response message body, using the application/json media type as defined in [RFC 8259].

+ +++++ + + + + + + + + + + + + + + + + +

Claim

Description

Reference

request_uri

The request URI corresponding to the authorization request posted. This URI MUST be a single-use reference to the respective authorization request. It MUST contain some part generated using a cryptographically strong pseudorandom algorithm. The value format MUST be urn:ietf:params:oauth:request_uri:<reference-value> with <reference-value> as the random part of the URI that references the respective authorization request data.

[RFC 9126].

expires_in

A JSON number that represents the lifetime of the request URI in seconds as a positive integer.

[RFC 9126].

+
+
+
+

Authorization endpoint

+

The authorization endpoint is used to interact with the PID/(Q)EAA Issuer and obtain an authorization grant. +The authorization server MUST first verify the identity of the User that own the credential.

+
+

Authorization Request

+

The Authorization request is issued by the Web Browser in use by the Wallet Instance, the HTTP methods POST or GET are used. When the method POST is used, the parameters MUST be sent using the Form Serialization. When the method GET is used, the parameters MUST be sent using the Query String Serialization. For more details see OpenID.Core#Serializations.

+

The mandatory parameters in the HTTP authentication request are specified in the following table.

+ +++++ + + + + + + + + + + + + + + + + +

Claim

Description

Reference

client_id

It MUST be set as in the Table of the HTTP parameters.

See Table of the HTTP parameters.

request_uri

It MUST be set to the same value as obtained by PAR Response. See Table of the HTTP PAR Response parameters.

[RFC 9126].

+
+
+

Authorization Response

+

The authentication response is returned by the PID/(Q)EAA authorization endpoint at the end of the authentication flow.

+

If the authentication is successful the PID/(Q)EAA Issuer redirects the User by adding the following query parameters as required to the redirect_uri. The redirect URI MUST be an universal or app link registered with the local operating system, so this latter is able to provide the response to the Wallet Instance.

+ +++++ + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

code

Unique Authorization Code that the Wallet Instance submits to the Token Endpoint.

[RFC 6749#section-4.1.2], Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants

state

The Wallet Instance MUST check the correspondence with the state parameter value in the Request Object. It is defined as in the Table of the JWT Request parameters.

[RFC 6749#section-4.1.2].

iss

Unique identifier of the PID/(Q)EAA Issuer who created the Authentication Response. The Wallet Instance MUST validate this parameter.

OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response, [RFC7519, Section 4.1.1].

+
+
+
+

Token endpoint

+

The token endpoint is used by the Wallet Instance to obtain an Access Token by presenting an authorization grant, as +defined in RFC 6749. The Token Endpoint is a protected endpoint with a client authentication based on the model defined in OAuth 2.0 Attestation-based Client Authentication [oauth-attestation-draft].

+
+

Token Request

+

The request to the PID/(Q)EAA Token endpoint MUST be an HTTP request with method POST, with the body message encoded in application/x-www-form-urlencoded format. The Wallet Instance sends the Token endpoint request with client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation and client_assertion=WIA~WIA-PoP.

+

The Token endpoint MUST accept and validate the DPoP proof sent in the DPoP HTTP header. The Token endpoint MUST validate the DPoP proof according to Section 4.3 of the DPoP specifications (RFC 9449). This mitigates the misuse of leaked or stolen Access Tokens at the credential endpoint. If the DPoP proof is invalid, the Token endpoint returns an error response, according to Section 5.2 of [RFC 6749] with invalid_dpop_proof as the value of the error parameter.

+

All the parameters listed below are REQUIRED:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

grant_type

It MUST be set to authorization_code.

Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants.

code

Authorization code returned in the Authentication Response.

Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants.

redirect_uri

It MUST be set as in the Request Object Table of the JWT Request parameters.

Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants.

code_verifier

Verification code of the code_challenge.

Proof Key for Code Exchange by OAuth Public Clients.

client_assertion_type

It MUST be set to urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation.

oauth-attestation-draft.

client_assertion

It MUST be set to a value containing the Wallet Attestation JWT and the Proof of Possession JWT, separated with the ~ character (WIA~WIA-PoP). The Wallet Attestation Proof of Possession MUST contain the claims as defined in Table of the JWT Wallet Attestation PoP, Section Pushed Authorization Request (PAR) Response.

oauth-attestation-draft.

+

A DPoP Proof JWT is included in the HTTP request using the DPoP header parameter containing a DPoP JWS.

+

The JOSE header of a DPoP JWT MUST contain at least the following parameters:

+ +++++ + + + + + + + + + + + + + + + + + + + + +

JOSE header

Description

Reference

typ

It MUST be equal to dpop+jwt.

[RFC 7515] and [RFC 8725. Section 3.11].

alg

A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms in Section Cryptographic Algorithms and MUST NOT be set to none or with a symmetric algorithm (MAC) identifier.

[RFC 7515].

jwk

It represents the public key chosen by the Wallet Instance, in JSON Web Key (JWK) [RFC 7517] format that the Access Token MUST be bound to, as defined in [RFC 7515] Section 4.1.3. It MUST NOT contain a private key.

[RFC 7517] and [RFC 7515].

+

The payload of a DPoP JWT Proof MUST contain at least the following claims:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

jti

Unique identifier for the DPoP proof JWT. The value SHOULD be set using a UUID v4 value according to [RFC 4122].

[RFC 7519. Section 4.1.7].

htm

The value of the HTTP method of the request to which the JWT is attached.

[RFC 9110. Section 9.1].

htu

The HTTP target URI, without query and fragment parts, of the request to which the JWT is attached.

[RFC 9110. Section 7.1].

iat

UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in RFC 7519.

[RFC 7519. Section 4.1.6].

+
+
+

Token Response

+

Token endpoint response MUST contain the following mandatory claims.

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

access_token

The DPoP-bound Access Token, in signed JWT format, allows accessing the PID/(Q)EAA Credential Endpoint for obtaining the credential.

RFC 6749.

token_type

Type of Access Token returned. It MUST be equal to DPoP.

RFC 6749.

expires_in

Expiry time of the Access Token in seconds.

RFC 6749.

c_nonce

JSON string containing a nonce value to be used to create a proof of possession of key material when requesting a Credential.

[OIDC4VCI. Draft 13].

c_nonce_expires_in

JSON integer, it represents the lifetime in seconds of the c_nonce.

[OIDC4VCI. Draft 13].

authorization_details

JSON object, used to identify Credentials with the same metadata but different claimset/claim values and/or simplify the Credential request even when only one Credential is being issued.

[OIDC4VCI. Draft 13].

+
+
+

Access Token

+

A DPoP-bound Access Token is provided by the PID/(Q)EAA Token endpoint as a result of a successful token request. The Access Token is encoded in JWT format, according to [RFC 7519]. The Access Token MUST have at least the following mandatory claims and it MUST be bound to the public key that is provided by the DPoP proof. This binding can be accomplished based on the methodology defined in Section 6 of (RFC 9449).

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

iss

It MUST be an HTTPS URL that uniquely identifies the PID/(Q)EAA Issuer. The Wallet Instance MUST verify that this value matches the PID/(Q)EAA Issuer where it has requested the credential.

[RFC 9068], [RFC7519, Section 4.1.1].

sub

It identifies the subject of the JWT. It MUST be set to the value of the sub field in the PID/(Q)EAA SD-JWT-VC.

[RFC 9068], [RFC 7519] and [OpenID.Core#SubjectIDTypes].

aud

It MUST be set to the URL of Credential Endpoint of the PID/(Q)EAA Provider.

[RFC 9068].

iat

UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in RFC 7519.

[RFC 9068], [RFC 7519. Section 4.1.6].

exp

UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated in RFC 7519.

[RFC 9068], [RFC 7519].

jti

It MUST be a String in uuid4 format. Unique Token ID identifier that the RP MAY use to prevent reuse by rejecting the Token ID if already processed.

[RFC 9068], [RFC 7519].

jkt

JWK SHA-256 Thumbprint Confirmation Method. The value of the jkt member MUST be the base64url encoding (as defined in [RFC7515]) of the JWK SHA-256 Thumbprint of the DPoP public key (in JWK format) to which the Access Token is bound.

[RFC 9449. Section 6.1] and [RFC 7638].

+
+
+
+

Credential endpoint

+

The Credential Endpoint issues a Credential upon the presentation of a valid Access Token, as defined in OPENID4VCI.

+
+

Credential Request

+

The Wallet Instance when requests the PID/(Q)EAA to the PID/(Q)EAA Credential endpoint, MUST use the following parameters in the message body of the HTTP POST request, using the application/json media type.

+

The Credential endpoint MUST accept and validate the DPoP proof sent in the DPoP HTTP Header parameter, according to the steps defined in (RFC 9449) Section 4.3. The DPoP proof in addition to the values that are defined in the Token Endpoint section MUST contain the following claim:

+
+
    +

  • ath: hash value of the Access Token encoded in ASCII. The value MUST use the base64url encoding (as defined in Section 2 of RFC 7515) with the SHA-256 algorithm.

    • +
+
+

If the DPoP proof is invalid, the Credential endpoint returns an error response per Section 5.2 of [RFC 6749] with invalid_dpop_proof as the value of the error parameter.

+
+

Warning

+

The Wallet Instance MUST create a new DPoP proof for the Credential request and MUST NOT use the previously created proof for the Token Endpoint.

+
+ +++++ + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

credential_definition

JSON object containing the detailed description of the Credential type. It MUST have at least the type sub claims which is a JSON array containing the type values the Wallet SHALL request in the Credential Request. It MUST be set in accordance to the type of the requested PID/(Q)EAA that is obtained from the PID/(Q)EAA Issuer metadata. In the case of the PID it MUST be set to PersonIdentificationData.

[OIDC4VCI. Draft 13].

format

Format of the Credential to be issued. This MUST be vc+sd-jwt.

[OIDC4VCI. Draft 13].

proof

JSON object containing proof of possession of the key material the issued credential shall be bound to. The proof object MUST contain the following mandatory claims:

+
    +

  • proof_type: JSON string denoting the proof type. It MUST be jwt.

    • +

  • jwt: the JWT used as proof of possession.

    • +
+

[OIDC4VCI. Draft 13].

+
+

Note

+

If the format value is mso_mdoc, the credential request MUST contain the doctype claim which is a JSON string identifying the credential type according to EIDAS-ARF . See Appendix E.2. of [OIDC4VCI. Draft 13] for more details.

+
+

The JWT proof type MUST contain the following parameters for the JOSE header and the JWT body:

+ +++++ + + + + + + + + + + + + + + + + + + + + +

JOSE Header

Description

Reference

alg

A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms in Section Cryptographic Algorithms and MUST NOT be set to none or to a symmetric algorithm (MAC) identifier.

[OIDC4VCI. Draft 13], [RFC 7515], [RFC 7517].

typ

It MUST be set to openid4vci-proof+jwt.

[OIDC4VCI. Draft 13], [RFC 7515], [RFC 7517].

jwk

Representing the public key chosen by the Wallet Instance, in JSON Web Key (JWK) [RFC 7517] format that the PID/(Q)EAA shall be bound to, as defined in Section 4.1.3 of [RFC 7515]. The jwk value MUST be equal to the same public key that is generated for the DPoP.

[OIDC4VCI. Draft 13], [RFC 7515], [RFC 7517].

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Reference

iss

The value of this claim MUST be the client_id of the Wallet Instance.

[OIDC4VCI. Draft 13], [RFC7519, Section 4.1.1].

aud

The value of this claim MUST be the identifier URL of the PID/(Q)EAA Issuer.

[OIDC4VCI. Draft 13].

iat

UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in RFC 7519.

[OIDC4VCI. Draft 13], [RFC 7519. Section 4.1.6].

nonce

The value type of this claim MUST be a string, where the value is a c_nonce provided by the PID/(Q)EAA Issuer in the Token response.

[OIDC4VCI. Draft 13].

+
+
+

Credential Response

+

Credential Response to the Wallet Instance MUST be sent using application/json media type. The response MUST contain the following mandatory claims:

+ + +++++ + + + + + + + + + + + + + + + + + + + + + + + + +
Table 2 Credential http response parameters

Claim

Description

Reference

format

Format of the Credential to be issued. This MUST be set to vc+sd-jwt when the credential type is SD-JWT.

[OIDC4VCI. Draft 13].

credential

Contains the issued PID/(Q)EAA. When the credential type is SD-JWT, it MUST be an SD-JWT JSON Object (see Section PID/(Q)EAA Data Model).

Appendix E in [OIDC4VCI. Draft 13].

c_nonce

JSON string containing a nonce value to be used to create a proof of possession of the key material when requesting a further Credential or for the renewal of a credential.

[OIDC4VCI. Draft 13].

c_nonce_expires_in

JSON integer corresponding to the c_nonce lifetime in seconds.

[OIDC4VCI. Draft 13].

+
+

Note

+

If the format value is mso_mdoc, the credential value MUST be a base64url-encoded JSON string according to Appendix E of [OIDC4VCI. Draft 13].

+
+
+
+

Entity Configuration Credential Issuer

+

Below is a non-normative example of an Entity Configuration containing an openid_credential_issuer metadata.

+
HTTP/1.1 200 OK
+Content-Type: application/entity-statement+jwt
+
+{
+
+  "alg": "RS256",
+  "kid": "FANFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
+  "typ": "entity-statement+jwt"
+
+}
+.
+{
+  "exp": "1649610249",
+  "iat": "1649437449",
+  "iss": "https://pid-provider.example.org",
+  "sub": "https://pid-provider.example.org",
+  "jwks": {
+    "keys": [{
+      "kty": "RSA",
+      "use": "sig",
+      "n": "1Ta-sE ...",
+      "e": "AQAB",
+      "kid": "FANFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs"
+    }]
+  },
+  "authority_hints": ["https://superior-entity.example.org/federation"],
+  "metadata": {
+    "openid_credential_issuer": {
+      "credential_issuer": "https://pid-provider.example.org",
+      "authorization_servers": ["https://pid-provider.example.org"],
+      "authorization_endpoint": "https://pid-provider.example.org/connect/authorize",
+      "token_endpoint": "https://pid-provider.example.org/connect/token",
+      "pushed_authorization_request_endpoint": "https://pid-provider.example.org/connect/par",
+      "dpop_signing_alg_values_supported": ["RS256", "RS512", "ES256", "ES512"],
+      "credential_endpoint": "https://pid-provider.example.org/credential",
+      "display": [
+        {
+          "name": "PID Provider Italiano di esempio",
+          "locale": "it-IT"
+        },
+        {
+          "name": "Example PID Provider",
+          "locale": "en-US",
+          "logo": {
+             "url": "https://pid-provider example.org/public/logo.svg",
+             "alt_text": "logo di questo PID Provider"
+          },
+        }
+      ],
+      "jwks": {
+         "keys": [
+           {
+            "crv": "P-256",
+            "kty": "EC",
+            "x": "newK5qDYMekrCPPO-yEYTdJVWJMTzasMavt2vm1Mb-A",
+            "y": "VizXaLO6dzeesZPxfpGZabTK3cTXtBUbIiQpmiYRtSE",
+            "kid": "ff0bded045fe63fe5d1d64dd83b567e0"
+           }
+         ]
+      },
+      "credential_configurations_supported": [
+        {
+          "format": "vc+sd-jwt",
+          "cryptographic_binding_methods_supported": ["jwk"],
+          "cryptographic_suites_supported": ["RS256", "RS512", "ES256", "ES512"],
+          "proof_types": ["jwt"],
+          "display": [{
+              "name": "PID Italiano di esempio",
+              "locale": "it-IT",
+              "logo": {
+                "url": "https://pid-provider example.org/public/logo.svg",
+                "alt_text": "logo di questa Credenziale"
+              },
+              "background_color": "#12107c",
+              "text_color": "#FFFFFF"
+            },
+            {
+              "name": "Example Italian PID",
+              "locale": "en-US",
+              "logo": {
+                "url": "https://pid-provider.example.org/public/logo.svg",
+                "alt_text": "The logo of this credential"
+              },
+              "background_color": "#12107c",
+              "text_color": "#FFFFFF"
+            }
+          ],
+          "credential_definition": {
+            "type": ["PersonIdentificationData"],
+            "credentialSubject": {
+              "given_name": {
+                "mandatory": true,
+                "display": [{
+                    "name": "Current First Name",
+                    "locale": "en-US"
+                  },
+                  {
+                    "name": "Nome",
+                    "locale": "it-IT"
+                  }
+                ]
+              },
+              "family_name": {
+                "mandatory": true,
+                "display": [{
+                    "name": "Current Family Name",
+                    "locale": "en-US"
+                  },
+                  {
+                    "name": "Cognome",
+                    "locale": "it-IT"
+                  }
+                ]
+              },
+              "birthdate": {
+                "mandatory": true,
+                "display": [{
+                    "name": "Date of Birth",
+                    "locale": "en-US"
+                  },
+                  {
+                    "name": "Data di Nascita",
+                    "locale": "it-IT"
+                  }
+                ]
+              },
+              "place_of_birth": {
+                "mandatory": true,
+                "display": [{
+                    "name": "Place of Birth",
+                    "locale": "en-US"
+                  },
+                  {
+                    "name": "Luogo di Nascita",
+                    "locale": "it-IT"
+                  }
+                ]
+              },
+              "unique_id": {
+                "mandatory": true,
+                "display": [{
+                    "name": "Unique Identifier",
+                    "locale": "en-US"
+                  },
+                  {
+                    "name": "Identificativo univoco",
+                    "locale": "it-IT"
+                  }
+                ]
+              },
+              "tax_id_code": {
+                "mandatory": true,
+                "display": [{
+                    "name": "Tax Id Number",
+                    "locale": "en-US"
+                  },
+                  {
+                    "name": "Codice Fiscale",
+                    "locale": "it-IT"
+                  }
+                ]
+              }
+            }
+          }
+        }
+      }
+    },
+
+    "federation_entity": {
+      "organization_name": "PID Provider Organization Example",
+      "homepage_uri": "https://pid-provider.example.org",
+      "policy_uri": "https://pid-provider.example.org/privacy_policy",
+      "tos_uri": "https://pid-provider.example.org/info_policy",
+      "logo_uri": "https://pid-provider.example.org/logo.svg"
+    },
+
+    "openid_relying_party": {
+      <This is the metadata of the PID Provider acting as a Relying Party in the national digital identity framework (CIE/SPID). See spid-cie-oidc-docs for details.>
+    }
+  }
+}
+
+
+
+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/proximity-flow.html b/refs/pull/201/merge/en/proximity-flow.html new file mode 100644 index 000000000..79dd16264 --- /dev/null +++ b/refs/pull/201/merge/en/proximity-flow.html @@ -0,0 +1,1816 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | Proximity Flow + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + +
+

Proximity Flow

+

This section describes how a Verifier requests the presentation of an mDoc-CBOR Credential to a Wallet Instance according to the ISO 18013-5 Specification. Only Supervised Device Retrieval flow is supported in this technical implementation profile.

+

The presentation phase is divided into three sub-phases:

+
+

1. Device Engagement: This subphase begins when the User is prompted to disclose certain attributes from the mDoc(s). The objective of this subphase is to establish a secure communication channel between the Wallet Instance and the Verifier App, so that the mDoc requests and responses can be exchanged during the communication subphase. +The messages exchanged in this subphase are transmitted through short-range technologies to limit the possibility of interception and eavesdropping. +This technical implementation profile exclusively supports QR code for Device Engagement.

+

2. Session establishment: During the session establishment phase, the Verifier App sets up a secure connection. All data transmitted over this connection is encrypted using a session key, which is known to both the Wallet Instance and the Verifier at this stage. +The established session MAY be terminated based on the conditions as detailed in [ISO18013-5#9.1.1.4].

+

3. Communication - Device Retrieval: The Verifier App encrypts the mDoc request with the appropriate session key and sends it to the Wallet Instance together with its public key in a session establishment message. The mDoc uses the data from the session establishment message to derive the session key and decrypt the mDoc request. +During the communication subphase, the Verifier App has the option to request information from the Wallet using mDoc requests and responses. The primary mode of communication is the secure channel established during the session setup. The Wallet Instance encrypts the mDoc response using the session key and transmits it to the Verifier App via a session data message. This technical implementation profile only supports Bluetooth Low Energy (BLE) for the communication sub-phase.

+
+

The following figure illustrates the flow diagram compliant with ISO 18013-5 for proximity flow.

+
+_images/High-Level-Flow-ITWallet-Presentation-ISO.svg +
+

High-Level Proximity Flow

+
+
+

Step 1-3: The Verifier requests the User to reveal certain attributes from their mDoc(s) stored in the Wallet Instance. The User initiates the Wallet Instance. The Wallet Instance MUST create a new temporary key pair (EDeviceKey.Priv, EDeviceKey.Pub), and incorporate the cipher suite identifier, the identifier of the elliptic curve for key agreement, and the EDeviceKey public point into the device engagement structure (refer to [ISO18013-5#9.1.1.4]). This key pair is temporary and MUST be invalidated immediately after the secure channel is established. Finally, the Wallet Instance displays the QR Code for Device Engagement.

+

Below an example of a device engagement structure that utilizes QR for device engagement and Bluetooth Low Energy (BLE) for data retrieval.

+

CBOR data:

+
a30063312e30018201d818584ba4010220012158205a88d182bce5f42efa59943f33359d2e8a968ff289d93e5fa444b624343167fe225820b16e8cf858ddc7690407ba61d4c338237a8cfcf3de6aa672fc60a557aa32fc670281830201a300f401f50b5045efef742b2c4837a9a3b0e1d05a6917
+
+
+

In diagnostic notation:

+
{
+  0: "1.0", % Version
+
+  1:        % Security
+  [
+      1,     % defines the cipher suite 1 which contains only EC curves
+      24(<<  % embedded CBOR data item
+        {
+          1: 2, % kty:EC2 (Elliptic curves with x and y coordinate pairs)
+        -1: 1, % crv:p256
+-2:h'5A88D182BCE5F42EFA59943F33359D2E8A968FF289D93E5FA444B624343  167FE',% x-coordinate
+-3:h'B16E8CF858DDC7690407BA61D4C338237A8CFCF3DE6AA672FC60A557AA32FC67' % y-coordinate
+        }
+      >>)
+    ],
+
+    2: %DeviceRetrievalMethods(Device engagement using QR code)
+    [
+      [
+        2, %BLE
+        1, % Version
+      {    %BLE options
+          0: false, % no support for mdoc peripheral server mode
+          1: true, % support mdoc central client mode
+          11: h'45EFEF742B2C4837A9A3B0E1D05A6917' % UUID of mdoc client central mode
+        }
+      ]
+    ]
+}
+
+
+

Step 4-6: The Verifier App scans the QR Code and generates its own ephemeral key pair (EReaderKey.Priv, EReaderKey.Pub). It then calculates the session key, using the public key received in the Engagement Structure and its newly-generated private key, as outlined in [ISO18013-5#9.1.1.5]. Finally, it generates its session key, which must be independently derived by both the Wallet Instance and the Verifier App.

+

Step 7: The Verifier App creates an mDoc request that MUST be encrypted using the relevant session key, and transmits it to the Wallet Instance along with EReaderKey.Pub within a session establishment message. The mDoc request MUST be encoded in CBOR, as demonstrated in the following non-normative example.

+

CBOR data: +.. code-block:

+
a26776657273696f6e63312e306b646f63526571756573747381a26c6974656d7352657175657374d818590152a267646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e4954a375766572696669636174696f6e2e65766964656e6365f4781c766572696669636174696f6e2e6173737572616e63655f6c6576656cf4781c766572696669636174696f6e2e74727573745f6672616d65776f726bf4716f72672e69736f2e31383031332e352e31ab76756e5f64697374696e6775697368696e675f7369676ef47264726976696e675f70726976696c65676573f46f646f63756d656e745f6e756d626572f46a69737375655f64617465f46f69737375696e675f636f756e747279f47169737375696e675f617574686f72697479f46a62697274685f64617465f46b6578706972795f64617465f46a676976656e5f6e616d65f468706f727472616974f46b66616d696c795f6e616d65f46a726561646572417574688443a10126a11821590129308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97bf6584058a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9
+
+
+

The above CBOR data is represented in diagnostic notation as follows: +.. code-block:

+
{
+  "version": "1.0",
+  "docRequests": [
+  {
+    "itemsRequest": 24(<< {
+      "docType": "org.iso.18013.5.1.mDL",
+      "nameSpaces": {
+        "org.iso.18013.5.1.IT": {
+          "verification.evidence": false,
+          "verification.assurance_level": false,
+          "verification.trust_framework": false
+        },
+        "org.iso.18013.5.1": {
+          "un_distinguishing_sign": false,
+          "driving_privileges": false,
+          "document_number": false,
+          "issue_date": false,
+          "issuing_country": false,
+          "issuing_authority": false,
+          "birth_date": false,
+          "expiry_date": false,
+          "given_name": false,
+          "portrait": false,
+          "family_name": false
+        }
+      }
+    } >>),
+    "readerAuth": [
+      h'a10126',
+      {
+        33: h'308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97b'
+      },
+      null,
+      h'58a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9'
+    ]
+  }
+  ]
+}
+
+
+

Step 8: The Wallet Instance uses the session establishment message to derive the session keys and decrypt the mDoc request. It computes the session key using the public key received from the Verifier App and its private key.

+

Step 9-10: When the Wallet Instance receives the mDoc request, it locates the documents that contain the requested attributes and asks the User for permission to provide this information to the Verifier. If the User agrees, the Wallet generates an mDoc response and transmits it to the Verifier App through the secure channel.

+

Step 11-12: If the User gives consent, the Wallet Instance creates an mDoc response and transmits it to the Verifier App via the secure channel. The mDoc response MUST be encoded in CBOR, with its structure outlined in [ISO18013-5#8.3.2.1.2.2]. Below is a non-normative example of an mDoc response.

+

CBOR Data: +.. code-block:

+
a36776657273696f6e63312e3069646f63756d656e747381a367646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c6973737565725369676e6564a26a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e495483d81858f7a46864696765737449440b6672616e646f6d506d44f21ee875f2c1d502b43198e5a15271656c656d656e744964656e74696669657275766572696669636174696f6e2e65766964656e63656c656c656d656e7456616c756581a2647479706571656c656374726f6e69635f7265636f7264667265636f7264bf6474797065781f68747470733a2f2f657564692e77616c6c65742e70646e642e676f762e697466736f75726365bf716f7267616e697a6174696f6e5f6e616d65754d6f746f72697a7a617a696f6e6520436976696c656f6f7267616e697a6174696f6e5f6964656d5f696e666c636f756e7472795f636f6465626974ffffd8185866a4686469676573744944046672616e646f6d50185d84dfb71ce9b173010ddd62174fbe71656c656d656e744964656e746966696572781c766572696669636174696f6e2e74727573745f6672616d65776f726b6c656c656d656e7456616c7565656569646173d8185865a4686469676573744944006672616e646f6d50137f903174253c4585358267aae2ea4e71656c656d656e744964656e746966696572781c766572696669636174696f6e2e6173737572616e63655f6c6576656c6c656c656d656e7456616c75656468696768716f72672e69736f2e31383031332e352e318bd8185852a46864696765737449440c6672616e646f6d5053e29d0ddbbc7d2306a32bdbe2e56e5171656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756563446f65d8185855a4686469676573744944036672616e646f6d50990cba2069fa1b33b8d6ae910b6549dc71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c756567416e746f6e696fd818585ba46864696765737449440a6672616e646f6d504086c1379975f805f1b1f4975e6a126571656c656d656e744964656e7469666965726a69737375655f646174656c656c656d656e7456616c7565d903ec6a323031392d31302d3230d818585ca4686469676573744944016672616e646f6d50ab4ca30c918dd2fd0bf35242c15fa2d871656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d31302d3230d8185855a4686469676573744944076672616e646f6d508d9066f6c8da16619867cd4e2fab0c8871656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ea4686469676573744944056672616e646f6d5059fe68db795dee4c20976380ea24770571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c75657828497374697475746f20506f6c696772616669636f2065205a656363612064656c6c6f20537461746fd818585ba4686469676573744944026672616e646f6d5008b3f1ca5517019767be3dee3bb0614571656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3230d818585ca4686469676573744944096672616e646f6d50a2395ec214350c26066306e23279b3ae71656c656d656e744964656e7469666965726f646f63756d656e745f6e756d6265726c656c656d656e7456616c756569393837363534333231d8185850a4686469676573744944066672616e646f6d50a25e1a5b915d2d6eafee9674e023293971656c656d656e744964656e74696669657268706f7274726169746c656c656d656e7456616c75654420212223d81858eea46864696765737449440d6672616e646f6d50eeed6a3b856563627589a360939d12f771656c656d656e744964656e7469666965727264726976696e675f70726976696c656765736c656c656d656e7456616c756582a37576656869636c655f63617465676f72795f636f646561416a69737375655f64617465d903ec6a323031382d30382d30396b6578706972795f64617465d903ec6a323032342d31302d3230a37576656869636c655f63617465676f72795f636f646561426a69737375655f64617465d903ec6a323031372d30322d32336b6578706972795f64617465d903ec6a323032342d31302d3230d818585ba4686469676573744944086672616e646f6d50c0ef486b2a194ed3cbf7f354fd40092171656c656d656e744964656e74696669657276756e5f64697374696e6775697368696e675f7369676e6c656c656d656e7456616c756561496a697373756572417574688443a10126a118215901423082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb
+
+
+

In diagnostic notation: +.. code-block:

+
{
+  "version": "1.0",
+  "documents": [
+  {
+    "docType": "org.iso.18013.5.1.mDL",
+    "issuerSigned": {
+      "nameSpaces": {
+        "org.iso.18013.5.1.IT": [
+          24(<< {
+            "digestID": 11,
+            "random": h'6d44f21ee875f2c1d502b43198e5a152',
+            "elementIdentifier": "verification.evidence",
+            "elementValue": [
+              {
+                "type": "electronic_record",
+                "record": {
+                  "type": "https://eudi.wallet.pdnd.gov.it",
+                  "source": {
+                    "organization_name": "Motorizzazione Civile",
+                    "organization_id": "m_inf",
+                    "country_code": "it"
+                  }
+                }
+              }
+            ]
+          } >>),
+          24(<< {
+            "digestID": 4,
+            "random": h'185d84dfb71ce9b173010ddd62174fbe',
+            "elementIdentifier": "verification.trust_framework",
+            "elementValue": "eidas"
+          } >>),
+          24(<< {
+            "digestID": 0,
+            "random": h'137f903174253c4585358267aae2ea4e',
+            "elementIdentifier": "verification.assurance_level",
+            "elementValue": "high"
+          } >>)
+        ],
+        "org.iso.18013.5.1": [
+          24(<< {
+            "digestID": 12,
+            "random": h'53e29d0ddbbc7d2306a32bdbe2e56e51',
+            "elementIdentifier": "family_name",
+            "elementValue": "Doe"
+          } >>),
+          24(<< {
+            "digestID": 3,
+            "random": h'990cba2069fa1b33b8d6ae910b6549dc',
+            "elementIdentifier": "given_name",
+            "elementValue": "Antonio"
+          } >>),
+          24(<< {
+            "digestID": 10,
+            "random": h'4086c1379975f805f1b1f4975e6a1265',
+            "elementIdentifier": "issue_date",
+            "elementValue": 1004("2019-10-20")
+          } >>),
+          24(<< {
+            "digestID": 1,
+            "random": h'ab4ca30c918dd2fd0bf35242c15fa2d8',
+            "elementIdentifier": "expiry_date",
+            "elementValue": 1004("2024-10-20")
+          } >>),
+          24(<< {
+            "digestID": 7,
+            "random": h'8d9066f6c8da16619867cd4e2fab0c88',
+            "elementIdentifier": "issuing_country",
+            "elementValue": "IT"
+          } >>),
+          24(<< {
+            "digestID": 5,
+            "random": h'59fe68db795dee4c20976380ea247705',
+            "elementIdentifier": "issuing_authority",
+            "elementValue": "Istituto Poligrafico e Zecca dello Stato"
+          } >>),
+          24(<< {
+            "digestID": 2,
+            "random": h'08b3f1ca5517019767be3dee3bb06145',
+            "elementIdentifier": "birth_date",
+            "elementValue": 1004("1956-01-20")
+          } >>),
+          24(<< {
+            "digestID": 9,
+            "random": h'a2395ec214350c26066306e23279b3ae',
+            "elementIdentifier": "document_number",
+            "elementValue": "987654321"
+          } >>),
+          24(<< {
+            "digestID": 6,
+            "random": h'a25e1a5b915d2d6eafee9674e0232939',
+            "elementIdentifier": "portrait",
+            "elementValue": h'20212223'
+          } >>),
+          24(<< {
+            "digestID": 13,
+            "random": h'eeed6a3b856563627589a360939d12f7',
+            "elementIdentifier": "driving_privileges",
+            "elementValue": [
+              {
+                "vehicle_category_code": "A",
+                "issue_date": 1004("2018-08-09"),
+                "expiry_date": 1004("2024-10-20")
+              },
+              {
+                "vehicle_category_code": "B",
+                "issue_date": 1004("2017-02-23"),
+                "expiry_date": 1004("2024-10-20")
+              }
+            ]
+          } >>),
+          24(<< {
+            "digestID": 8,
+            "random": h'c0ef486b2a194ed3cbf7f354fd400921',
+            "elementIdentifier": "un_distinguishing_sign",
+            "elementValue": "I"
+          } >>)
+        ]
+      },
+      "issuerAuth": [
+        h'a10126',
+        {
+          33: h'3082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb7d518bd9a519583e082d67effff06565804fc09abf0e4a08e699c9dba3796285a15f68e40ac7f9fc7700a15153a4065300a06082a8648ce3d040302034800304502210099b7d62e6bf7b1823db3713df889bf73e70bb4d9c58c21e92c58d2f1beffe932022058d039747a00d70e6d66be4797e6142b3608a014ee09b7b79af2cae2aaf27788'
+        },
+        24(<< {
+      "version": "1.0",
+      "digestAlgorithm": "SHA-256",
+      "docType": "org.iso.18013.5.1.mDL",
+      "valueDigests": {
+        "org.iso.18013.5.1": {
+        1: h'0E5F0B6B33418E508740771E82F893372EAF5B2445BC4C84DCF08B005E9493FC',
+        2: h'DE21BB62FF2897D8B986D2CDA9F9BC5865C02807F7B4D9DD1FA4A79DF4C0D37F',
+        3: h'BC5568239E35CE9FF8798C27FFDCD757B134B679F0FE05729AA3491381912E65',
+        5: h'E6048BDC7FD6454296F1E3F54536107C9C5B24C4064DE46A98121E3630EECCA2',
+        6: h'73690D92DCAA61B0203870F67C6AA9FDFEA889B6F0C720DE757B4B0A8516A206',
+        7: h'E353EA0B0FD92B6BE90C64CC3B2EE1284153A8F0F5066B99AAC599200E6EEEB2',
+        8: h'29227872CEB49923D267B5F4BADE6D387B42AC2DC4B2AE26C9013067FEE7018A',
+        9: h'A6A119F7CACAC0B8C6AACAC747FD3FE7E50B6D9BB8A507FDA79F0DF6646F285D',
+        10: h'6D8025D2F02A5E7E1406FB6AAEB67F9EDE9B07191A53F3E23B77C528223A94E2',
+        12: h'B0D43E4E2EA534E4D5304E64BCF7A0F13E2C8EE8304B9CD23ABA4909652A4647',
+        13: h'FBF4DE318982F2DBAD43C601CAEB22628B301AC18AA8264C5831B2AAAC89C486'
+        },
+        "org.iso.18013.5.1.IT": {
+        0: h'CF57377B675F64F37314739592C1E8A911A7DDAF341CE2902FE877C5A835E4C1',
+        4: h'4A4B4CC64EC9299C1A2501EA449F577005E9F7A60408057C07A7C67FB151E5F5',
+        11: h'78824FBD6FBBA88A2AAB44DF8B6F5E9759126D87D1F4415995E658FD9239E1FE'
+        }
+      },
+      "deviceKeyInfo": {
+        "deviceKey": {
+        1: 2,
+        -1: 1,
+        -2: h'AFD09E720B918CEDC2B8A881950BAB6A1051E18AE16A814D51E609938663D5E1',
+        -3: h'61FBC6C8AD24EC86A78BB4E9AC377DD2B7C711D9F2EB9AFD4AA0963662847AED'}},
+        "validityInfo": {
+          "signed": 0("2023-11-24T14:54:05Z"),
+          "validFrom": 0("2023-11-24T14:54:05Z"),
+          "validUntil": 0("2024-11-24T14:54:05Z")}
+        }  >>),
+        h'f2461e4fab69e9f7bcffe552395424514524d1679440036213173101448d1b1ab4a293859b389ffa8b47aeed10e9b0c1545412ac37c51a76482cd9bbbe110152'
+      ]
+    },
+    "deviceSigned": {
+      "nameSpaces": 24(<< {} >>),
+      "deviceAuth": {
+        "deviceSignature": [
+          h'a10126',
+          {},
+          null,
+          h'1fed7190d2975ab79c072e6f1d9d52436059d1fc959d55baf74f057d89b10fcc0dc77a50d433d4c76ddf26223c5560c4ab123b5cb5eb805a90036aa147493076'
+        ]
+      }
+    }
+  }
+  ],
+  "status": 0
+}
+
+
+

Step 13: The Verifier App is required to validate the signatures in the mDoc's issuerSigned field using the public key of the Credential Issuer specified within the mDoc. Subsequently, the Verifier MUST validate the signature in the deviceSigned field. If these signature checks pass, the Verifier can confidently consider the received information as valid.

+
+

Device Engagement

+

The Device Engagement structure MUST be have at least the following components:

+
+
    +

  • Version: tstr. Version of the data structure being used.

    • +

  • Security: an array that contains two mandatory values

    +
      +

    • the cipher identifier: see Table 22 of [ISO18013-5]

      • +

    • the mDL public ephemeral key generated by the Wallet Instance and required by the Verifier App to derive the Session Key. The mDL public ephemeral key MUST be of a type allowed by the indicated cipher suite.

      • +
    +
    • +

  • transferMethod: an array that contains one or more transferMethod arrays when performing device engagement using the QR code. This array is for offline data retrieval methods. A transferMethod array holds two mandatory values (type and version). Only the BLE option is supported by this technical implementation profile, then the type value MUST be set to 2.

    • +

  • BleOptions: this elements MUST provide options for the BLE connection (support for Peripheral Server or Central Client Mode, and the device UUID).

    • +
+
+
+
+

mDoc Request

+

The messages in the mDoc Request MUST be encoded using CBOR. The resulting CBOR byte string for the mDoc Request MUST be encrypted with the Session Key obtained after the Device Engagement phase and MUST be transmitted using the BLE protocol. +The details on the structure of mDoc Request, including identifier and format of the data elements, are provided below.

+
+
    +

  • version: (tstr). Version of the data structure.

    • +

  • docRequests: Requested DocType, NameSpace and data elements.

    +
      +

    • itemsRequest: #6.24(bstr .cbor ItemsRequest).

      +
        +

      • docType: (tstr). The DocType element contains the type of document requested. See Data Model Section.

        • +

      • nameSpaces: (tstr). See Data Model Section for more details.

        +
          +

        • dataElements: (tstr). Requested data elements with Intent to Retain value for each requested element.

          +
            +

          • IntentToRetain: (bool). It indicates that the Verifier App intends to retain the received data element.

            • +
          +
          • +
        +
        • +
      +
      • +

    • readerAuth: COSE_Sign1. It is required for the Verifier App authentication.

      • +
    +
    • +
+
+
+

Note

+

The domestic data elements MUST not be returned unless specifically requested by the Verifier App.

+
+
+
+

mDoc Response

+

The messages in the mDoc Response MUST be encoded using CBOR and MUST be encrypted with the Session Key obtained after the Device Engagement phase. +The details on the structure of mDoc Response are provided below.

+
+
    +

  • version: (tstr). Version of the data structure.

    • +

  • documents: Returned DocType, and ResponseData.

    +
      +

    • docType: (tstr). The DocType element contains the type of document returned. See Data Model Section.

      • +

    • ResponseData:

      +
        +

      • IssuerSigned: Responded data elements signed by the issuer.

        +
          +

        • nameSpaces: (tstr). See Data Model Section for more details.

          +
            +

          • IssuerSignedItemBytes: #6.24(bstr .cbor).

            +
              +

            • digestID: (uint). Reference value to one of the ValueDigests provided in the Mobile Security Object (issuerAuth).

              • +

            • random: (bstr). Random byte value used as salt for the hash function. This value SHALL be different for each IssuerSignedItem and it SHALL have a minimum length of 16 bytes.

              • +

            • elementIdentifier: (tstr). Identifier of User attribute name contained in the Credential.

              • +

            • elementValue: (any). User attribute value

              • +
            +
            • +
          +
          • +
        +
        • +

      • DeviceSigned: Responded data elements signed by the Wallet Instance.

        +
          +

        • NameSpaces: #6.24(bstr .cbor DeviceNameSpaces). The DeviceNameSpaces structure MAY be an empty structure. DeviceNameSpaces contains the data element identifiers and values. It is returned as part of the corresponding namespace in DeviceNameSpace.

          +
            +

          • DataItemName: (tstr). The identifier of the element.

            • +

          • DataItemValue: (any). The value of the element.

            • +
          +
          • +

        • DeviceAuth: The DeviceAuth structure MUST contain the DeviceSignature elements.

          +
            +

          • DeviceSignature: It MUST contain the device signature for the Wallet Instance authentication.

            • +
          +
          • +
        +
        • +
      +
      • +
    +
    • +

  • status: It contains a status code. For detailed description and action required refer to to Table 8 (ResponseStatus) of the [ISO18013-5]

    • +
+
+
+
+

Session Termination

+

The session MUST be terminated if at least one of the following conditions occur.

+
+
    +

  • After a time-out of no activity of receiving or sending session establishment or session data messages occurs. The time-out for no activity implemented by the Wallet Instance and the Verifier App SHOULD be no less than 300 seconds.

    • +

  • When the Wallet Instance doesn't accept any more requests.

    • +

  • When the Verifier App does not send any further requests.

    • +
+
+

If the Wallet Instance and the Verifier App does not send or receive any further requests, the session termination MUST be initiated as follows.

+
+
    +

  • Send the status code for session termination, or

    • +

  • dispatch the "End" command as outlined in [ISO18013-5#8.3.3.1.1.5].

    • +
+
+

When a session is terminated, the Wallet Instance and the Verifier App MUST perform at least the following actions:

+
+
    +

  • destruction of session keys and related ephemeral key material;

    • +

  • closure of the communication channel used for data retrieval.

    • +
+
+
+
+ + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/pseudonyms.html b/refs/pull/201/merge/en/pseudonyms.html new file mode 100644 index 000000000..12c10af30 --- /dev/null +++ b/refs/pull/201/merge/en/pseudonyms.html @@ -0,0 +1,1453 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | pseudonyms.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

pseudonyms.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/relying-party-solution.html b/refs/pull/201/merge/en/relying-party-solution.html new file mode 100644 index 000000000..71ed75ca6 --- /dev/null +++ b/refs/pull/201/merge/en/relying-party-solution.html @@ -0,0 +1,2570 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | Relying Party Solution + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

Relying Party Solution

+

This section describes how a remote Relying Party or a Verifier App requests to a Wallet Instance the presentation of the PID/EAAs.

+

In this section the following flows are described:

+
    +

  • Remote Flow, where the User presents a Credential to a remote Relying Party according to OPENID4VP. In this scenario the user-agent and the Wallet Instance may be used in the same device (Same Device Flow), or in different devices (Cross Device Flow).

    • +

  • Proximity Flow, where the User presents a Credential to a Verifier App according to ISO 18013-5. The User interacts with a Verifier using proximity connection technologies such as QR Code and Bluetooth Low Energy (BLE).

    • +
+
+

Remote Flow

+

In this scenario the Relying Party MUST provide the URL where the signed presentation Request Object is available for download.

+

Depending on whether the User is using a mobile device or a workstation, the Relying Party MUST support the following remote flows:

+
    +

  • Same Device, the Relying Party MUST provide a HTTP redirect (302) location to the Wallet Instance;

    • +

  • Cross Device, the Relying Party MUST provide a QR Code which the User frames with the Wallet Instance.

    • +
+

Once the Wallet Instance establishes the trust with the Relying Party and evaluates the request, the User gives the consent for the disclosure of the Digital Credentials, in the form of a Verifiable Presentation.

+

A High-Level description of the remote flow, from the User's perspective, is given below:

+
+
    +

  1. the Wallet Instance scans the QR Code and obtains the URL (Cross Device flow) or obtain directly an URL (Same Device flow);

    2. +

  2. the Wallet Instance extracts from the payload the client_id and the request_uri parameters;

    3. +

  3. the Wallet Instance establishes the Trust to the Relying Party by building the Federation Trust Chain. Implementations may evaluate the trust after having obtained the signed Request Object (see point 5);

    4. +

  4. the Wallet fetches the signed Request Object using an HTTP request with method GET to the endpoint provided in the request_uri parameter;

    5. +

  5. the Wallet verifies the signature of the signed Request Object and that its issuer matches the client_id obtained at the step number 2;

    6. +

  6. the Wallet checks the presence in the signed Request Object of the parameter request_uri_method, if this parameter is present and set with the post valueThe Wallet transmits its metadata to the request_uri endpoint of the Relying Party using an HTTP POST method and obtains an updated signed Request Object;

    7. +

  7. The Wallet Instance evaluates the requested PID/EAAs and checks the elegibility of the Relying Party in asking these by applying the policies related to that specific Relying Party;

    8. +

  8. the Wallet Instance asks User disclosure and consent;

    9. +

  9. the Wallet Instance presents the requested disclosure of PID/EAAs to the Relying Party, which validates the Wallet Attestation and checks that the Wallet Provider is trusted;

    10. +

  10. the Wallet Instance informs the User about the successfull authentication with the Relying Party and give a good user experience to let the User continuing its navigation.

    11. +
+
+

Below a sequence diagram that summarizes the interactions between all the involved parties.

+
+_images/cross_device_auth_seq_diagram.svg +
+

Fig. 5 Remote Protocol Flow

+
+
+

The details of each step shown in the previous picture are described in the table below.

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Id

Description

1, 2

The User requests to access to a protected resource, the Relying Party redirects the User to a discovery page in which the User selects the Login with the Wallet button. The Authorization flow starts.

3, 4,

The Relying Party provides the Wallet Instance with a URL where a generic signed Request Object can be downloaded.

5, 6, 7, 8, 9

In the Cross Device Flow: the Request URI is provided in the form of a QR Code that is shown to the User. The User frames the QRCode with the Wallet Instance and extracts client_id, request_uri and state. In the Same Device Flow the Relying Party provides the same information of the Cross-Device flow but in the form of HTTP Redirect Location (302).

10, 11, 12

The Wallet Instance obtains the signed Request Object.

13, 14 and 15

The Wallet Instance checks if the Relying Party has provided the request_uri_method within its signed Request Object. If true, the Wallet provides its metadata in the to the Relying Party. The Relying PArty produces a new signed Request Object compliant to the Wallet technical capabilities.

13, 14, 15, 16, 17, 18

The Request Object JWS is verified by the Wallet Instance. The Wallet processes the Relying Party metadata and applies the policies related to the Relying Party, attesting whose Digital Credentials and User data the Relying Party is granted to request.

19, 20

The Wallet Instance requests the User's consent for the release of the Credentials. The User authorizes and consents the presentation of the Credentials by selecting/deselecting the personal data to release.

21

The Wallet Instance provides the Authorization Response to the Relying Party using an HTTP request with the method POST (response mode "direct_post").

22, 23, 24, 25 and 26

The Relying Party verifies the Authorization Response, extracts the Wallet Attestation to establish the trust with the Wallet Solution. The Relying Party extracts the Digital Credentials and attests the trust to the Credentials Issuer and the proof of possession of the Wallet Instance about the presented Digital Credentials. Finally, the Relying Party verifies the revocation status of the presented Digital Credentials.

27 and 28

The Relying Party provides to the Wallet a redirect URI with a response code to be used by the Wallet to finalize the authentication.

29

The User is informed by the Wallet Instance that the Autentication succeded, then the protected resource is made available to the User.

+
+

Request URI with HTTP POST

+

The Relying Party SHOULD provide the POST method with its request_uri endpoint +allowing the Wallet Instance to inform the Relying Party about its technical capabilities.

+

This feature can be useful when, for example, the Wallet Instance supports +a restricted set of features, supported algorithms or a specific url for +its authorization_endpoint, and any other information that it deems necessary to +provide to the Relying Party the parameters necessary for better interoperability.

+
+

Warning

+

The Wallet Instance, when providing its technical capabilities to the +Relying Party, MUST NOT include any User information or other explicit +information regarding the hardware used or usage preferences of its User.

+
+

If both the Relying Party and the Wallet Instance +supports the request_uri_method with HTTP POST, +the Wallet Instance capabilities MUST +be provided using an HTTP request to the request_uri endpoint of the Relying Party, +with the method POST and content type set to application/json.

+

A non-normative example of the HTTP request is represented below:

+
POST /request-uri HTTP/1.1
+HOST: relying-party.example.org
+Content-Type: application/json
+
+{
+    "authorization_endpoint": "https://wallet-solution.digital-strategy.europa.eu/authorization",
+    "response_types_supported": [
+      "vp_token"
+    ],
+    "response_modes_supported": [
+      "form_post.jwt"
+    ],
+    "vp_formats_supported": {
+      "vc+sd-jwt": {
+          "sd-jwt_alg_values": [
+              "ES256",
+              "ES384"
+          ]
+      }
+    },
+    "request_object_signing_alg_values_supported": [
+      "ES256"
+    ],
+    "presentation_definition_uri_supported": false,
+}
+
+
+

The response of the Relying Party is defined in the section below.

+
+
+

Authorization Request Details

+

The Relying Party MUST create a Request Object in the form of a signed JWT and +it MUST provide it to the Wallet Instance through an HTTP URL (request URI). +The HTTP URL points to the web resource where the signed request object is +available for download. The URL parameters contained in the Relying Party +response, containing the request URI, are described in the Table below.

+ ++++ + + + + + + + + + + + + + +

Name

Description

client_id

Unique identifier of the Relying Party.

request_uri

The HTTPs URL where the Relying Party provides the signed Request Object to the Wallet Instance.

+

Below a non-normative example of the response containing the required parameters previously described.

+
https://wallet-solution.digital-strategy.europa.eu/authorization?client_id=...&request_uri=...
+
+
+

The value corresponding to the request_uri endpoint SHOULD be randomized, according to RFC 9101, The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) Section 5.2.1.

+

In the Same Device Flow the Relying Party uses an HTTP response redirect (with status code set to 302) as represented in the following non-normative example:

+
HTTP/1.1 /authorization Found
+Location: https://wallet-solution.digital-strategy.europa.eu?
+client_id=https%3A%2F%2Frelying-party.example.org%2Fcb
+&request_uri=https%3A%2F%2Frelying-party.example.org%2Frequest_uri
+
+
+

In the Cross Device Flow, a QR Code is shown by the Relying Party to the User in order to provide the Authorization Request. The User frames the QR Code using their Wallet Instance.

+

Below is represented a non-normative example of a QR Code issued by the Relying Party.

+
+_images/verifier_qr_code.svg
+

Below is represented a non-normative example of the QR Code raw payload:

+
https://wallet-solution.digital-strategy.europa.eu/authorization?client_id=https%3A%2F%2Frelying-party.example.org&request_uri=https%3A%2F%2Frelying-party.example.org
+
+
+
+

Note

+

The error correction level chosen for the QR Code MUST be Q (Quartily - up to 25%), since it offers a good balance between error correction capability and data density/space. This level of quality and error correction allows the QR Code to remain readable even if it is damaged or partially obscured.

+
+
+
+

Cross Device Flow Status Checks and Security

+

When the flow is Cross Device, the user-agent needs to check the session status to the endpoint made available by Relying Party (status endpoint). This check MAY be implemented in the form of JavaScript code, within the page that shows the QRCode, then the user-agent checks the status with a polling strategy in seconds or a push strategy (eg: web socket).

+

Since the QRcode page and the status endpoint are implemented by the Relying Party, it is under its responsability the implementation details of this solution, since it is related to the Relying Party's internal API.

+

The Relying Party MUST bind the request of the user-agent, with a Secure and HttpOnly session cookie, with the issued request. The request url SHOULD include a parameter with a random value. The HTTP response returned by this specialized endpoint MAY contain the HTTP status codes listed below:

+
    +

  • 201 Created. The signed Request Object was issued by the Relying Party that waits to be downloaded by the Wallet Instance at the request_uri endpoint.

    • +

  • 202 Accepted. This response is given when the signed Request Object was obtained by the Wallet Instance.

    • +

  • 200 OK. The Wallet Instance has provided the presentation to the Relying Party's response_uri endpoint and the User authentication is successful. The Relying Party updates the session cookie allowing the user-agent to access to the protected resource. An URL is provided carrying the location where the user-agent is intended to navigate.

    • +

  • 401 Unauthorized. The Wallet Instance or its User have rejected the request, or the request is expired. The QRCode page SHOULD be updated with an error message.

    • +
+

Below a non-normative example of the HTTP Request to this specialized endpoint, where the parameter id contains an opaque and random value:

+
GET /session-state?id=3be39b69-6ac1-41aa-921b-3e6c07ddcb03
+HTTP/1.1
+HOST: relying-party.example.org
+
+
+
+
+

Request Object Details

+

Below a non-normative example of HTTP request made by the Wallet Instance to the Relying Party.

+
GET /request_uri HTTP/1.1
+HOST: relying-party.example.org
+
+
+
+
+

Request URI response

+

The Relying Party issues the signed Request Object, where a non-normative example in the form of decoded header and payload is shown below:

+
{
+  "alg": "ES256",
+  "typ": "JWT",
+  "kid": "e0bbf2f1-8c3a-4eab-a8ac-2e8f34db8a47",
+  "trust_chain": [
+    "MIICajCCAdOgAwIBAgIC...awz",
+    "MIICajCCAdOgAwIBAgIC...2w3",
+    "MIICajCCAdOgAwIBAgIC...sf2"
+  ]
+}
+.
+{
+  "scope": "eu.europa.ec.eudiw.pid.it.1 tax_id_number",
+  "client_id_scheme": "entity_id",
+  "client_id": "https://relying-party.example.org",
+  "response_mode": "direct_post.jwt",
+  "response_type": "vp_token",
+  "response_uri": "https://relying-party.example.org/response_uri",
+  "nonce": "2c128e4d-fc91-4cd3-86b8-18bdea0988cb",
+  "state": "3be39b69-6ac1-41aa-921b-3e6c07ddcb03",
+  "iss": "https://relying-party.example.org",
+  "iat": 1672418465,
+  "exp": 1672422065,
+  "request_uri_method": "post"
+}
+
+
+

The JWS header parameters are described below:

+ ++++ + + + + + + + + + + + + + + + + + + + +

Name

Description

alg

Algorithm used to sign the JWT, according to [RFC 7516#section-4.1.1]. It MUST be one of the supported algorithms in Section Cryptographic Algorithms and MUST NOT be set to none or to a symmetric algorithm (MAC) identifier.

typ

Media Type of the JWT, as defined in [RFC 7519].

kid

Key ID of the public key needed to verify the JWS signature, as defined in [RFC 7517]. REQUIRED when trust_chain is used.

trust_chain

Sequence of Entity Statements that composes the Trust Chain related to the Relying Party, as defined in OIDC-FED Section 3.2.1. Trust Chain Header Parameter.

+

The JWS payload parameters are described herein:

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Name

Description

scope

Aliases for well-defined Presentation Definitions IDs. It is used to identify which required credentials and User attributes are requested by the Relying Party, according to the Section "Using scope Parameter to Request Verifiable Credential(s)" of [OID4VP].

client_id_scheme

String identifying the scheme of the value in the client_id. It MUST be set to the value entity_id.

client_id

Unique Identifier of the Relying Party.

response_mode

It MUST be set to direct_post.jwt.

response_type

It MUST be set to``vp_token``.

response_uri

The Response URI to which the Wallet Instance MUST send the Authorization Response using an HTTP request using the method POST.

nonce

Fresh cryptographically random number with sufficient entropy, which length MUST be at least 32 digits.

state

Unique identifier of the Authorization Request.

iss

The entity that has issued the JWT. It will be populated with the Relying Party client id.

iat

Unix Timestamp, representing the time at which the JWT was issued.

exp

Unix Timestamp, representing the expiration time on or after which the JWT MUST NOT be valid anymore.

request_uri_method

String determining the HTTP method to be used with the request_uri endpoint to provide the Wallet metadata to the Relying Party. The value is case-insensitive and can be set to: get or post. The GET method, as defined in [@RFC9101], involves the Wallet sending a GET request to retrieve a Request Object. The POST method involves the Wallet requesting the creation of a new Request Object by sending an HTTP POST request, with its metadata, to the request URI of the Relying Party.

+
+

Warning

+

Using the parameter scope requires that the Relying Party Metadata MUST contain the presentation_definition, where a non-normative example of it is given below:

+
+
{
+  "presentation_definition": {
+    "id": "presentation definitions",
+    "input_descriptors": [
+      {
+        "id": "eu.europa.ec.eudiw.pid.it.1",
+        "name": "Person Identification Data",
+        "purpose": "User authentication",
+        "format": "vc+sd-jwt",
+        "constraints": {
+          "fields": [
+            {
+              "path": [
+                "$.credentialSubject.unique_id",
+                "$.credentialSubject.given_name",
+                "$.credentialSubject.family_name",
+              ]
+            }
+          ],
+          "limit_discolusre": "preferred"
+        }
+      }
+    ]
+  }
+}
+
+
+
+

Note

+

The following parameters, even if defined in [OID4VP], are not mentioned in the previous non-normative example, since their usage is conditional and may change in future release of this documentation.

+
    +

  • presentation_definition: JSON object according to Presentation Exchange. This parameter MUST not be present when presentation_definition_uri or scope are present.

    • +

  • presentation_definition_uri: Not supported. String containing an HTTPS URL pointing to a resource where a Presentation Definition JSON object can be retrieved. This parameter MUST be present when presentation_definition parameter or a scope value representing a Presentation Definition is not present.

    • +

  • client_metadata: A JSON object containing the Relying Party metadata values. The client_metadata parameter MUST NOT be present when client_id_scheme is entity_id. Since the client_metadata is taken from trust_chain, this parameter is intended to not be used.

    • +

  • client_metadata_uri: string containing an HTTPS URL pointing to a resource where a JSON object with the Relying Party metadata can be retrieved. The client_metadata_uri parameter MUST NOT be present when client_id_scheme is entity_id. Since the client_metadata is taken from trust_chain, this parameter is intended to not be used.

    • +
+
+
+
+

Authorization Response Details

+

After getting the User authorization and consent for the presentation of the Credentials, the Wallet sends the Authorization Response to the Relying Party response_uri endpoint, the content SHOULD be encrypted according OPENID4VP Section 6.3, using the Relying Party public key.

+
+

Note

+

Why the response is encrypted?

+

The response sent from the Wallet Instance to the Relying Party is encrypted to prevent a malicious agent from gaining access to the plaintext information transmitted within the Relying Party's network. This is only possible if the network environment of the Relying Party employs TLS termination. Such technique employs a termination proxy that acts as an intermediary between the client and the webserver and handles all TLS-related operations. In this manner, the proxy deciphers the transmission's content and either forwards it in plaintext or by negotiates an internal TLS session with the actual webserver's intended target. In the first scenario, any malicious actor within the network segment could intercept the transmitted data and obtain sensitive information, such as an unencrypted response, by sniffing the transmitted data.

+
+

Below a non-normative example of the request:

+
POST /response_uri HTTP/1.1
+HOST: relying-party.example.org
+Content-Type: application/x-www-form-urlencoded
+
+response=eyJhbGciOiJFUzI1NiIs...9t2LQ
+
+
+

Below is a non-normative example of the decrypted JSON response content:

+
{
+  "state": "3be39b69-6ac1-41aa-921b-3e6c07ddcb03",
+  "vp_token": [
+      "eyJhbGciOiJFUzI1NiIs...PT0iXX0",
+      $WalletInstanceAttestation-JWT
+  ],
+  "presentation_submission": {
+      "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
+      "id": "04a98be3-7fb0-4cf5-af9a-31579c8b0e7d",
+      "descriptor_map": [
+          {
+              "id": "eu.europa.ec.eudiw.pid.it.1",
+              "path": "$.vp_token.verified_claims.claims._sd[0]",
+              "format": "vc+sd-jwt"
+          }
+      ]
+  }
+}
+
+
+

Where the following parameters are used:

+ ++++ + + + + + + + + + + + + + + + + +

Name

Description

vp_token

JSON Array containing the Verifiable Presentation(s). There MUST be at least two signed presentations in this Array: +- The Requested Digital Credential (one or more, if in format SD-JWT VC or MDOC CBOR) +- The Wallet Instance Attestation

presentation_submission

JSON Object containing the mappings between the requested Verifiable Credentials and where to find them within the returned Verifiable Presentation Token.

state

Unique identifier provided by the Relying Party within the Authorization Request.

+

Below is a non-normative example of the vp_token decoded content, represented in the form of JWS header and payload, separated by a period:

+
{
+  "alg": "ES256",
+  "typ": "JWT",
+  "kid": "e0bbf2f1-8c3a-4eab-a8ac-2e8f34db8a47"
+}
+.
+{
+  "iss": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
+  "jti": "3978344f-8596-4c3a-a978-8fcaba3903c5",
+  "aud": "https://relying-party.example.org/response_uri",
+  "iat": 1541493724,
+  "exp": 1573029723,
+  "nonce": "2c128e4d-fc91-4cd3-86b8-18bdea0988cb"
+  "vp": "<Issuer-Signed-JWT>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>"
+}
+
+
+

Where the following parameters are used:

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + +

Name

Description

vp

The Digital Credential in its original state. The public key contained in the Digital Credential MUST be used to verify the entire VP JWS as Proof of Possession of the private key which the public key is included in the Digital Credential. Eg: for SD-JWT VC the pblic key is provided within the cnf.jwk claim.

jti

JWS unique identifier.

iat

Unix timestamp of the time of issuance of this presentation.

exp

Unix timestamp beyond which this presentation will no longer be considered valid.

aud

Audience of the VP, corresponding to the response_uri within the Authorization request issued by the Relying Party.

nonce

The nonce value provided by the Relying Party within the Authorization Request.

+
+
+

Redirect URI

+

When the Relying Party provides the redirect URI, the Wallet MUST send the user-agent to this redirect URI. The redirect URI allows the Relying Party to continue the interaction with the End-User on the device where the Wallet resides after the Wallet has sent the Authorization Response to the response URI.

+

The Relying Party MUST include a response code withing the redirect URI. The response code is a fresh, cryptographically random number used to ensure only the receiver of the redirect can fetch and process the Authorization Response. The number could be added as a path component, as a parameter or as a fragment to the URL. It is RECOMMENDED to use a cryptographic random value of 128 bits or more at the time of the writing of this specification.

+

The following is a non-normative example of the response from the Relying Party to the Wallet upon receiving the Authorization Response at the Response Endpoint.

+
HTTP/1.1 200 OK
+Content-Type: application/json;charset=UTF-8
+
+{
+  "redirect_uri": "https://relying-party.example.org/cb#response_code=091535f699ea575c7937fa5f0f454aee"
+}
+
+
+

The redirect_uri value MUST be used with an HTTP method GET by either the Wallet or the user-agent to redirect the User to the Relying Party in order to complete the authentication process. The specific entity that performs this action depends on whether the flow is Same device or Cross device.

+
+
+

Relying Party Entity Configuration

+

According to the Trust Model section, the Relying Party is a Federation Entity and MUST expose a well-known endpoint containing its Entity Configuration.

+

Below a non-normative example of the request made by the Wallet Instance to the openid-federation well-known endpoint to obtain the Relying Party Entity Configuration:

+
GET /.well-known/openid-federation HTTP/1.1
+HOST: relying-party.example.org
+
+
+

Below is a non-normative response example:

+
{
+    "alg": "RS256",
+    "kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
+    "typ": "entity-statement+jwt"
+}
+.
+{
+    "exp": 1649590602,
+    "iat": 1649417862,
+    "iss": "https://rp.example.it",
+    "sub": "https://rp.example.it",
+    "jwks": {
+        "keys": [
+            {
+                "kty": "RSA",
+                "n": "5s4qi ...",
+                "e": "AQAB",
+                "kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs"
+            }
+        ]
+    },
+    "metadata": {
+        "wallet_relying_party": {
+            "application_type": "web",
+            "client_id": "https://rp.example.it",
+            "client_name": "Name of an example organization",
+            "jwks": {
+                "keys": [
+                    {
+                        "kty": "RSA",
+                        "use": "sig",
+                        "n": "1Ta-sE ...",
+                        "e": "AQAB",
+                        "kid": "YhNFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
+                        "x5c": [ "..." ]
+                    }
+                ]
+            },
+
+            "contacts": [
+                "ops@relying-party.example.org"
+            ],
+
+            "request_uris": [
+                "https://relying-party.example.org/request_uri"
+            ],
+            "response_uris": [
+                "https://relying-party.example.org/response_uri"
+            ],
+            "default_acr_values": [
+                "https://www.spid.gov.it/SpidL2",
+                "https://www.spid.gov.it/SpidL3"
+            ],
+            "vp_formats": {
+                "vc+sd-jwt": {
+                    "sd-jwt_alg_values": [
+                        "ES256",
+                        "ES384"
+                    ],
+                    "kb-jwt_alg_values": [
+                        "ES256",
+                        "ES384"
+                    ]
+                }
+            },
+              "presentation_definitions": [
+                  {
+                    "id": "eu.europa.ec.eudiw.pid.it.1",
+                    "input_descriptors": [
+                        {
+                            "id": "IdentityCredential",
+                            "format": {
+                                "vc+sd-jwt": {}
+                            },
+                            "constraints": {
+                                "limit_disclosure": "required",
+                                "fields": [
+                                    {
+                                        "path": [
+                                            "$.type"
+                                        ],
+                                        "filter": {
+                                            "type": "string",
+                                            "const": "IdentityCredential"
+                                        }
+                                    },
+                                    {
+                                        "path": [
+                                            "$.family_name"
+                                        ]
+                                    },
+                                    {
+                                        "path": [
+                                            "$.given_name"
+                                        ]
+                                    },
+                                    {
+                                        "path": [
+                                            "$.unique_id"
+                                        ],
+                                        "intent_to_retain": "true"
+                                    }
+                                ]
+                            }
+                        }
+                    ]
+                },
+                  {
+                    "id": "mDL-sample-req",
+                    "input_descriptors": [
+                        {
+                            "id": "mDL",
+                            "format": {
+                                "mso_mdoc": {
+                                    "alg": [
+                                        "EdDSA",
+                                        "ES256"
+                                    ]
+                                },
+                                "constraints": {
+                                    "limit_disclosure": "required",
+                                    "fields": [
+                                        {
+                                            "path": [
+                                                "$.mdoc.doctype"
+                                            ],
+                                            "filter": {
+                                                "type": "string",
+                                                "const": "org.iso.18013.5.1.mDL"
+                                            }
+                                        },
+                                        {
+                                            "path": [
+                                                "$.mdoc.namespace"
+                                            ],
+                                            "filter": {
+                                                "type": "string",
+                                                "const": "org.iso.18013.5.1"
+                                            }
+                                        },
+                                        {
+                                            "path": [
+                                                "$.mdoc.family_name"
+                                            ],
+                                            "intent_to_retain": "false"
+                                        },
+                                        {
+                                            "path": [
+                                                "$.mdoc.portrait"
+                                            ],
+                                            "intent_to_retain": "false"
+                                        },
+                                        {
+                                            "path": [
+                                                "$.mdoc.driving_privileges"
+                                            ],
+                                            "intent_to_retain": "false"
+                                        }
+                                    ]
+                                }
+                            }
+                        }
+                    ]
+                }
+            ],
+
+            "default_max_age": 1111,
+
+            // JARM related
+            "authorization_signed_response_alg": [[
+                "ES256"
+            ],
+            "authorization_encrypted_response_alg": [
+                "RSA-OAEP",
+                "RSA-OAEP-256"
+            ],
+            "authorization_encrypted_response_enc": [
+                "A128CBC-HS256",
+                "A192CBC-HS384",
+                "A256CBC-HS512",
+                "A128GCM",
+                "A192GCM",
+                "A256GCM"
+            ],
+
+            // SIOPv2 related
+            "subject_type": "pairwise",
+            "require_auth_time": true,
+            "id_token_signed_response_alg": [
+                "ES256"
+            ],
+            "id_token_encrypted_response_alg": [
+                "RSA-OAEP",
+                "RSA-OAEP-256"
+            ],
+            "id_token_encrypted_response_enc": [
+                "A128CBC-HS256",
+                "A192CBC-HS384",
+                "A256CBC-HS512",
+                "A128GCM",
+                "A192GCM",
+                "A256GCM"
+            ],
+        },
+        "federation_entity": {
+            "organization_name": "OpenID Wallet Relying Party example",
+            "homepage_uri": "https://relying-party.example.org/home",
+            "policy_uri": "https://relying-party.example.org/policy",
+            "logo_uri": "https://relying-party.example.org/static/logo.svg",
+            "contacts": [
+               "tech@relying-party.example.org"
+             ]
+        }
+    },
+    "authority_hints": [
+        "https://registry.eudi-wallet.example.it"
+    ]
+  }
+}
+
+
+

The Entity Configuration is a JWS, where its header parameters are defined below:

+ ++++ + + + + + + + + + + + + + + + + +

Name

Description

alg

Algorithm used to sign the JWT

typ

Media Type of the JWT

kid

Key ID used identifying the key used to sign the JWS

+
+
+
+

Proximity Flow

+

This section describes how a Verifier requests the presentation of an mDoc-CBOR Credential to a Wallet Instance according to the ISO 18013-5 Specification. Only Supervised Device Retrieval flow is supported in this technical implementation profile.

+

The presentation phase is divided into three sub-phases:

+
+

1. Device Engagement: This subphase begins when the User is prompted to disclose certain attributes from the mDoc(s). The objective of this subphase is to establish a secure communication channel between the Wallet Instance and the Verifier App, so that the mDoc requests and responses can be exchanged during the communication subphase. +The messages exchanged in this subphase are transmitted through short-range technologies to limit the possibility of interception and eavesdropping. +This technical implementation profile exclusively supports QR code for Device Engagement.

+

2. Session establishment: During the session establishment phase, the Verifier App sets up a secure connection. All data transmitted over this connection is encrypted using a session key, which is known to both the Wallet Instance and the Verifier at this stage. +The established session MAY be terminated based on the conditions as detailed in [ISO18013-5#9.1.1.4].

+

3. Communication - Device Retrieval: The Verifier App encrypts the mDoc request with the appropriate session key and sends it to the Wallet Instance together with its public key in a session establishment message. The mDoc uses the data from the session establishment message to derive the session key and decrypt the mDoc request. +During the communication subphase, the Verifier App has the option to request information from the Wallet using mDoc requests and responses. The primary mode of communication is the secure channel established during the session setup. The Wallet Instance encrypts the mDoc response using the session key and transmits it to the Verifier App via a session data message. This technical implementation profile only supports Bluetooth Low Energy (BLE) for the communication sub-phase.

+
+

The following figure illustrates the flow diagram compliant with ISO 18013-5 for proximity flow.

+
+_images/High-Level-Flow-ITWallet-Presentation-ISO.svg +
+

Fig. 6 High-Level Proximity Flow

+
+
+

Step 1-3: The Verifier requests the User to reveal certain attributes from their mDoc(s) stored in the Wallet Instance. The User initiates the Wallet Instance. The Wallet Instance MUST create a new temporary key pair (EDeviceKey.Priv, EDeviceKey.Pub), and incorporate the cipher suite identifier, the identifier of the elliptic curve for key agreement, and the EDeviceKey public point into the device engagement structure (refer to [ISO18013-5#9.1.1.4]). This key pair is temporary and MUST be invalidated immediately after the secure channel is established. Finally, the Wallet Instance displays the QR Code for Device Engagement.

+

Below an example of a device engagement structure that utilizes QR for device engagement and Bluetooth Low Energy (BLE) for data retrieval.

+

CBOR data:

+
a30063312e30018201d818584ba4010220012158205a88d182bce5f42efa59943f33359d2e8a968ff289d93e5fa444b624343167fe225820b16e8cf858ddc7690407ba61d4c338237a8cfcf3de6aa672fc60a557aa32fc670281830201a300f401f50b5045efef742b2c4837a9a3b0e1d05a6917
+
+
+

In diagnostic notation:

+
{
+  0: "1.0", % Version
+
+  1:        % Security
+  [
+      1,     % defines the cipher suite 1 which contains only EC curves
+      24(<<  % embedded CBOR data item
+        {
+          1: 2, % kty:EC2 (Elliptic curves with x and y coordinate pairs)
+        -1: 1, % crv:p256
+-2:h'5A88D182BCE5F42EFA59943F33359D2E8A968FF289D93E5FA444B624343  167FE',% x-coordinate
+-3:h'B16E8CF858DDC7690407BA61D4C338237A8CFCF3DE6AA672FC60A557AA32FC67' % y-coordinate
+        }
+      >>)
+    ],
+
+    2: %DeviceRetrievalMethods(Device engagement using QR code)
+    [
+      [
+        2, %BLE
+        1, % Version
+      {    %BLE options
+          0: false, % no support for mdoc peripheral server mode
+          1: true, % support mdoc central client mode
+          11: h'45EFEF742B2C4837A9A3B0E1D05A6917' % UUID of mdoc client central mode
+        }
+      ]
+    ]
+}
+
+
+

Step 4-6: The Verifier App scans the QR Code and generates its own ephemeral key pair (EReaderKey.Priv, EReaderKey.Pub). It then calculates the session key, using the public key received in the Engagement Structure and its newly-generated private key, as outlined in [ISO18013-5#9.1.1.5]. Finally, it generates its session key, which must be independently derived by both the Wallet Instance and the Verifier App.

+

Step 7: The Verifier App creates an mDoc request that MUST be encrypted using the relevant session key, and transmits it to the Wallet Instance along with EReaderKey.Pub within a session establishment message. The mDoc request MUST be encoded in CBOR, as demonstrated in the following non-normative example.

+

CBOR data: +.. code-block:

+
a26776657273696f6e63312e306b646f63526571756573747381a26c6974656d7352657175657374d818590152a267646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e4954a375766572696669636174696f6e2e65766964656e6365f4781c766572696669636174696f6e2e6173737572616e63655f6c6576656cf4781c766572696669636174696f6e2e74727573745f6672616d65776f726bf4716f72672e69736f2e31383031332e352e31ab76756e5f64697374696e6775697368696e675f7369676ef47264726976696e675f70726976696c65676573f46f646f63756d656e745f6e756d626572f46a69737375655f64617465f46f69737375696e675f636f756e747279f47169737375696e675f617574686f72697479f46a62697274685f64617465f46b6578706972795f64617465f46a676976656e5f6e616d65f468706f727472616974f46b66616d696c795f6e616d65f46a726561646572417574688443a10126a11821590129308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97bf6584058a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9
+
+
+

The above CBOR data is represented in diagnostic notation as follows: +.. code-block:

+
{
+  "version": "1.0",
+  "docRequests": [
+  {
+    "itemsRequest": 24(<< {
+      "docType": "org.iso.18013.5.1.mDL",
+      "nameSpaces": {
+        "org.iso.18013.5.1.IT": {
+          "verification.evidence": false,
+          "verification.assurance_level": false,
+          "verification.trust_framework": false
+        },
+        "org.iso.18013.5.1": {
+          "un_distinguishing_sign": false,
+          "driving_privileges": false,
+          "document_number": false,
+          "issue_date": false,
+          "issuing_country": false,
+          "issuing_authority": false,
+          "birth_date": false,
+          "expiry_date": false,
+          "given_name": false,
+          "portrait": false,
+          "family_name": false
+        }
+      }
+    } >>),
+    "readerAuth": [
+      h'a10126',
+      {
+        33: h'308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97b'
+      },
+      null,
+      h'58a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9'
+    ]
+  }
+  ]
+}
+
+
+

Step 8: The Wallet Instance uses the session establishment message to derive the session keys and decrypt the mDoc request. It computes the session key using the public key received from the Verifier App and its private key.

+

Step 9-10: When the Wallet Instance receives the mDoc request, it locates the documents that contain the requested attributes and asks the User for permission to provide this information to the Verifier. If the User agrees, the Wallet generates an mDoc response and transmits it to the Verifier App through the secure channel.

+

Step 11-12: If the User gives consent, the Wallet Instance creates an mDoc response and transmits it to the Verifier App via the secure channel. The mDoc response MUST be encoded in CBOR, with its structure outlined in [ISO18013-5#8.3.2.1.2.2]. Below is a non-normative example of an mDoc response.

+

CBOR Data: +.. code-block:

+
a36776657273696f6e63312e3069646f63756d656e747381a367646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c6973737565725369676e6564a26a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e495483d81858f7a46864696765737449440b6672616e646f6d506d44f21ee875f2c1d502b43198e5a15271656c656d656e744964656e74696669657275766572696669636174696f6e2e65766964656e63656c656c656d656e7456616c756581a2647479706571656c656374726f6e69635f7265636f7264667265636f7264bf6474797065781f68747470733a2f2f657564692e77616c6c65742e70646e642e676f762e697466736f75726365bf716f7267616e697a6174696f6e5f6e616d65754d6f746f72697a7a617a696f6e6520436976696c656f6f7267616e697a6174696f6e5f6964656d5f696e666c636f756e7472795f636f6465626974ffffd8185866a4686469676573744944046672616e646f6d50185d84dfb71ce9b173010ddd62174fbe71656c656d656e744964656e746966696572781c766572696669636174696f6e2e74727573745f6672616d65776f726b6c656c656d656e7456616c7565656569646173d8185865a4686469676573744944006672616e646f6d50137f903174253c4585358267aae2ea4e71656c656d656e744964656e746966696572781c766572696669636174696f6e2e6173737572616e63655f6c6576656c6c656c656d656e7456616c75656468696768716f72672e69736f2e31383031332e352e318bd8185852a46864696765737449440c6672616e646f6d5053e29d0ddbbc7d2306a32bdbe2e56e5171656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756563446f65d8185855a4686469676573744944036672616e646f6d50990cba2069fa1b33b8d6ae910b6549dc71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c756567416e746f6e696fd818585ba46864696765737449440a6672616e646f6d504086c1379975f805f1b1f4975e6a126571656c656d656e744964656e7469666965726a69737375655f646174656c656c656d656e7456616c7565d903ec6a323031392d31302d3230d818585ca4686469676573744944016672616e646f6d50ab4ca30c918dd2fd0bf35242c15fa2d871656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d31302d3230d8185855a4686469676573744944076672616e646f6d508d9066f6c8da16619867cd4e2fab0c8871656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ea4686469676573744944056672616e646f6d5059fe68db795dee4c20976380ea24770571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c75657828497374697475746f20506f6c696772616669636f2065205a656363612064656c6c6f20537461746fd818585ba4686469676573744944026672616e646f6d5008b3f1ca5517019767be3dee3bb0614571656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3230d818585ca4686469676573744944096672616e646f6d50a2395ec214350c26066306e23279b3ae71656c656d656e744964656e7469666965726f646f63756d656e745f6e756d6265726c656c656d656e7456616c756569393837363534333231d8185850a4686469676573744944066672616e646f6d50a25e1a5b915d2d6eafee9674e023293971656c656d656e744964656e74696669657268706f7274726169746c656c656d656e7456616c75654420212223d81858eea46864696765737449440d6672616e646f6d50eeed6a3b856563627589a360939d12f771656c656d656e744964656e7469666965727264726976696e675f70726976696c656765736c656c656d656e7456616c756582a37576656869636c655f63617465676f72795f636f646561416a69737375655f64617465d903ec6a323031382d30382d30396b6578706972795f64617465d903ec6a323032342d31302d3230a37576656869636c655f63617465676f72795f636f646561426a69737375655f64617465d903ec6a323031372d30322d32336b6578706972795f64617465d903ec6a323032342d31302d3230d818585ba4686469676573744944086672616e646f6d50c0ef486b2a194ed3cbf7f354fd40092171656c656d656e744964656e74696669657276756e5f64697374696e6775697368696e675f7369676e6c656c656d656e7456616c756561496a697373756572417574688443a10126a118215901423082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb
+
+
+

In diagnostic notation: +.. code-block:

+
{
+  "version": "1.0",
+  "documents": [
+  {
+    "docType": "org.iso.18013.5.1.mDL",
+    "issuerSigned": {
+      "nameSpaces": {
+        "org.iso.18013.5.1.IT": [
+          24(<< {
+            "digestID": 11,
+            "random": h'6d44f21ee875f2c1d502b43198e5a152',
+            "elementIdentifier": "verification.evidence",
+            "elementValue": [
+              {
+                "type": "electronic_record",
+                "record": {
+                  "type": "https://eudi.wallet.pdnd.gov.it",
+                  "source": {
+                    "organization_name": "Motorizzazione Civile",
+                    "organization_id": "m_inf",
+                    "country_code": "it"
+                  }
+                }
+              }
+            ]
+          } >>),
+          24(<< {
+            "digestID": 4,
+            "random": h'185d84dfb71ce9b173010ddd62174fbe',
+            "elementIdentifier": "verification.trust_framework",
+            "elementValue": "eidas"
+          } >>),
+          24(<< {
+            "digestID": 0,
+            "random": h'137f903174253c4585358267aae2ea4e',
+            "elementIdentifier": "verification.assurance_level",
+            "elementValue": "high"
+          } >>)
+        ],
+        "org.iso.18013.5.1": [
+          24(<< {
+            "digestID": 12,
+            "random": h'53e29d0ddbbc7d2306a32bdbe2e56e51',
+            "elementIdentifier": "family_name",
+            "elementValue": "Doe"
+          } >>),
+          24(<< {
+            "digestID": 3,
+            "random": h'990cba2069fa1b33b8d6ae910b6549dc',
+            "elementIdentifier": "given_name",
+            "elementValue": "Antonio"
+          } >>),
+          24(<< {
+            "digestID": 10,
+            "random": h'4086c1379975f805f1b1f4975e6a1265',
+            "elementIdentifier": "issue_date",
+            "elementValue": 1004("2019-10-20")
+          } >>),
+          24(<< {
+            "digestID": 1,
+            "random": h'ab4ca30c918dd2fd0bf35242c15fa2d8',
+            "elementIdentifier": "expiry_date",
+            "elementValue": 1004("2024-10-20")
+          } >>),
+          24(<< {
+            "digestID": 7,
+            "random": h'8d9066f6c8da16619867cd4e2fab0c88',
+            "elementIdentifier": "issuing_country",
+            "elementValue": "IT"
+          } >>),
+          24(<< {
+            "digestID": 5,
+            "random": h'59fe68db795dee4c20976380ea247705',
+            "elementIdentifier": "issuing_authority",
+            "elementValue": "Istituto Poligrafico e Zecca dello Stato"
+          } >>),
+          24(<< {
+            "digestID": 2,
+            "random": h'08b3f1ca5517019767be3dee3bb06145',
+            "elementIdentifier": "birth_date",
+            "elementValue": 1004("1956-01-20")
+          } >>),
+          24(<< {
+            "digestID": 9,
+            "random": h'a2395ec214350c26066306e23279b3ae',
+            "elementIdentifier": "document_number",
+            "elementValue": "987654321"
+          } >>),
+          24(<< {
+            "digestID": 6,
+            "random": h'a25e1a5b915d2d6eafee9674e0232939',
+            "elementIdentifier": "portrait",
+            "elementValue": h'20212223'
+          } >>),
+          24(<< {
+            "digestID": 13,
+            "random": h'eeed6a3b856563627589a360939d12f7',
+            "elementIdentifier": "driving_privileges",
+            "elementValue": [
+              {
+                "vehicle_category_code": "A",
+                "issue_date": 1004("2018-08-09"),
+                "expiry_date": 1004("2024-10-20")
+              },
+              {
+                "vehicle_category_code": "B",
+                "issue_date": 1004("2017-02-23"),
+                "expiry_date": 1004("2024-10-20")
+              }
+            ]
+          } >>),
+          24(<< {
+            "digestID": 8,
+            "random": h'c0ef486b2a194ed3cbf7f354fd400921',
+            "elementIdentifier": "un_distinguishing_sign",
+            "elementValue": "I"
+          } >>)
+        ]
+      },
+      "issuerAuth": [
+        h'a10126',
+        {
+          33: h'3082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb7d518bd9a519583e082d67effff06565804fc09abf0e4a08e699c9dba3796285a15f68e40ac7f9fc7700a15153a4065300a06082a8648ce3d040302034800304502210099b7d62e6bf7b1823db3713df889bf73e70bb4d9c58c21e92c58d2f1beffe932022058d039747a00d70e6d66be4797e6142b3608a014ee09b7b79af2cae2aaf27788'
+        },
+        24(<< {
+      "version": "1.0",
+      "digestAlgorithm": "SHA-256",
+      "docType": "org.iso.18013.5.1.mDL",
+      "valueDigests": {
+        "org.iso.18013.5.1": {
+        1: h'0E5F0B6B33418E508740771E82F893372EAF5B2445BC4C84DCF08B005E9493FC',
+        2: h'DE21BB62FF2897D8B986D2CDA9F9BC5865C02807F7B4D9DD1FA4A79DF4C0D37F',
+        3: h'BC5568239E35CE9FF8798C27FFDCD757B134B679F0FE05729AA3491381912E65',
+        5: h'E6048BDC7FD6454296F1E3F54536107C9C5B24C4064DE46A98121E3630EECCA2',
+        6: h'73690D92DCAA61B0203870F67C6AA9FDFEA889B6F0C720DE757B4B0A8516A206',
+        7: h'E353EA0B0FD92B6BE90C64CC3B2EE1284153A8F0F5066B99AAC599200E6EEEB2',
+        8: h'29227872CEB49923D267B5F4BADE6D387B42AC2DC4B2AE26C9013067FEE7018A',
+        9: h'A6A119F7CACAC0B8C6AACAC747FD3FE7E50B6D9BB8A507FDA79F0DF6646F285D',
+        10: h'6D8025D2F02A5E7E1406FB6AAEB67F9EDE9B07191A53F3E23B77C528223A94E2',
+        12: h'B0D43E4E2EA534E4D5304E64BCF7A0F13E2C8EE8304B9CD23ABA4909652A4647',
+        13: h'FBF4DE318982F2DBAD43C601CAEB22628B301AC18AA8264C5831B2AAAC89C486'
+        },
+        "org.iso.18013.5.1.IT": {
+        0: h'CF57377B675F64F37314739592C1E8A911A7DDAF341CE2902FE877C5A835E4C1',
+        4: h'4A4B4CC64EC9299C1A2501EA449F577005E9F7A60408057C07A7C67FB151E5F5',
+        11: h'78824FBD6FBBA88A2AAB44DF8B6F5E9759126D87D1F4415995E658FD9239E1FE'
+        }
+      },
+      "deviceKeyInfo": {
+        "deviceKey": {
+        1: 2,
+        -1: 1,
+        -2: h'AFD09E720B918CEDC2B8A881950BAB6A1051E18AE16A814D51E609938663D5E1',
+        -3: h'61FBC6C8AD24EC86A78BB4E9AC377DD2B7C711D9F2EB9AFD4AA0963662847AED'}},
+        "validityInfo": {
+          "signed": 0("2023-11-24T14:54:05Z"),
+          "validFrom": 0("2023-11-24T14:54:05Z"),
+          "validUntil": 0("2024-11-24T14:54:05Z")}
+        }  >>),
+        h'f2461e4fab69e9f7bcffe552395424514524d1679440036213173101448d1b1ab4a293859b389ffa8b47aeed10e9b0c1545412ac37c51a76482cd9bbbe110152'
+      ]
+    },
+    "deviceSigned": {
+      "nameSpaces": 24(<< {} >>),
+      "deviceAuth": {
+        "deviceSignature": [
+          h'a10126',
+          {},
+          null,
+          h'1fed7190d2975ab79c072e6f1d9d52436059d1fc959d55baf74f057d89b10fcc0dc77a50d433d4c76ddf26223c5560c4ab123b5cb5eb805a90036aa147493076'
+        ]
+      }
+    }
+  }
+  ],
+  "status": 0
+}
+
+
+

Step 13: The Verifier App is required to validate the signatures in the mDoc's issuerSigned field using the public key of the Credential Issuer specified within the mDoc. Subsequently, the Verifier MUST validate the signature in the deviceSigned field. If these signature checks pass, the Verifier can confidently consider the received information as valid.

+
+

Device Engagement

+

The Device Engagement structure MUST be have at least the following components:

+
+
    +

  • Version: tstr. Version of the data structure being used.

    • +

  • Security: an array that contains two mandatory values

    +
      +

    • the cipher identifier: see Table 22 of [ISO18013-5]

      • +

    • the mDL public ephemeral key generated by the Wallet Instance and required by the Verifier App to derive the Session Key. The mDL public ephemeral key MUST be of a type allowed by the indicated cipher suite.

      • +
    +
    • +

  • transferMethod: an array that contains one or more transferMethod arrays when performing device engagement using the QR code. This array is for offline data retrieval methods. A transferMethod array holds two mandatory values (type and version). Only the BLE option is supported by this technical implementation profile, then the type value MUST be set to 2.

    • +

  • BleOptions: this elements MUST provide options for the BLE connection (support for Peripheral Server or Central Client Mode, and the device UUID).

    • +
+
+
+
+

mDoc Request

+

The messages in the mDoc Request MUST be encoded using CBOR. The resulting CBOR byte string for the mDoc Request MUST be encrypted with the Session Key obtained after the Device Engagement phase and MUST be transmitted using the BLE protocol. +The details on the structure of mDoc Request, including identifier and format of the data elements, are provided below.

+
+
    +

  • version: (tstr). Version of the data structure.

    • +

  • docRequests: Requested DocType, NameSpace and data elements.

    +
      +

    • itemsRequest: #6.24(bstr .cbor ItemsRequest).

      +
        +

      • docType: (tstr). The DocType element contains the type of document requested. See Data Model Section.

        • +

      • nameSpaces: (tstr). See Data Model Section for more details.

        +
          +

        • dataElements: (tstr). Requested data elements with Intent to Retain value for each requested element.

          +
            +

          • IntentToRetain: (bool). It indicates that the Verifier App intends to retain the received data element.

            • +
          +
          • +
        +
        • +
      +
      • +

    • readerAuth: COSE_Sign1. It is required for the Verifier App authentication.

      • +
    +
    • +
+
+
+

Note

+

The domestic data elements MUST not be returned unless specifically requested by the Verifier App.

+
+
+
+

mDoc Response

+

The messages in the mDoc Response MUST be encoded using CBOR and MUST be encrypted with the Session Key obtained after the Device Engagement phase. +The details on the structure of mDoc Response are provided below.

+
+
    +

  • version: (tstr). Version of the data structure.

    • +

  • documents: Returned DocType, and ResponseData.

    +
      +

    • docType: (tstr). The DocType element contains the type of document returned. See Data Model Section.

      • +

    • ResponseData:

      +
        +

      • IssuerSigned: Responded data elements signed by the issuer.

        +
          +

        • nameSpaces: (tstr). See Data Model Section for more details.

          +
            +

          • IssuerSignedItemBytes: #6.24(bstr .cbor).

            +
              +

            • digestID: (uint). Reference value to one of the ValueDigests provided in the Mobile Security Object (issuerAuth).

              • +

            • random: (bstr). Random byte value used as salt for the hash function. This value SHALL be different for each IssuerSignedItem and it SHALL have a minimum length of 16 bytes.

              • +

            • elementIdentifier: (tstr). Identifier of User attribute name contained in the Credential.

              • +

            • elementValue: (any). User attribute value

              • +
            +
            • +
          +
          • +
        +
        • +

      • DeviceSigned: Responded data elements signed by the Wallet Instance.

        +
          +

        • NameSpaces: #6.24(bstr .cbor DeviceNameSpaces). The DeviceNameSpaces structure MAY be an empty structure. DeviceNameSpaces contains the data element identifiers and values. It is returned as part of the corresponding namespace in DeviceNameSpace.

          +
            +

          • DataItemName: (tstr). The identifier of the element.

            • +

          • DataItemValue: (any). The value of the element.

            • +
          +
          • +

        • DeviceAuth: The DeviceAuth structure MUST contain the DeviceSignature elements.

          +
            +

          • DeviceSignature: It MUST contain the device signature for the Wallet Instance authentication.

            • +
          +
          • +
        +
        • +
      +
      • +
    +
    • +

  • status: It contains a status code. For detailed description and action required refer to to Table 8 (ResponseStatus) of the [ISO18013-5]

    • +
+
+
+
+

Session Termination

+

The session MUST be terminated if at least one of the following conditions occur.

+
+
    +

  • After a time-out of no activity of receiving or sending session establishment or session data messages occurs. The time-out for no activity implemented by the Wallet Instance and the Verifier App SHOULD be no less than 300 seconds.

    • +

  • When the Wallet Instance doesn't accept any more requests.

    • +

  • When the Verifier App does not send any further requests.

    • +
+
+

If the Wallet Instance and the Verifier App does not send or receive any further requests, the session termination MUST be initiated as follows.

+
+
    +

  • Send the status code for session termination, or

    • +

  • dispatch the "End" command as outlined in [ISO18013-5#8.3.3.1.1.5].

    • +
+
+

When a session is terminated, the Wallet Instance and the Verifier App MUST perform at least the following actions:

+
+
    +

  • destruction of session keys and related ephemeral key material;

    • +

  • closure of the communication channel used for data retrieval.

    • +
+
+
+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/remote-flow.html b/refs/pull/201/merge/en/remote-flow.html new file mode 100644 index 000000000..bcf0a2982 --- /dev/null +++ b/refs/pull/201/merge/en/remote-flow.html @@ -0,0 +1,2127 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | Remote Flow + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + +
+

Remote Flow

+

In this scenario the Relying Party MUST provide the URL where the signed presentation Request Object is available for download.

+

Depending on whether the User is using a mobile device or a workstation, the Relying Party MUST support the following remote flows:

+
    +

  • Same Device, the Relying Party MUST provide a HTTP redirect (302) location to the Wallet Instance;

    • +

  • Cross Device, the Relying Party MUST provide a QR Code which the User frames with the Wallet Instance.

    • +
+

Once the Wallet Instance establishes the trust with the Relying Party and evaluates the request, the User gives the consent for the disclosure of the Digital Credentials, in the form of a Verifiable Presentation.

+

A High-Level description of the remote flow, from the User's perspective, is given below:

+
+
    +

  1. the Wallet Instance scans the QR Code and obtains the URL (Cross Device flow) or obtain directly an URL (Same Device flow);

    2. +

  2. the Wallet Instance extracts from the payload the client_id and the request_uri parameters;

    3. +

  3. the Wallet Instance establishes the Trust to the Relying Party by building the Federation Trust Chain. Implementations may evaluate the trust after having obtained the signed Request Object (see point 5);

    4. +

  4. the Wallet fetches the signed Request Object using an HTTP request with method GET to the endpoint provided in the request_uri parameter;

    5. +

  5. the Wallet verifies the signature of the signed Request Object and that its issuer matches the client_id obtained at the step number 2;

    6. +

  6. the Wallet checks the presence in the signed Request Object of the parameter request_uri_method, if this parameter is present and set with the post valueThe Wallet transmits its metadata to the request_uri endpoint of the Relying Party using an HTTP POST method and obtains an updated signed Request Object;

    7. +

  7. The Wallet Instance evaluates the requested PID/EAAs and checks the elegibility of the Relying Party in asking these by applying the policies related to that specific Relying Party;

    8. +

  8. the Wallet Instance asks User disclosure and consent;

    9. +

  9. the Wallet Instance presents the requested disclosure of PID/EAAs to the Relying Party, which validates the Wallet Attestation and checks that the Wallet Provider is trusted;

    10. +

  10. the Wallet Instance informs the User about the successfull authentication with the Relying Party and give a good user experience to let the User continuing its navigation.

    11. +
+
+

Below a sequence diagram that summarizes the interactions between all the involved parties.

+
+_images/cross_device_auth_seq_diagram.svg +
+

Remote Protocol Flow

+
+
+

The details of each step shown in the previous picture are described in the table below.

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Id

Description

1, 2

The User requests to access to a protected resource, the Relying Party redirects the User to a discovery page in which the User selects the Login with the Wallet button. The Authorization flow starts.

3, 4,

The Relying Party provides the Wallet Instance with a URL where a generic signed Request Object can be downloaded.

5, 6, 7, 8, 9

In the Cross Device Flow: the Request URI is provided in the form of a QR Code that is shown to the User. The User frames the QRCode with the Wallet Instance and extracts client_id, request_uri and state. In the Same Device Flow the Relying Party provides the same information of the Cross-Device flow but in the form of HTTP Redirect Location (302).

10, 11, 12

The Wallet Instance obtains the signed Request Object.

13, 14 and 15

The Wallet Instance checks if the Relying Party has provided the request_uri_method within its signed Request Object. If true, the Wallet provides its metadata in the to the Relying Party. The Relying PArty produces a new signed Request Object compliant to the Wallet technical capabilities.

13, 14, 15, 16, 17, 18

The Request Object JWS is verified by the Wallet Instance. The Wallet processes the Relying Party metadata and applies the policies related to the Relying Party, attesting whose Digital Credentials and User data the Relying Party is granted to request.

19, 20

The Wallet Instance requests the User's consent for the release of the Credentials. The User authorizes and consents the presentation of the Credentials by selecting/deselecting the personal data to release.

21

The Wallet Instance provides the Authorization Response to the Relying Party using an HTTP request with the method POST (response mode "direct_post").

22, 23, 24, 25 and 26

The Relying Party verifies the Authorization Response, extracts the Wallet Attestation to establish the trust with the Wallet Solution. The Relying Party extracts the Digital Credentials and attests the trust to the Credentials Issuer and the proof of possession of the Wallet Instance about the presented Digital Credentials. Finally, the Relying Party verifies the revocation status of the presented Digital Credentials.

27 and 28

The Relying Party provides to the Wallet a redirect URI with a response code to be used by the Wallet to finalize the authentication.

29

The User is informed by the Wallet Instance that the Autentication succeded, then the protected resource is made available to the User.

+
+

Request URI with HTTP POST

+

The Relying Party SHOULD provide the POST method with its request_uri endpoint +allowing the Wallet Instance to inform the Relying Party about its technical capabilities.

+

This feature can be useful when, for example, the Wallet Instance supports +a restricted set of features, supported algorithms or a specific url for +its authorization_endpoint, and any other information that it deems necessary to +provide to the Relying Party the parameters necessary for better interoperability.

+
+

Warning

+

The Wallet Instance, when providing its technical capabilities to the +Relying Party, MUST NOT include any User information or other explicit +information regarding the hardware used or usage preferences of its User.

+
+

If both the Relying Party and the Wallet Instance +supports the request_uri_method with HTTP POST, +the Wallet Instance capabilities MUST +be provided using an HTTP request to the request_uri endpoint of the Relying Party, +with the method POST and content type set to application/json.

+

A non-normative example of the HTTP request is represented below:

+
POST /request-uri HTTP/1.1
+HOST: relying-party.example.org
+Content-Type: application/json
+
+{
+    "authorization_endpoint": "https://wallet-solution.digital-strategy.europa.eu/authorization",
+    "response_types_supported": [
+      "vp_token"
+    ],
+    "response_modes_supported": [
+      "form_post.jwt"
+    ],
+    "vp_formats_supported": {
+      "vc+sd-jwt": {
+          "sd-jwt_alg_values": [
+              "ES256",
+              "ES384"
+          ]
+      }
+    },
+    "request_object_signing_alg_values_supported": [
+      "ES256"
+    ],
+    "presentation_definition_uri_supported": false,
+}
+
+
+

The response of the Relying Party is defined in the section below.

+
+
+

Authorization Request Details

+

The Relying Party MUST create a Request Object in the form of a signed JWT and +it MUST provide it to the Wallet Instance through an HTTP URL (request URI). +The HTTP URL points to the web resource where the signed request object is +available for download. The URL parameters contained in the Relying Party +response, containing the request URI, are described in the Table below.

+ ++++ + + + + + + + + + + + + + +

Name

Description

client_id

Unique identifier of the Relying Party.

request_uri

The HTTPs URL where the Relying Party provides the signed Request Object to the Wallet Instance.

+

Below a non-normative example of the response containing the required parameters previously described.

+
https://wallet-solution.digital-strategy.europa.eu/authorization?client_id=...&request_uri=...
+
+
+

The value corresponding to the request_uri endpoint SHOULD be randomized, according to RFC 9101, The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) Section 5.2.1.

+

In the Same Device Flow the Relying Party uses an HTTP response redirect (with status code set to 302) as represented in the following non-normative example:

+
HTTP/1.1 /authorization Found
+Location: https://wallet-solution.digital-strategy.europa.eu?
+client_id=https%3A%2F%2Frelying-party.example.org%2Fcb
+&request_uri=https%3A%2F%2Frelying-party.example.org%2Frequest_uri
+
+
+

In the Cross Device Flow, a QR Code is shown by the Relying Party to the User in order to provide the Authorization Request. The User frames the QR Code using their Wallet Instance.

+

Below is represented a non-normative example of a QR Code issued by the Relying Party.

+
+_images/verifier_qr_code.svg
+

Below is represented a non-normative example of the QR Code raw payload:

+
https://wallet-solution.digital-strategy.europa.eu/authorization?client_id=https%3A%2F%2Frelying-party.example.org&request_uri=https%3A%2F%2Frelying-party.example.org
+
+
+
+

Note

+

The error correction level chosen for the QR Code MUST be Q (Quartily - up to 25%), since it offers a good balance between error correction capability and data density/space. This level of quality and error correction allows the QR Code to remain readable even if it is damaged or partially obscured.

+
+
+
+

Cross Device Flow Status Checks and Security

+

When the flow is Cross Device, the user-agent needs to check the session status to the endpoint made available by Relying Party (status endpoint). This check MAY be implemented in the form of JavaScript code, within the page that shows the QRCode, then the user-agent checks the status with a polling strategy in seconds or a push strategy (eg: web socket).

+

Since the QRcode page and the status endpoint are implemented by the Relying Party, it is under its responsability the implementation details of this solution, since it is related to the Relying Party's internal API.

+

The Relying Party MUST bind the request of the user-agent, with a Secure and HttpOnly session cookie, with the issued request. The request url SHOULD include a parameter with a random value. The HTTP response returned by this specialized endpoint MAY contain the HTTP status codes listed below:

+
    +

  • 201 Created. The signed Request Object was issued by the Relying Party that waits to be downloaded by the Wallet Instance at the request_uri endpoint.

    • +

  • 202 Accepted. This response is given when the signed Request Object was obtained by the Wallet Instance.

    • +

  • 200 OK. The Wallet Instance has provided the presentation to the Relying Party's response_uri endpoint and the User authentication is successful. The Relying Party updates the session cookie allowing the user-agent to access to the protected resource. An URL is provided carrying the location where the user-agent is intended to navigate.

    • +

  • 401 Unauthorized. The Wallet Instance or its User have rejected the request, or the request is expired. The QRCode page SHOULD be updated with an error message.

    • +
+

Below a non-normative example of the HTTP Request to this specialized endpoint, where the parameter id contains an opaque and random value:

+
GET /session-state?id=3be39b69-6ac1-41aa-921b-3e6c07ddcb03
+HTTP/1.1
+HOST: relying-party.example.org
+
+
+
+
+

Request Object Details

+

Below a non-normative example of HTTP request made by the Wallet Instance to the Relying Party.

+
GET /request_uri HTTP/1.1
+HOST: relying-party.example.org
+
+
+
+
+

Request URI response

+

The Relying Party issues the signed Request Object, where a non-normative example in the form of decoded header and payload is shown below:

+
{
+  "alg": "ES256",
+  "typ": "JWT",
+  "kid": "e0bbf2f1-8c3a-4eab-a8ac-2e8f34db8a47",
+  "trust_chain": [
+    "MIICajCCAdOgAwIBAgIC...awz",
+    "MIICajCCAdOgAwIBAgIC...2w3",
+    "MIICajCCAdOgAwIBAgIC...sf2"
+  ]
+}
+.
+{
+  "scope": "eu.europa.ec.eudiw.pid.it.1 tax_id_number",
+  "client_id_scheme": "entity_id",
+  "client_id": "https://relying-party.example.org",
+  "response_mode": "direct_post.jwt",
+  "response_type": "vp_token",
+  "response_uri": "https://relying-party.example.org/response_uri",
+  "nonce": "2c128e4d-fc91-4cd3-86b8-18bdea0988cb",
+  "state": "3be39b69-6ac1-41aa-921b-3e6c07ddcb03",
+  "iss": "https://relying-party.example.org",
+  "iat": 1672418465,
+  "exp": 1672422065,
+  "request_uri_method": "post"
+}
+
+
+

The JWS header parameters are described below:

+ ++++ + + + + + + + + + + + + + + + + + + + +

Name

Description

alg

Algorithm used to sign the JWT, according to [RFC 7516#section-4.1.1]. It MUST be one of the supported algorithms in Section Cryptographic Algorithms and MUST NOT be set to none or to a symmetric algorithm (MAC) identifier.

typ

Media Type of the JWT, as defined in [RFC 7519].

kid

Key ID of the public key needed to verify the JWS signature, as defined in [RFC 7517]. REQUIRED when trust_chain is used.

trust_chain

Sequence of Entity Statements that composes the Trust Chain related to the Relying Party, as defined in OIDC-FED Section 3.2.1. Trust Chain Header Parameter.

+

The JWS payload parameters are described herein:

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Name

Description

scope

Aliases for well-defined Presentation Definitions IDs. It is used to identify which required credentials and User attributes are requested by the Relying Party, according to the Section "Using scope Parameter to Request Verifiable Credential(s)" of [OID4VP].

client_id_scheme

String identifying the scheme of the value in the client_id. It MUST be set to the value entity_id.

client_id

Unique Identifier of the Relying Party.

response_mode

It MUST be set to direct_post.jwt.

response_type

It MUST be set to``vp_token``.

response_uri

The Response URI to which the Wallet Instance MUST send the Authorization Response using an HTTP request using the method POST.

nonce

Fresh cryptographically random number with sufficient entropy, which length MUST be at least 32 digits.

state

Unique identifier of the Authorization Request.

iss

The entity that has issued the JWT. It will be populated with the Relying Party client id.

iat

Unix Timestamp, representing the time at which the JWT was issued.

exp

Unix Timestamp, representing the expiration time on or after which the JWT MUST NOT be valid anymore.

request_uri_method

String determining the HTTP method to be used with the request_uri endpoint to provide the Wallet metadata to the Relying Party. The value is case-insensitive and can be set to: get or post. The GET method, as defined in [@RFC9101], involves the Wallet sending a GET request to retrieve a Request Object. The POST method involves the Wallet requesting the creation of a new Request Object by sending an HTTP POST request, with its metadata, to the request URI of the Relying Party.

+
+

Warning

+

Using the parameter scope requires that the Relying Party Metadata MUST contain the presentation_definition, where a non-normative example of it is given below:

+
+
{
+  "presentation_definition": {
+    "id": "presentation definitions",
+    "input_descriptors": [
+      {
+        "id": "eu.europa.ec.eudiw.pid.it.1",
+        "name": "Person Identification Data",
+        "purpose": "User authentication",
+        "format": "vc+sd-jwt",
+        "constraints": {
+          "fields": [
+            {
+              "path": [
+                "$.credentialSubject.unique_id",
+                "$.credentialSubject.given_name",
+                "$.credentialSubject.family_name",
+              ]
+            }
+          ],
+          "limit_discolusre": "preferred"
+        }
+      }
+    ]
+  }
+}
+
+
+
+

Note

+

The following parameters, even if defined in [OID4VP], are not mentioned in the previous non-normative example, since their usage is conditional and may change in future release of this documentation.

+
    +

  • presentation_definition: JSON object according to Presentation Exchange. This parameter MUST not be present when presentation_definition_uri or scope are present.

    • +

  • presentation_definition_uri: Not supported. String containing an HTTPS URL pointing to a resource where a Presentation Definition JSON object can be retrieved. This parameter MUST be present when presentation_definition parameter or a scope value representing a Presentation Definition is not present.

    • +

  • client_metadata: A JSON object containing the Relying Party metadata values. The client_metadata parameter MUST NOT be present when client_id_scheme is entity_id. Since the client_metadata is taken from trust_chain, this parameter is intended to not be used.

    • +

  • client_metadata_uri: string containing an HTTPS URL pointing to a resource where a JSON object with the Relying Party metadata can be retrieved. The client_metadata_uri parameter MUST NOT be present when client_id_scheme is entity_id. Since the client_metadata is taken from trust_chain, this parameter is intended to not be used.

    • +
+
+
+
+

Authorization Response Details

+

After getting the User authorization and consent for the presentation of the Credentials, the Wallet sends the Authorization Response to the Relying Party response_uri endpoint, the content SHOULD be encrypted according OPENID4VP Section 6.3, using the Relying Party public key.

+
+

Note

+

Why the response is encrypted?

+

The response sent from the Wallet Instance to the Relying Party is encrypted to prevent a malicious agent from gaining access to the plaintext information transmitted within the Relying Party's network. This is only possible if the network environment of the Relying Party employs TLS termination. Such technique employs a termination proxy that acts as an intermediary between the client and the webserver and handles all TLS-related operations. In this manner, the proxy deciphers the transmission's content and either forwards it in plaintext or by negotiates an internal TLS session with the actual webserver's intended target. In the first scenario, any malicious actor within the network segment could intercept the transmitted data and obtain sensitive information, such as an unencrypted response, by sniffing the transmitted data.

+
+

Below a non-normative example of the request:

+
POST /response_uri HTTP/1.1
+HOST: relying-party.example.org
+Content-Type: application/x-www-form-urlencoded
+
+response=eyJhbGciOiJFUzI1NiIs...9t2LQ
+
+
+

Below is a non-normative example of the decrypted JSON response content:

+
{
+  "state": "3be39b69-6ac1-41aa-921b-3e6c07ddcb03",
+  "vp_token": [
+      "eyJhbGciOiJFUzI1NiIs...PT0iXX0",
+      $WalletInstanceAttestation-JWT
+  ],
+  "presentation_submission": {
+      "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
+      "id": "04a98be3-7fb0-4cf5-af9a-31579c8b0e7d",
+      "descriptor_map": [
+          {
+              "id": "eu.europa.ec.eudiw.pid.it.1",
+              "path": "$.vp_token.verified_claims.claims._sd[0]",
+              "format": "vc+sd-jwt"
+          }
+      ]
+  }
+}
+
+
+

Where the following parameters are used:

+ ++++ + + + + + + + + + + + + + + + + +

Name

Description

vp_token

JSON Array containing the Verifiable Presentation(s). There MUST be at least two signed presentations in this Array: +- The Requested Digital Credential (one or more, if in format SD-JWT VC or MDOC CBOR) +- The Wallet Instance Attestation

presentation_submission

JSON Object containing the mappings between the requested Verifiable Credentials and where to find them within the returned Verifiable Presentation Token.

state

Unique identifier provided by the Relying Party within the Authorization Request.

+

Below is a non-normative example of the vp_token decoded content, represented in the form of JWS header and payload, separated by a period:

+
{
+  "alg": "ES256",
+  "typ": "JWT",
+  "kid": "e0bbf2f1-8c3a-4eab-a8ac-2e8f34db8a47"
+}
+.
+{
+  "iss": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
+  "jti": "3978344f-8596-4c3a-a978-8fcaba3903c5",
+  "aud": "https://relying-party.example.org/response_uri",
+  "iat": 1541493724,
+  "exp": 1573029723,
+  "nonce": "2c128e4d-fc91-4cd3-86b8-18bdea0988cb"
+  "vp": "<Issuer-Signed-JWT>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>"
+}
+
+
+

Where the following parameters are used:

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + +

Name

Description

vp

The Digital Credential in its original state. The public key contained in the Digital Credential MUST be used to verify the entire VP JWS as Proof of Possession of the private key which the public key is included in the Digital Credential. Eg: for SD-JWT VC the pblic key is provided within the cnf.jwk claim.

jti

JWS unique identifier.

iat

Unix timestamp of the time of issuance of this presentation.

exp

Unix timestamp beyond which this presentation will no longer be considered valid.

aud

Audience of the VP, corresponding to the response_uri within the Authorization request issued by the Relying Party.

nonce

The nonce value provided by the Relying Party within the Authorization Request.

+
+
+

Redirect URI

+

When the Relying Party provides the redirect URI, the Wallet MUST send the user-agent to this redirect URI. The redirect URI allows the Relying Party to continue the interaction with the End-User on the device where the Wallet resides after the Wallet has sent the Authorization Response to the response URI.

+

The Relying Party MUST include a response code withing the redirect URI. The response code is a fresh, cryptographically random number used to ensure only the receiver of the redirect can fetch and process the Authorization Response. The number could be added as a path component, as a parameter or as a fragment to the URL. It is RECOMMENDED to use a cryptographic random value of 128 bits or more at the time of the writing of this specification.

+

The following is a non-normative example of the response from the Relying Party to the Wallet upon receiving the Authorization Response at the Response Endpoint.

+
HTTP/1.1 200 OK
+Content-Type: application/json;charset=UTF-8
+
+{
+  "redirect_uri": "https://relying-party.example.org/cb#response_code=091535f699ea575c7937fa5f0f454aee"
+}
+
+
+

The redirect_uri value MUST be used with an HTTP method GET by either the Wallet or the user-agent to redirect the User to the Relying Party in order to complete the authentication process. The specific entity that performs this action depends on whether the flow is Same device or Cross device.

+
+
+

Relying Party Entity Configuration

+

According to the Trust Model section, the Relying Party is a Federation Entity and MUST expose a well-known endpoint containing its Entity Configuration.

+

Below a non-normative example of the request made by the Wallet Instance to the openid-federation well-known endpoint to obtain the Relying Party Entity Configuration:

+
GET /.well-known/openid-federation HTTP/1.1
+HOST: relying-party.example.org
+
+
+

Below is a non-normative response example:

+
{
+    "alg": "RS256",
+    "kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
+    "typ": "entity-statement+jwt"
+}
+.
+{
+    "exp": 1649590602,
+    "iat": 1649417862,
+    "iss": "https://rp.example.it",
+    "sub": "https://rp.example.it",
+    "jwks": {
+        "keys": [
+            {
+                "kty": "RSA",
+                "n": "5s4qi ...",
+                "e": "AQAB",
+                "kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs"
+            }
+        ]
+    },
+    "metadata": {
+        "wallet_relying_party": {
+            "application_type": "web",
+            "client_id": "https://rp.example.it",
+            "client_name": "Name of an example organization",
+            "jwks": {
+                "keys": [
+                    {
+                        "kty": "RSA",
+                        "use": "sig",
+                        "n": "1Ta-sE ...",
+                        "e": "AQAB",
+                        "kid": "YhNFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
+                        "x5c": [ "..." ]
+                    }
+                ]
+            },
+
+            "contacts": [
+                "ops@relying-party.example.org"
+            ],
+
+            "request_uris": [
+                "https://relying-party.example.org/request_uri"
+            ],
+            "response_uris": [
+                "https://relying-party.example.org/response_uri"
+            ],
+            "default_acr_values": [
+                "https://www.spid.gov.it/SpidL2",
+                "https://www.spid.gov.it/SpidL3"
+            ],
+            "vp_formats": {
+                "vc+sd-jwt": {
+                    "sd-jwt_alg_values": [
+                        "ES256",
+                        "ES384"
+                    ],
+                    "kb-jwt_alg_values": [
+                        "ES256",
+                        "ES384"
+                    ]
+                }
+            },
+              "presentation_definitions": [
+                  {
+                    "id": "eu.europa.ec.eudiw.pid.it.1",
+                    "input_descriptors": [
+                        {
+                            "id": "IdentityCredential",
+                            "format": {
+                                "vc+sd-jwt": {}
+                            },
+                            "constraints": {
+                                "limit_disclosure": "required",
+                                "fields": [
+                                    {
+                                        "path": [
+                                            "$.type"
+                                        ],
+                                        "filter": {
+                                            "type": "string",
+                                            "const": "IdentityCredential"
+                                        }
+                                    },
+                                    {
+                                        "path": [
+                                            "$.family_name"
+                                        ]
+                                    },
+                                    {
+                                        "path": [
+                                            "$.given_name"
+                                        ]
+                                    },
+                                    {
+                                        "path": [
+                                            "$.unique_id"
+                                        ],
+                                        "intent_to_retain": "true"
+                                    }
+                                ]
+                            }
+                        }
+                    ]
+                },
+                  {
+                    "id": "mDL-sample-req",
+                    "input_descriptors": [
+                        {
+                            "id": "mDL",
+                            "format": {
+                                "mso_mdoc": {
+                                    "alg": [
+                                        "EdDSA",
+                                        "ES256"
+                                    ]
+                                },
+                                "constraints": {
+                                    "limit_disclosure": "required",
+                                    "fields": [
+                                        {
+                                            "path": [
+                                                "$.mdoc.doctype"
+                                            ],
+                                            "filter": {
+                                                "type": "string",
+                                                "const": "org.iso.18013.5.1.mDL"
+                                            }
+                                        },
+                                        {
+                                            "path": [
+                                                "$.mdoc.namespace"
+                                            ],
+                                            "filter": {
+                                                "type": "string",
+                                                "const": "org.iso.18013.5.1"
+                                            }
+                                        },
+                                        {
+                                            "path": [
+                                                "$.mdoc.family_name"
+                                            ],
+                                            "intent_to_retain": "false"
+                                        },
+                                        {
+                                            "path": [
+                                                "$.mdoc.portrait"
+                                            ],
+                                            "intent_to_retain": "false"
+                                        },
+                                        {
+                                            "path": [
+                                                "$.mdoc.driving_privileges"
+                                            ],
+                                            "intent_to_retain": "false"
+                                        }
+                                    ]
+                                }
+                            }
+                        }
+                    ]
+                }
+            ],
+
+            "default_max_age": 1111,
+
+            // JARM related
+            "authorization_signed_response_alg": [[
+                "ES256"
+            ],
+            "authorization_encrypted_response_alg": [
+                "RSA-OAEP",
+                "RSA-OAEP-256"
+            ],
+            "authorization_encrypted_response_enc": [
+                "A128CBC-HS256",
+                "A192CBC-HS384",
+                "A256CBC-HS512",
+                "A128GCM",
+                "A192GCM",
+                "A256GCM"
+            ],
+
+            // SIOPv2 related
+            "subject_type": "pairwise",
+            "require_auth_time": true,
+            "id_token_signed_response_alg": [
+                "ES256"
+            ],
+            "id_token_encrypted_response_alg": [
+                "RSA-OAEP",
+                "RSA-OAEP-256"
+            ],
+            "id_token_encrypted_response_enc": [
+                "A128CBC-HS256",
+                "A192CBC-HS384",
+                "A256CBC-HS512",
+                "A128GCM",
+                "A192GCM",
+                "A256GCM"
+            ],
+        },
+        "federation_entity": {
+            "organization_name": "OpenID Wallet Relying Party example",
+            "homepage_uri": "https://relying-party.example.org/home",
+            "policy_uri": "https://relying-party.example.org/policy",
+            "logo_uri": "https://relying-party.example.org/static/logo.svg",
+            "contacts": [
+               "tech@relying-party.example.org"
+             ]
+        }
+    },
+    "authority_hints": [
+        "https://registry.eudi-wallet.example.it"
+    ]
+  }
+}
+
+
+

The Entity Configuration is a JWS, where its header parameters are defined below:

+ ++++ + + + + + + + + + + + + + + + + +

Name

Description

alg

Algorithm used to sign the JWT

typ

Media Type of the JWT

kid

Key ID used identifying the key used to sign the JWS

+
+
+ + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/revocation-lists.html b/refs/pull/201/merge/en/revocation-lists.html new file mode 100644 index 000000000..fa11720c1 --- /dev/null +++ b/refs/pull/201/merge/en/revocation-lists.html @@ -0,0 +1,1453 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | revocation-lists.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

revocation-lists.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/search.html b/refs/pull/201/merge/en/search.html new file mode 100644 index 000000000..49c7c4c65 --- /dev/null +++ b/refs/pull/201/merge/en/search.html @@ -0,0 +1,1412 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | Search + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + + +
+ +
+ + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/searchindex.js b/refs/pull/201/merge/en/searchindex.js new file mode 100644 index 000000000..55fb85138 --- /dev/null +++ b/refs/pull/201/merge/en/searchindex.js @@ -0,0 +1 @@ +Search.setIndex({"docnames": ["algorithms", "backup-restore", "contribute", "defined-terms", "index", "pid-eaa-data-model", "pid-eaa-issuance", "proximity-flow", "pseudonyms", "relying-party-solution", "remote-flow", "revocation-lists", "ssi-introduction", "standards", "trust", "wallet-attestation", "wallet-solution"], "filenames": ["algorithms.rst", "backup-restore.rst", "contribute.rst", "defined-terms.rst", "index.rst", "pid-eaa-data-model.rst", "pid-eaa-issuance.rst", "proximity-flow.rst", "pseudonyms.rst", "relying-party-solution.rst", "remote-flow.rst", "revocation-lists.rst", "ssi-introduction.rst", "standards.rst", "trust.rst", "wallet-attestation.rst", "wallet-solution.rst"], "titles": ["Cryptographic algorithms", "backup-restore.rst", "How to contribute", "Normative Language and Conventions", "The Italian EUDI Wallet implementation profile", "PID/(Q)EAA Data Model", "PID/(Q)EAA Issuance", "Proximity Flow", "pseudonyms.rst", "Relying Party Solution", "Remote Flow", "revocation-lists.rst", "Self Sovereign Identity", "Technical References", "The Infrastructure of Trust", "Wallet Attestation", "Wallet Solution"], "terms": {"tutti": [0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16], "gli": [0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16], "esempi": [0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16], "contenuti": [0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16], "questa": [0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16], "documentazion": [0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16], "sono": [0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16], "da": [0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16], "intendersi": [0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16], "come": [0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16], "non": [0, 1, 2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16], "normativi": [0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16], "all": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16], "exampl": [0, 1, 2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16], "contain": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16], "thi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16], "document": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16], "ar": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16], "meant": [0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16], "norm": [0, 1, 2, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16], "The": [0, 2, 3, 5, 6, 7, 9, 10, 12, 13, 15, 16], "follow": [0, 2, 4, 5, 6, 7, 9, 10, 12, 14, 15], "must": [0, 3, 5, 6, 7, 9, 10, 14, 15, 16], "support": [0, 5, 6, 7, 9, 10, 12, 14, 15, 16], "oper": [0, 4, 6, 9, 10, 14, 15], "refer": [0, 3, 4, 5, 6, 7, 9, 12, 14, 15], "rs256": [0, 6, 9, 10, 14], "signatur": [0, 3, 5, 6, 7, 9, 10, 13, 14, 15, 16], "rfc": [0, 5, 6, 9, 10, 13, 14, 15, 16], "7518": [0, 13], "rs512": [0, 5, 6], "rsa": [0, 6, 9, 10, 14], "oaep": [0, 9, 10], "kei": [0, 1, 3, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16], "encrypt": [0, 5, 6, 7, 9, 10, 13, 14], "256": [0, 5, 6, 7, 9, 10, 14, 15, 16], "7516": [0, 6, 9, 10, 13], "a128cbc": [0, 9, 10], "hs256": [0, 9, 10], "content": [0, 5, 6, 9, 10, 15], "a256cbc": [0, 9, 10], "hs512": [0, 9, 10], "recommend": [0, 3, 6, 9, 10, 14], "es256": [0, 5, 6, 9, 10, 14, 15, 16], "es512": [0, 6, 16], "ps256": 0, "ps512": 0, "ecdh": 0, "es": [0, 15], "a128kw": 0, "a256kw": 0, "NOT": [0, 3, 5, 6, 9, 10, 14], "none": [0, 6, 9, 10], "rsa_1_5": 0, "hs384": [0, 9, 10], "length": [0, 5, 6, 7, 9, 10], "equal": [0, 6, 14], "greater": 0, "than": [0, 6, 7, 9, 14], "2048": 0, "bit": [0, 6, 9, 10], "A": [0, 3, 5, 6, 7, 9, 10, 12, 14, 15, 16], "4096": 0, "what": [1, 8, 11, 12, 14], "useful": [1, 8, 11], "todo": [1, 8, 11], "req": [1, 8, 9, 10, 11], "1": [1, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16], "2": [1, 5, 6, 7, 8, 9, 10, 11, 13, 15, 16], "tabl": [1, 5, 6, 7, 8, 9, 10, 11, 14], "paramet": [1, 4, 8, 9, 10, 11, 15, 16], "claim": [1, 3, 4, 6, 8, 9, 10, 11, 14, 15, 16], "descript": [1, 2, 3, 5, 6, 7, 8, 9, 10, 11, 14], "valu": [1, 5, 6, 7, 8, 9, 10, 11, 14, 15, 16], "IT": [2, 3, 4, 5, 6, 7, 9, 16], "wallet": [2, 3, 5, 6, 7, 9, 10, 12, 13], "project": [2, 4], "includ": [2, 5, 6, 7, 9, 10, 12, 14, 15, 16], "an": [2, 3, 5, 6, 7, 9, 10, 12, 14, 15, 16], "open": [2, 16], "develop": [2, 4, 14], "process": [2, 3, 4, 5, 6, 9, 10, 12, 14], "approach": [2, 5, 12], "ensur": [2, 5, 6, 9, 10, 12, 14, 15, 16], "access": [2, 4, 5, 9, 10, 12, 14, 16], "invit": 2, "interest": 2, "parti": [2, 3, 4, 5, 6, 12, 16], "particip": [2, 3, 4, 14], "consequ": 2, "stakehold": 2, "nation": [2, 3, 4, 5, 6, 12, 16], "intern": [2, 9, 10], "commun": [2, 4, 6, 7, 9], "member": [2, 4, 6, 12, 14], "onli": [2, 3, 5, 6, 7, 9, 10, 12, 14, 16], "encourag": 2, "also": [2, 3, 5, 6, 12, 14, 15, 16], "heartili": 2, "welcom": 2, "refin": 2, "technic": [2, 3, 4, 6, 7, 9, 10, 14], "rule": [2, 3, 4, 5, 14], "below": [2, 3, 4, 5, 6, 7, 9, 10, 14, 15, 16], "sever": 2, "method": [2, 6, 7, 9, 10, 15, 16], "avail": [2, 4, 5, 9, 10, 14, 15, 16], "github": 2, "issu": [2, 3, 5, 6, 9, 10, 12, 14, 15, 16], "By": [2, 5, 16], "you": [2, 3], "can": [2, 3, 6, 7, 9, 10, 12, 14, 16], "seek": 2, "clarif": 2, "propos": [2, 4], "enhanc": [2, 4, 12], "report": 2, "editori": 2, "typo": 2, "If": [2, 5, 6, 7, 9, 10, 14, 15], "work": 2, "we": [2, 5], "draft": [2, 5, 6, 13, 14], "pull": 2, "request": [2, 4, 12, 14, 16], "link": [2, 6], "repres": [2, 5, 6, 7, 9, 10, 14, 16], "activ": [2, 4, 7, 9, 12, 14, 16], "typic": [2, 6, 12], "alwai": [2, 3, 12, 14], "base": [2, 4, 6, 7, 9, 12, 13], "discuss": [2, 6], "onc": [2, 6, 9, 10, 16], "initi": [2, 4, 6, 7, 9], "facilit": [2, 14], "review": [2, 16], "chang": [2, 5, 9, 10, 14], "befor": [2, 3, 6, 14, 15], "thei": [2, 3, 12, 14, 15], "merg": 2, "main": [2, 5, 6, 12, 14], "branch": 2, "version": [2, 5, 7, 9, 16], "corrent": 2, "italia": 2, "slack": 2, "channel": [2, 7, 9], "messag": [2, 6, 7, 9, 10, 15], "applic": [2, 3, 6, 9, 10, 12, 13, 14, 15, 16], "design": [2, 4, 12, 16], "busi": [2, 4], "connect": [2, 5, 6, 7, 9, 13, 16], "peopl": [2, 12], "inform": [2, 3, 5, 7, 9, 10, 12, 14, 15, 16], "need": [2, 6, 9, 10, 12, 14, 15, 16], "from": [2, 4, 5, 6, 7, 9, 10, 14, 15, 16], "public": [2, 3, 4, 5, 6, 7, 9, 10, 12, 14, 15, 16], "administr": [2, 4, 5, 12, 14], "technician": 2, "student": 2, "citizen": [2, 3, 4, 5, 12], "ha": [2, 5, 6, 7, 9, 10, 14, 15, 16], "everyon": 2, "join": 2, "free": 2, "http": [2, 4, 5, 7, 13, 14, 15, 16], "where": [2, 5, 6, 9, 10, 12, 14, 15], "learn": 2, "about": [2, 4, 5, 9, 10, 12, 15, 16], "partak": 2, "would": [2, 6, 12], "like": [2, 3, 5, 14], "thank": 2, "individu": [2, 12], "comment": 2, "concern": [2, 14], "idea": 2, "some": [2, 5, 6, 14], "which": [2, 3, 4, 5, 6, 7, 9, 10, 12, 14, 15, 16], "substanti": [2, 3], "implement": [2, 3, 5, 6, 7, 9, 10, 14], "profil": [2, 3, 5, 6, 7, 9, 13], "set": [2, 4, 5, 6, 7, 9, 10, 14, 15, 16], "alen": 2, "horvat": 2, "amir": 2, "sharif": 2, "andrea": 2, "prosseda": 2, "emanuel": 2, "de": 2, "cupi": 2, "emiliano": 2, "vernini": 2, "francesco": 2, "grauso": 2, "marino": 2, "ventola": 2, "giada": 2, "sciarretta": 2, "giusepp": 2, "marco": 2, "klaa": 2, "wierenga": 2, "kristina": 2, "yasuda": [2, 13], "leif": 2, "johansson": 2, "lorenzo": 2, "cerini": 2, "marta": 2, "sciunnach": 2, "michel": 2, "silletti": 2, "nicola": 2, "saitto": 2, "niel": 2, "van": 2, "dijk": 2, "paul": 2, "bastien": 2, "pasqual": 2, "rose": 2, "peter": 2, "altmann": 2, "riccardo": 2, "iaconelli": 2, "roland": 2, "hedberg": 2, "salvator": 2, "laiso": 2, "manfredi": 2, "stefano": 2, "alifuoco": 2, "takahiko": 2, "kawasaki": 2, "torsten": 2, "lodderstedt": [2, 13], "vladimir": 2, "duzhinov": 2, "anyon": 2, "been": [2, 6, 14], "forgotten": 2, "pleas": [2, 14, 16], "accept": [2, 6, 7, 9, 10], "our": 2, "apolog": 2, "modif": 2, "page": [2, 9, 10, 16], "via": [2, 7, 9, 14], "com": 2, "eudi": [2, 5, 6, 7, 9, 10, 13, 16], "doc": [2, 6], "brief": 2, "offer": [2, 6, 9, 10, 15, 16], "dure": [2, 5, 6, 7, 9, 12, 14, 15, 16], "event": 2, "period": [2, 9, 10, 14, 15], "have": [2, 5, 6, 7, 9, 10, 12, 14, 15, 16], "opportun": 2, "again": 2, "make": [2, 5, 6, 14], "amend": 2, "soon": 2, "possibl": [2, 5, 7, 9, 10, 14], "list": [2, 3, 4, 5, 6, 9, 10, 12, 14, 15, 16], "word": [3, 13], "requir": [3, 4, 5, 6, 7, 9, 10, 13], "shall": [3, 5, 6, 7, 9], "should": [3, 5, 6, 7, 9, 10, 14, 15], "mai": [3, 5, 6, 7, 9, 10, 13, 14, 15, 16], "option": [3, 5, 7, 9, 12], "interpret": 3, "describ": [3, 5, 6, 7, 9, 10, 14, 15], "bcp": [3, 13], "14": [3, 5, 6, 9, 10, 13, 15], "rfc2119": 3, "rfc8174": [3, 13], "when": [3, 5, 6, 7, 9, 10, 12, 14, 15, 16], "appear": 3, "capit": 3, "shown": [3, 6, 9, 10], "here": [3, 16], "user": [3, 4, 5, 6, 7, 9, 10, 12, 14, 15, 16], "trust": [3, 4, 5, 6, 9, 10, 12, 15, 16], "servic": [3, 4, 5, 6, 12, 14, 15, 16], "model": [3, 4, 6, 7, 9, 10, 12, 16], "framework": [3, 4, 5, 6, 9, 10, 13, 14, 16], "attribut": [3, 4, 5, 7, 9, 10, 14, 16], "electron": [3, 4, 5, 14, 16], "attest": [3, 4, 5, 6, 9, 10, 12], "provid": [3, 4, 5, 6, 7, 9, 10, 12, 14, 15], "tsp": [3, 14], "person": [3, 5, 6, 9, 10, 12, 14, 16], "identif": [3, 4, 5, 6, 9, 10, 12, 14, 16], "data": [3, 4, 6, 7, 9, 10, 12, 13, 14, 16], "pid": [3, 4, 9, 10, 14, 16], "revoc": [3, 4, 6, 9, 10, 13, 14, 16], "qualifi": [3, 14, 16], "qtsp": [3, 14], "eaa": [3, 4, 9, 10, 14, 16], "eida": [3, 4, 5, 6, 7, 9, 12, 13, 14], "arf": [3, 4, 5, 6, 13, 14], "definit": [3, 9, 10, 12, 13, 16], "us": [3, 4, 5, 6, 7, 9, 10, 12, 13, 14, 15, 16], "further": [3, 6, 7, 9, 14, 16], "insight": 3, "topic": 3, "complement": 3, "interact": [3, 6, 9, 10, 12, 14, 15, 16], "compon": [3, 4, 6, 7, 9, 10, 14], "accredit": [3, 14, 15], "bodi": [3, 6, 14], "entiti": [3, 4, 16], "feder": [3, 4, 6, 9, 10, 13, 15, 16], "author": [3, 4, 5, 12, 13, 14, 15, 16], "respons": [3, 4, 13, 14, 15, 16], "manag": [3, 6, 12, 16], "verif": [3, 4, 6, 7, 9, 12, 14, 15, 16], "certif": [3, 5, 12, 14, 15], "ecosystem": [3, 4, 12, 14, 16], "role": [3, 4, 12, 16], "digit": [3, 4, 5, 6, 9, 10, 12, 14, 16], "ident": [3, 4, 5, 6, 16], "recogn": [3, 12], "state": [3, 4, 6, 9, 10, 12, 14, 15], "identifi": [3, 5, 6, 7, 9, 10, 13, 14, 15, 16], "issuanc": [3, 4, 5, 9, 10, 13, 14, 15, 16], "master": 3, "alreadi": [3, 4, 6], "present": [3, 4, 5, 6, 7, 9, 10, 12, 13, 14, 15, 16], "italian": [3, 5, 6, 14], "system": [3, 4, 6, 12, 14, 16], "credenti": [3, 4, 5, 7, 9, 10, 12, 13, 14, 15, 16], "sign": [3, 5, 6, 7, 9, 10, 12, 14, 15, 16], "whose": [3, 9, 10, 15], "integr": [3, 5, 6, 12, 15, 16], "cryptograph": [3, 4, 5, 6, 9, 10, 12, 14, 16], "verifi": [3, 5, 6, 7, 9, 10, 12, 13, 14, 15, 16], "its": [3, 6, 7, 9, 10, 14, 15, 16], "issuer": [3, 4, 5, 7, 9, 10, 12, 14], "It": [3, 5, 6, 7, 9, 10, 12, 14, 15, 16], "known": [3, 6, 7, 9, 10, 14, 16], "govern": [3, 4, 12], "guidelin": [3, 4], "administ": 3, "directli": [3, 6, 9, 10], "through": [3, 5, 6, 7, 9, 10, 14], "intermediari": [3, 9, 10, 14], "statu": [3, 4, 5, 6, 7, 14, 16], "elig": [3, 4], "evalu": [3, 4, 6, 9, 10, 15, 16], "perform": [3, 6, 7, 9, 10, 15, 16], "oversight": 3, "function": [3, 5, 7, 9, 16], "instanc": [3, 4, 5, 6, 7, 9, 10, 14, 15], "solut": [3, 4, 6, 10, 14], "instal": [3, 6, 15, 16], "mobil": [3, 4, 6, 7, 9, 10, 12, 15, 16], "devic": [3, 4, 6, 12, 14, 15, 16], "control": [3, 5, 6, 12, 16], "specif": [3, 5, 6, 7, 9, 10, 12, 14, 15, 16], "who": [3, 6, 12, 14], "sole": 3, "owner": [3, 5, 12, 14], "enabl": [3, 12, 14, 16], "fulli": [3, 4], "autonom": [3, 14], "privat": [3, 5, 6, 7, 9, 10, 14, 15], "conform": [3, 6], "prove": [3, 5, 12, 14], "secur": [3, 4, 6, 7, 12, 13, 14, 15, 16], "compliac": 3, "manufactur": 3, "allow": [3, 5, 6, 7, 9, 10, 12, 14, 15, 16], "certifi": [3, 6, 14, 16], "authent": [3, 5, 6, 7, 9, 10, 12, 14, 15, 16], "app": [3, 6, 7, 9, 15, 16], "qeaa": [3, 16], "form": [3, 5, 6, 9, 10, 12, 14, 15, 16], "s": [3, 5, 7, 9, 10, 12, 13, 14, 15, 16], "possess": [3, 5, 6, 9, 10, 12, 13, 14, 16], "reli": [3, 4, 5, 6, 12, 16], "natur": [3, 5, 16], "legal": [3, 12, 14, 16], "submiss": 3, "mechan": [3, 4, 5, 16], "see": [3, 5, 6, 7, 9, 10, 14, 15], "complianc": [3, 4, 5, 6, 14, 16], "regulatori": 3, "cannot": [3, 5, 14], "repudi": [3, 4], "over": [3, 5, 7, 9, 12, 14, 16], "time": [3, 5, 6, 7, 9, 10, 13, 14, 15, 16], "relat": [3, 5, 6, 7, 9, 10, 14, 15, 16], "particular": [3, 5, 6, 14], "layer": [3, 13], "architectur": [3, 4, 6, 13, 14, 16], "establish": [3, 6, 7, 9, 10, 12, 16], "reliabl": [3, 5, 14, 15, 16], "how": [3, 4, 7, 9, 14, 15], "maintain": [3, 12], "outlin": [3, 5, 6, 7, 9, 14, 16], "procedur": [3, 5, 12], "valid": [3, 4, 5, 6, 7, 9, 10, 12, 14, 15], "each": [3, 5, 6, 7, 9, 10, 14, 15, 16], "other": [3, 4, 5, 6, 9, 10, 12, 14, 16], "level": [3, 4, 7, 9, 10, 12, 13, 16], "exchang": [3, 6, 7, 9, 10, 12, 13, 16], "assur": [3, 5, 13, 16], "degre": 3, "confid": [3, 7, 9, 16], "vet": 3, "same": [3, 5, 6, 9, 10, 14, 15], "whom": [3, 12, 14], "wa": [3, 5, 6, 9, 10, 15], "holder": [3, 5, 12, 15], "bind": [3, 6, 9, 10, 14, 15], "abil": [3, 12, 16], "legitim": [3, 5], "part": [3, 6, 7, 9, 14, 15, 16], "third": [3, 14], "oid4vp": [3, 9, 10], "openid": [3, 5, 6, 9, 10, 13, 14, 16], "vc": [3, 5, 6, 9, 10, 13, 14, 15], "vp": [3, 9, 10], "api": [3, 4, 6, 9, 10, 16], "program": 3, "interfac": [3, 6, 16], "loa": [3, 5, 6, 16], "european": [4, 12], "council": 4, "updat": [4, 5, 9, 10, 14], "regul": [4, 12, 14], "new": [4, 5, 6, 7, 9, 10, 12, 15], "tool": [4, 15], "itali": 4, "respond": [4, 7, 9], "input": 4, "receiv": [4, 6, 7, 9, 10, 15], "creat": [4, 6, 7, 9, 10, 15], "call": [4, 14], "interoper": [4, 6, 9, 10, 12, 13, 14], "made": [4, 9, 10, 14, 15, 16], "full": [4, 5, 12, 16], "current": [4, 5, 6, 13], "scenario": [4, 9, 10, 12, 14], "count": 4, "3": [4, 5, 6, 7, 9, 10, 14, 15, 16], "coexist": 4, "partial": [4, 9, 10], "overlap": 4, "sometim": 4, "compet": 4, "differ": [4, 5, 6, 7, 9, 12, 15], "technolog": [4, 7, 9], "point": [4, 6, 7, 9, 10, 15], "highli": 4, "fragment": [4, 6, 9, 10], "yield": 4, "difficulti": 4, "therefor": [4, 6, 12, 14], "rationalis": 4, "order": [4, 5, 9, 10, 16], "simplifi": [4, 6], "experi": [4, 6, 9, 10, 12, 16], "To": [4, 15, 16], "achiev": 4, "object": [4, 6, 7, 13, 14, 15], "notifi": [4, 6, 14, 16], "scheme": [4, 5, 6, 9, 10, 12], "entail": 4, "evolut": 4, "envisag": 4, "progress": 4, "migrat": 4, "threefold": 4, "toward": 4, "purpos": [4, 5, 9, 10, 12, 16], "defin": [4, 5, 6, 7, 9, 10, 14, 15, 16], "involv": [4, 6, 9, 10, 12, 14], "detail": [4, 5, 7, 12, 14, 16], "accord": [4, 5, 6, 7, 9, 10, 14, 15, 16], "infrastructur": [4, 12], "realiabl": [4, 16], "mdl": [4, 5, 7, 9, 10], "cbor": [4, 6, 7, 9, 10], "format": [4, 5, 6, 7, 9, 10, 13, 14, 15, 16], "sd": [4, 6, 9, 10, 13, 14, 15], "jwt": [4, 6, 9, 10, 13, 14, 15, 16], "gener": [4, 5, 6, 7, 9, 10, 13], "openid4vci": [4, 6, 13, 14], "openid4vp": [4, 6, 9, 10, 13, 14], "pseudonym": 4, "siopv2": [4, 9, 10, 15], "backup": 4, "restor": 4, "self": [4, 5], "sovereign": 4, "ssi": 4, "languag": 4, "convent": 4, "term": [4, 14, 16], "acronym": 4, "properti": [4, 5], "endpoint": [4, 9, 10, 15], "configur": [4, 16], "common": 4, "anchor": [4, 6, 16], "leav": 4, "intermedi": [4, 6, 12, 16], "metadata": [4, 5, 6, 9, 10, 12, 15], "type": [4, 5, 6, 7, 9, 10, 15, 16], "statement": [4, 6, 9, 10, 16], "chain": [4, 5, 6, 9, 10, 15], "offlin": [4, 7, 9], "long": 4, "live": 4, "privaci": [4, 6, 12, 15, 16], "remark": 4, "consider": 4, "decentr": 4, "lifecycl": 4, "transit": 4, "return": [4, 5, 6, 7, 9, 10, 14, 15], "deactiv": 4, "header": [4, 5, 6, 9, 10, 14], "payload": [4, 5, 6, 9, 10], "wallet_provid": [4, 14], "federation_ent": [4, 6, 9, 10, 14], "extern": 4, "high": [4, 5, 7, 9, 10, 13, 16], "static": [4, 9, 10, 14], "view": [4, 6, 16], "dynam": [4, 6, 14], "q": [4, 9, 10, 14, 16], "field": [4, 6, 7, 9, 10, 12, 13], "mdoc": [4, 6, 10], "namespac": [4, 7, 9, 10], "flow": [4, 14], "push": [4, 9, 10], "par": 4, "token": [4, 5, 9, 10, 13, 15, 16], "remot": [4, 14], "uri": [4, 6, 13], "post": [4, 6, 14, 15], "cross": [4, 14], "check": [4, 6, 7, 14], "redirect": [4, 6], "proxim": 4, "engag": [4, 16], "session": [4, 6, 10], "termin": [4, 10], "rst": 4, "librari": [4, 14], "code": [4, 5, 6, 7, 9, 10, 14], "snippet": 4, "algorithm": [4, 5, 6, 9, 10, 13, 14, 15, 16], "contribut": 4, "acknowledg": 4, "law": 5, "scope": [5, 6, 9, 10, 14], "protect": [5, 6, 9, 10], "resourc": [5, 6, 9, 10, 13, 14], "within": [5, 6, 7, 9, 10, 14, 16], "ones": 5, "famili": [5, 6], "name": [5, 6, 7, 9, 10, 14, 15, 16], "first": [5, 6, 9, 10], "date": [5, 6, 13, 14, 15], "birth": [5, 6], "place": [5, 6], "uniqu": [5, 6, 9, 10, 14, 15, 16], "taxpay": 5, "number": [5, 6, 9, 10, 14, 15, 16], "addit": [5, 6, 14], "oidc": [5, 6, 9, 10, 12, 13, 14], "ida": 5, "carri": [5, 6, 9, 10, 12, 14], "proof": [5, 6, 9, 10, 12, 13, 14, 16], "underli": 5, "In": [5, 6, 7, 9, 10, 12, 14, 16], "relev": [5, 6, 7, 9, 12, 14, 15], "sourc": [5, 7, 9, 12], "subject": [5, 6, 14, 16], "section": [5, 6, 7, 9, 10, 14, 15, 16], "select": [5, 6, 9, 10], "disclosur": [5, 9, 10], "specifi": [5, 6, 7, 9, 15, 16], "terbu": [5, 13], "latest": 5, "_sd_alg": 5, "5": [5, 6, 7, 9, 10, 14, 15], "them": [5, 9, 10, 12, 14, 15, 16], "disclos": [5, 6, 7, 9, 12, 14], "indic": [5, 6, 7, 9, 13, 14], "hash": [5, 6, 7, 9], "digest": 5, "salt": [5, 7, 9], "one": [5, 6, 7, 9, 10, 12, 14], "omit": [5, 6], "instead": [5, 12, 14], "respect": [5, 6, 16], "decoi": 5, "arrai": [5, 6, 7, 9, 10, 14, 15, 16], "_sd": [5, 9, 10], "map": [5, 6, 9, 10, 14], "calcul": [5, 6, 7, 9], "random": [5, 6, 7, 9, 10], "sent": [5, 6, 9, 10], "togeth": [5, 6, 7, 9], "combin": [5, 14], "seri": 5, "base64url": [5, 6], "encod": [5, 6, 7, 9, 15], "separ": [5, 6, 9, 10, 15], "next": 5, "singl": [5, 6, 14], "tild": 5, "charact": [5, 6], "n": [5, 6, 9, 10, 13, 14], "more": [5, 6, 7, 9, 10, 14, 16], "jose": [5, 6], "mandatori": [5, 6, 7, 9], "typ": [5, 6, 9, 10, 14, 15, 16], "rfc7515": [5, 6, 13], "4": [5, 6, 7, 9, 10, 15], "9": [5, 6, 7, 9, 10, 15], "alg": [5, 6, 9, 10, 14, 15, 16], "kid": [5, 6, 9, 10, 14, 15, 16], "8": [5, 6, 7, 9, 10, 15], "trust_chain": [5, 9, 10, 14, 15], "json": [5, 6, 9, 10, 13, 14, 15, 16], "fed": [5, 9, 10, 13, 14], "whether": [5, 6, 9, 10, 14, 15], "nsd": 5, "iss": [5, 6, 9, 10, 14, 15, 16], "url": [5, 6, 9, 10, 14, 15, 16], "string": [5, 6, 7, 9, 10, 14, 15, 16], "rfc7519": [5, 6, 13, 15], "sub": [5, 6, 7, 9, 10, 14, 15, 16], "thumbprint": [5, 6, 13, 15, 16], "jwk": [5, 6, 9, 10, 13, 14, 15, 16], "cnf": [5, 6, 9, 10, 15], "jti": [5, 6, 9, 10, 15], "id": [5, 6, 9, 10, 14, 15, 16], "uuid4": [5, 6], "7": [5, 6, 7, 9, 10, 14, 15], "iat": [5, 6, 9, 10, 14, 15, 16], "unix": [5, 6, 9, 10, 14, 15, 16], "timestamp": [5, 6, 9, 10, 13, 14, 15, 16], "numericd": [5, 6, 14], "7519": [5, 6, 9, 10, 13, 14], "6": [5, 6, 7, 9, 10, 14, 15], "exp": [5, 6, 9, 10, 14, 15, 16], "expiri": [5, 6, 14], "materi": [5, 6, 7, 9], "confirm": [5, 6], "declar": 5, "recipi": 5, "rfc7800": [5, 13, 15], "vct": 5, "obtain": [5, 6, 7, 9, 10, 14, 15, 16], "For": [5, 6, 7, 9, 14, 16], "case": [5, 6, 9, 10, 14], "personidentificationdata": [5, 6], "verified_claim": [5, 9, 10], "element": [5, 7, 9, 12], "regard": [5, 9, 10, 14, 15], "structur": [5, 7, 9, 16], "trust_framework": [5, 7, 9], "oid": 5, "assurance_level": [5, 7, 9], "evid": [5, 7, 9], "convei": [5, 14], "least": [5, 6, 7, 9, 10, 16], "electronic_record": [5, 7, 9], "record": [5, 7, 9], "provis": [5, 15], "cie": [5, 6], "gov": [5, 7, 9, 10], "mean": [5, 6], "cointain": 5, "organization_nam": [5, 6, 7, 9, 10, 14, 16], "organ": [5, 6, 9, 10, 12, 14, 16], "act": [5, 6, 9, 10, 14], "organization_id": [5, 7, 9], "ipa": 5, "urn": [5, 6, 15, 16], "ipa_cod": 5, "country_cod": [5, 7, 9], "countri": 5, "iso3166": 5, "alpha": 5, "e": [5, 6, 7, 9, 10, 12, 14, 16], "g": [5, 6, 12, 13, 14, 16], "syntax": [5, 13], "note": [5, 14], "thu": [5, 14, 16], "give": [5, 7, 9, 10, 14, 15], "without": [5, 6, 12, 14, 15], "given_nam": [5, 6, 7, 9, 10, 14], "core": [5, 6], "0": [5, 6, 7, 9, 10, 13, 14, 15, 16], "family_nam": [5, 6, 7, 9, 10, 14], "birth_dat": [5, 7, 9], "birth_plac": 5, "subclaim": 5, "local": [5, 6], "unique_id": [5, 6, 9, 10], "anpr": 5, "given": [5, 6, 9, 10, 14], "regist": [5, 6], "resid": [5, 9, 10], "popul": [5, 9, 10], "tax_id_cod": [5, 6], "tax": [5, 6], "etsi": 5, "en": [5, 6], "319": 5, "412": 5, "tinit": 5, "italiantaxidentificationnumb": 5, "org": [5, 6, 7, 9, 10, 14, 15, 16], "nzblsxh8udccd7nowxfzafhkxzsrgc9x": 5, "uuid": [5, 6, 7, 9], "6c5c0a49": 5, "b589": 5, "431d": 5, "bae7": 5, "219122a9ec2c": 5, "1683000000": 5, "1883000000": 5, "pidprovid": 5, "pididentificationdata": 5, "ministero": 5, "dell": 5, "interno": 5, "m_it": 5, "xxxxxxxx": 5, "xxxx": 5, "xxxxxxxxxxxx": 5, "mario": 5, "rossi": 5, "1980": 5, "01": [5, 7, 9], "10": [5, 6, 7, 9, 10, 13, 15], "rome": 5, "xxxxxxxxxxxxxxxx": 5, "correspond": [5, 6, 7, 9, 10, 14, 15], "verson": 5, "db67gl7ck3tfiiaf7n6_7shvqk0mdymeqcogglkuaaw": 5, "nehrderpynlhy3m5wldwtwz2auhm": 5, "eyjhbgcioijsuzi1niisimtpzci6": 5, "ikjydmzybg5oqu11sfiwn2fqvw1b": 5, "7wg4nt6k26_r3975zcwnvwgoha7b988_3": 5, "vjzbzf6yc": 5, "gd8grxkt1hg8ptnvr5fpghae0vxlldblsijt9adxis8": 5, "4g9lbt38u1eeta1zlvvgffgppcoe3zmbq_zsrdghqa": 5, "eygzj1htywjjhbk2v3b8hv3e_fef": 5, "udffc5ymy77wtq": 5, "efp5vho0dbdoobbbl45cotmmsko6lrsun4my72y01s": 5, "f90skk9niqchielkhy_ult_9fgqy": 5, "rydvy3e0qr96": 5, "icyhqydt_c3u1iqajlficxllahthvelyfz6jxia27qq": 5, "lxgxedaupeuvmkcngr9fzuqodwfqut01gjj7xd4yepa": 5, "sha": [5, 6, 7, 9], "kty": [5, 6, 7, 9, 10, 14, 15, 16], "ec": [5, 6, 7, 9, 10, 14, 15, 16], "crv": [5, 6, 7, 9, 14, 15, 16], "p": [5, 6, 13, 14, 15, 16], "x": [5, 6, 7, 9, 10, 14, 15, 16], "tcaer19zvu3ohf4j4w4vfsvohip1ilildls7vcegemc": 5, "y": [5, 6, 7, 9, 13, 14, 15, 16], "zxjiwwbzmqghvwkvq4hbsiirsvfuecce6t4jt9f2hzq": 5, "wyi1n212ewnuadv5wknys0xanxhuzlv3iiwgimlhdciside2odmwmdawmdbd": 5, "57mvycth5yzcrklz5xnfuw": 5, "zmhbfh9set9czqaomvrxdmgwiouzxrkspkp9fdhvj3i": 5, "wyjrdwnyqm1sb19otwfjrky1odvsemfriiwginnvdxjjzsisihsib3jnyw5p": 5, "emf0aw9ux25hbwuioiaitwluaxn0zxjvigrlbgwnsw50zxjubyisicjvcmdh": 5, "bml6yxrpb25fawqioiaidxjuomv1zgk6axq6b3jnyw5pemf0aw9ux2lkomlw": 5, "yv9jb2rlom1faxqilcaiy291bnryev9jb2rlijogikluin1d": 5, "kucrbmlo_hmaiff585rzaq": 5, "wyjove5sb09pdvzwunrgnknfenrkovp3iiwgimv2awrlbmnliiwgw3sidhlw": 5, "zsi6icjlbgvjdhjvbmljx3jly29yzcisicjyzwnvcmqioib7il9zzci6ifsi": 5, "wk1iykziovnlvdldwlfht01wclhetudxsw91elhss3nws3a5zkrodkozssjd": 5, "lcaidhlwzsi6icjodhrwczovl2v1zgkud2fsbgv0lmnpzs5nb3yuaxqifx1d": 5, "xq": 5, "ntnrooiuvvrtf6ceztd9zw": 5, "wyjgrfntugdnekdcvxdrteheu0u2d1friiwginvuaxf1zv9pzcisicj4ehh4": 5, "ehh4ec14ehh4lxh4ehgtehh4ec14ehh4ehh4ehh4ehgixq": 5, "fdsspggzgbuwqlhdse6wqq": 5, "wyjlwjhlnxdwrxredmixemltuee0rhpbiiwgimdpdmvux25hbwuilcaitwfi": 5, "aw8ixq": 5, "kz8e5wvetdvb1zispa4dza": 5, "wyjwwjvnunlpehbwv1p1sexvsi15aljniiwgimzhbwlsev9uyw1liiwgiljv": 5, "c3npil0": 5, "pz5mryoxpvwzuhloj": 5, "yjrg": 5, "wyjqdfz1s0nwbjdivgnickfnx3nlvwjriiwgimjpcnrox2rhdguilcaimtk4": 5, "mc0wms0xmcjd": 5, "jtvukcpn7btchrag_seubq": 5, "wyjxrgtknkpztmhernzmudrzmwhrzhlbiiwgimjpcnrox3bsywnliiwgeyjj": 5, "b3vudhj5ijogikluiiwgimxvy2fsaxr5ijogiljvbwuifv0": 5, "wdkd6jsnhdfvlp4s1hqdya": 5, "wyi0a3nbejzitvvletzadk4xadhirhvriiwginrhef9pzf9jb2rliiwgilrj": 5, "tklulvhywfhywfhywfhywfhywfgixq": 5, "4ksaz6bmuky6zvn1h8hduq": 5, "eyjhbgcioiairvmyntyilcaidhlwijogimv4yw1wbgurc2qtand0in0": 5, "eyjfc2qioibb": 5, "ijdxrzruvdzlmjzfujm5nzv6y3duvndnb0hbn2i5odhfmy12snpiwmy2wwmixswgimlz": 5, "cyi6icjodhrwczovl2lzc3vlci5legftcgxllm9yzyisicjlehaioiaxodgzmdawmdaw": 5, "lcaic3viijogik56ykxzwgg4durdy2q3bm9xwezaqwzia3hac1jhqzlycyisicjqdgki": 5, "oiaidxjuonv1awq6nmm1yzbhndktyju4os00mzfklwjhztctmje5mtiyytllyzjjiiwg": 5, "inn0yxr1cyi6icjodhrwczovl3bpzhbyb3zpzgvylmv4yw1wbguub3jnl3n0yxr1cyi": 5, "icj2y3qioiaiuglkswrlbnrpzmljyxrpb25eyxrhiiwginzlcmlmawvkx2nsywltcyi6": 5, "ihsidmvyawzpy2f0aw9uijogeyjfc2qioibbimdkogdseetumwhnohb0bnzsnwzqr2hh": 5, "ztbwwgxsrgjsc2lkvdlhzhhpuzgixswginrydxn0x2zyyw1ld29yayi6icjlawrhcyi": 5, "icjhc3n1cmfuy2vfbgv2zwwioiaiaglnacj9lcaiy2xhaw1zijogeyjfc2qioibbijrn": 5, "owxcddm4vtffzvrbmxpsdnzhzkznufbjb2uzem1iuv96u1jez0hryuuilcairvlnekox": 5, "afrzv0pqaejlmlyzyjhivjnlx2zfzi1vzgzmyzv5bvk3n1d0usisicjfzla1dmhvmgrc": 5, "zg9pykjitdq1y09ubu1zs282thjtdu40txk3mnkwmvnfiiwgiky5mfnlszlusvfjself": 5, "bgtiwv91bhrfouzhcvlllvj5zhzzm0uwcvi5nnmilcaiswnzsff5zfrfqznvmulxyup": 5, "rmljeexsyuhushzfbhlgwjzkeglhmjdxusisicjswgd4rurbdvblvxzta2nor3i5rlp1": 5, "cw9kd0zxvvqwmwdkajd4zdr5rvbbil19fswgil9zzf9hbgcioiaic2hhlti1niisicjj": 5, "bmyioib7imp3ayi6ihsia3r5ijogikvdiiwgimnydii6icjqlti1niisicj4ijogilrd": 5, "quvsmtladnuzt0hgngo0vzr2zlnwb0hjudfjtglsrgxzn3zdzudlbwmilcaiesi6icja": 5, "egppv1diwk1rr0hwv0twutroylnjaxjzvmz1zwndrtz0ngpuouyysfprin19fq": 5, "ojck1": 5, "g0stmjlg1esfqrqhecmdwxrkedk0yf5evahuw7x2qymvv_ilqbolwvb4r_kghvc4w6ju": 5, "5hs2pmz4diw4w": 5, "wyi1n212ewnuadv5wknys0xanxhuzlv3iiwgimlhdciside2odmwmd": 5, "awmdbd": 5, "mf0aw9ux25hbwuioiaitwluaxn0zxjvigrlbgwnsw50zxjubyisicjvcmdhbml6yxrpb": 5, "25fawqioiaidxjuomv1zgk6axq6b3jnyw5pemf0aw9ux2lkomlwyv9jb2rlom1faxqil": 5, "caiy291bnryev9jb2rlijogikluin1d": 5, "wyjove5sb09pdvzwunrgnknfenrkovp3iiwg": 5, "imv2awrlbmnliiwgw3sidhlwzsi6icjlbgvjdhjvbmljx3jly29yzcisicjyzwnvcmqi": 5, "oib7il9zzci6ifsiwk1iykziovnlvdldwlfht01wclhetudxsw91elhss3nws3a5zkro": 5, "dkozssjdlcaidhlwzsi6icjodhrwczovl2v1zgkud2fsbgv0lmnpzs5nb3yuaxqifx1d": 5, "wyjgrfntugdnekdcvxdrteheu0u2d1friiwginvuaxf1zv9pzcisicj4ehh4ehh4": 5, "c14ehh4lxh4ehgtehh4ec14ehh4ehh4ehh4ehgixq": 5, "wyjlwjhlnxdwrxredmixemltu": 5, "e0rhpbiiwgimdpdmvux25hbwuilcaitwfyaw8ixq": 5, "wyjwwjvnunlpehbwv1p1sexvsi1": 5, "5aljniiwgimzhbwlsev9uyw1liiwgiljvc3npil0": 5, "wyjqdfz1s0nwbjdivgnickfnx3n": 5, "lvwjriiwgimjpcnrox2rhdguilcaimtk4mc0wms0xmcjd": 5, "wyjxrgtknkpztmhernzmud": 5, "rzmwhrzhlbiiwgimjpcnrox3bsywnliiwgeyjjb3vudhj5ijogikluiiwgimxvy2fsax": 5, "r5ijogiljvbwuifv0": 5, "wyi0a3nbejzitvvletzadk4xadhirhvriiwginrhef9pzf9jb2": 5, "rliiwgilrjtklulvhywfhywfhywfhywfhywfgixq": 5, "disabilitycard": 5, "pdnd": [5, 7, 9], "istituto": [5, 7, 9], "nazional": 5, "della": 5, "previdenza": 5, "social": 5, "inp": 5, "document_numb": [5, 7, 9], "xxxxxxxxxx": 5, "expiry_d": [5, 7, 9], "2024": [5, 7, 9], "constant_attendance_allow": 5, "true": [5, 6, 7, 9, 10], "previou": [5, 6, 9, 10], "decod": [5, 6, 9, 10, 15], "both": [5, 7, 9, 10, 12, 14, 15, 16], "d126a6a856f7724560484fa9dc59d195": 5, "stskq0yfy31zh3yp2nn_nfnd7h9q18du3oea1dc5lrc": 5, "3humfjicyhdhzjl": 5, "oed1vknqa10ivayed1dcckfruaa": 5, "dfrmuvonzdgealzcgwk3ufmc_4ept3y9n7xhwzlcyxo": 5, "ji86hs1v3d41tu5jqw4owcwtjdutuwp1ewqocuzzexk": 5, "qfuzrqugcbbbkae4q9eqvcsznzj2rnndlg8q606rlsm": 5, "emf0aw9ux25hbwuioiaisxn0axr1dg8gtmf6aw9uywxligrlbgxhifbyzxzp": 5, "zgvuemegu29jawfszsisicjvcmdhbml6yxrpb25fawqioiaidxjuomv1zgk6": 5, "axq6b3jnyw5pemf0aw9ux2lkomlwyv9jb2rlomluchmilcaiy291bnryev9j": 5, "b2rlijogikluin1d": 5, "cwz1enjrdudjykjcs2ffnfe5zxfwq1n6bnpkmnjobmrmrzhxnja2ukxztsjd": 5, "lcaidhlwzsi6icjodhrwczovl2v1zgkud2fsbgv0lnbkbmquz292lml0in19": 5, "xv0": 5, "wyjgrfntugdnekdcvxdrteheu0u2d1friiwgimrvy3vtzw50x251bwjlcii": 5, "icjywfhywfhywfhyil0": 5, "wyjxrgtknkpztmhernzmudrzmwhrzhlbiiwgimv4cglyev9kyxrliiwgijiw": 5, "mjqtmdetmdeixq": 5, "wyjezfdxs2g3d2rjnvzbeettdnhzwfzriiwgimnvbnn0yw50x2f0dgvuzgfu": 5, "y2vfywxsb3dhbmnliiwgdhj1zv0": 5, "ddwqkh7wdi5vaxksvxsxvq": 5, "inn0yxr1cyi6icjodhrwczovl2lzc3vlci5legftcgxllm9yzy9zdgf0dxmilcaidmn0": 5, "ijogikrpc2fiawxpdhldyxjkiiwginzlcmlmawvkx2nsywltcyi6ihsidmvyawzpy2f0": 5, "aw9uijogeyjfc2qioibbinnuc2txmhlgetmxwkgzwvaybk5fbkzuzddioxexogrvm29f": 5, "ytfeqzvmummixswginrydxn0x2zyyw1ld29yayi6icjlawrhcyisicjhc3n1cmfuy2vf": 5, "bgv2zwwioiaiaglnacj9lcaiy2xhaw1zijogeyjfc2qioibbijnodw1gamldwuhkshpq": 5, "tc1prwqxdktuuwexmgl2yvlfzdfkq0nrzlj1yueilcairvlnekoxafrzv0pqaejlmlyz": 5, "yjhivjnlx2zfzi1vzgzmyzv5bvk3n1d0usisicjgotbts0s5bklry0hjrwxrsflfdwx0": 5, "xzlgr3fzzs1sewr2wtnfmhfsotzziiwgikljwuhrewrux0mzvtfjcwfkbezpy3hmbgfi": 5, "veh2rwx5rlo2snhpyti3cveilcaizgzybvv2b25argdlywxaq0d3azn1zm1jxzrlchqz": 5, "etlon3hov1psq3l4byisicjqatg2sfmxdjnendf0vtvkcvc0b1ddd1rkrhvuvxdwmwv3": 5, "cw9dvxp6rvhriiwgimxyz3hfref1ugvvdm1ry05hcjlgwnvxb2r3rnfvvdaxz0pqn3hk": 5, "nhlfueeixx19lcaix3nkx2fszyi6icjzagetmju2iiwgimnuzii6ihsiandrijogeyjr": 5, "dhkioiairumilcaiy3j2ijogilatmju2iiwgingioiaivenbrvixovp2dtnpsey0ajrx": 5, "nhzmu1zvselqmulmawxebhm3dknlr2vtyyisicj5ijogilp4amlxv2jatvfhsfzxs1zr": 5, "nghiu0lpcnnwznvly0nfnnq0alq5rjjiwleifx19": 5, "hbgwxboqtlvptfygyvdhrgnockw": 5, "aw_hqy9gpxg4oxixejlemvtoawyftqinnysunaagd6aemjw7jlshdm9noga": 5, "wyi1n212": 5, "ewnuadv5wknys0xanxhuzlv3iiwgimlhdciside2odmwmdawmdbd": 5, "wyjrdwnyqm1sb19": 5, "otwfjrky1odvsemfriiwginnvdxjjzsisihsib3jnyw5pemf0aw9ux25hbwuioiaisxn": 5, "0axr1dg8gtmf6aw9uywxligrlbgxhifbyzxzpzgvuemegu29jawfszsisicjvcmdhbml": 5, "6yxrpb25fawqioiaidxjuomv1zgk6axq6b3jnyw5pemf0aw9ux2lkomlwyv9jb2rloml": 5, "uchmilcaiy291bnryev9jb2rlijogikluin1d": 5, "wyjove5sb09pdvzwunrgnknfenrkov": 5, "p3iiwgimv2awrlbmnliiwgw3sidhlwzsi6icjlbgvjdhjvbmljx3jly29yzcisicjyzw": 5, "nvcmqioib7il9zzci6ifsicwz1enjrdudjykjcs2ffnfe5zxfwq1n6bnpkmnjobmrmrz": 5, "hxnja2ukxztsjdlcaidhlwzsi6icjodhrwczovl2v1zgkud2fsbgv0lnbkbmquz292lm": 5, "l0in19xv0": 5, "wyjgrfntugdnekdcvxdrteheu0u2d1friiwgimrvy3vtzw50x251bwjlci": 5, "isicjywfhywfhywfhyil0": 5, "wyjlwjhlnxdwrxredmixemltuee0rhpbiiwgimdpdmvux2": 5, "5hbwuilcaitwfyaw8ixq": 5, "wyjwwjvnunlpehbwv1p1sexvsi15aljniiwgimzhbwlsev9": 5, "uyw1liiwgiljvc3npil0": 5, "wyjqdfz1s0nwbjdivgnickfnx3nlvwjriiwgimjpcnrox2r": 5, "hdguilcaimtk4mc0wms0xmcjd": 5, "wyjxrgtknkpztmhernzmudrzmwhrzhlbiiwgimv4cg": 5, "lyev9kyxrliiwgijiwmjqtmdetmdeixq": 5, "wyi0a3nbejzitvvletzadk4xadhirhvriiw": 5, "ginrhef9pzf9jb2rliiwgilrjtklulvhywfhywfhywfhywfhywfgixq": 5, "wyjezfdxs2g3": 5, "d2rjnvzbeettdnhzwfzriiwgimnvbnn0yw50x2f0dgvuzgfuy2vfywxsb3dhbmnliiwg": 5, "dhj1zv0": 5, "iso": [5, 7, 9, 10], "iec": 5, "18013": [5, 7, 9, 10], "standard": [5, 14], "born": 5, "drive": 5, "licens": 5, "8949": 5, "concis": 5, "binari": 5, "represent": [5, 14], "eu": [5, 9, 10, 14, 15, 16], "europa": [5, 9, 10, 14], "eudiw": [5, 6, 9, 10, 14, 15], "revers": 5, "domain": [5, 14], "util": [5, 7, 9, 16], "consist": [5, 6, 16], "while": [5, 12], "domest": [5, 7, 9], "tstr": [5, 7, 9], "text": 5, "being": [5, 6, 7, 9, 12, 15], "wai": [5, 6], "track": [5, 14, 15], "backward": 5, "compat": [5, 14, 16], "understand": 5, "evolv": 5, "uint": [5, 7, 9], "unsign": 5, "int": 5, "ok": [5, 6, 9, 10, 15], "normal": 5, "bstr": [5, 7, 9], "byte": [5, 7, 9], "collect": [5, 14], "doctyp": [5, 6, 7, 9, 10], "issuersign": [5, 7, 9], "tag": 5, "24": [5, 7, 9, 10, 14], "major": 5, "howev": [5, 6], "issuerauth": [5, 7, 9], "mso": 5, "cose": 5, "sign1": 5, "abov": [5, 6, 7, 9, 12, 14], "devicesign": [5, 7, 9], "ad": [5, 6, 9, 10], "phase": [5, 6, 7, 9, 12, 14, 15], "deviceauth": [5, 7, 9], "either": [5, 6, 9, 10], "devicesignatur": [5, 7, 9], "devicemac": 5, "two": [5, 6, 7, 9, 10], "empti": [5, 7, 9], "latter": [5, 6], "issuersigneditembyt": [5, 7, 9], "bitsr": 5, "mark": [5, 6, 14], "diagnost": [5, 7, 9], "digestid": [5, 7, 9], "integ": [5, 6], "valuedigest": [5, 7, 9], "issuersigneditem": [5, 7, 9], "minimum": [5, 6, 7, 9], "16": [5, 6, 7, 9, 10], "elementidentifi": [5, 7, 9], "elementvalu": [5, 7, 9], "depend": [5, 6, 9, 10, 16], "issue_d": [5, 7, 9], "cbortag": 5, "1004": [5, 7, 9], "expir": [5, 6, 9, 10, 14, 15, 16], "issuing_author": [5, 7, 9], "issuing_countri": [5, 7, 9], "3166": 5, "As": 5, "birth_countri": 5, "9052": 5, "unprotect": 5, "rfc8152": 5, "x5chain": 5, "label": 5, "33": [5, 7, 9], "9360": 5, "referenc": [5, 6], "509": [5, 14, 15], "aim": 5, "abl": [5, 6, 14, 15], "invalid": [5, 6, 7, 9, 14, 15], "mobilesecurityobject": 5, "mobilesecurityobjectbyt": 5, "validityinfo": [5, 7, 9], "datetim": [5, 16], "validfrom": [5, 7, 9], "validuntil": [5, 7, 9], "digestalgorithm": [5, 7, 9], "group": 5, "devicekeyinfo": [5, 7, 9], "devicekei": [5, 7, 9], "keyauthor": 5, "keyinfo": 5, "store": [5, 6, 7, 9, 12, 14, 16], "devicesigneditem": 5, "af": 5, "a366737461747573006776657273696f6e63312e3069646f63756d656e747381a267646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316c6973737565725369676e6564a26a697373756572417574688443a10126a1182159021930820215308201bca003020102021404ad06a30c1a6dc6e93be0e2e8f78dcafa7907c2300a06082a8648ce3d040302305b310b3009060355040613025a45312e302c060355040a0c25465053204d6f62696c69747920616e64205472616e73706f7274206f66205a65746f706961311c301a06035504030c1349414341205a65746573436f6e666964656e73301e170d3231303932393033333034355a170d3232313130333033333034345a3050311a301806035504030c114453205a65746573436f6e666964656e7331253023060355040a0c1c5a65746f70696120436974792044657074206f662054726166666963310b3009060355040613025a453059301306072a8648ce3d020106082a8648ce3d030107034200047c5545e9a0b15f4ff3ce5015121e8ad3257c28d541c1cd0d604fc9d1e352ccc38adef5f7902d44b7a6fc1f99f06eedf7b0018fd9da716aec2f1ffac173356c7da3693067301f0603551d23041830168014bba2a53201700d3c97542ef42889556d15b7ac4630150603551d250101ff040b3009060728818c5d050102301d0603551d0e04160414ce5fd758a8e88563e625cf056bfe9f692f4296fd300e0603551d0f0101ff040403020780300a06082a8648ce3d0403020347003044022012b06a3813ffec5679f3b8cddb51eaa4b95b0cbb1786b09405e2000e9c46618c02202c1f778ad252285ed05d9b55469f1cb78d773671f30fe7ab815371942328317c59032ad818590325a667646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316776657273696f6e63312e306c76616c6964697479496e666fa3667369676e6564c074323032332d30322d32325430363a32333a35365a6976616c696446726f6dc074323032332d30322d32325430363a32333a35365a6a76616c6964556e74696cc074323032342d30322d32325430303a30303a30305a6c76616c756544696765737473a2781865752e6575726f70612e65632e65756469772e7069642e31ac015820a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a025820cd372fb85148700fa88095e3492d3f9f5beb43e555e5ff26d95f5a6adc36f8e6035820e67e72111b363d80c8124d28193926000980e1211c7986cacbd26aacc5528d48045820f7d062d662826ed95869851db06bb539b402047baee53a00e0aa35bfbe98265d0658202a132dbfe4784627b86aa3807cd19cfeff487aab3dd7a60d0ab119a72e736936075820bdca9e8dbca354e824e67bfe1533fa4a238b9ea832f23fb4271ebeb3a5a8f7200858202c0eaec2f05b6c7fe7982683e3773b5d8d7a01e33d04dfcb162add8bd99bee9a095820bfe220d85657ccec3c67e7db1df747e9148a152334bb6d4b65b273279bcc36ec0a582018e38144f5044301d6a0b4ec9d5f98d4cd950e6ea2c29b849cbd457da29b6ad30b58203c71d2f0efa09d9e3fbbdffd29204f6b292c9f79570aef72dd86c91f7a3aa5c50c582065743d58d89d45e52044758f546034fd13a4f994bc270cdfa7844f74eb3f4b6e0d5820b4a8eb5d523bffa17b41bda12ddc7da32ae1e5f7ff3dcc394a35401f16919bbf781b65752e6575726f70612e65632e65756469772e7069642e69742e31a10e58209d6c11644651126c94acdaf0803e86d4c71d15d3b2712a14295416734efd514d6d6465766963654b6579496e666fa1696465766963654b6579a401022001215820ba01aea44eee1e338eb2f04e279dbd51b34655783ee185150838c9a7a7c4db7122582025ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96f646967657374416c676f726974686d675348412d32353658400813c28fd62f2602cbc14724e5865733c44a0fca589b55c085ec9d5c725d6cce25ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96a6e616d65537061636573a2781865752e6575726f70612e65632e65756469772e7069642e318dd818586da4686469676573744944016672616e646f6d5820156df9227ad341eaa61aabd301106fd21bdc18820e01dfc16bcf5fecc447111b71656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d30322d3232d818586fa4686469676573744944026672616e646f6d5820a3a1f13f05544d03a5b50b5fdb78465808393bcf3b7953a345fe28f820c7be0d71656c656d656e744964656e7469666965726d69737375616e63655f646174656c656c656d656e7456616c7565d903ec6a323032332d30322d3232d8185866a4686469676573744944036672616e646f6d5820852591f90f2c9ded57a03632e2c1322ab52a082a431e71a4149a6830c8f1ad0c71656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ca4686469676573744944046672616e646f6d5820d1d587b3512acce15c4f6b20944ceb002a464e4a158389788563408873c3fce571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c7565764d696e69737465726f2064656c6c27496e7465726e6fd8185864a4686469676573744944056672616e646f6d582094fdd7609c0e73dc8589b5cab11e1d9058cf8bff8a336da5f81fcba055396a0f71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565654d6172696fd8185865a4686469676573744944066672616e646f6d5820660c0a7bf79e0e0261ca1547a4294fb808aa70738f424b13ab1b9440b566ae1371656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756565526f737369d818586ba4686469676573744944076672616e646f6d5820315c53491286488fa07f5c2ce67135ef5c9959c3469c99a14e9b6dc924f9eba571656c656d656e744964656e746966696572696269727468646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3132d818587aa4686469676573744944086672616e646f6d582081c5cc04fbdf78e0f84df72fdb87028ade08e66dc5f31084826ebad7ae70d84671656c656d656e744964656e7469666965726b62697274685f706c6163656c656c656d656e7456616c756581a267636f756e747279624954686c6f63616c69747964526f6d65d818587da4686469676573744944096672616e646f6d5820764ef39c9d01f3aa6a87f441603cfe853fba3cee3bc2c168bcc9e96271d6e06371656c656d656e744964656e74696669657269756e697175655f69646c656c656d656e7456616c7565781e78787878787878782d7878782d787878782d787878787878787878787878d81858e8a46864696765737449440a6672616e646f6d5820ad20b3b9c67aed8089ff33ecdc108781c3b49b81cd7a3f059d2fe236977037b271656c656d656e744964656e74696669657275766572696669636174696f6e2e65766964656e63656c656c656d656e7456616c756581a2647479706571656c656374726f6e69635f7265636f7264667265636f7264a264747970656c65696461732e69742e63696566736f75726365a3716f7267616e697a6174696f6e5f6e616d656c65696461732e69742e6369656f6f7267616e697a6174696f6e5f6964646d5f69746c636f756e7472795f636f6465626974d8185879a46864696765737449440b6672616e646f6d5820c12314b3695d1401505187e2113115e2f7b4a14b135dee320f5e6df81275f17671656c656d656e744964656e746966696572667374617475736c656c656d656e7456616c7565781d68747470733a2f2f70696470726f76696465722e69742f737461747573d8185877a46864696765737449440c6672616e646f6d5820a7b6a9027ed97f25df96dd0eab8093b264a3bd6a1d5b24228f3fc5b18ef835fb71656c656d656e744964656e746966696572781c766572696669636174696f6e2e74727573745f6672616d65776f726b6c656c656d656e7456616c7565656569646173d8185876a46864696765737449440d6672616e646f6d5820c76ce2ae4e9be1db07a5cb397b54ace3eccc786d3f85e4348b923dee059783db71656c656d656e744964656e746966696572781c766572696669636174696f6e2e6173737572616e63655f6c6576656c6c656c656d656e7456616c75656468696768781b65752e6575726f70612e65632e65756469772e7069642e69742e3181d8185877a46864696765737449440e6672616e646f6d5820717df3f583b1484366c33a1f869f2b5d201d466a8b589c79ab1a2d85e595432571656c656d656e744964656e7469666965726d7461785f69645f6e756d6265726c656c656d656e7456616c75657554494e49542d585858585858585858585858585858": 5, "notat": [5, 7, 9, 13], "h": [5, 7, 9, 13], "30820215308201bca003020102021404ad30c": 5, "x_509": 5, "2023": [5, 7, 9, 13], "02": [5, 7, 9], "22t06": 5, "23": [5, 7, 9, 10], "56z": 5, "22t00": 5, "00": 5, "00z": 5, "0f1571a97ffb799cc8fcdf2ba4fc2909929": 5, "0cdfe077400432c055a2b69596c90": 5, "e2382149255ae8e955af9b8984395": 5, "bbc77e6cca981a3ad0c3e544edf86": 5, "bb6e6c68d1b4b4ec5a2ae9206f5t4": 5, "f8a5966e6dac9970e0334d8f75e25": 5, "ead5e8b5e543bd31f3be57de4ed45": 5, "defdf1aa746718016ef1b94bfe5r6": 5, "afc5a127be44753172844b13491d8": 5, "11": [5, 6, 7, 9, 10], "afc5a127be44753172844b13492h4": 5, "12": [5, 6, 7, 9, 10], "dja5a127be44753172844b13492h4": 5, "13": [5, 6, 7, 9, 10, 15], "kdl5a127be44753172844b13492h4": 5, "f9ee4d36f67dbd75e23311ac1c29": 5, "ec2": [5, 7, 9], "elipt": 5, "curv": [5, 7, 9], "coordin": [5, 7, 9], "pair": [5, 6, 7, 9, 15], "p256": [5, 7, 9], "b820963964e53af064686dd9218303494a": 5, "coordiant": 5, "0a6da0af437e2943f1836f31c678d89298e9": 5, "ccordiant": 5, "1ad0d6a7313efdc38fcd765852fa2bd43debf48bf5a580d": 5, "e0b70bcefbd43686f345c9ed429343aa": 5, "22": [5, 7, 9, 10], "ae84834f389ee69888665b90a3e4fcc": 5, "960cb15a2ea9b68e5233ce902807aa95": 5, "9d3774bd5994ccfed248674b32a4f76a": 5, "eb12193dc66c6174530cdc29b274381f": 5, "db143143538f3c8d41dc024f9cb25c9d": 5, "6059ff1ce27b4997b4ade1de7b01dc60": 5, "birthdat": [5, 6], "1956": [5, 7, 9], "cad1f6a38f603451f1fa653f81ff309d": 5, "53c15c57b3b076e788795829190220b4": 5, "xxx": 5, "564e3c65d46d06fedeb0e7293a86gf": 5, "d884e5d5ef4cfc93fdb1e4ee8f3923": 5, "11aa7273a2d2daa973f5951f0c34c2fba": 5, "tax_id_numb": [5, 9, 10], "xxxxxxxxxxxxxxx": 5, "releas": [6, 9, 10, 12], "genuin": 6, "entir": [6, 9, 10, 14, 16], "product": [6, 16], "own": [6, 7, 9, 12, 14, 15, 16], "compliant": [6, 7, 9, 10], "assess": [6, 14], "cab": 6, "graphic": 6, "compos": [6, 9, 10], "oidc4vci": 6, "bitbucket": 6, "io": [6, 16], "1_0": 6, "html": 6, "_": [6, 14], "eid": [6, 16], "saml2": [6, 12], "preexist": 6, "eg": [6, 9, 10, 14], "spid": [6, 9, 10, 14], "send": [6, 7, 9, 10, 15], "get": [6, 9, 10, 14, 15, 16], "fig": 6, "show": [6, 9, 10], "highlight": 6, "step": [6, 7, 9, 10, 16], "pictur": [6, 9, 10], "setup": [6, 7, 9], "start": [6, 9, 10, 14, 15], "preliminari": 6, "out": [6, 7, 9, 14], "assert": [6, 16], "share": 6, "discoveri": [6, 9, 10, 14], "discov": 6, "subordin": [6, 14], "inspect": 6, "filter": [6, 9, 10], "ani": [6, 7, 9, 10, 12, 14], "proxi": [6, 9, 10], "bound": [6, 14, 15], "held": 6, "expand": 6, "assumpt": 6, "most": 6, "look": 6, "capabl": [6, 9, 10, 14, 16], "9126": 6, "pkce": 6, "7636": 6, "protocol": [6, 7, 9, 10, 13, 14], "well": [6, 9, 10, 14, 16], "fresh": [6, 9, 10, 14], "previous": [6, 9, 10, 14], "hereaft": 6, "prevent": [6, 9, 10, 15, 16], "swap": 6, "attack": 6, "code_verifi": 6, "enough": 6, "entropi": [6, 9, 10], "unreserv": 6, "43": 6, "maximum": [6, 14], "128": [6, 9, 10], "impract": 6, "guess": 6, "client_assert": 6, "oauth": [6, 9, 10, 13, 15, 16], "client": [6, 7, 9, 10, 14, 16], "sinc": [6, 9, 10, 12, 14, 16], "less": [6, 7, 9, 14], "precis": 6, "second": [6, 7, 9, 10], "authorization_detail": 6, "rar": 6, "9396": 6, "upon": [6, 9, 10], "receipt": 6, "9101": [6, 9, 10], "retriev": [6, 7, 9, 10, 15, 16], "jw": [6, 9, 10, 13, 14, 15, 16], "client_id": [6, 9, 10], "match": [6, 9, 10], "aud": [6, 9, 10, 15], "reject": [6, 9, 10], "request_uri": [6, 9, 10], "deriv": [6, 7, 9, 14], "expos": [6, 9, 10, 14], "far": 6, "minut": 6, "mitig": 6, "replai": 6, "host": [6, 9, 10, 15], "www": [6, 9, 10, 15], "urlencod": [6, 9, 10, 15], "response_typ": [6, 9, 10, 15], "thumprint": 6, "code_challeng": 6, "e9melhoa2owvfremtjguchaoek1t8urwbugjsstw": 6, "cm": 6, "code_challenge_method": 6, "s256": 6, "eyjhbgcioijsuzi1niisimtpzci6imsyymrjin0": 6, "ew0kic": 6, "jpc3mioiaiczzcagrsa3f0myisdqogimf1zci6icjodhrwczovl3nlcnzlci5legftcgxllmnvbsisdqo": 6, "ginjlc3bvbnnlx3r5cguioiaiy29kzsbpzf90b2tlbiisdqogimnsawvudf9pzci6icjznkjozfjrcxqz": 6, "iiwnciaicmvkaxjly3rfdxjpijogimh0dhbzoi8vy2xpzw50lmv4yw1": 6, "client_assertion_typ": 6, "ietf": [6, 15, 16], "param": [6, 15, 16], "wia": 6, "pop": 6, "appli": [6, 9, 10, 14], "vbexjksm45xphtanncig6mcyuu4jfgnzopgukvogg9c": [6, 9, 10, 15], "ad25868c": 6, "8377": 6, "479b": 6, "8094": 6, "46fb1e797625": 6, "1686645115": [6, 15], "1686652315": [6, 15], "fifyx03bnosd8m6gyqifnhnp9cm_sam9tc5nlloiirc": [6, 14], "1672422065": [6, 9, 10], "1672418465": [6, 9, 10], "ac80df576e7109686717bf50b869e882": 6, "fyziol9lf2cekunt2jzxilrdink0upcd": 6, "openid_credenti": 6, "credential_configuration_id": 6, "redirect_uri": [6, 9, 10], "suffici": [6, 9, 10], "larg": 6, "adequ": 6, "short": [6, 7, 9, 14, 16], "risk": [6, 12], "exce": 6, "512": 6, "ascii": 6, "due": 6, "reason": 6, "mani": 6, "phone": [6, 12], "market": 6, "still": [6, 14], "do": [6, 14, 15], "restrict": [6, 9, 10, 12, 14], "1024": 6, "On": 6, "slow": 6, "2g": 6, "caus": 6, "advis": 6, "201": [6, 9, 10, 15], "cach": 6, "bwc4jk": 6, "esc0w8acc191": 6, "y1ltc2": 6, "expires_in": 6, "60": 6, "treat": 6, "duplic": 6, "reload": 6, "refresh": 6, "agent": [6, 9, 10], "result": [6, 7, 9], "submit": 6, "pass": [6, 7, 9], "3aietf": [6, 15], "3aparam": [6, 15], "3aoauth": [6, 15], "3arequest_uri": 6, "3abwc4jk": 6, "consent": [6, 7, 9, 10], "perspect": [6, 9, 10, 14], "prior": 6, "transact": [6, 16], "6749": [6, 13], "intend": [6, 7, 9, 10, 14], "9027": 6, "univers": 6, "so": [6, 7, 9], "resolv": [6, 14], "302": [6, 9, 10], "found": [6, 9, 10], "locat": [6, 7, 9, 10], "splxlobezqqybys6wxsbia": 6, "3a": [6, 9, 10], "2f": [6, 9, 10], "2fpid": 6, "dpop": [6, 13], "instruct": 6, "9449": [6, 13], "certain": [6, 7, 9], "misus": 6, "leak": 6, "stolen": 6, "repli": 6, "tokenrequest": 6, "eyj0exaioijkcg9wk2p3dcisimfszyi6ikvtmju2iiwiandrijp7imt0esi6ik": 6, "vdiiwieci6imw4dezyahgtmzr0vjnoukldukrzoxpda0rscejorjqyvvfvzldwqvdcr": 6, "nmilcj5ijoiovzfngpmx09rx282nhpivfrsy3vosmfqsg10nny5verwcluwq2r2r1j": 6, "qsisimnydii6ilatmju2in19": 6, "eyjqdgkioiitqnddm0vtyzzhy2mybfrjiiwiahrtij": 6, "oiue9tvcisimh0dsi6imh0dhbzoi8vc2vydmvylmv4yw1wbguuy29tl3rva2vuiiwia": 6, "wf0ijoxntyymjyynje2fq": 6, "gxa6t8lp4vfrg8v": 6, "fdwp0a0zdrj8igimlvqrmuvwnqg": 6, "4ptflbdlxiossx0x7nvi": 6, "fnyjk70nfbv37xrzt3lg": 6, "grant_typ": [6, 15], "authorization_cod": 6, "dbjftjez4cvp": 6, "mb92k27uhbuju1p1r_ww1gfwfoejxk": 6, "cb": [6, 9, 10], "15": [6, 9, 10, 15], "success": [6, 9, 10], "c_nonc": 6, "200": [6, 9, 10], "access_token": 6, "kz": 6, "8mxk1ealyznwh": 6, "lc": 6, "1fbao": 6, "4ljp": 6, "zspe_neo": 6, "gxu": 6, "token_typ": 6, "2677": 6, "tzign": 6, "snfbp": 6, "c_nonce_expires_in": 6, "86400": 6, "17": [6, 9, 10], "18": [6, 9, 10], "schema": [6, 14], "registr": [6, 14], "later": 6, "nmilcj5ijoiovzfngpmx09rx282nhpivfrsy3vosmfqsg10nny5verwcluwq2r2r": 6, "1jeqsisimnydii6ilatmju2in19": 6, "eyjqdgkioijlmwozvl9is2ljoc1mquvciiwiahrtij": 6, "oir0vuiiwiahr1ijoiahr0chm6ly9yzxnvdxjjzs5legftcgxllm9yzy9wcm90zwn0z": 6, "wryzxnvdxjjzsisimlhdci6mtu2mji2mjyxocwiyxroijoizlvieu8ycjjam0rantnf": 6, "c05yv0jimhhxwg9htnk1oulps0nbcwtzbvffbyj9": 6, "2ow9rp35yrqzhrtnp86l": 6, "ey71": 6, "optxrimpptoa1plemagr6pxhf8y6": 6, "yqyvnmcw6fy1dqd": 6, "jfxsyomxhajplja": 6, "credential_definit": 6, "proof_typ": 6, "eyjrawqioijkawq6zxhhbxbsztplym": 6, "l8tfrhx": 6, "34tv3hricrdy9zckdlpbhf42uqufwvawbf": 6, "9ve4jf_ok_o64zbttlcunjajhmt6v9tdvru0cdvgrda": 6, "And": 6, "0b434530": 6, "e151": 6, "4c40": 6, "98b7": 6, "74c75a5ef760": 6, "1504699136": 6, "nonc": [6, 9, 10, 15], "19": [6, 9, 10, 13], "21": [6, 9, 10], "suitabl": 6, "succe": 6, "proceed": 6, "storag": [6, 14], "proce": 6, "pragma": 6, "lupixvcwjk0eot4cxqe1nxk": 6, "wzwmhmn9oqp6yxx0a2l": 6, "fgff7": 6, "ukhla": 6, "insid": 6, "challeng": 6, "per": 6, "iana": 6, "web": [6, 9, 10, 13, 14, 15, 16], "registri": [6, 9, 10, 12, 14, 16], "symmetr": [6, 9, 10], "mac": [6, 9, 10], "7638": [6, 13], "section_3": 6, "assum": [6, 14], "implicit": 6, "side": 6, "end": [6, 7, 9, 10, 14], "alphanumer": 6, "32": [6, 9, 10], "authrequest": 6, "credential_configurations_support": 6, "reus": 6, "alon": 6, "collis": 6, "resist": 6, "under": [6, 9, 10, 12, 16], "v4": 6, "4122": 6, "top": 6, "media": [6, 9, 10, 14, 15, 16], "8259": 6, "strong": [6, 16], "pseudorandom": 6, "lifetim": 6, "posit": 6, "grant": [6, 9, 10, 12, 15, 16], "server": [6, 7, 9, 15], "browser": 6, "serial": 6, "queri": 6, "error": [6, 9, 10], "invalid_dpop_proof": 6, "7515": [6, 13], "8725": [6, 13], "chosen": [6, 9, 10, 16], "7517": [6, 9, 10, 13, 14, 16], "htm": 6, "attach": 6, "9110": 6, "htu": 6, "target": [6, 9, 10], "claimset": 6, "even": [6, 9, 10, 12, 14], "accomplish": [6, 16], "methodolog": 6, "9068": 6, "subjectidtyp": 6, "rp": [6, 9, 10, 14], "jkt": 6, "ath": 6, "denot": 6, "mso_mdoc": [6, 9, 10], "appendix": 6, "renew": [6, 14], "openid_credential_issu": [6, 14], "fanfs3ync9tjicaivhwlvuj3axwggz_98urfaqme": 6, "1649610249": 6, "1649437449": 6, "sig": [6, 9, 10], "1ta": [6, 9, 10], "se": [6, 9, 10], "aqab": [6, 9, 10, 14], "authority_hint": [6, 9, 10, 14, 16], "superior": [6, 14, 16], "credential_issu": 6, "authorization_serv": 6, "authorization_endpoint": [6, 9, 10, 15], "token_endpoint": [6, 16], "pushed_authorization_request_endpoint": 6, "dpop_signing_alg_values_support": 6, "credential_endpoint": 6, "displai": [6, 7, 9], "italiano": 6, "di": 6, "esempio": 6, "logo": [6, 9, 10, 14, 16], "svg": [6, 9, 10, 14, 16], "alt_text": 6, "questo": 6, "newk5qdymekrcppo": 6, "yeytdjvwjmtzasmavt2vm1mb": 6, "vizxalo6dzeeszpxfpgzabtk3ctxtbubiiqpmiyrts": 6, "ff0bded045fe63fe5d1d64dd83b567e0": 6, "cryptographic_binding_methods_support": 6, "cryptographic_suites_support": 6, "credenzial": 6, "background_color": 6, "12107c": 6, "text_color": 6, "ffffff": 6, "credentialsubject": [6, 9, 10], "nome": 6, "cognom": 6, "nascita": 6, "place_of_birth": 6, "luogo": 6, "identificativo": 6, "univoco": 6, "codic": 6, "fiscal": 6, "homepage_uri": [6, 9, 10, 14, 16], "policy_uri": [6, 9, 10, 16], "privacy_polici": [6, 16], "tos_uri": [6, 16], "info_polici": [6, 16], "logo_uri": [6, 9, 10, 14, 16], "openid_relying_parti": [6, 14], "supervis": [7, 9], "divid": [7, 9], "three": [7, 9, 16], "subphas": [7, 9], "begin": [7, 9], "prompt": [7, 9], "between": [7, 9, 10, 12, 14, 16], "transmit": [7, 9, 10], "rang": [7, 9, 14], "limit": [7, 9, 15], "intercept": [7, 9, 10], "eavesdrop": [7, 9], "exclus": [7, 9], "qr": [7, 9, 10], "up": [7, 9, 10, 14], "stage": [7, 9], "condit": [7, 9, 10], "iso18013": [7, 9], "appropri": [7, 9], "decrypt": [7, 9, 10], "primari": [7, 9, 16], "mode": [7, 9, 10, 13], "bluetooth": [7, 9], "low": [7, 9, 16], "energi": [7, 9], "ble": [7, 9], "figur": [7, 9], "illustr": [7, 9], "diagram": [7, 9, 10], "reveal": [7, 9, 12], "temporari": [7, 9], "edevicekei": [7, 9], "priv": [7, 9], "pub": [7, 9], "incorpor": [7, 9], "cipher": [7, 9], "suit": [7, 9], "ellipt": [7, 9], "agreement": [7, 9], "immedi": [7, 9, 14, 16], "after": [7, 9, 10, 15, 16], "final": [7, 9, 10, 14], "a30063312e30018201d818584ba4010220012158205a88d182bce5f42efa59943f33359d2e8a968ff289d93e5fa444b624343167fe225820b16e8cf858ddc7690407ba61d4c338237a8cfcf3de6aa672fc60a557aa32fc670281830201a300f401f50b5045efef742b2c4837a9a3b0e1d05a6917": [7, 9], "embed": [7, 9], "item": [7, 9, 12], "5a88d182bce5f42efa59943f33359d2e8a968ff289d93e5fa444b624343": [7, 9], "167fe": [7, 9], "b16e8cf858ddc7690407ba61d4c338237a8cfcf3de6aa672fc60a557aa32fc67": [7, 9], "deviceretrievalmethod": [7, 9], "fals": [7, 9, 10, 15], "peripher": [7, 9], "central": [7, 9, 12], "45efef742b2c4837a9a3b0e1d05a6917": [7, 9], "scan": [7, 9, 10], "ephemer": [7, 9], "ereaderkei": [7, 9], "newli": [7, 9], "independ": [7, 9], "along": [7, 9, 16], "demonstr": [7, 9, 13], "block": [7, 9], "a26776657273696f6e63312e306b646f63526571756573747381a26c6974656d7352657175657374d818590152a267646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e4954a375766572696669636174696f6e2e65766964656e6365f4781c766572696669636174696f6e2e6173737572616e63655f6c6576656cf4781c766572696669636174696f6e2e74727573745f6672616d65776f726bf4716f72672e69736f2e31383031332e352e31ab76756e5f64697374696e6775697368696e675f7369676ef47264726976696e675f70726976696c65676573f46f646f63756d656e745f6e756d626572f46a69737375655f64617465f46f69737375696e675f636f756e747279f47169737375696e675f617574686f72697479f46a62697274685f64617465f46b6578706972795f64617465f46a676976656e5f6e616d65f468706f727472616974f46b66616d696c795f6e616d65f46a726561646572417574688443a10126a11821590129308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97bf6584058a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9": [7, 9], "docrequest": [7, 9], "itemsrequest": [7, 9], "un_distinguishing_sign": [7, 9], "driving_privileg": [7, 9, 10], "portrait": [7, 9, 10], "readerauth": [7, 9], "a10126": [7, 9], "308201253081cda00302010202012a300a06082a8648ce3d0403023020311e301c06035504030c15536f6d652052656164657220417574686f72697479301e170d3233313132343130323832325a170d3238313132323130323832325a301a3118301606035504030c0f536f6d6520526561646572204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004aa1092fb59e26ddd182cfdbc85f1aa8217a4f0fae6a6a5536b57c5ef7be2fb6d0dfd319839e6c24d087cd26499ec4f87c8c766200ba4c6218c74de50cd1243b1300a06082a8648ce3d0403020347003044022048466e92226e042add073b8cdc43df5a19401e1d95ab226e142947e435af9db30220043af7a8e7d31646a424e02ea0c853ec9c293791f930bf589bee557370a4c97b": [7, 9], "null": [7, 9], "58a0d421a7e53b7db0412a196fea50ca6d4c8a530a47dd84d88588ab145374bd0ab2a724cf2ed2facf32c7184591c5969efd53f5aba63194105440bc1904e1b9": [7, 9], "comput": [7, 9], "ask": [7, 9, 10, 12, 16], "permiss": [7, 9], "agre": [7, 9], "a36776657273696f6e63312e3069646f63756d656e747381a367646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c6973737565725369676e6564a26a6e616d65537061636573a2746f72672e69736f2e31383031332e352e312e495483d81858f7a46864696765737449440b6672616e646f6d506d44f21ee875f2c1d502b43198e5a15271656c656d656e744964656e74696669657275766572696669636174696f6e2e65766964656e63656c656c656d656e7456616c756581a2647479706571656c656374726f6e69635f7265636f7264667265636f7264bf6474797065781f68747470733a2f2f657564692e77616c6c65742e70646e642e676f762e697466736f75726365bf716f7267616e697a6174696f6e5f6e616d65754d6f746f72697a7a617a696f6e6520436976696c656f6f7267616e697a6174696f6e5f6964656d5f696e666c636f756e7472795f636f6465626974ffffd8185866a4686469676573744944046672616e646f6d50185d84dfb71ce9b173010ddd62174fbe71656c656d656e744964656e746966696572781c766572696669636174696f6e2e74727573745f6672616d65776f726b6c656c656d656e7456616c7565656569646173d8185865a4686469676573744944006672616e646f6d50137f903174253c4585358267aae2ea4e71656c656d656e744964656e746966696572781c766572696669636174696f6e2e6173737572616e63655f6c6576656c6c656c656d656e7456616c75656468696768716f72672e69736f2e31383031332e352e318bd8185852a46864696765737449440c6672616e646f6d5053e29d0ddbbc7d2306a32bdbe2e56e5171656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756563446f65d8185855a4686469676573744944036672616e646f6d50990cba2069fa1b33b8d6ae910b6549dc71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c756567416e746f6e696fd818585ba46864696765737449440a6672616e646f6d504086c1379975f805f1b1f4975e6a126571656c656d656e744964656e7469666965726a69737375655f646174656c656c656d656e7456616c7565d903ec6a323031392d31302d3230d818585ca4686469676573744944016672616e646f6d50ab4ca30c918dd2fd0bf35242c15fa2d871656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d31302d3230d8185855a4686469676573744944076672616e646f6d508d9066f6c8da16619867cd4e2fab0c8871656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ea4686469676573744944056672616e646f6d5059fe68db795dee4c20976380ea24770571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c75657828497374697475746f20506f6c696772616669636f2065205a656363612064656c6c6f20537461746fd818585ba4686469676573744944026672616e646f6d5008b3f1ca5517019767be3dee3bb0614571656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3230d818585ca4686469676573744944096672616e646f6d50a2395ec214350c26066306e23279b3ae71656c656d656e744964656e7469666965726f646f63756d656e745f6e756d6265726c656c656d656e7456616c756569393837363534333231d8185850a4686469676573744944066672616e646f6d50a25e1a5b915d2d6eafee9674e023293971656c656d656e744964656e74696669657268706f7274726169746c656c656d656e7456616c75654420212223d81858eea46864696765737449440d6672616e646f6d50eeed6a3b856563627589a360939d12f771656c656d656e744964656e7469666965727264726976696e675f70726976696c656765736c656c656d656e7456616c756582a37576656869636c655f63617465676f72795f636f646561416a69737375655f64617465d903ec6a323031382d30382d30396b6578706972795f64617465d903ec6a323032342d31302d3230a37576656869636c655f63617465676f72795f636f646561426a69737375655f64617465d903ec6a323031372d30322d32336b6578706972795f64617465d903ec6a323032342d31302d3230d818585ba4686469676573744944086672616e646f6d50c0ef486b2a194ed3cbf7f354fd40092171656c656d656e744964656e74696669657276756e5f64697374696e6775697368696e675f7369676e6c656c656d656e7456616c756561496a697373756572417574688443a10126a118215901423082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb": [7, 9], "6d44f21ee875f2c1d502b43198e5a152": [7, 9], "motorizzazion": [7, 9], "civil": [7, 9], "m_inf": [7, 9], "185d84dfb71ce9b173010ddd62174fb": [7, 9], "137f903174253c4585358267aae2ea4": [7, 9], "53e29d0ddbbc7d2306a32bdbe2e56e51": [7, 9], "doe": [7, 9, 14], "990cba2069fa1b33b8d6ae910b6549dc": [7, 9], "antonio": [7, 9], "4086c1379975f805f1b1f4975e6a1265": [7, 9], "2019": [7, 9], "20": [7, 9, 10], "ab4ca30c918dd2fd0bf35242c15fa2d8": [7, 9], "8d9066f6c8da16619867cd4e2fab0c88": [7, 9], "59fe68db795dee4c20976380ea247705": [7, 9], "poligrafico": [7, 9], "zecca": [7, 9], "dello": [7, 9], "stato": [7, 9], "08b3f1ca5517019767be3dee3bb06145": [7, 9], "a2395ec214350c26066306e23279b3a": [7, 9], "987654321": [7, 9], "a25e1a5b915d2d6eafee9674e0232939": [7, 9], "20212223": [7, 9], "eeed6a3b856563627589a360939d12f7": [7, 9], "vehicle_category_cod": [7, 9], "2018": [7, 9], "08": [7, 9], "09": [7, 9], "b": [7, 9, 13], "2017": [7, 9, 13], "c0ef486b2a194ed3cbf7f354fd400921": [7, 9], "i": [7, 9], "3082013e3081e5a00302010202012a300a06082a8648ce3d040302301a3118301606035504030c0f5374617465204f662055746f706961301e170d3233313132343134353430345a170d3238313132323134353430345a30383136303406035504030c2d5374617465204f662055746f7069612049737375696e6720417574686f72697479205369676e696e67204b65793059301306072a8648ce3d020106082a8648ce3d03010703420004c338ec1000b351ce8bcdfc167450aeceb7d518bd9a519583e082d67effff06565804fc09abf0e4a08e699c9dba3796285a15f68e40ac7f9fc7700a15153a4065300a06082a8648ce3d040302034800304502210099b7d62e6bf7b1823db3713df889bf73e70bb4d9c58c21e92c58d2f1beffe932022058d039747a00d70e6d66be4797e6142b3608a014ee09b7b79af2cae2aaf27788": [7, 9], "0e5f0b6b33418e508740771e82f893372eaf5b2445bc4c84dcf08b005e9493fc": [7, 9], "de21bb62ff2897d8b986d2cda9f9bc5865c02807f7b4d9dd1fa4a79df4c0d37f": [7, 9], "bc5568239e35ce9ff8798c27ffdcd757b134b679f0fe05729aa3491381912e65": [7, 9], "e6048bdc7fd6454296f1e3f54536107c9c5b24c4064de46a98121e3630eecca2": [7, 9], "73690d92dcaa61b0203870f67c6aa9fdfea889b6f0c720de757b4b0a8516a206": [7, 9], "e353ea0b0fd92b6be90c64cc3b2ee1284153a8f0f5066b99aac599200e6eeeb2": [7, 9], "29227872ceb49923d267b5f4bade6d387b42ac2dc4b2ae26c9013067fee7018a": [7, 9], "a6a119f7cacac0b8c6aacac747fd3fe7e50b6d9bb8a507fda79f0df6646f285d": [7, 9], "6d8025d2f02a5e7e1406fb6aaeb67f9ede9b07191a53f3e23b77c528223a94e2": [7, 9], "b0d43e4e2ea534e4d5304e64bcf7a0f13e2c8ee8304b9cd23aba4909652a4647": [7, 9], "fbf4de318982f2dbad43c601caeb22628b301ac18aa8264c5831b2aaac89c486": [7, 9], "cf57377b675f64f37314739592c1e8a911a7ddaf341ce2902fe877c5a835e4c1": [7, 9], "4a4b4cc64ec9299c1a2501ea449f577005e9f7a60408057c07a7c67fb151e5f5": [7, 9], "78824fbd6fbba88a2aab44df8b6f5e9759126d87d1f4415995e658fd9239e1f": [7, 9], "afd09e720b918cedc2b8a881950bab6a1051e18ae16a814d51e609938663d5e1": [7, 9], "61fbc6c8ad24ec86a78bb4e9ac377dd2b7c711d9f2eb9afd4aa0963662847a": [7, 9], "24t14": [7, 9], "54": [7, 9], "05z": [7, 9], "f2461e4fab69e9f7bcffe552395424514524d1679440036213173101448d1b1ab4a293859b389ffa8b47aeed10e9b0c1545412ac37c51a76482cd9bbbe110152": [7, 9], "1fed7190d2975ab79c072e6f1d9d52436059d1fc959d55baf74f057d89b10fcc0dc77a50d433d4c76ddf26223c5560c4ab123b5cb5eb805a90036aa147493076": [7, 9], "subsequ": [7, 9], "consid": [7, 9, 10, 14, 15], "transfermethod": [7, 9], "hold": [7, 9], "bleoption": [7, 9], "datael": [7, 9], "intent": [7, 9], "retain": [7, 9], "intenttoretain": [7, 9], "bool": [7, 9], "cose_sign1": [7, 9], "unless": [7, 9], "responsedata": [7, 9], "devicenamespac": [7, 9], "dataitemnam": [7, 9], "dataitemvalu": [7, 9], "action": [7, 9, 10, 12, 16], "responsestatu": [7, 9], "occur": [7, 9], "300": [7, 9], "doesn": [7, 9, 14], "t": [7, 9, 13, 14], "dispatch": [7, 9], "command": [7, 9], "destruct": [7, 9], "closur": [7, 9], "download": [9, 10], "workstat": [9, 10], "frame": [9, 10], "extract": [9, 10], "build": [9, 10, 14], "fetch": [9, 10, 14], "presenc": [9, 10], "request_uri_method": [9, 10], "valueth": [9, 10], "eleg": [9, 10], "polici": [9, 10, 14, 16], "successful": [9, 10], "good": [9, 10, 12, 15], "let": [9, 10], "continu": [9, 10], "navig": [9, 10], "sequenc": [9, 10, 14], "summar": [9, 10], "login": [9, 10, 12], "button": [9, 10], "qrcode": [9, 10], "produc": [9, 10], "deselect": [9, 10], "direct_post": [9, 10], "25": [9, 10], "26": [9, 10], "27": [9, 10], "28": [9, 10], "29": [9, 10], "autent": [9, 10], "succed": [9, 10], "featur": [9, 10], "deem": [9, 10], "necessari": [9, 10, 12, 14, 15], "better": [9, 10], "explicit": [9, 10], "hardwar": [9, 10, 14], "usag": [9, 10, 16], "prefer": [9, 10, 16], "strategi": [9, 10], "response_types_support": [9, 10, 15], "vp_token": [9, 10, 15], "response_modes_support": [9, 10, 15], "form_post": [9, 10, 15], "vp_formats_support": [9, 10, 15], "jwt_alg_valu": [9, 10, 14, 15], "es384": [9, 10, 14, 15, 16], "request_object_signing_alg_values_support": [9, 10, 15], "presentation_definition_uri_support": [9, 10, 15], "jar": [9, 10], "2freli": [9, 10], "2fcb": [9, 10], "2frequest_uri": [9, 10], "raw": [9, 10], "correct": [9, 10], "quartili": [9, 10], "balanc": [9, 10], "densiti": [9, 10], "space": [9, 10], "qualiti": [9, 10], "remain": [9, 10, 12], "readabl": [9, 10], "damag": [9, 10], "obscur": [9, 10], "javascript": [9, 10, 13], "poll": [9, 10], "socket": [9, 10], "httponli": [9, 10], "cooki": [9, 10], "special": [9, 10], "wait": [9, 10, 13], "202": [9, 10], "response_uri": [9, 10], "401": [9, 10], "unauthor": [9, 10, 12, 15, 16], "opaqu": [9, 10], "3be39b69": [9, 10], "6ac1": [9, 10], "41aa": [9, 10], "921b": [9, 10], "3e6c07ddcb03": [9, 10], "e0bbf2f1": [9, 10], "8c3a": [9, 10], "4eab": [9, 10], "a8ac": [9, 10], "2e8f34db8a47": [9, 10], "miicajccadogawibag": [9, 10], "awz": [9, 10], "2w3": [9, 10], "sf2": [9, 10], "client_id_schem": [9, 10], "entity_id": [9, 10], "response_mod": [9, 10, 15], "2c128e4d": [9, 10], "fc91": [9, 10], "4cd3": [9, 10], "86b8": [9, 10], "18bdea0988cb": [9, 10], "herein": [9, 10], "alias": [9, 10], "anymor": [9, 10], "determin": [9, 10, 12, 14, 16], "insensit": [9, 10], "rfc9101": [9, 10], "creation": [9, 10], "presentation_definit": [9, 10, 15], "input_descriptor": [9, 10], "constraint": [9, 10, 14], "path": [9, 10, 14], "limit_discolusr": [9, 10], "mention": [9, 10], "futur": [9, 10], "presentation_definition_uri": [9, 10], "Not": [9, 10], "client_metadata": [9, 10], "taken": [9, 10], "client_metadata_uri": [9, 10], "why": [9, 10], "malici": [9, 10], "gain": [9, 10], "plaintext": [9, 10], "network": [9, 10], "environ": [9, 10, 16], "emploi": [9, 10], "tl": [9, 10], "Such": [9, 10], "techniqu": [9, 10, 12], "webserv": [9, 10], "handl": [9, 10], "manner": [9, 10, 16], "deciph": [9, 10], "transmiss": [9, 10], "forward": [9, 10], "negoti": [9, 10], "actual": [9, 10, 16], "actor": [9, 10, 12, 16], "segment": [9, 10], "could": [9, 10, 12], "sensit": [9, 10], "unencrypt": [9, 10], "snif": [9, 10], "eyjhbgcioijfuzi1nii": [9, 10], "9t2lq": [9, 10], "pt0ixx0": [9, 10], "walletinstanceattest": [9, 10], "presentation_submiss": [9, 10], "definition_id": [9, 10], "32f54163": [9, 10], "7166": [9, 10], "48f1": [9, 10], "93d8": [9, 10], "ff217bdb0653": [9, 10], "04a98be3": [9, 10], "7fb0": [9, 10], "4cf5": [9, 10], "af9a": [9, 10], "31579c8b0e7d": [9, 10], "descriptor_map": [9, 10], "There": [9, 10, 14], "find": [9, 10], "3978344f": [9, 10], "8596": [9, 10], "4c3a": [9, 10], "a978": [9, 10], "8fcaba3903c5": [9, 10], "1541493724": [9, 10], "1573029723": [9, 10], "origin": [9, 10, 14], "pblic": [9, 10], "beyond": [9, 10, 14], "longer": [9, 10, 14, 15], "audienc": [9, 10], "withing": [9, 10], "write": [9, 10, 16], "charset": [9, 10], "utf": [9, 10], "response_cod": [9, 10], "091535f699ea575c7937fa5f0f454ae": [9, 10], "complet": [9, 10, 12, 16], "2hnofs3ync9tjicaivhwlvuj3axwggz_98urfaqme": [9, 10, 14], "1649590602": [9, 10], "1649417862": [9, 10], "5s4qi": [9, 10], "wallet_relying_parti": [9, 10, 14], "application_typ": [9, 10], "client_nam": [9, 10], "yhnfs3ync9tjicaivhwlvuj3axwggz_98urfaqme": [9, 10], "x5c": [9, 10, 14, 15], "contact": [9, 10, 14], "op": [9, 10], "default_acr_valu": [9, 10], "spidl2": [9, 10], "spidl3": [9, 10], "vp_format": [9, 10, 14], "kb": [9, 10, 14], "identitycredenti": [9, 10], "limit_disclosur": [9, 10], "const": [9, 10], "intent_to_retain": [9, 10], "sampl": [9, 10], "eddsa": [9, 10], "default_max_ag": [9, 10], "1111": [9, 10], "jarm": [9, 10, 13], "authorization_signed_response_alg": [9, 10], "authorization_encrypted_response_alg": [9, 10], "authorization_encrypted_response_enc": [9, 10], "a192cbc": [9, 10], "a128gcm": [9, 10], "a192gcm": [9, 10], "a256gcm": [9, 10], "subject_typ": [9, 10], "pairwis": [9, 10], "require_auth_tim": [9, 10], "id_token_signed_response_alg": [9, 10], "id_token_encrypted_response_alg": [9, 10], "id_token_encrypted_response_enc": [9, 10], "home": [9, 10], "tech": [9, 10, 14], "paradigm": 12, "iam": 12, "improv": 12, "ownership": [12, 16], "revok": [12, 14], "said": 12, "histori": 12, "tradit": 12, "know": [12, 14], "signific": 12, "fact": 12, "envis": 12, "compani": 12, "want": 12, "anoth": 12, "acquir": [12, 16], "publish": [12, 14], "educ": 12, "institut": 12, "crucial": 12, "portabl": 12, "principl": 12, "character": 12, "choos": 12, "leverag": [12, 16], "advanc": 12, "avoid": [12, 15], "theft": 12, "fraud": 12, "promot": 12, "seamless": [12, 16], "across": 12, "border": 12, "effici": 12, "cost": [12, 14], "reduct": 12, "elimin": 12, "multipl": [12, 14, 15], "repetit": 12, "streamlin": 12, "reduc": 12, "purchas": 12, "physic": 12, "ag": 12, "k": 13, "looker": 13, "februari": 13, "o": 13, "d": 13, "fett": 13, "presentationexch": 13, "2119": 13, "bradner": 13, "march": 13, "1997": 13, "2616": 13, "r": 13, "getti": 13, "j": 13, "mogul": 13, "frystyk": 13, "masint": 13, "l": [13, 15], "leach": 13, "berner": 13, "lee": 13, "hypertext": 13, "transfer": [13, 15], "june": 13, "1999": 13, "3339": 13, "klyne": 13, "c": 13, "newman": 13, "internet": 13, "doi": 13, "17487": 13, "rfc3339": 13, "juli": 13, "2002": 13, "3986": 13, "uniform": 13, "7009": 13, "dronia": 13, "scurtescu": 13, "m": 13, "rfc7009": 13, "august": 13, "2013": 13, "7159": 13, "brai": 13, "interchang": 13, "2014": 13, "jone": 13, "bradlei": 13, "sakimura": 13, "2015": 13, "hildebrand": 13, "jwe": 13, "rfc7517": 13, "jwa": 13, "rfc7638": 13, "septemb": 13, "7800": 13, "tschofenig": 13, "semant": 13, "april": 13, "2016": 13, "8174": 13, "leiba": 13, "ambigu": 13, "uppercas": 13, "vs": 13, "lowercas": 13, "hardt": 13, "sheffer": 13, "best": 13, "practic": [13, 15], "2020": 13, "campbel": 13, "novemb": 13, "2022": 13, "openid4vc": [13, 15], "haip": [13, 15], "legitimaci": 14, "compli": 14, "rest": [14, 15, 16], "distribut": 14, "among": [14, 16], "overse": 14, "except": 14, "dedic": 14, "summari": 14, "pki": 14, "leaf": 14, "tamper": [14, 16], "compris": 14, "These": [14, 16], "forg": 14, "adversari": 14, "preserv": [14, 15, 16], "consum": 14, "against": 14, "guarantor": 14, "histor": 14, "save": 14, "year": 14, "retent": 14, "rotat": 14, "flexibl": 14, "freedom": 14, "modifi": 14, "simultan": 14, "disabl": 14, "vulner": 14, "certainti": 14, "propag": 14, "friendli": 14, "adopt": [14, 16], "effect": [14, 16], "wide": 14, "softwar": 14, "kit": 14, "rapid": 14, "scalabl": 14, "accommod": 14, "coverag": 14, "satisfi": 14, "recognis": 14, "publicli": 14, "summaris": 14, "spec": 14, "itself": [14, 16], "trust_mark_id": 14, "motiv": 14, "serv": [14, 16], "plain": 14, "default": 14, "enter": [14, 15, 16], "keep": 14, "max_path_length": 14, "1649375259": 14, "1649373279": 14, "3i5vv": 14, "root": 14, "ca": 14, "x2zomhngsdc4zlbrcxhmt3mzrmrzog9jd3o2qjzdam51cuhhufruowd0wq": 14, "1knr9ar3mzmokyty8brvriue85nixryx4xd3k4jw7vi": 14, "slt14644zbyxyf": 14, "xmw7apdlbmuw3t1urwi4nafmtkri": 14, "ta": 14, "federation_fetch_endpoint": 14, "federation_resolve_endpoint": 14, "federation_list_endpoint": 14, "federation_trust_mark_status_endpoint": 14, "trust_mark_statu": 14, "trust_mark_issu": 14, "behalf": 14, "cryptograf": 14, "entity_typ": 14, "trustworthi": [14, 15, 16], "assign": 14, "trust_mark_own": 14, "trust_mark": 14, "entri": 14, "don": 14, "em3cmnzghiyfsq090n6b3op7laaqj8rghmhxgmjstqg": 14, "1649623546": 14, "1649450746": 14, "metadata_polici": 14, "subset_of": 14, "email": 14, "allowed_leaf_entity_typ": 14, "real": 14, "onlin": 14, "unavail": 14, "concaten": 14, "pertain": 14, "earliest": 14, "No": 14, "forc": 14, "higher": 14, "abstract": 14, "entityconfigur": 14, "signedjwt": 14, "selfissu": 14, "byleaf": 14, "entitystat": 14, "bytrustanchor": 14, "eyjhbgcioijfuzi1niisimtpzci6ik5gttfxvvzpvwxzelvxcexhbwxmy0vwufjwwtjwwfpjumpcblfywm1ssghlwvvwwvvszfrrbkeytkeilcj0exaioijhchbsawnhdglvbi9lbnrpdhktc3rhdgvtzw50k2p3dcj9": 14, "eyjlehaioje2ndk1ota2mdisimlhdci6mty0otqxnzg2miwiaxnzijoiahr0chm6ly9ycc5legftcgxllm9yzyisinn1yii6imh0dhbzoi8vcnauzxhhbxbszs5vcmcilcjqd2tzijp7imtlexmiolt7imt0esi6ikvdiiwia2lkijoitkznmvdvvmlvbfl6vvdwtgftbgzjrxbqulzzmlzywklsakjuuvhabvjiaetzvvzzvwxkvffuqtjoqsisimnydii6ilatmju2iiwieci6invzbemzd2qtcfgzd3o0yljzbnd5m2x6cgjhwkzotjk2aewyquhbm01rnlkilcj5ijoivkxdqlhgv2xktlnosxo4a0gyoxzmujromthca3dht1gynnprb3j1utfnncj9xx0sim1ldgfkyxrhijp7im9wzw5pzf9yzwx5aw5nx3bhcnr5ijp7imfwcgxpy2f0aw9ux3r5cguioij3zwiilcjjbgllbnrfawqioijodhrwczovl3jwlmv4yw1wbguub3jnlyisimnsawvudf9yzwdpc3ryyxrpb25fdhlwzxmiolsiyxv0b21hdgljil0simp3a3mionsia2v5cyi6w3sia3r5ijoirumilcjrawqioijork0xv1vwavvswxpvv3bmyw1szmnfcfbsvlkyvlhasvjqqm5rwfptukhos1lvvllvbgruuw5bmk5biiwiy3j2ijoiuc0yntyilcj4ijoidxnsqzn3zc1wwdn3ejriullud3kzbhpwykdarmhootzotdjbseeztve2wsisinkioijwtencwezxbgrou05jejhrsdi5dkxsne4xoejrd0dpwdi2elfvcnvrmu00in1dfswiy2xpzw50x25hbwuioijoyw1lig9migfuigv4yw1wbgugb3jnyw5pemf0aw9uiiwiy29udgfjdhmiolsib3bzqhjwlmv4yw1wbguuaxqixswiz3jhbnrfdhlwzxmiolsicmvmcmvzaf90b2tlbiisimf1dghvcml6yxrpb25fy29kzsjdlcjyzwrpcmvjdf91cmlzijpbimh0dhbzoi8vcnauzxhhbxbszs5vcmcvb2lkyy9ycc9jywxsymfjay8ixswicmvzcg9uc2vfdhlwzxmiolsiy29kzsjdlcjzy29wzsi6imv1lmv1cm9wys5lyy5ldwrpdy5wawqumsblds5ldxjvcgeuzwmuzxvkaxcucglklml0ljegzw1hawwilcjzdwjqzwn0x3r5cguioijwywlyd2lzzsj9lcjmzwrlcmf0aw9ux2vudgl0esi6eyjmzwrlcmf0aw9ux3jlc29sdmvfzw5kcg9pbnqioijodhrwczovl3jwlmv4yw1wbguub3jnl3jlc29sdmuviiwib3jnyw5pemf0aw9ux25hbwuioijfegftcgxlifjqiiwiag9tzxbhz2vfdxjpijoiahr0chm6ly9ycc5legftcgxllml0iiwicg9sawn5x3vyasi6imh0dhbzoi8vcnauzxhhbxbszs5pdc9wb2xpy3kilcjsb2dvx3vyasi6imh0dhbzoi8vcnauzxhhbxbszs5pdc9zdgf0awmvbg9nby5zdmcilcjjb250ywn0cyi6wyj0zwnoqgv4yw1wbguuaxqixx19lcj0cnvzdf9tyxjrcyi6w3siawqioijodhrwczovl3jlz2lzdhj5lmvpzgfzlnrydxn0lwfuy2hvci5legftcgxllmv1l29wzw5pzf9yzwx5aw5nx3bhcnr5l3b1ymxpyy8ilcj0cnvzdf9tyxjrijoizxlkacbcdtiwmjyifv0simf1dghvcml0ev9oaw50cyi6wyjodhrwczovl2ludgvybwvkawf0zs5lawrhcy5legftcgxllm9yzyjdfq": 14, "un315hdckvhya": 14, "irregzaml7pnfjqh2apz82blqo5s0sl1jr0tefp5e1t913g8gnuwggtmquqhpzwv6bvtla8g": 14, "eyjhbgcioijfuzi1niisimtpzci6ilnurkrxv2hky0dwwfgzqjnsvmraywtsq0xutnvna000wtngnlfutk9krxryzfhgwvlywjjjwgn0uveilcj0exaioijhchbsawnhdglvbi9lbnrpdhktc3rhdgvtzw50k2p3dcj9": 14, "eyjlehaioje2ndk2mjm1ndysimlhdci6mty0otq1mdc0niwiaxnzijoiahr0chm6ly9pbnrlcm1lzglhdguuzwlkyxmuzxhhbxbszs5vcmcilcjzdwiioijodhrwczovl3jwlmv4yw1wbguub3jniiwiandrcyi6eyjrzxlzijpbeyjrdhkioijfqyisimtpzci6ik5gttfxvvzpvwxzelvxcexhbwxmy0vwufjwwtjwwfpjumpcblfywm1ssghlwvvwwvvszfrrbkeytkeilcjjcnyioijqlti1niisingioij1c2xdm3dklxbym3d6ngjsww53etnsenbir1pgae45nmhmmkfiqtnnutzziiwiesi6ilzmq0jyrldsze5ttkl6ogtimjl2tfi0tje4qmt3r09ymjz6uw9ydvexttqifv19lcjtzxrhzgf0yv9wb2xpy3kionsib3blbmlkx3jlbhlpbmdfcgfydhkionsic2nvcguionsic3vic2v0x29mijpbimv1lmv1cm9wys5lyy5ldwrpdy5wawqumswgigv1lmv1cm9wys5lyy5ldwrpdy5wawquaxqumsjdfswicmvxdwvzdf9hdxrozw50awnhdglvbl9tzxrob2rzx3n1chbvcnrlzci6eyjvbmvfb2yiolsicmvxdwvzdf9vymply3qixx0sinjlcxvlc3rfyxv0agvudgljyxrpb25fc2lnbmluz19hbgdfdmfsdwvzx3n1chbvcnrlzci6eyjzdwjzzxrfb2yiolsiulmyntyilcjsuzuxmiisikvtmju2iiwirvm1mtiilcjquzi1niisilbtnteyil19fx0sinrydxn0x21hcmtzijpbeyjpzci6imh0dhbzoi8vdhj1c3qtyw5jag9ylmv4yw1wbguuzxuvb3blbmlkx3jlbhlpbmdfcgfydhkvchvibgljlyisinrydxn0x21hcmsioijleupoyibcdtiwmjyifv19": 14, "_qt5": 14, "t6dahp3tuwa_27kle8i9z_spk2ftqlky6pgmpchbsi2ahxy3aaxdurobpo4chtqgg3j2xcrghdfucfgeq": 14, "eyjhbgcioijfuzi1niisimtpzci6imvxa3pubwt0ww5kblzhmwxhmju1zdjkq2rvzersazqwuwt0wvlvmwfhrfzyt1robfphdfdxsgq1wncilcj0exaioijhchbsawnhdglvbi9lbnrpdhktc3rhdgvtzw50k2p3dcj9": 14, "eyjlehaioje2ndk2mjm1ndysimlhdci6mty0otq1mdc0niwiaxnzijoiahr0chm6ly90cnvzdc1hbmnob3iuzxhhbxbszs5ldsisinn1yii6imh0dhbzoi8vaw50zxjtzwrpyxrllmvpzgfzlmv4yw1wbguub3jniiwiandrcyi6eyjrzxlzijpbeyjrdhkioijfqyisimtpzci6ilnurkrxv2hky0dwwfgzqjnsvmraywtsq0xutnvna000wtngnlfutk9krxryzfhgwvlywjjjwgn0uveilcjjcnyioijqlti1niisingioijyql9bogdcunh5njhvtkxzrkzlr0zmr2vmwu5xymgtszh1os1gylqyzkzjiiwiesi6ilnuwvk2y3njznkxcjbisfhltgjuvfzsamfndzhozznrues2wfvoc2uzdkuifv19lcj0cnvzdf9tyxjrcyi6w3siawqioijodhrwczovl3rydxn0lwfuy2hvci5legftcgxllmv1l2zlzgvyyxrpb25fzw50axr5l3royxqtchjvzmlszsisinrydxn0x21hcmsioijleupoyibcdtiwmjyifv19": 14, "r3uoi": 14, "u0tx0gdflndditbcwznupy7m2tnh08jld": 14, "ej9vmzwmcxoccuwin0zt0js4m_shneig6tlxrqj": 14, "hti70g": 14, "At": 14, "attain": 14, "hour": 14, "furthermor": [14, 16], "inquir": 14, "amount": 14, "matter": 14, "gdpr": 14, "especi": 14, "perimet": 14, "jurisdict": 14, "snapshot": 14, "overload": 14, "met": 15, "therebi": 15, "accur": 15, "associ": [15, 16], "measur": 15, "usabl": 15, "repeat": 15, "lost": 15, "delet": 15, "becom": [15, 16], "now": 15, "readi": 15, "explain": 15, "7523": 15, "bearer": 15, "3agrant": 15, "3ajwt": 15, "eyjhbgcioijfuzi1niisimtpzci6imtoakzwte9nrjnhegrxd2xvtl9lwl83ntvut1zebmjiadg2tw1kchh2a1uifq": 15, "eyjpc3mioiaidmjlweprc000nxhwahrbtm5dauc2bun5dvu0amzhtnpvced1s3zvz2c5yyisicjhdwqioiaiahr0chm6ly93ywxszxqtchjvdmlkzxiuzxhhbxbszs5vcmcilcaianrpijogimy1njuymdcylwfizwytndu5os1iodyzltlhnjkwnja3mzjjyyisicjub25jzsi6iciuli4uliisicjjbmyioib7imp3ayi6ihsiy3j2ijogilatmju2iiwgimt0esi6icjfqyisicj4ijogijritnb0ss14cjjwanlsskthtw56nfdtzg5rrf91slnxnfi5nu5qothindqilcaiesi6icjmsvpuu0izoxzgsmhzz1mzazdqweu0cjmtq29hrlf3wnrqqklscxbobhjniiwgimtpzci6icj2ymvysmtzttq1ehbodefobknprzztq3l1vtrqzkdoem9wr3vldm9nzzljin19lcaiawf0ijogmty5mtq4odk2miwgimv4cci6ide2ote0otyxnjj9": 15, "dg_yfaiv6lvftr3ffx0v5jw250mbgxlvp1j0ezzchryitqsy7xgmx4i": 15, "mgur93fas85vf_da": 15, "reveltwu2jw": 15, "eyjhbgcioijfuzi1niisinr5cci6indhbgxldc1hdhrlc3rhdglvbitqd3qilcjrawqioii1ddvzwxbcae4trwdjruvjnwlveni2cjbnujaytg5wutbpbwvrbu5ly2pziiwidhj1c3rfy2hhaw4iolsizxlkagjhy2lpaupgvxouli42uzbbiiwizxlkagjhy2lpaupgvxouli5qskxbiiwizxlkagjhy2lpaupgvxouli5iowd3il19": 15, "eyjpc3mioijodhrwczovl3dhbgxldc1wcm92awrlci5legftcgxllm9yzyisinn1yii6inzizvhka3nnndv4cgh0qu5uq2lhnm1dexvvngpmr056b3bhdut2b2dnowmilcj0exblijoiv2fsbgv0sw5zdgfuy2vbdhrlc3rhdglvbiisinbvbgljev91cmkioijodhrwczovl3dhbgxldc1wcm92awrlci5legftcgxllm9yzy9wcml2ywn5x3bvbgljesisinrvc191cmkioijodhrwczovl3dhbgxldc1wcm92awrlci5legftcgxllm9yzy9pbmzvx3bvbgljesisimxvz29fdxjpijoiahr0chm6ly93ywxszxqtchjvdmlkzxiuzxhhbxbszs5vcmcvbg9nby5zdmcilcjhdhrlc3rlzf9zzwn1cml0ev9jb250zxh0ijoiahr0chm6ly93ywxszxqtchjvdmlkzxiuzxhhbxbszs5vcmcvtg9bl2jhc2ljiiwiy25mijp7imp3ayi6eyjjcnyioijqlti1niisimt0esi6ikvdiiwieci6ijritnb0ss14cjjwanlsskthtw56nfdtzg5rrf91slnxnfi5nu5qothindqilcj5ijoitelablncmzl2rkpowwdtm2s3alhfnhizlunvr0zrd1p0uejjunfwtmxyzyisimtpzci6inzizvhka3nnndv4cgh0qu5uq2lhnm1dexvvngpmr056b3bhdut2b2dnowmifx0simf1dghvcml6yxrpb25fzw5kcg9pbnqioijldwrpdzoilcjyzxnwb25zzv90exblc19zdxbwb3j0zwqiolsidnbfdg9rzw4ixswidnbfzm9ybwf0c19zdxbwb3j0zwqionsiand0x3zwx2pzb24ionsiywxnx3zhbhvlc19zdxbwb3j0zwqiolsirvmyntyixx0simp3df92y19qc29uijp7imfsz192ywx1zxnfc3vwcg9ydgvkijpbikvtmju2il19fswicmvxdwvzdf9vymply3rfc2lnbmluz19hbgdfdmfsdwvzx3n1chbvcnrlzci6wyjfuzi1nijdlcjwcmvzzw50yxrpb25fzgvmaw5pdglvbl91cmlfc3vwcg9ydgvkijpmywxzzswiawf0ijoxnjg3mjgxmtk1lcjlehaioje2odcyodgzotv9": 15, "tnvcyfpcl5tui2nakkwdag9xbrtwwl4djsryrfhrf8ndmffdt044u55prn35j2cl0lzxbesedrfsaz2pllw2ug": 15, "wiar": 15, "asymmetr": [15, 16], "comma": 15, "6ec69324": 15, "60a8": 15, "4e5b": 15, "a697": 15, "a766d85790ea": 15, "4hnpti": 15, "xr2pjyrjkgmnz4wmdnqd_ujsq4r95nj98b44": 15, "liznsb39vfjhygs3k7jxe4r3": 15, "cogfqwztpbirqpnlrg": 15, "One": 15, "problem": 15, "durat": 15, "aal": 15, "8414": 15, "request_object_sign": 15, "_alg_values_support": 15, "_uri_support": 15, "boolean": 15, "5t5yypbhn": [15, 16], "egieei5iuzr6r0mr02lnvq0omekmnkcji": [15, 16], "eyjhbgcioijfuz": 15, "6s0a": 15, "jjla": 15, "h9gw": 15, "1687281195": 15, "1687288395": 15, "comprehens": 16, "cater": 16, "asset": 16, "total": 16, "legisl": 16, "conveni": 16, "plai": 16, "vital": 16, "adher": 16, "android": 16, "variou": 16, "Their": 16, "guarante": 16, "utmost": 16, "execut": 16, "tee": 16, "distinct": 16, "unlock": 16, "pin": 16, "biometr": 16, "fingerprint": 16, "facial": 16, "recognit": 16, "unambigu": 16, "rel": 16, "revert": 16, "circumst": 16, "voluntarili": 16, "remov": 16, "aal_values_support": 16, "context": 16, "medium": 16, "grant_types_support": 16, "token_endpoint_auth_methods_suppor": 16, "ted": 16, "token_endpoint_auth_signing_alg_va": 16, "lues_support": 16, "experiment": 16, "websit": 16, "qrjrj3af_b57sboirrcbm7br7woc8ynj7lhfpteffuk": 16, "1h0cwdyggvu8w": 16, "kpku_xycocunt2o0bwsliqtnpu6im": 16, "basic": 16, "token_endpoint_auth_methods_support": 16, "private_key_jwt": 16, "token_endpoint_auth_signing_alg_values_support": 16, "1687171759": 16, "1709290159": 16, "inherit": 16, "extend": 16, "trusti": 16, "enclav": 16}, "objects": {}, "objtypes": {}, "objnames": {}, "titleterms": {"cryptograph": 0, "algorithm": 0, "backup": 1, "restor": 1, "rst": [1, 8, 11], "gener": [1, 8, 11, 14, 15], "properti": [1, 8, 11, 14, 15], "requir": [1, 8, 11, 14, 15, 16], "attribut": [1, 8, 11], "implement": [1, 4, 8, 11], "consider": [1, 8, 11, 14], "librari": [1, 8, 11], "code": [1, 8, 11], "snippet": [1, 8, 11], "extern": [1, 8, 11, 16], "refer": [1, 8, 11, 13, 16], "how": 2, "contribut": 2, "acknowledg": 2, "norm": [3, 5], "languag": 3, "convent": 3, "defin": 3, "term": 3, "acronym": 3, "The": [4, 14], "italian": 4, "eudi": [4, 14], "wallet": [4, 14, 15, 16], "profil": 4, "introduct": [4, 12], "index": 4, "content": 4, "pid": [5, 6], "q": [5, 6], "eaa": [5, 6], "data": 5, "model": [5, 14], "sd": 5, "jwt": 5, "paramet": [5, 6, 14], "verif": 5, "field": 5, "claim": 5, "non": [5, 14], "exampl": 5, "mdoc": [5, 7, 9], "cbor": 5, "namespac": 5, "mobil": 5, "secur": [5, 9, 10], "object": [5, 9, 10], "issuanc": 6, "high": [6, 15], "level": [6, 15], "flow": [6, 7, 9, 10], "detail": [6, 9, 10, 15], "push": 6, "author": [6, 9, 10], "request": [6, 7, 9, 10, 15], "endpoint": [6, 14, 16], "par": 6, "http": [6, 9, 10], "respons": [6, 7, 9, 10], "token": 6, "access": 6, "credenti": 6, "entiti": [6, 9, 10, 14], "configur": [6, 9, 10, 14], "issuer": 6, "proxim": [7, 9], "devic": [7, 9, 10], "engag": [7, 9], "session": [7, 9], "termin": [7, 9], "pseudonym": 8, "reli": [9, 10, 14], "parti": [9, 10, 14], "solut": [9, 16], "remot": [9, 10], "uri": [9, 10], "post": [9, 10], "cross": [9, 10], "statu": [9, 10], "check": [9, 10], "redirect": [9, 10], "revoc": 11, "list": 11, "self": 12, "sovereign": 12, "ident": 12, "ssi": 12, "technic": 13, "infrastructur": 14, "trust": 14, "feder": 14, "role": 14, "api": 14, "common": 14, "anchor": 14, "leav": 14, "intermedi": 14, "metadata": [14, 16], "type": 14, "statement": 14, "evalu": 14, "mechan": 14, "attest": [14, 15, 16], "chain": 14, "offlin": 14, "repudi": 14, "long": 14, "live": 14, "privaci": 14, "remark": 14, "about": 14, "decentr": 14, "design": 15, "static": 15, "compon": 15, "view": 15, "dynam": 15, "assert": 15, "header": [15, 16], "payload": [15, 16], "instanc": 16, "lifecycl": 16, "initi": 16, "process": 16, "transit": 16, "valid": 16, "state": 16, "return": 16, "oper": 16, "deactiv": 16, "provid": 16, "wallet_provid": 16, "federation_ent": 16}, "envversion": {"sphinx.domains.c": 2, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 6, "sphinx.domains.index": 1, "sphinx.domains.javascript": 2, "sphinx.domains.math": 2, "sphinx.domains.python": 3, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1, "sphinx.ext.todo": 2, "sphinx": 56}}) \ No newline at end of file diff --git a/refs/pull/201/merge/en/ssi-introduction.html b/refs/pull/201/merge/en/ssi-introduction.html new file mode 100644 index 000000000..be1256bc2 --- /dev/null +++ b/refs/pull/201/merge/en/ssi-introduction.html @@ -0,0 +1,1436 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | Self Sovereign Identity + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

Self Sovereign Identity

+
+

Introduction to SSI

+

Definition

+

Self-Sovereign Identity (SSI) refers to a new paradigm in Identity and Access Management (IAM) that improves the privacy and grants complete control and ownership over the personal data by their owner, the citizens. +Users possess their digital documents and determine to which actors they present these documents, with the ability to revoke the use of said documents, all while maintaining a history of their activities.

+

The main difference between this new approach and the traditional IAM infrastructure is that during the presentation phase there are no intermediates between the Wallet (Holder of the credentials) and the Relying Party, while in the SAML2 or OIDC based infrastructure an Identity Provider is always involved, knowing which services a citizen is accessing to.

+

SSI is also significant in the field of data exchange and data governance. This is relevant at both national and European levels, including the new eIDAS Regulation. In fact, it envisions a login option designed for European Users - be they citizens, public administrations, or companies - who want to access another Member State's services using their national authentication systems.

+

The main roles in an SSI ecosystem are are listed as follow:

+
+
    +

  • Issuers: parties who can issue digital credentials about a person;

    • +

  • verifiers: parties who request Holders' digital credentials for authentication and authorization purposes;

    • +

  • Holders: individuals who own a Wallet and have control over the digital credentials they can request, acquire, store, and present to verifiers;

    • +

  • Verifiable Data Registries: Authorities that publish certificates, attestations, metadata, and schemes needed for allowing the trust establishment between the parties.

    • +
+
+

In the SSI model, the data source (e.g., an educational institution) provides digital credentials to the User, who can store them in their digital Wallet. +A secure Self-Sovereign Identity Wallet is crucial, as it allows people to carry their credentials on their personal digital devices. The Wallet typically comes in the form of an application on the User's mobile phone. Portability is, therefore, one of the principles of SSI.

+

Other key elements that characterize an SSI system include:

+
+
    +

  • Privacy and control: SSI enables individuals to maintain control over their personal data. They can choose what information to release, to whom, and for what purpose;

    • +

  • Security: SSI leverages advanced cryptographic techniques to ensure the integrity and security of identity information. It avoids the risk of identity theft, fraud, and unauthorized access since the data remains under the individual's control;

    • +

  • Interoperability: SSI promotes interoperability by enabling different systems and organizations to recognize and verify identities without relying on a central authority. This allows for seamless and trusted interactions between individuals, organizations, and even across borders;

    • +

  • Efficiency and cost reduction: individuals can manage their own identities with SSI, eliminating the need for multiple identity credentials and repetitive identity verification processes. This can streamline administrative procedures, reduce costs, and enhance the user experience.

    • +
+
+

Example

+

When a User wants to purchase a good or access to a service, the service provider asks the User for authentication or for a specific proof. Instead of presenting physical identification documents or disclosing their full data, the individual can use their SSI system if supported by the service provider. +An example of SSI in action could be a scenario where an individual needs to prove their age to access a restricted service, such as purchasing age-restricted items. They would release only the necessary information, such as a digitally signed proof of being above the legal age, without revealing any other personal details. The verifier can then cryptographically validate the proof.

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/standards.html b/refs/pull/201/merge/en/standards.html new file mode 100644 index 000000000..fe0fd6013 --- /dev/null +++ b/refs/pull/201/merge/en/standards.html @@ -0,0 +1,1483 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | Technical References + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

Technical References

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

OIDC-FED

OpenID Connect Federation 1.0

OPENID4VCI

T. Lodderstedt, K. Yasuda, T. Looker, "OpenID for Verifiable Credential Issuance", February 2023.

SD-JWT-VC

O. Terbu, D.Fett, "SD-JWT-based Verifiable Credentials (SD-JWT VC)".

EIDAS-ARF

EUDI Wallet - Architecture and Reference Framework

OPENID4VP

OpenID for Verifiable Presentations - draft 19

PresentationExch

Presentation Exchange 2.0 for Presentation Definition

RFC 2119

Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels," BCP 14, RFC 2119, March 1997.

RFC 2616

Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, “Hypertext Transfer Protocol -- HTTP/1.1,” RFC 2616, June 1999.

RFC 3339

Klyne, G. and C. Newman, "Date and Time on the Internet: Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002.

RFC 3986

Uniform Resource Identifier (URI): Generic Syntax

RFC 7009

Lodderstedt, T., Dronia, S., Scurtescu, M., “OAuth 2.0 Token Revocation,” RFC7009, August 2013.

RFC 7159

Bray, T., “The JavaScript Object Notation (JSON) Data Interchange Format,” RFC 7159, March 2014.

RFC 7515

Jones, M., Bradley, J. and N. Sakimura, "JSON Web Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May 2015.

RFC 7516

Jones, M., Hildebrand, J., "JSON Web Encryption (JWE)", May 2015.

RFC 7517

Jones, M., "JSON Web Key (JWK)", RFC 7517, DOI 10.17487/RFC7517, May 2015.

RFC 7518

Jones, M., "JSON Web Algorithms (JWA)", May 2015.

RFC 7519

Jones, M., Bradley, J. and N. Sakimura, "JSON Web Token (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015.

RFC 7638

Jones, M., Sakimura, N., “JSON Web Key (JWK) Thumbprint,”RFC7638, September 2015.

RFC 7800

Jones, M., Bradley, J. and H. Tschofenig, "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)", RFC 7800, DOI 10.17487/RFC7800, April 2016.

RFC 8174

Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", RFC 8174, DOI 10.17487/RFC8174, May 2017.

RFC 8725

Jones, M., D. Hardt, Sheffer, Y., "JSON Web Token Best Current Practices", February 2020.

JARM

Lodderstedt, T., Campbell, B., "JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)", November 2022.

RFC 6749

The OAuth 2.0 Authorization Framework

RFC 9449

D. Fett, B. Campbell, J. Bradley, T. Lodderstedt, M. Jones, D. Waite, "OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)"

OPENID4VC-HAIP

Lodderstedt, T., K. Yasuda, "OpenID4VC High Assurance Interoperability Profile with SD-JWT VC"

+
+ + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/trust.html b/refs/pull/201/merge/en/trust.html new file mode 100644 index 000000000..01940ac2d --- /dev/null +++ b/refs/pull/201/merge/en/trust.html @@ -0,0 +1,2076 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | The Infrastructure of Trust + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

The Infrastructure of Trust

+

The EUDI Wallet Architecture Reference Framework (EIDAS-ARF) describes the Trust Model as a "collection of rules that ensure the legitimacy of the components and the entities involved in the EUDI Wallet ecosystem".

+

This section outlines the implementation of the Trust Model in an infrastructure that complies with OpenID Federation 1.0 OIDC-FED. This infrastructure involves a RESTful API for distributing metadata, metadata policies, trust marks, public keys, X.509 certificates, and the revocation status of the participants, also called Federation Entities.

+

The Infrastructure of trust facilitates the application of a trust assessment mechanism among the parties defined in the EIDAS-ARF.

+
+federation portrait +
+

Fig. 1 The roles within the Federation, where the Trust Anchor oversees its subordinates, +which include one or more Intermediates and Leaves. In this +representation, both the Trust Anchor and the Intermediates MAY assume the role of Accreditation Body.

+
+
+
+

Federation Roles

+

All the participants are Federation Entities that MUST be accredited by an Accreditation Body, +except for Wallet Instances which are End-User's personal devices certified by their Wallet Provider.

+
+

Note

+

The Wallet Instance, as a personal device, is certified as reliable through a verifiable attestation issued and signed by a trusted third party.

+

This is called Wallet Attestation and is documented in the dedicated section.

+
+

Below the table with the summary of the Federation Entity roles, mapped on the corresponding EUDI Wallet roles, as defined in the EIDAS-ARF.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

EUDI Role

Federation Role

Notes

Public Key Infrastructure (PKI)

Trust Anchor

+

Intermediates

+

The Federation has PKI +capabilities. The +Entity that configures +the entire infrastructure +is the Trust Anchor.

Qualified Trust Service Provider (QTSP)

Leaf

Person Identification Data Provider

Leaf

Qualified Electronic Attestations +of Attributes Provider

Leaf

Electronic Attestations of +Attributes Provider

Leaf

Relying Party

Leaf

Trust Service Provider (TSP)

Leaf

Trusted List

Trust Anchor

+

Intermediates

+

The listing endpoint, the +trust mark status endpoint +and the fetch endpoint must +be exposed by both Trust Anchors +and Intermediates, making +the Trusted List distributed +over multiple Federation Entities, +where each of these is responsible +for their accredited subordinates.

Wallet Provider

Leaf

+
+
+

General Properties

+

OpenID Federation facilitates the building of an infrastructure that is:

+
    +

  • Secure and Tamper-proof, Entities' attestations of metadata and keys are cryptographically signed in the Trust Chain, comprised of attestations issued by multiple parties. These attestations, called statements, cannot be forged or tampered by an adversary;

    • +

  • Privacy-preserving, the infrastructure is public and exposes public data such as public keys and metadata of the participants. It does not require authentication of the consumers and therefore does not track who is assessing trust against whom;

    • +

  • Guarantor of the non-repudiation of long-lived attestations, historical keys endpoints and historical Trust Chains are saved for years according to data retention policies. This enables the certification of the validity of historical compliance, even in cases of revocation, expiration, or rotation of the keys used for signature verification;

    • +

  • Dynamic and flexible, any participants have the freedom to modify parts of their metadata autonomously, as these are published within their domains and verified through the Trust Chain. Simultaneously, the Trust Anchor or its Intermediate may publish a metadata policy to dynamically modify the metadata of all participants - such as disabling a vulnerable signature algorithm - and obtain certainty of propagation within a configured period of time within the federation;

    • +

  • Developer friendly, JWT and JSON formats have been adopted on the web for years. They are cost-effective in terms of storage and processing and have a wide range of solutions available, such as libraries and software development kits, which enable rapid implementation of the solution;

    • +

  • Scalable, the Trust Model can accommodate more than a single organization by using Intermediates and multiple Trust Anchors where needed.

    • +
+
+
+

Trust Model Requirements

+

In the table below is provided the map of the components that the ARF defines within the Trust Model, in the same table is provided their coverage in OIDC-FED.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Component

Satisfied

how

Issuers identification

check-icon

Trust Chain

Issuers registration

check-icon

Trust Anchor

+

Intermediates +accreditation +system

+

Recognised data models and schemas

check-icon

Entity +Configuration

+

Entity +Statements

+

Relying Parties' registration and authentication

check-icon

Trust Chains

+

Federation +Entity +Discovery

+

Trust mechanisms in a cross-domain scenario

check-icon

Trust Chains

+

Federation +Entity +Discovery

+
+
+
+

Federation API endpoints

+

OpenID Federation 1.0 uses RESTful Web Services secured over +HTTPs. OpenID Federation 1.0 defines which are the web endpoints that the participants MUST make +publicly available. The table below summarises the endpoints and their scopes.

+

All the endpoints listed below are defined in the OIDC-FED specs.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

endpoint name

http request

scope

required for

federation metadata

GET .well-known/openid-federation

Metadata that an Entity +publishes about itself, +verifiable with a trusted third +party (Superior Entity). It's +called Entity Configuration.

Trust Anchor

+

Intermediate

+

Wallet Provider

+

Relying Party

+

Credential +Issuer

+

subordinate list endpoint

GET /list

Lists the Subordinates.

Trust Anchor

+

Intermediate

+

fetch endpoint

GET /fetch?sub=https://rp.example.org

Returns a signed document (JWS) +about a specific subject, its +Subordinate. It's called Entity +Statement.

Trust Anchor

+

Intermediate

+

trust mark status

POST /status?sub=...&trust_mark_id=...

Returns the status of the +issuance (validity) of a Trust +Mark related to a specific +subject.

Trust Anchor

+

Intermediate

+

historical keys

GET

+

.well-known/openid-federation-historical-jwks

+

Lists the expired and revoked +keys, with the motivation of the +revocation.

Trust Anchor

+

Intermediate

+
+

All the responses of the federation endpoints are in the form of JWS, with the exception of the Subordinate Listing endpoint and the Trust Mark Status endpoint that are served as plain JSON by default.

+
+
+

Configuration of the Federation

+

The configuration of the federation is published by the Trust Anchor within its Entity Configuration, it is available at the well-known web path corresponding to .well-known/openid-federation.

+

All the participants in the federation MUST obtain the federation configuration before entering the operational phase, and they +MUST keep it up-to-date. The federation configuration is the Trust Anchor's Entity Configuration, it contains the +public keys for signature operations and the maximum number of Intermediates allowed between a Leaf and the Trust Anchor (max_path_length).

+

Below is a non-normative example of a Trust Anchor Entity Configuration, where each parameter is documented in the OpenID Federation specification:

+
{
+    "alg": "RS256",
+    "kid": "FifYx03bnosD8m6gYQIfNHNP9cM_Sam9Tc5nLloIIrc",
+    "typ": "entity-statement+jwt"
+}
+.
+{
+    "exp": 1649375259,
+    "iat": 1649373279,
+    "iss": "https://registry.eidas.trust-anchor.example.eu",
+    "sub": "https://registry.eidas.trust-anchor.example.eu",
+    "jwks": {
+        "keys": [
+            {
+                "kty": "RSA",
+                "n": "3i5vV-_ ...",
+                "e": "AQAB",
+                "kid": "FifYx03bnosD8m6gYQIfNHNP9cM_Sam9Tc5nLloIIrc",
+                "x5c": [ <X.509 Root CA certificate> ]
+            },
+            {
+                "kty": "EC",
+                "kid": "X2ZOMHNGSDc4ZlBrcXhMT3MzRmRZOG9Jd3o2QjZDam51cUhhUFRuOWd0WQ",
+                "crv": "P-256",
+                "x": "1kNR9Ar3MzMokYTY8BRvRIue85NIXrYX4XD3K4JW7vI",
+                "y": "slT14644zbYXYF-xmw7aPdlbMuw3T1URwI4nafMtKrY",
+                "x5c": [ <X.509 Root CA certificate> ]
+            }
+        ]
+    },
+    "metadata": {
+        "federation_entity": {
+            "organization_name": "example TA",
+            "contacts":[
+                "tech@eidas.trust-anchor.example.eu"
+            ],
+            "homepage_uri": "https://registry.eidas.trust-anchor.example.eu",
+            "logo_uri":"https://registry.eidas.trust-anchor.example.eu/static/svg/logo.svg",
+            "federation_fetch_endpoint": "https://registry.eidas.trust-anchor.example.eu/fetch",
+            "federation_resolve_endpoint": "https://registry.eidas.trust-anchor.example.eu/resolve",
+            "federation_list_endpoint": "https://registry.eidas.trust-anchor.example.eu/list",
+            "federation_trust_mark_status_endpoint": "https://registry.eidas.trust-anchor.example.eu/trust_mark_status"
+        }
+    },
+    "trust_mark_issuers": {
+        "https://registry.eidas.trust-anchor.example.eu/openid_relying_party/public": [
+            "https://registry.spid.eidas.trust-anchor.example.eu",
+            "https://public.intermediary.spid.org"
+        ],
+        "https://registry.eidas.trust-anchor.example.eu/openid_relying_party/private": [
+            "https://registry.spid.eidas.trust-anchor.example.eu",
+            "https://private.other.intermediary.org"
+        ]
+    },
+    "constraints": {
+        "max_path_length": 1
+    }
+}
+
+
+
+
+

Entity Configuration

+

The Entity Configuration is the verifiable document that each Federation Entity MUST publish on its own behalf, in the .well-known/openid-federation endpoint.

+

The Entity Configuration HTTP Response MUST set the media type to application/entity-statement+jwt.

+

The Entity Configuration MUST be cryptographically signed. The public part of this key MUST be provided in the +Entity Configuration and within the Entity Statement issued by a immediate superior and related to its subordinate Federation Entity.

+

The Entity Configuration MAY also contain one or more Trust Marks.

+
+

Note

+

Entity Configuration Signature

+

All the signature-check operations regarding the Entity Configurations, Entity Statements and Trust Marks, are carried out with the Federation public keys. For the supported algorithms refer to Section Cryptografic Algorithm.

+
+
+

Entity Configurations Common Parameters

+

The Entity Configurations of all the participants in the federation MUST have in common the parameters listed below.

+ ++++ + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

iss

String. Identifier of the issuing Entity.

sub

String. Identifier of the Entity to which it is referred. It MUST be equal to iss.

iat

UNIX Timestamp with the time of generation of the JWT, coded as NumericDate as indicated at RFC 7519.

exp

UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated at RFC 7519.

jwks

A JSON Web Key Set (JWKS) RFC 7517 that represents the public part of the signing keys of the Entity at issue. Each JWK in the JWK set MUST have a key ID (claim kid) and MAY have a x5c parameter, as defined in RFC 7517. It contains the Federation Entity Keys required for the operations of trust evaluation.

metadata

JSON Object. Each key of the JSON Object represents a metadata type identifier +containing JSON Object representing the metadata, according to the metadata +schema of that type. An Entity Configuration MAY contain more metadata statements, but only one for each type of +metadata (<entity_type>). the metadata types are defined in the section Metadata Types.

+
+
+

Entity Configuration Trust Anchor

+

The Trust Anchor Entity Configuration, in addition of the common parameters listed above, MAY contain the following parameters:

+ +++++ + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Required

constraints

JSON Object that describes the trust evaluation mechanisms bounds. It MUST contain the attribute max_path_length that +defines the maximum number of Intermediates between a Leaf and the Trust Anchor.

check-icon

trust_mark_issuers

JSON Array that defines which Federation authorities are considered trustworthy +for issuing specific Trust Marks, assigned with their unique identifiers.

uncheck-icon

trust_mark_owners

JSON Array that lists which entities are considered to be the owners of +specific Trust Marks.

uncheck-icon

+
+
+

Entity Configuration Leaves and Intermediates

+

In addition to the previously defined claims, the Entity Configuration of the Leaf and of the Intermediate Entities, MUST contain the parameters listed below:

+ +++++ + + + + + + + + + + + + + + + + +

Claim

Description

Required

authority_hints

Array of URLs (String). It contains a list of URLs of the immediate superior entities, such as the Trust Anchor or +an Intermediate, that issues an Entity Statement related to this subject.

check-icon

trust_marks

A JSON Array containing the Trust Marks.

uncheck-icon

+
+
+

Metadata Types

+

In this section are defined the main metadata types mapped to the roles of the ecosystem, +giving the references of the metadata protocol for each of these.

+
+

Note

+

The entries that don't have any reference to a known draft or standard are intended to be defined in this technical reference.

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Entity

metadata type

references

Trust Anchor

federation_entity

OIDC-FED

Intermediate

federation_entity

OIDC-FED

Wallet Provider

federation_entity

+

wallet_provider

+

--

Credential Issuer

federation_entity

+

openid_credential_issuer

+

OPENID4VCI

Relying Party

federation_entity

+

wallet_relying_party

+

OIDC-FED

+

OpenID4VP

+
+
+

Note

+

Wallet Provider metadata is defined in the section below.

+

Wallet Solution section.

+
+
+
+
+

Entity Statements

+

Trust Anchors and Intermediates publish Entity Statements related to their immediate Subordinates. +The Entity Statement MAY contain a metadata policy and the Trust Marks related to a Subordinate.

+

The metadata policy, when applied, makes one or more changes to the final metadata of the Leaf. The final metadata of a Leaf is derived from the Trust Chain that contains all the statements, starting from the Entity Configuration up to the Entity Statement issued by the Trust Anchor.

+

Trust Anchors and Intermediates MUST expose the Federation Fetch endpoint, where the Entity Statements are requested to validate the Leaf's Entity Configuration signature.

+
+

Note

+

The Federation Fetch endpoint MAY also publish X.509 certificates for each of the public keys of the Subordinate. Making the distribution of the issued X.509 certificates via a RESTful service.

+
+

Below there is a non-normative example of an Entity Statement issued by an Accreditation Body (such as the Trust Anchor or its Intermediate) in relation to one of its Subordinates.

+
{
+    "alg": "RS256",
+    "kid": "em3cmnZgHIYFsQ090N6B3Op7LAAqj8rghMhxGmJstqg",
+    "typ": "entity-statement+jwt"
+}
+.
+{
+    "exp": 1649623546,
+    "iat": 1649450746,
+    "iss": "https://intermediate.eidas.example.org",
+    "sub": "https://rp.example.it",
+    "jwks": {
+        "keys": [
+            {
+                "kty": "EC",
+                "kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
+                "crv": "P-256",
+                "x": "1kNR9Ar3MzMokYTY8BRvRIue85NIXrYX4XD3K4JW7vI",
+                "y": "slT14644zbYXYF-xmw7aPdlbMuw3T1URwI4nafMtKrY",
+                "x5c": [ <X.509 certificate> ]
+            }
+        ]
+    },
+    "metadata_policy": {
+        "wallet_relying_party": {
+            "scope": {
+                "subset_of": [
+                     "eu.europa.ec.eudiw.pid.1",
+                     "given_name",
+                     "family_name",
+                     "email"
+                  ]
+            },
+            "vp_formats": {
+                "vc+sd-jwt": {
+                    "sd-jwt_alg_values": [
+                        "ES256",
+                        "ES384"
+                    ],
+                    "kb-jwt_alg_values": [
+                        "ES256",
+                        "ES384"
+                    ]
+                }
+            }
+        }
+     }
+}
+
+
+
+

Note

+

Entity Statement Signature

+

The same considerations and requirements made for the Entity Configuration +and in relation to the signature mechanisms MUST be applied for the Entity Statements.

+
+
+

Entity Statement

+

The Entity Statement issued by Trust Anchors and Intermediates contains the following attributes:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Claim

Description

Required

iss

See OIDC-FED Section 3.1 for further details.

check-icon

sub

See OIDC-FED Section 3.1 for further details.

check-icon

iat

See OIDC-FED Section 3.1 for further details.

check-icon

exp

See OIDC-FED Section 3.1 for further details.

check-icon

jwks

Federation JWKS of the sub entity. See OIDC-FED Section 3.1 for further details.

check-icon

metadata_policy

JSON Object that describes the Metadata policy. Each key of the JSON Object represents an identifier of the metadata type and each value MUST be a JSON Object that represents the metadata policy according to that metadata type. Please refer to the OIDC-FED specifications, Section-5.1, for the implementation details.

uncheck-icon

trust_marks

JSON Array containing the Trust Marks issued by itself for the subordinate subject.

uncheck-icon

constraints

It MAY contain the allowed_leaf_entity_types, that restricts what types of metadata the subject is allowed to publish.

check-icon

+
+
+
+

Trust Evaluation Mechanism

+

The Trust Anchor publishes the list of its Subordinates (Federation Subordinate Listing endpoint) and the attestations of their metadata and public keys (Entity Statements).

+

Each participant, including Trust Anchor, Intermediate, Credential Issuer, Wallet Provider, and Relying Party, publishes its own metadata and public keys (Entity Configuration endpoint) in the well-known web resource .well-known/openid-federation.

+

Each of these can be verified using the Entity Statement issued by a superior, such as the Trust Anchor or an Intermediate.

+

Each Entity Statement is verifiable over time and MUST have an expiration date. The revocation of each statement is verifiable in real time and online (only for remote flows) through the federation endpoints.

+
+

Note

+

The revocation of an Entity is made with the unavailability of the Entity Statement related to it. If the Trust Anchor or its Intermediate doesn't publish a valid Entity Statement, or if it publishes an expired/invalid Entity Statement, the subject of the Entity Statement MUST be intended as not valid or revoked.

+
+

The concatenation of the statements, through the combination of these signing mechanisms and the binding of claims and public keys, forms the Trust Chain.

+

The Trust Chains can also be verified offline, using one of the Trust Anchor's public keys.

+
+

Note

+

Since the Wallet Instance is not a Federation Entity, the Trust Evaluation Mechanism related to it requires the presentation of the Wallet Attestation during the credential issuance and presentation phases.

+

The Wallet Attestation conveys all the required information pertaining to the instance, such as its public key and any other technical or administrative information, without any User's personal data.

+
+
+

Relying Party Attestation

+

The Relying Party is accredited by a Trust Anchor or its Intermediate and obtains a Trust Mark to be included in its Entity Configuration. In its Entity Configuration the Relying Party publishes its specific metadata, including the supported signature and encryption algorithms and any other necessary information for the interoperability requirements.

+

Any requests for User attributes, such as PID or (Q)EAA, from the Relying Party to Wallet Instances are signed and SHOULD contain the verifiable Trust Chain regarding the Relying Party.

+

The Wallet Instance verifies that the Trust Chain related to the Relying Party is still active, proving that the Relying Party is still part of the Federation and not revoked.

+

The Trust Chain SHOULD be contained within the signed request in the form of a JWS header parameter.

+

In offline flows, Trust Chain verification enables the assessment of the reliability of Trust Marks and Attestations contained within.

+
+
+

Wallet Attestation

+

The Wallet Provider issues the Wallet Attestation, certifying the operational status of its Wallet Instances and including one of their public keys.

+

The Wallet Attestation contains the Trust Chain that attests the reliability for its issuer (Wallet Provider) at the time of issuance.

+

The Wallet Instance provides its Wallet Attestation within the signed request during the PID issuance phase, containing the Trust Chain related to the Wallet Provider.

+
+
+

Trust Chain

+

The Trust Chain is a sequence of verified statements that validates a participant's compliance with the Federation. It has an expiration date time, beyond which it MUST be renewed to obtain the fresh and updated metadata. The expiration date of the Trust Chain is determined by the earliest expiration timestamp among all the expiration timestamp contained in the statements. No Entity can force the expiration date of the Trust Chain to be higher than the one configured by the Trust Anchor.

+

Below is an abstract representation of a Trust Chain.

+
[
+    "EntityConfiguration-as-SignedJWT-selfissued-byLeaf",
+    "EntityStatement-as-SignedJWT-issued-byTrustAnchor"
+]
+
+
+

Below is a non-normative example of a Trust Chain in its original format (JSON Array containing JWS as strings) with an Intermediate involved.

+
[
+  "eyJhbGciOiJFUzI1NiIsImtpZCI6Ik5GTTFXVVZpVWxZelVXcExhbWxmY0VwUFJWWTJWWFpJUmpCblFYWm1SSGhLWVVWWVVsZFRRbkEyTkEiLCJ0eXAiOiJhcHBsaWNhdGlvbi9lbnRpdHktc3RhdGVtZW50K2p3dCJ9.eyJleHAiOjE2NDk1OTA2MDIsImlhdCI6MTY0OTQxNzg2MiwiaXNzIjoiaHR0cHM6Ly9ycC5leGFtcGxlLm9yZyIsInN1YiI6Imh0dHBzOi8vcnAuZXhhbXBsZS5vcmciLCJqd2tzIjp7ImtleXMiOlt7Imt0eSI6IkVDIiwia2lkIjoiTkZNMVdVVmlVbFl6VVdwTGFtbGZjRXBQUlZZMlZYWklSakJuUVhabVJIaEtZVVZZVWxkVFFuQTJOQSIsImNydiI6IlAtMjU2IiwieCI6InVzbEMzd2QtcFgzd3o0YlJZbnd5M2x6cGJHWkZoTjk2aEwyQUhBM01RNlkiLCJ5IjoiVkxDQlhGV2xkTlNOSXo4a0gyOXZMUjROMThCa3dHT1gyNnpRb3J1UTFNNCJ9XX0sIm1ldGFkYXRhIjp7Im9wZW5pZF9yZWx5aW5nX3BhcnR5Ijp7ImFwcGxpY2F0aW9uX3R5cGUiOiJ3ZWIiLCJjbGllbnRfaWQiOiJodHRwczovL3JwLmV4YW1wbGUub3JnLyIsImNsaWVudF9yZWdpc3RyYXRpb25fdHlwZXMiOlsiYXV0b21hdGljIl0sImp3a3MiOnsia2V5cyI6W3sia3R5IjoiRUMiLCJraWQiOiJORk0xV1VWaVVsWXpVV3BMYW1sZmNFcFBSVlkyVlhaSVJqQm5RWFptUkhoS1lVVllVbGRUUW5BMk5BIiwiY3J2IjoiUC0yNTYiLCJ4IjoidXNsQzN3ZC1wWDN3ejRiUllud3kzbHpwYkdaRmhOOTZoTDJBSEEzTVE2WSIsInkiOiJWTENCWEZXbGROU05JejhrSDI5dkxSNE4xOEJrd0dPWDI2elFvcnVRMU00In1dfSwiY2xpZW50X25hbWUiOiJOYW1lIG9mIGFuIGV4YW1wbGUgb3JnYW5pemF0aW9uIiwiY29udGFjdHMiOlsib3BzQHJwLmV4YW1wbGUuaXQiXSwiZ3JhbnRfdHlwZXMiOlsicmVmcmVzaF90b2tlbiIsImF1dGhvcml6YXRpb25fY29kZSJdLCJyZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vcnAuZXhhbXBsZS5vcmcvb2lkYy9ycC9jYWxsYmFjay8iXSwicmVzcG9uc2VfdHlwZXMiOlsiY29kZSJdLCJzY29wZSI6ImV1LmV1cm9wYS5lYy5ldWRpdy5waWQuMSBldS5ldXJvcGEuZWMuZXVkaXcucGlkLml0LjEgZW1haWwiLCJzdWJqZWN0X3R5cGUiOiJwYWlyd2lzZSJ9LCJmZWRlcmF0aW9uX2VudGl0eSI6eyJmZWRlcmF0aW9uX3Jlc29sdmVfZW5kcG9pbnQiOiJodHRwczovL3JwLmV4YW1wbGUub3JnL3Jlc29sdmUvIiwib3JnYW5pemF0aW9uX25hbWUiOiJFeGFtcGxlIFJQIiwiaG9tZXBhZ2VfdXJpIjoiaHR0cHM6Ly9ycC5leGFtcGxlLml0IiwicG9saWN5X3VyaSI6Imh0dHBzOi8vcnAuZXhhbXBsZS5pdC9wb2xpY3kiLCJsb2dvX3VyaSI6Imh0dHBzOi8vcnAuZXhhbXBsZS5pdC9zdGF0aWMvbG9nby5zdmciLCJjb250YWN0cyI6WyJ0ZWNoQGV4YW1wbGUuaXQiXX19LCJ0cnVzdF9tYXJrcyI6W3siaWQiOiJodHRwczovL3JlZ2lzdHJ5LmVpZGFzLnRydXN0LWFuY2hvci5leGFtcGxlLmV1L29wZW5pZF9yZWx5aW5nX3BhcnR5L3B1YmxpYy8iLCJ0cnVzdF9tYXJrIjoiZXlKaCBcdTIwMjYifV0sImF1dGhvcml0eV9oaW50cyI6WyJodHRwczovL2ludGVybWVkaWF0ZS5laWRhcy5leGFtcGxlLm9yZyJdfQ.Un315HdckvhYA-iRregZAmL7pnfjQH2APz82blQO5S0sl1JR0TEFp5E1T913g8GnuwgGtMQUqHPZwV6BvTLA8g",
+  "eyJhbGciOiJFUzI1NiIsImtpZCI6IlNURkRXV2hKY0dWWFgzQjNSVmRaYWtsQ0xUTnVNa000WTNGNlFUTk9kRXRyZFhGWVlYWjJjWGN0UVEiLCJ0eXAiOiJhcHBsaWNhdGlvbi9lbnRpdHktc3RhdGVtZW50K2p3dCJ9.eyJleHAiOjE2NDk2MjM1NDYsImlhdCI6MTY0OTQ1MDc0NiwiaXNzIjoiaHR0cHM6Ly9pbnRlcm1lZGlhdGUuZWlkYXMuZXhhbXBsZS5vcmciLCJzdWIiOiJodHRwczovL3JwLmV4YW1wbGUub3JnIiwiandrcyI6eyJrZXlzIjpbeyJrdHkiOiJFQyIsImtpZCI6Ik5GTTFXVVZpVWxZelVXcExhbWxmY0VwUFJWWTJWWFpJUmpCblFYWm1SSGhLWVVWWVVsZFRRbkEyTkEiLCJjcnYiOiJQLTI1NiIsIngiOiJ1c2xDM3dkLXBYM3d6NGJSWW53eTNsenBiR1pGaE45NmhMMkFIQTNNUTZZIiwieSI6IlZMQ0JYRldsZE5TTkl6OGtIMjl2TFI0TjE4Qmt3R09YMjZ6UW9ydVExTTQifV19LCJtZXRhZGF0YV9wb2xpY3kiOnsib3BlbmlkX3JlbHlpbmdfcGFydHkiOnsic2NvcGUiOnsic3Vic2V0X29mIjpbImV1LmV1cm9wYS5lYy5ldWRpdy5waWQuMSwgIGV1LmV1cm9wYS5lYy5ldWRpdy5waWQuaXQuMSJdfSwicmVxdWVzdF9hdXRoZW50aWNhdGlvbl9tZXRob2RzX3N1cHBvcnRlZCI6eyJvbmVfb2YiOlsicmVxdWVzdF9vYmplY3QiXX0sInJlcXVlc3RfYXV0aGVudGljYXRpb25fc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZCI6eyJzdWJzZXRfb2YiOlsiUlMyNTYiLCJSUzUxMiIsIkVTMjU2IiwiRVM1MTIiLCJQUzI1NiIsIlBTNTEyIl19fX0sInRydXN0X21hcmtzIjpbeyJpZCI6Imh0dHBzOi8vdHJ1c3QtYW5jaG9yLmV4YW1wbGUuZXUvb3BlbmlkX3JlbHlpbmdfcGFydHkvcHVibGljLyIsInRydXN0X21hcmsiOiJleUpoYiBcdTIwMjYifV19._qt5-T6DahP3TuWa_27klE8I9Z_sPK2FtQlKY6pGMPchbSI2aHXY3aAXDUrObPo4CHtqgg3J2XcrghDFUCFGEQ",
+  "eyJhbGciOiJFUzI1NiIsImtpZCI6ImVXa3pUbWt0WW5kblZHMWxhMjU1ZDJkQ2RVZERSazQwUWt0WVlVMWFhRFZYT1RobFpHdFdXSGQ1WnciLCJ0eXAiOiJhcHBsaWNhdGlvbi9lbnRpdHktc3RhdGVtZW50K2p3dCJ9.eyJleHAiOjE2NDk2MjM1NDYsImlhdCI6MTY0OTQ1MDc0NiwiaXNzIjoiaHR0cHM6Ly90cnVzdC1hbmNob3IuZXhhbXBsZS5ldSIsInN1YiI6Imh0dHBzOi8vaW50ZXJtZWRpYXRlLmVpZGFzLmV4YW1wbGUub3JnIiwiandrcyI6eyJrZXlzIjpbeyJrdHkiOiJFQyIsImtpZCI6IlNURkRXV2hKY0dWWFgzQjNSVmRaYWtsQ0xUTnVNa000WTNGNlFUTk9kRXRyZFhGWVlYWjJjWGN0UVEiLCJjcnYiOiJQLTI1NiIsIngiOiJyQl9BOGdCUnh5NjhVTkxZRkZLR0ZMR2VmWU5XYmgtSzh1OS1GYlQyZkZJIiwieSI6IlNuWVk2Y3NjZnkxcjBISFhLTGJuVFZsamFndzhOZzNRUEs2WFVoc2UzdkUifV19LCJ0cnVzdF9tYXJrcyI6W3siaWQiOiJodHRwczovL3RydXN0LWFuY2hvci5leGFtcGxlLmV1L2ZlZGVyYXRpb25fZW50aXR5L3RoYXQtcHJvZmlsZSIsInRydXN0X21hcmsiOiJleUpoYiBcdTIwMjYifV19.r3uoi-U0tx0gDFlnDdITbcwZNUpy7M2tnh08jlD-Ej9vMzWMCXOCCuwIn0ZT0jS4M_sHneiG6tLxRqj-htI70g"
+]
+
+
+
+

Note

+

The entire Trust Chain is verifiable by only possessing the Trust Anchor's public keys.

+
+
+
+

Offline Trust Attestation Mechanisms

+

The offline flows do not allow for real-time evaluation of an Entity's status, such as its revocation. At the same time, using short-lived Trust Chains enables the attainment of trust attestations compatible with the required revocation administrative protocols (e.g., a revocation must be propagated in less than 24 hours, thus the Trust Chain must not be valid for more than that period).

+
+

Offline EUDI Wallet Trust Attestation

+

Given that the Wallet Instance cannot publish its metadata online at the .well-known/openid-federation endpoint, +it MUST obtain a Wallet Attestation issued by its Wallet Provider. The Wallet Attestation MUST contain all the relevant information regarding the security capabilities of the Wallet Instance and its protocol related configuration. It SHOULD contain the Trust Chain related to its issuer (Wallet Provider).

+
+
+

Offline Relying Party Metadata

+

Since the Federation Entity Discovery is only applicable in online scenarios, it is possible to include the Trust Chain in the presentation requests that the Relying Party may issue for a Wallet Instance.

+

The Relying Party MUST sign the presentation request, the request SHOULD include the trust_chain claim in its JWS header parameters, containing the Federation Trust Chain related to itself.

+

The Wallet Instance that verifies the request issued by the Relying Party MUST use the Trust Anchor's public keys to validate the entire Trust Chain related to the Relying Party before attesting its reliability.

+

Furthermore, the Wallet Instance applies the metadata policy, if any.

+
+
+
+
+

Non-repudiability of the Long Lived Attestations

+

The Trust Anchor and its Intermediate MUST expose the Federation Historical Keys endpoint, where are published all the public part of the Federation Entity Keys that are no longer used, whether expired or revoked.

+

The details of this endpoint are defined in the OIDC-FED Section 7.6.

+

Each JWS containing a Trust Chain in the form of a JWS header parameter can be verified over time, since the entire Trust Chain is verifiable using the Trust Anchor's public key.

+

Even if the Trust Anchor has changed its cryptographic keys for digital signature, the Federation Historical Keys endpoint always makes the keys no longer used available for historical signature verifications.

+
+
+

Privacy Remarks

+
    +

  • Wallet Instances MUST NOT publish their metadata through an online service.

    • +

  • The trust infrastructure MUST be public, with all endpoints publicly accessible without any client credentials that may disclose who is requesting access.

    • +

  • When a Wallet Instance requests the Entity Statements to build the Trust Chain for a specific Relying Party or validates a Trust Mark online, issued for a specific Relying Party, the Trust Anchor or its Intermediate do not know that a particular Wallet Instance is inquiring about a specific Relying Party; instead, they only serve the statements related to that Relying Party as a public resource.

    • +

  • The Wallet Instance metadata MUST not contain information that may disclose technical information about the hardware used.

    • +

  • Leaf entity, Intermediate, and Trust Anchor metadata may include the necessary amount of data as part of administrative, technical, and security contact information. It is generally not recommended to use personal contact details in such cases. From a legal perspective, the publication of such information is needed for operational support concerning technical and security matters and the GDPR regulation.

    • +
+
+
+

Considerations about Decentralization

+
    +

  • There may be more than a single Trust Anchor.

    • +

  • In some cases, a trust verifier may trust an Intermediate, especially when the Intermediate acts as a Trust Anchor within a specific perimeter, such as cases where the Leafs are both in the same perimeter like a Member State jurisdiction (eg: an Italian Relying Party with an Italian Wallet Instance may consider the Italian Intermediate as a Trust Anchor for the scopes of their interactions).

    • +

  • Trust attestations (Trust Chain) should be included in the JWS issued by Credential Issuers, and the Presentation Requests of RPs should contain the Trust Chain related to them (issuers of the presentation requests).

    • +

  • Since the credential presentation must be signed, storing the signed presentation requests and responses, which include the Trust Chain, the Wallet Instance may have the snapshot of the federation configuration (Trust Anchor Entity Configuration in the Trust Chain) and the verifiable reliability of the Relying Party it has interacted with.

    • +

  • Each signed attestation is long-lived since it can be cryptographically validated even when the federation configuration changes or the keys of its issuers are renewed.

    • +

  • Each participant should be able to update its Entity Configuration without notifying the changes to any third party. The metadata policy contained within a Trust Chain must be applied to overload any information related to protocol specific metadata.

    • +
+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/wallet-attestation.html b/refs/pull/201/merge/en/wallet-attestation.html new file mode 100644 index 000000000..5be9fb99c --- /dev/null +++ b/refs/pull/201/merge/en/wallet-attestation.html @@ -0,0 +1,1910 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | Wallet Attestation + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

Wallet Attestation

+

The Wallet Attestation containing details about the Wallet Instance and the device's security level where the Wallet Instance is installed. It generally attests the authenticity, integrity, security, privacy, and trust of a specific Wallet Instance. The Wallet Attestation MUST contain a Wallet Instance public key.

+
+

General Properties

+

The Wallet Attestation:

+
    +

  • MUST be issued and MUST be signed by Wallet Provider;

    • +

  • MUST give all the relevant information to attests the integrity and security of the device where the Wallet Instance is installed.

    • +
+

It is necessary for each Wallet Instance to obtain a Wallet Attestation before entering the Operational state.

+
+
+

Requirements

+

The following requirements for the Wallet Attestation are met:

+
    +

  1. The Wallet Attestation MUST use the signed JSON Web Token (JWT) format.

    2. +

  2. The Wallet Provider MUST offer a RESTful set of services for issuing the Wallet Attestations.

    3. +

  3. The Wallet Attestation MUST be securely bound to the Wallet Instance public key (Holder Key Binding).

    4. +

  4. The Wallet Attestation MUST be issued and signed by an accredited and reliable Wallet Provider, thereby providing integrity and authenticity to the attestation.

    5. +

  5. The Wallet Attestation MUST ensure the integrity and authenticity of the Wallet Instance, verifying that it was accurately created and provided by the Wallet Provider.

    6. +

  6. Each Wallet Instance SHOULD be able to request multiple attestations with different public keys associated to them. This requirement provides a privacy-preserving measure, as the public key MAY be used as a tracking tool during the presentation phase (see also the point number 10, listed below).

    7. +

  7. The Wallet Attestation SHOULD be usable multiple times during its validity period, allowing for repeated authentication and authorization without the need to request new attestations with each interaction.

    8. +

  8. The Wallet Attestation SHOULD have an expiration date time, after which it will no longer be considered valid.

    9. +

  9. When the private key associated with the Wallet Instance is lost or deleted, the attestation MUST become invalid to prevent unauthorized use of the Wallet Instance.

    10. +
+
+
+

High-level Design

+
+

Static Component View

+
+The image illustrates the containment of Wallet Provider and Wallet Instances within the Wallet Solution, managed by the Wallet Provider. +
+
+
+

Dynamic Component View

+

This section describes the Wallet Attestation format and how the Wallet Provider issues it.

+
+The figure illustrates the sequence diagram for issuing a Wallet Attestation, with the steps explained below. +
+
    +

  • Message 1: The User starts the Wallet Instance mobile app and gets authenticated to it.

    • +

  • Message 2: The Wallet Instance verifies the Wallet Provider's trustworthiness by evaluating its Trust Chain.

    • +

  • Message 3-4: The Wallet Instance retrieves the Wallet Provider metadata, including the list of supported algorithms, public keys, and endpoints.

    • +

  • Message 5: The Wallet Instance generates a new key pair.

    • +

  • Message 6-7: The Wallet Instance requests a nonce from the App Attestation Service.

    • +

  • Message 8: The Wallet Instance creates a Wallet Attestation Request in JWS format, signed with the private key associated with the public key for which it request the attestation.

    • +

  • Message 9-13: The Wallet Instance provides the Wallet Attestation Request to the Wallet Provider, which validates it and returns a signed attestation to the Wallet Instance.

    • +

  • Message 13-14: The Wallet Instance receives the Wallet Attestation signed by the Wallet Provider and performs security and integrity verifications.

    • +

  • Message 15: The Wallet Attestation is now ready for use.

    • +
+
+
+
+

Detailed Design

+

The detailed design is explained below.

+
+

Wallet Attestation Request

+

To obtain a Wallet Attestation from the Wallet +Provider it is necessary to send a Wallet Attestation +Request from the Wallet Instance containing the associated public key +, the nonce value provided by the App Attestation Service and a jti value.

+

The Wallet Instance MUST do an HTTP request to the Wallet Provider's token endpoint, +using the method POST.

+

The token endpoint (as defined in RFC 7523 section 4) requires the following parameters +encoded in application/x-www-form-urlencoded format:

+
    +

  • grant_type set to urn:ietf:params:oauth:grant-type:jwt-bearer;

    • +

  • assertion containing the signed JWT defined in the Section Wallet Attestation Request.

    • +
+

Below a non-normative example of the HTTP request.

+
POST /token HTTP/1.1
+Host: wallet-provider.example.org
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer
+&assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6ImtoakZWTE9nRjNHeGRxd2xVTl9LWl83NTVUT1ZEbmJIaDg2TW1KcHh2a1UifQ.eyJpc3MiOiAidmJlWEprc000NXhwaHRBTm5DaUc2bUN5dVU0amZHTnpvcEd1S3ZvZ2c5YyIsICJhdWQiOiAiaHR0cHM6Ly93YWxsZXQtcHJvdmlkZXIuZXhhbXBsZS5vcmciLCAianRpIjogImY1NjUyMDcyLWFiZWYtNDU5OS1iODYzLTlhNjkwNjA3MzJjYyIsICJub25jZSI6ICIuLi4uLiIsICJjbmYiOiB7Imp3ayI6IHsiY3J2IjogIlAtMjU2IiwgImt0eSI6ICJFQyIsICJ4IjogIjRITnB0SS14cjJwanlSSktHTW56NFdtZG5RRF91SlNxNFI5NU5qOThiNDQiLCAieSI6ICJMSVpuU0IzOXZGSmhZZ1MzazdqWEU0cjMtQ29HRlF3WnRQQklScXBObHJnIiwgImtpZCI6ICJ2YmVYSmtzTTQ1eHBodEFObkNpRzZtQ3l1VTRqZkdOem9wR3VLdm9nZzljIn19LCAiaWF0IjogMTY5MTQ4ODk2MiwgImV4cCI6IDE2OTE0OTYxNjJ9.Dg_yFaiv6lVftR3FFx0v5JW250mBgXLVP1j0ezZcHRyitqSY7xGmx4y-MGur93FAS85vf_Da-L-REVEltwU2Jw
+
+
+

The response is the Wallet Attestation in JWT format:

+
HTTP/1.1 201 OK
+Content-Type: application/jwt
+
+eyJhbGciOiJFUzI1NiIsInR5cCI6IndhbGxldC1hdHRlc3RhdGlvbitqd3QiLCJraWQiOiI1dDVZWXBCaE4tRWdJRUVJNWlVenI2cjBNUjAyTG5WUTBPbWVrbU5LY2pZIiwidHJ1c3RfY2hhaW4iOlsiZXlKaGJHY2lPaUpGVXouLi42UzBBIiwiZXlKaGJHY2lPaUpGVXouLi5qSkxBIiwiZXlKaGJHY2lPaUpGVXouLi5IOWd3Il19.eyJpc3MiOiJodHRwczovL3dhbGxldC1wcm92aWRlci5leGFtcGxlLm9yZyIsInN1YiI6InZiZVhKa3NNNDV4cGh0QU5uQ2lHNm1DeXVVNGpmR056b3BHdUt2b2dnOWMiLCJ0eXBlIjoiV2FsbGV0SW5zdGFuY2VBdHRlc3RhdGlvbiIsInBvbGljeV91cmkiOiJodHRwczovL3dhbGxldC1wcm92aWRlci5leGFtcGxlLm9yZy9wcml2YWN5X3BvbGljeSIsInRvc191cmkiOiJodHRwczovL3dhbGxldC1wcm92aWRlci5leGFtcGxlLm9yZy9pbmZvX3BvbGljeSIsImxvZ29fdXJpIjoiaHR0cHM6Ly93YWxsZXQtcHJvdmlkZXIuZXhhbXBsZS5vcmcvbG9nby5zdmciLCJhdHRlc3RlZF9zZWN1cml0eV9jb250ZXh0IjoiaHR0cHM6Ly93YWxsZXQtcHJvdmlkZXIuZXhhbXBsZS5vcmcvTG9BL2Jhc2ljIiwiY25mIjp7Imp3ayI6eyJjcnYiOiJQLTI1NiIsImt0eSI6IkVDIiwieCI6IjRITnB0SS14cjJwanlSSktHTW56NFdtZG5RRF91SlNxNFI5NU5qOThiNDQiLCJ5IjoiTElablNCMzl2RkpoWWdTM2s3alhFNHIzLUNvR0ZRd1p0UEJJUnFwTmxyZyIsImtpZCI6InZiZVhKa3NNNDV4cGh0QU5uQ2lHNm1DeXVVNGpmR056b3BHdUt2b2dnOWMifX0sImF1dGhvcml6YXRpb25fZW5kcG9pbnQiOiJldWRpdzoiLCJyZXNwb25zZV90eXBlc19zdXBwb3J0ZWQiOlsidnBfdG9rZW4iXSwidnBfZm9ybWF0c19zdXBwb3J0ZWQiOnsiand0X3ZwX2pzb24iOnsiYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlsiRVMyNTYiXX0sImp3dF92Y19qc29uIjp7ImFsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIkVTMjU2Il19fSwicmVxdWVzdF9vYmplY3Rfc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZCI6WyJFUzI1NiJdLCJwcmVzZW50YXRpb25fZGVmaW5pdGlvbl91cmlfc3VwcG9ydGVkIjpmYWxzZSwiaWF0IjoxNjg3MjgxMTk1LCJleHAiOjE2ODcyODgzOTV9.tNvCyFPCL5tUi2NakKwdaG9xbrtWWl4djSRYRfHrF8NdmffdT044U55pRn35J2cl0LZxbesEDrfSAz2pllw2Ug
+
+
+

Below are described the JWT headers and the payload claims +of the assertion used in the request.

+
+

Assertion Header

+ + + + + + + + + + + + + + + +

key

value

alg

Algorithm to verify the token +signature (es. ES256).

kid

Key id of the public key +created by the Wallet Instance.

typ

Media type, set to +wiar+jwt.

+
+
+

Assertion Payload

+ + + + + + + + + + + + + + + + + + + + + + + + + + + +

key

value

+
iss
+

+

+

+
+
+
Thumbprint value
+
of the JWK of the Wallet Instance
+
for which the attestation is
+
being requested.
+
+
+
aud
+

+
+
+
The public url of the Wallet
+
Provider.
+
+
+
jti
+

+

+
+
+
Unique identifier of the request, according to
+
RFC7519.
+

+
+
+
nonce
+

+
+
+
The nonce value obtained from the
+
App Attestation Service.
+
+
+
cnf
+

+

+

+
+
+
JSON object, according to
+
RFC7800
+
containing the public part of an asymmetric key pair owned
+
by the Wallet Instance.
+
+
+
iat
+

+
+
+
Unix timestamp of attestation request
+
issuance time.
+
+
+
exp
+

+
+
+
Unix timestamp regarding the
+
expiration date time.
+
+
+

Below a non-normative example of the Wallet Attestation +request where the decoded JWS headers and payload are separated by a comma:

+
{
+  "alg": "ES256",
+  "kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
+  "typ": "wiar+jwt"
+}
+.
+{
+  "iss": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
+  "aud": "https://wallet-provider.example.org",
+  "jti": "6ec69324-60a8-4e5b-a697-a766d85790ea",
+  "nonce" : ".....",
+  "cnf": {
+    "jwk": {
+      "crv": "P-256",
+      "kty": "EC",
+      "x": "4HNptI-xr2pjyRJKGMnz4WmdnQD_uJSq4R95Nj98b44",
+      "y": "LIZnSB39vFJhYgS3k7jXE4r3-CoGFQwZtPBIRqpNlrg",
+      "kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c"
+    }
+  },
+  "iat": 1686645115,
+  "exp": 1686652315
+}
+
+
+

Whose corresponding JWS is verifiable using the public part of an asymmetric +key pair owned by the Wallet Instance that has a key id which is the same +as the kid made available in the JWS header.

+
+
+
+

Wallet Attestation

+

The Wallet Attestation MUST be provisioned in JWT format, with +headers and payload claims are listed below.

+ +
+

Payload

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

key

value

+
iss
+
+
+
The public url of the Wallet Provider
+
+
+
sub
+

+

+

+
+
+
Thumbprint value
+
of the JWK of the Wallet Instance
+
for which the attestation is
+
being issued.
+
+
+
iat
+

+
+
+
Unix timestamp of attestation
+
issuance time.
+
+
+
exp
+

+

+

+

+
+
+
Unix timestamp regarding the
+
expiration date time.
+
A good practice to avoid security
+
problems is to have a limited
+
duration of the attestation.
+
+
+
aal
+

+

+
+
+
JSON String asserting the authentication level
+
of the Wallet and the key as asserted in
+
the cnf claim.
+
+
+
cnf
+

+

+

+
+
+
This parameter contains the jwk
+
parameter
+
with the public key of the Wallet Instance
+
necessary for the Holder Key Binding.
+
+
+
authorization_endpoint
+

+
+
+
URL of the SIOPv2
+
Authorization Endpoint.
+
+
+
response_types_supported
+

+
+
+
JSON array containing a list of
+
the OAuth 2.0 response_type values.
+
+
+
response_modes_supported
+

+

+

+
+
+
JSON array containing a list of the OAuth 2.0
+
"response_mode" values that this
+
authorization server supports.
+
RFC 8414 section 2
+
+
+
vp_formats_supported
+

+

+
+
+
JSON object with name/value pairs,
+
identifying a Credential format supported
+
by the Wallet.
+
+
+
request_object_signing
+
_alg_values_supported
+

+
+
+
JSON array containing a list of the
+
JWS signing algorithms (alg values)
+
supported.
+
+
+
presentation_definition
+
_uri_supported
+

+

+
+
+
Boolean value specifying whether the
+
Wallet Instance supports the transfer of
+
presentation_definition by
+
reference. MUST set to false.
+
+
+

Below is an example of Wallet Attestation:

+
{
+  "alg": "ES256",
+  "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY",
+  "trust_chain": [
+    "eyJhbGciOiJFUz...6S0A",
+    "eyJhbGciOiJFUz...jJLA",
+    "eyJhbGciOiJFUz...H9gw",
+  ],
+  "typ": "wallet-attestation+jwt",
+}
+.
+{
+  "iss": "https://wallet-provider.example.org",
+  "sub": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
+  "aal": "https://trust-list.eu/aal/high",
+  "cnf":
+  {
+    "jwk":
+    {
+      "crv": "P-256",
+      "kty": "EC",
+      "x": "4HNptI-xr2pjyRJKGMnz4WmdnQD_uJSq4R95Nj98b44",
+      "y": "LIZnSB39vFJhYgS3k7jXE4r3-CoGFQwZtPBIRqpNlrg",
+      "kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c"
+    }
+  },
+  "authorization_endpoint": "eudiw:",
+  "response_types_supported": [
+    "vp_token"
+  ],
+  "response_modes_supported": [
+    "form_post.jwt"
+  ],
+  "vp_formats_supported": {
+      "vc+sd-jwt": {
+          "sd-jwt_alg_values": [
+              "ES256",
+              "ES384"
+          ]
+      }
+  },
+  "request_object_signing_alg_values_supported": [
+    "ES256"
+  ],
+  "presentation_definition_uri_supported": false,
+  "iat": 1687281195,
+  "exp": 1687288395
+}
+
+
+
+
+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/en/wallet-solution.html b/refs/pull/201/merge/en/wallet-solution.html new file mode 100644 index 000000000..d3b0fd0b7 --- /dev/null +++ b/refs/pull/201/merge/en/wallet-solution.html @@ -0,0 +1,1700 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | Wallet Solution + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

Wallet Solution

+

The Wallet Solution is a comprehensive product offered by the Wallet Provider to cater to the needs of Users in managing their digital assets securely. Designed to provide a seamless User experience, this solution enables Users to leverage the capabilities of the Wallet effectively.

+

The Wallet Solution is issued by the Wallet Provider in the form of a mobile app, it also consists of services and web interfaces for the exchange of data between the Wallet Provider and its Wallet Instances for the requirements of the trust model and in total respect of the user's privacy, in accordance with national and EU legislation.

+

The mobile app serves as the primary interface for Users, allowing them to access and interact with their digital assets conveniently. These digital assets, known as Attestations, include Personal Identification Data (PID[1]), a set of data that can uniquely identify a natural or a legal person, along with other Qualified and non-qualified Electronic Attestations of Attributes, also known as QEAAs and EAAs respectively, or (Q)EAAs for short[1]. Once a User installs the mobile app on their device, it is referred to such an installation as a Wallet Instance for the User.

+

By supporting the mobile app, the Wallet Provider plays a vital role in ensuring the security and reliability of the entire Wallet Solution, since it is responsible for issuing the Wallet Attestation, that is a cryptographic proof that allow the evaluation of the authenticity and the integrity of the Wallet Instance.

+
+

Requirements

+
+
    +

  • Trustworthiness within the Wallet ecosystem: the Wallet Instance MUST establish trust and reliability within the Wallet ecosystem.

    • +

  • Compliance with Provider specifications for obtaining PID and (Q)EAA: the Wallet Instance MUST adhere to the specifications set by Providers for obtaining Personal Identification (PID) and (Q)EAAs.

    • +

  • Support for Android and iOS operating systems: the Wallet Instance MUST be compatible and functional at least on both Android and iOS operating systems, as well as available on the Play Store and App Store respectively.

    • +

  • Verification of device ownership by the User: the Wallet Instance MUST provide a mechanism to verify the User's actual possession and full control of their personal device.

    • +
+
+
+
+

Wallet Instance

+

The Wallet Instance serves as a unique and secure device for authenticating the User within the Wallet ecosystem. It establishes a strong and reliable identity for the User, enabling them to engage in various digital transactions in a secure and privacy-preserving manner.

+

The Wallet Instance establishes the trust within the Wallet ecosystem by consistently presenting a Wallet Attestation during interactions with other ecosystem actors such as PID Providers, (Q)EAA Providers, and Relying Parties. These verifiable attestations, provided by the Wallet Provider, reference the public part of the asymmetric cryptographic key owned by the Wallet Instance. Their purpose is to authenticate the Wallet Instance itself, ensuring its realiability when engaging with other ecosystem actors.

+

To guarantee the utmost security, these cryptographic keys are securely stored within the device's Trusted Execution Environment (TEE)[3]. This ensures that only the User is allowed to access them, thus preventing unauthorized usage or tampering. For more detailed information, please refer to the Wallet Attestation section and the Trust Model section of this document.

+
+
+

Wallet Instance Lifecycle

+

The Wallet Instance has three distinct states: Operational, Valid, and Deactivated. Each state represents a specific functional status and determines the actions that can be performed[2].

+
+

Initialization Process

+

To activate the Wallet Instance, the Users MUST install the mobile wallet application on their device and open it. Furthermore, Users will be asked to set their preferred method of unlocking their device; this can be accomplished by entering a personal identification number (PIN) or by utilizing biometric authentication, such as fingerprint or facial recognition, according to their personal preferences and device's capabilities.

+

After completing these steps, the Wallet Instance sets the Operational state.

+
+
+

Transition to Valid state

+

To transition from the Operational state to the Valid state, the Wallet Instance MUST obtain a valid Personal Identification (PID). Once a valid PID is acquired, the Wallet Instance becomes Valid.

+

In order to securely and unambiguously identify Users, the Wallet Instance adopts a Level of Assurance (LoA) 3 authentication, which guarantees a high level of confidence in the User's identity. The authentication method is chosen by the PID Provider from among the notified eID solutions at the national level.

+

Once the Wallet Instance is in the Operational state, Users can:

+
+
    +

  • Obtain, view, and manage (Q)EAAs from trusted (Q)EAA Providers[1];

    • +

  • Authenticate to Relying Parties[1];

    • +

  • Authorize the presentation of their digital credentials with Relying Parties.

    • +
+
+

Please refer to the relative sections for further information about PID and (Q)EAAs issuance and presentation.

+
+
+

Return to Operational state

+

A Valid Wallet Instance may revert to the Operational state under specific circumstances. These circumstances include the expiration or the revocation of the associated PID by its PID Provider.

+
+
+

Deactivation

+

Users have the ability to deactivate the Wallet Instance voluntarily. This action removes the operational capabilities of the Wallet Instance and sets it to the Deactivated state. Deactivation provides Users with control over access and usage according to their preferences.

+
+
+
+

Wallet Provider Endpoints

+

The Wallet Provider that issues the Wallet Attestations MUST +made available its APIs in the form of RESTful services, as listed below.

+
+

Wallet Provider Metadata

+

An HTTP GET request to the /.well-known/openid-federation endpoint allows the retrieval of the Wallet +Provider Entity Configuration.

+

The Wallet Provider Entity Configuration is a JWS containing the public keys and supported algorithms of the Wallet Provider metadata definition. It is structured in accordance with the OpenID Connect Federation and the Trust Model section outlined in this specification.

+

The returning Entity Configuration of the Wallet Provider MUST contain the +attributes listed below:

+
+
+ +
+

Payload

+ + + + + + + + + + + + + + + + + + + + + + + + + + + +

Key

Value

iss

Public URL of the Wallet +Provider.

sub

Public URL of the Wallet +Provider.

iat

+
Issuance datetime in

Unix Timestamp format.

+
+
+

exp

Expiration datetime +in Unix Timestamp format.

authority_hints

Array of URLs (String) containing +the list of URLs of the +immediate superior Entities, such +as the Trust Anchor or an +Intermediate, that MAY issue an +Entity Statement related to this +subject.

jwks

A JSON Web Key Set (JWKS) RFC +7517 +that represents the public part +of the signing keys of the Entity +at issue. Each JWK in the JWK set +MUST have a key ID (claim kid).

metadata

Contains the +metadata +wallet_provider +and the +federation_entity metadata.

+
+

wallet_provider metadata

+ + + + + + + + + + + + + + + + + + + + + + + + +

Key

Value

jwks

A JSON Web Key Set (JWKS) +that represents the Wallet +Provider's public keys.

token_endpoint

Endpoint for obtaining the Wallet +Instance Attestation.

aal_values_supported

List of supported values for the +certifiable security context. These +values specify the security level +of the app, according to the levels: low, medium, or high. +Authenticator Assurance Level values supported.

grant_types_supported

The types of grants supported by +the token endpoint. It MUST be set to +urn:ietf:params:oauth:client-assertion-type: +jwt-client-attestation.

token_endpoint_auth_methods_suppor +ted

Supported authentication methods for +the token endpoint.

token_endpoint_auth_signing_alg_va +lues_supported

Supported signature +algorithms for the token endpoint.

+
+

Note

+

The aal_values_supported parameter is experimental and under review.

+
+
+
+

Payload federation_entity

+ + + + + + + + + + + + + + + + + + + + + +

Key

Value

organization_name

Organization name.

homepage_uri

Organization's website URL.

tos_uri

URL to the terms of service.

policy_uri

URL to the privacy policy.

logo_uri

URL of the organization's logo in SVG format.

+

Below a non-normative example of the Entity Configuration.

+
{
+  "alg": "ES256",
+  "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY",
+  "typ": "entity-statement+jwt"
+}
+.
+{
+"iss": "https://wallet-provider.example.org",
+"sub": "https://wallet-provider.example.org",
+"jwks": {
+  "keys": [
+    {
+      "crv": "P-256",
+      "kty": "EC",
+      "x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk",
+      "y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM",
+      "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY"
+    }
+  ]
+},
+"metadata": {
+  "wallet_provider": {
+    "jwks": {
+      "keys": [
+        {
+          "crv": "P-256",
+          "kty": "EC",
+          "x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk",
+          "y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM",
+          "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY"
+        }
+      ]
+    },
+    "token_endpoint": "https://wallet-provider.example.org/token",
+    "aal_values_supported": [
+      "https://wallet-provider.example.org/LoA/basic",
+      "https://wallet-provider.example.org/LoA/medium",
+      "https://wallet-provider.example.org/LoA/high"
+    ],
+    "grant_types_supported": [
+      "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation"
+    ],
+    "token_endpoint_auth_methods_supported": [
+      "private_key_jwt"
+    ],
+    "token_endpoint_auth_signing_alg_values_supported": [
+      "ES256",
+      "ES384",
+      "ES512"
+    ]
+  },
+  "federation_entity": {
+    "organization_name": "IT Wallet Provider",
+    "homepage_uri": "https://wallet-provider.example.org",
+    "policy_uri": "https://wallet-provider.example.org/privacy_policy",
+    "tos_uri": "https://wallet-provider.example.org/info_policy",
+    "logo_uri": "https://wallet-provider.example.org/logo.svg"
+  }
+},
+"authority_hints": [
+  "https://registry.eudi-wallet.example.it"
+]
+"iat": 1687171759,
+"exp": 1709290159
+}
+
+
+
+
+

Wallet Attestation

+

Please refer to the Wallet Attestation section.

+
+
+
+

External references

+ + + +
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/.buildinfo b/refs/pull/201/merge/it/.buildinfo new file mode 100644 index 000000000..2ad55caa3 --- /dev/null +++ b/refs/pull/201/merge/it/.buildinfo @@ -0,0 +1,4 @@ +# Sphinx build info version 1 +# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done. +config: 7debc0b241d55c8da06f75be8de0eb53 +tags: 645f666f9bcd5a90fca523b33c5a78b7 diff --git a/refs/pull/201/merge/it/.doctrees/backup-restore.doctree b/refs/pull/201/merge/it/.doctrees/backup-restore.doctree new file mode 100644 index 000000000..80a304558 Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/backup-restore.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/contribute.doctree b/refs/pull/201/merge/it/.doctrees/contribute.doctree new file mode 100644 index 000000000..a2d66db8a Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/contribute.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/defined-terms.doctree b/refs/pull/201/merge/it/.doctrees/defined-terms.doctree new file mode 100644 index 000000000..4af1ae6ff Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/defined-terms.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/environment.pickle b/refs/pull/201/merge/it/.doctrees/environment.pickle new file mode 100644 index 000000000..a0fc93ed5 Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/environment.pickle differ diff --git a/refs/pull/201/merge/it/.doctrees/index.doctree b/refs/pull/201/merge/it/.doctrees/index.doctree new file mode 100644 index 000000000..035d1608d Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/index.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/issuance.doctree b/refs/pull/201/merge/it/.doctrees/issuance.doctree new file mode 100644 index 000000000..079405314 Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/issuance.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/pid-eaa-data.doctree b/refs/pull/201/merge/it/.doctrees/pid-eaa-data.doctree new file mode 100644 index 000000000..4df6fb54c Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/pid-eaa-data.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/pid-eaa-mdoc-cbor.doctree b/refs/pull/201/merge/it/.doctrees/pid-eaa-mdoc-cbor.doctree new file mode 100644 index 000000000..8da3708e5 Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/pid-eaa-mdoc-cbor.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/pid-eaa-sd-jwt.doctree b/refs/pull/201/merge/it/.doctrees/pid-eaa-sd-jwt.doctree new file mode 100644 index 000000000..1ff0fb05a Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/pid-eaa-sd-jwt.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/pseudonyms.doctree b/refs/pull/201/merge/it/.doctrees/pseudonyms.doctree new file mode 100644 index 000000000..f8aeded1e Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/pseudonyms.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/revocation-lists.doctree b/refs/pull/201/merge/it/.doctrees/revocation-lists.doctree new file mode 100644 index 000000000..751238e49 Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/revocation-lists.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/ssi-introduction.doctree b/refs/pull/201/merge/it/.doctrees/ssi-introduction.doctree new file mode 100644 index 000000000..9e05b7cce Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/ssi-introduction.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/standards.doctree b/refs/pull/201/merge/it/.doctrees/standards.doctree new file mode 100644 index 000000000..bd12e164e Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/standards.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/trust.doctree b/refs/pull/201/merge/it/.doctrees/trust.doctree new file mode 100644 index 000000000..a9a27e61c Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/trust.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/wallet-instance-attestation.doctree b/refs/pull/201/merge/it/.doctrees/wallet-instance-attestation.doctree new file mode 100644 index 000000000..9eed0c1ab Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/wallet-instance-attestation.doctree differ diff --git a/refs/pull/201/merge/it/.doctrees/wallet-solution.doctree b/refs/pull/201/merge/it/.doctrees/wallet-solution.doctree new file mode 100644 index 000000000..4007e99f6 Binary files /dev/null and b/refs/pull/201/merge/it/.doctrees/wallet-solution.doctree differ diff --git a/refs/pull/201/merge/it/_images/Eo_circle_green_checkmark.svg b/refs/pull/201/merge/it/_images/Eo_circle_green_checkmark.svg new file mode 100644 index 000000000..19e0bd7f0 --- /dev/null +++ b/refs/pull/201/merge/it/_images/Eo_circle_green_checkmark.svg @@ -0,0 +1,2 @@ + diff --git a/refs/pull/201/merge/it/_images/Eo_circle_red_letter-x.svg b/refs/pull/201/merge/it/_images/Eo_circle_red_letter-x.svg new file mode 100644 index 000000000..4c3c8e785 --- /dev/null +++ b/refs/pull/201/merge/it/_images/Eo_circle_red_letter-x.svg @@ -0,0 +1 @@ + diff --git a/refs/pull/201/merge/it/_sources/backup-restore.rst.txt b/refs/pull/201/merge/it/_sources/backup-restore.rst.txt new file mode 100644 index 000000000..186042348 --- /dev/null +++ b/refs/pull/201/merge/it/_sources/backup-restore.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _backup-restore.rst: + +backup-restore.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/it/_sources/contribute.rst.txt b/refs/pull/201/merge/it/_sources/contribute.rst.txt new file mode 100644 index 000000000..9d984dea8 --- /dev/null +++ b/refs/pull/201/merge/it/_sources/contribute.rst.txt @@ -0,0 +1,8 @@ +.. include:: ../common/common_definitions.rst + +.. _contribute.rst: + +contribute.rst ++++++++++++++++++++++++++++ + +Instruction to join in the development here. diff --git a/refs/pull/201/merge/it/_sources/defined-terms.rst.txt b/refs/pull/201/merge/it/_sources/defined-terms.rst.txt new file mode 100644 index 000000000..e0b9acdc3 --- /dev/null +++ b/refs/pull/201/merge/it/_sources/defined-terms.rst.txt @@ -0,0 +1,89 @@ +.. include:: ../common/common_definitions.rst + +.. _defined-terms.rst: + +defined-terms.rst ++++++++++++++++++++++++++++ + +Di seguito le descrizioni di acronimi e definizioni, correlati al presente documento utili ad approfondimenti su tematiche che completano l' it-wallet e i componenti con i quali interagisce. + + +Acronimi +-------- +.. list-table:: + :widths: 20 80 + :header-rows: 1 + + * - **Acronimo** + - **Descrizione** + * - **OID4VP** + - OpenID for Verifiable Presentation + * - **PID** + - Person Identification Data + * - **VC** + - Verifiable Credential + * - **VP** + - Verifiable Presentation + * - **API** + - Application Programming Interface. Insieme componenti previsti per semplificare gli scenari di integrazione di uno specifico Sistema. + + +Definizioni +----------- + +.. list-table:: + :widths: 20 80 + :header-rows: 1 + + * - **Definizione** + - **Descrizione** + * - **Wallet Instance** + - Mobile App che gestisce, memorizza e protegge le Verifiable Credentials di un holder e ne consente la presentazione ad una Relying Party + * - **Relying Party** + - Entità che riceve da una Wallet Instance una o più VP e processa le stesse + + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/it/_sources/index.rst.txt b/refs/pull/201/merge/it/_sources/index.rst.txt new file mode 100644 index 000000000..abe2399cd --- /dev/null +++ b/refs/pull/201/merge/it/_sources/index.rst.txt @@ -0,0 +1,55 @@ +.. include:: ../common/common_definitions.rst + +============================================== +The Italian EUDI Wallet implementation profile +============================================== + +[TODO INTRO] + +Introduzione + +cos'è eIDAS + +cos’è IT-Wallet + +scopo delle regole tecniche + + +In this documentation you can find the technical specification +for implementing the following components: + + - Entities of the ecosystem according to `EIDAS-ARF`_. + - Infrastructure of trust attesting realiability and eligibility of the participants. + - PID and EAAs data schemes and attribute sets. + - PID/EAA in MDL CBOR format. + - PID/EAA in `SD-JWT`_ format. + - Wallet Solution general architecture. + - Wallet Instance Attestation data model in `JWS`_ format. + - Issuance of PID/EAA according to `OpenID4VCI`_. + - Presentation of PID/EAA according to `OpenID4VP`_. + - Presentation of pseudonyms according to `SIOPv2`_. + - PID/EAA backup and restore mechanisms. + - PID/EAA revocation lists. + + +Index of content +---------------- + +.. toctree:: + :maxdepth: 2 + + ssi-introduction.rst + defined-terms.rst + trust.rst + pid-eaa-data.rst + pid-eaa-mdoc-cbor.rst + pid-eaa-sd-jwt.rst + wallet-solution.rst + wallet-instance-attestation.rst + issuance.rst + relying-party-solution.rst + pseudonyms.rst + backup-restore.rst + revocation-lists.rst + contribute.rst + standards.rst diff --git a/refs/pull/201/merge/it/_sources/issuance.rst.txt b/refs/pull/201/merge/it/_sources/issuance.rst.txt new file mode 100644 index 000000000..1effd9399 --- /dev/null +++ b/refs/pull/201/merge/it/_sources/issuance.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _issuance.rst: + +issuance.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/it/_sources/pid-eaa-data.rst.txt b/refs/pull/201/merge/it/_sources/pid-eaa-data.rst.txt new file mode 100644 index 000000000..8ab0305c9 --- /dev/null +++ b/refs/pull/201/merge/it/_sources/pid-eaa-data.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _pid-eaa-data.rst: + +pid-eaa-data.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/it/_sources/pid-eaa-mdoc-cbor.rst.txt b/refs/pull/201/merge/it/_sources/pid-eaa-mdoc-cbor.rst.txt new file mode 100644 index 000000000..d96df2fff --- /dev/null +++ b/refs/pull/201/merge/it/_sources/pid-eaa-mdoc-cbor.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _pid-eaa-mdoc-cbor.rst: + +pid-eaa-mdoc-cbor.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/it/_sources/pid-eaa-sd-jwt.rst.txt b/refs/pull/201/merge/it/_sources/pid-eaa-sd-jwt.rst.txt new file mode 100644 index 000000000..b4daf4770 --- /dev/null +++ b/refs/pull/201/merge/it/_sources/pid-eaa-sd-jwt.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _pid-eaa-sd-jwt.rst: + +pid-eaa-sd-jwt.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/it/_sources/pseudonyms.rst.txt b/refs/pull/201/merge/it/_sources/pseudonyms.rst.txt new file mode 100644 index 000000000..7b20567f9 --- /dev/null +++ b/refs/pull/201/merge/it/_sources/pseudonyms.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _pseudonyms.rst: + +pseudonyms.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/it/_sources/revocation-lists.rst.txt b/refs/pull/201/merge/it/_sources/revocation-lists.rst.txt new file mode 100644 index 000000000..49cc7b174 --- /dev/null +++ b/refs/pull/201/merge/it/_sources/revocation-lists.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _revocation-lists.rst: + +revocation-lists.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/it/_sources/ssi-introduction.rst.txt b/refs/pull/201/merge/it/_sources/ssi-introduction.rst.txt new file mode 100644 index 000000000..bf8e0a9e6 --- /dev/null +++ b/refs/pull/201/merge/it/_sources/ssi-introduction.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _ssi-introduction.rst: + +ssi-introduction.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/it/_sources/standards.rst.txt b/refs/pull/201/merge/it/_sources/standards.rst.txt new file mode 100644 index 000000000..924e882fc --- /dev/null +++ b/refs/pull/201/merge/it/_sources/standards.rst.txt @@ -0,0 +1,8 @@ +.. include:: ../common/common_definitions.rst + +.. _standards.rst: + +Standards ++++++++++ + +TODO diff --git a/refs/pull/201/merge/it/_sources/trust.rst.txt b/refs/pull/201/merge/it/_sources/trust.rst.txt new file mode 100644 index 000000000..aa613216a --- /dev/null +++ b/refs/pull/201/merge/it/_sources/trust.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _trust.rst: + +trust.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/it/_sources/wallet-instance-attestation.rst.txt b/refs/pull/201/merge/it/_sources/wallet-instance-attestation.rst.txt new file mode 100644 index 000000000..35d4b69c0 --- /dev/null +++ b/refs/pull/201/merge/it/_sources/wallet-instance-attestation.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _wallet-instance-attestation.rst: + +wallet-instance-attestation.rst ++++++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/it/_sources/wallet-solution.rst.txt b/refs/pull/201/merge/it/_sources/wallet-solution.rst.txt new file mode 100644 index 000000000..bb3964a70 --- /dev/null +++ b/refs/pull/201/merge/it/_sources/wallet-solution.rst.txt @@ -0,0 +1,57 @@ +.. include:: ../common/common_definitions.rst + +.. _wallet-solution.rst: + +wallet-solution.rst ++++++++++++++++++++++++++++ + +[What is it] + +[What it is usefull for] + +[Example] + +General Properties +------------------ + +[TODO] + + +Requirements +------------ + + - req 1 + - req 2 + + +Attributes +---------- + +[Table with parameters/attributes] + +.. list-table:: + :widths: 20 60 + :header-rows: 1 + + * - **Claim** + - **Description** + * - key + - value + + +Implementation considerations +----------------------------- + +TODO + + +Libraries and code snippets +--------------------------- + +TODO + + +External references +------------------- + +TODO diff --git a/refs/pull/201/merge/it/_static/_sphinx_javascript_frameworks_compat.js b/refs/pull/201/merge/it/_static/_sphinx_javascript_frameworks_compat.js new file mode 100644 index 000000000..8549469dc --- /dev/null +++ b/refs/pull/201/merge/it/_static/_sphinx_javascript_frameworks_compat.js @@ -0,0 +1,134 @@ +/* + * _sphinx_javascript_frameworks_compat.js + * ~~~~~~~~~~ + * + * Compatability shim for jQuery and underscores.js. + * + * WILL BE REMOVED IN Sphinx 6.0 + * xref RemovedInSphinx60Warning + * + */ + +/** + * select a different prefix for underscore + */ +$u = _.noConflict(); + + +/** + * small helper function to urldecode strings + * + * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent#Decoding_query_parameters_from_a_URL + */ +jQuery.urldecode = function(x) { + if (!x) { + return x + } + return decodeURIComponent(x.replace(/\+/g, ' ')); +}; + +/** + * small helper function to urlencode strings + */ +jQuery.urlencode = encodeURIComponent; + +/** + * This function returns the parsed url parameters of the + * current request. Multiple values per key are supported, + * it will always return arrays of strings for the value parts. + */ +jQuery.getQueryParameters = function(s) { + if (typeof s === 'undefined') + s = document.location.search; + var parts = s.substr(s.indexOf('?') + 1).split('&'); + var result = {}; + for (var i = 0; i < parts.length; i++) { + var tmp = parts[i].split('=', 2); + var key = jQuery.urldecode(tmp[0]); + var value = jQuery.urldecode(tmp[1]); + if (key in result) + result[key].push(value); + else + result[key] = [value]; + } + return result; +}; + +/** + * highlight a given string on a jquery object by wrapping it in + * span elements with the given class name. + */ +jQuery.fn.highlightText = function(text, className) { + function highlight(node, addItems) { + if (node.nodeType === 3) { + var val = node.nodeValue; + var pos = val.toLowerCase().indexOf(text); + if (pos >= 0 && + !jQuery(node.parentNode).hasClass(className) && + !jQuery(node.parentNode).hasClass("nohighlight")) { + var span; + var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg"); + if (isInSVG) { + span = document.createElementNS("http://www.w3.org/2000/svg", "tspan"); + } else { + span = document.createElement("span"); + span.className = className; + } + span.appendChild(document.createTextNode(val.substr(pos, text.length))); + node.parentNode.insertBefore(span, node.parentNode.insertBefore( + document.createTextNode(val.substr(pos + text.length)), + node.nextSibling)); + node.nodeValue = val.substr(0, pos); + if (isInSVG) { + var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect"); + var bbox = node.parentElement.getBBox(); + rect.x.baseVal.value = bbox.x; + rect.y.baseVal.value = bbox.y; + rect.width.baseVal.value = bbox.width; + rect.height.baseVal.value = bbox.height; + rect.setAttribute('class', className); + addItems.push({ + "parent": node.parentNode, + "target": rect}); + } + } + } + else if (!jQuery(node).is("button, select, textarea")) { + jQuery.each(node.childNodes, function() { + highlight(this, addItems); + }); + } + } + var addItems = []; + var result = this.each(function() { + highlight(this, addItems); + }); + for (var i = 0; i < addItems.length; ++i) { + jQuery(addItems[i].parent).before(addItems[i].target); + } + return result; +}; + +/* + * backward compatibility for jQuery.browser + * This will be supported until firefox bug is fixed. + */ +if (!jQuery.browser) { + jQuery.uaMatch = function(ua) { + ua = ua.toLowerCase(); + + var match = /(chrome)[ \/]([\w.]+)/.exec(ua) || + /(webkit)[ \/]([\w.]+)/.exec(ua) || + /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) || + /(msie) ([\w.]+)/.exec(ua) || + ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) || + []; + + return { + browser: match[ 1 ] || "", + version: match[ 2 ] || "0" + }; + }; + jQuery.browser = {}; + jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true; +} diff --git a/refs/pull/201/merge/it/_static/basic.css b/refs/pull/201/merge/it/_static/basic.css new file mode 100644 index 000000000..9039e027c --- /dev/null +++ b/refs/pull/201/merge/it/_static/basic.css @@ -0,0 +1,932 @@ +/* + * basic.css + * ~~~~~~~~~ + * + * Sphinx stylesheet -- basic theme. + * + * :copyright: Copyright 2007-2022 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ + +/* -- main layout ----------------------------------------------------------- */ + +div.clearer { + clear: both; +} + +div.section::after { + display: block; + content: ''; + clear: left; +} + +/* -- relbar ---------------------------------------------------------------- */ + +div.related { + width: 100%; + font-size: 90%; +} + +div.related h3 { + display: none; +} + +div.related ul { + margin: 0; + padding: 0 0 0 10px; + list-style: none; +} + +div.related li { + display: inline; +} + +div.related li.right { + float: right; + margin-right: 5px; +} + +/* -- sidebar --------------------------------------------------------------- */ + +div.sphinxsidebarwrapper { + padding: 10px 5px 0 10px; +} + +div.sphinxsidebar { + float: left; + width: 230px; + margin-left: -100%; + font-size: 90%; + word-wrap: break-word; + overflow-wrap : break-word; +} + +div.sphinxsidebar ul { + list-style: none; +} + +div.sphinxsidebar ul ul, +div.sphinxsidebar ul.want-points { + margin-left: 20px; + list-style: square; +} + +div.sphinxsidebar ul ul { + margin-top: 0; + margin-bottom: 0; +} + +div.sphinxsidebar form { + margin-top: 10px; +} + +div.sphinxsidebar input { + border: 1px solid #98dbcc; + font-family: sans-serif; + font-size: 1em; +} + +div.sphinxsidebar #searchbox form.search { + overflow: hidden; +} + +div.sphinxsidebar #searchbox input[type="text"] { + float: left; + width: 80%; + padding: 0.25em; + box-sizing: border-box; +} + +div.sphinxsidebar #searchbox input[type="submit"] { + float: left; + width: 20%; + border-left: none; + padding: 0.25em; + box-sizing: border-box; +} + + +img { + border: 0; + max-width: 100%; +} + +/* -- search page ----------------------------------------------------------- */ + +ul.search { + margin: 10px 0 0 20px; + padding: 0; +} + +ul.search li { + padding: 5px 0 5px 20px; + background-image: url(file.png); + background-repeat: no-repeat; + background-position: 0 7px; +} + +ul.search li a { + font-weight: bold; +} + +ul.search li p.context { + color: #888; + margin: 2px 0 0 30px; + text-align: left; +} + +ul.keywordmatches li.goodmatch a { + font-weight: bold; +} + +/* -- index page ------------------------------------------------------------ */ + +table.contentstable { + width: 90%; + margin-left: auto; + margin-right: auto; +} + +table.contentstable p.biglink { + line-height: 150%; +} + +a.biglink { + font-size: 1.3em; +} + +span.linkdescr { + font-style: italic; + padding-top: 5px; + font-size: 90%; +} + +/* -- general index --------------------------------------------------------- */ + +table.indextable { + width: 100%; +} + +table.indextable td { + text-align: left; + vertical-align: top; +} + +table.indextable ul { + margin-top: 0; + margin-bottom: 0; + list-style-type: none; +} + +table.indextable > tbody > tr > td > ul { + padding-left: 0em; +} + +table.indextable tr.pcap { + height: 10px; +} + +table.indextable tr.cap { + margin-top: 10px; + background-color: #f2f2f2; +} + +img.toggler { + margin-right: 3px; + margin-top: 3px; + cursor: pointer; +} + +div.modindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +div.genindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +/* -- domain module index --------------------------------------------------- */ + +table.modindextable td { + padding: 2px; + border-collapse: collapse; +} + +/* -- general body styles --------------------------------------------------- */ + +div.body { + min-width: 360px; + max-width: 800px; +} + +div.body p, div.body dd, div.body li, div.body blockquote { + -moz-hyphens: auto; + -ms-hyphens: auto; + -webkit-hyphens: auto; + hyphens: auto; +} + +a.headerlink { + visibility: hidden; +} + +a.brackets:before, +span.brackets > a:before{ + content: "["; +} + +a.brackets:after, +span.brackets > a:after { + content: "]"; +} + +h1:hover > a.headerlink, +h2:hover > a.headerlink, +h3:hover > a.headerlink, +h4:hover > a.headerlink, +h5:hover > a.headerlink, +h6:hover > a.headerlink, +dt:hover > a.headerlink, +caption:hover > a.headerlink, +p.caption:hover > a.headerlink, +div.code-block-caption:hover > a.headerlink { + visibility: visible; +} + +div.body p.caption { + text-align: inherit; +} + +div.body td { + text-align: left; +} + +.first { + margin-top: 0 !important; +} + +p.rubric { + margin-top: 30px; + font-weight: bold; +} + +img.align-left, figure.align-left, .figure.align-left, object.align-left { + clear: left; + float: left; + margin-right: 1em; +} + +img.align-right, figure.align-right, .figure.align-right, object.align-right { + clear: right; + float: right; + margin-left: 1em; +} + +img.align-center, figure.align-center, .figure.align-center, object.align-center { + display: block; + margin-left: auto; + margin-right: auto; +} + +img.align-default, figure.align-default, .figure.align-default { + display: block; + margin-left: auto; + margin-right: auto; +} + +.align-left { + text-align: left; +} + +.align-center { + text-align: center; +} + +.align-default { + text-align: center; +} + +.align-right { + text-align: right; +} + +/* -- sidebars -------------------------------------------------------------- */ + +div.sidebar, +aside.sidebar { + margin: 0 0 0.5em 1em; + border: 1px solid #ddb; + padding: 7px; + background-color: #ffe; + width: 40%; + float: right; + clear: right; + overflow-x: auto; +} + +p.sidebar-title { + font-weight: bold; +} + +div.admonition, div.topic, aside.topic, blockquote { + clear: left; +} + +/* -- topics ---------------------------------------------------------------- */ + +div.topic, aside.topic { + border: 1px solid #ccc; + padding: 7px; + margin: 10px 0 10px 0; +} + +p.topic-title { + font-size: 1.1em; + font-weight: bold; + margin-top: 10px; +} + +/* -- admonitions ----------------------------------------------------------- */ + +div.admonition { + margin-top: 10px; + margin-bottom: 10px; + padding: 7px; +} + +div.admonition dt { + font-weight: bold; +} + +p.admonition-title { + margin: 0px 10px 5px 0px; + font-weight: bold; +} + +div.body p.centered { + text-align: center; + margin-top: 25px; +} + +/* -- content of sidebars/topics/admonitions -------------------------------- */ + +div.sidebar > :last-child, +aside.sidebar > :last-child, +div.topic > :last-child, +aside.topic > :last-child, +div.admonition > :last-child { + margin-bottom: 0; +} + +div.sidebar::after, +aside.sidebar::after, +div.topic::after, +aside.topic::after, +div.admonition::after, +blockquote::after { + display: block; + content: ''; + clear: both; +} + +/* -- tables ---------------------------------------------------------------- */ + +table.docutils { + margin-top: 10px; + margin-bottom: 10px; + border: 0; + border-collapse: collapse; +} + +table.align-center { + margin-left: auto; + margin-right: auto; +} + +table.align-default { + margin-left: auto; + margin-right: auto; +} + +table caption span.caption-number { + font-style: italic; +} + +table caption span.caption-text { +} + +table.docutils td, table.docutils th { + padding: 1px 8px 1px 5px; + border-top: 0; + border-left: 0; + border-right: 0; + border-bottom: 1px solid #aaa; +} + +th { + text-align: left; + padding-right: 5px; +} + +table.citation { + border-left: solid 1px gray; + margin-left: 1px; +} + +table.citation td { + border-bottom: none; +} + +th > :first-child, +td > :first-child { + margin-top: 0px; +} + +th > :last-child, +td > :last-child { + margin-bottom: 0px; +} + +/* -- figures --------------------------------------------------------------- */ + +div.figure, figure { + margin: 0.5em; + padding: 0.5em; +} + +div.figure p.caption, figcaption { + padding: 0.3em; +} + +div.figure p.caption span.caption-number, +figcaption span.caption-number { + font-style: italic; +} + +div.figure p.caption span.caption-text, +figcaption span.caption-text { +} + +/* -- field list styles ----------------------------------------------------- */ + +table.field-list td, table.field-list th { + border: 0 !important; +} + +.field-list ul { + margin: 0; + padding-left: 1em; +} + +.field-list p { + margin: 0; +} + +.field-name { + -moz-hyphens: manual; + -ms-hyphens: manual; + -webkit-hyphens: manual; + hyphens: manual; +} + +/* -- hlist styles ---------------------------------------------------------- */ + +table.hlist { + margin: 1em 0; +} + +table.hlist td { + vertical-align: top; +} + +/* -- object description styles --------------------------------------------- */ + +.sig { + font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace; +} + +.sig-name, code.descname { + background-color: transparent; + font-weight: bold; +} + +.sig-name { + font-size: 1.1em; +} + +code.descname { + font-size: 1.2em; +} + +.sig-prename, code.descclassname { + background-color: transparent; +} + +.optional { + font-size: 1.3em; +} + +.sig-paren { + font-size: larger; +} + +.sig-param.n { + font-style: italic; +} + +/* C++ specific styling */ + +.sig-inline.c-texpr, +.sig-inline.cpp-texpr { + font-family: unset; +} + +.sig.c .k, .sig.c .kt, +.sig.cpp .k, .sig.cpp .kt { + color: #0033B3; +} + +.sig.c .m, +.sig.cpp .m { + color: #1750EB; +} + +.sig.c .s, .sig.c .sc, +.sig.cpp .s, .sig.cpp .sc { + color: #067D17; +} + + +/* -- other body styles ----------------------------------------------------- */ + +ol.arabic { + list-style: decimal; +} + +ol.loweralpha { + list-style: lower-alpha; +} + +ol.upperalpha { + list-style: upper-alpha; +} + +ol.lowerroman { + list-style: lower-roman; +} + +ol.upperroman { + list-style: upper-roman; +} + +:not(li) > ol > li:first-child > :first-child, +:not(li) > ul > li:first-child > :first-child { + margin-top: 0px; +} + +:not(li) > ol > li:last-child > :last-child, +:not(li) > ul > li:last-child > :last-child { + margin-bottom: 0px; +} + +ol.simple ol p, +ol.simple ul p, +ul.simple ol p, +ul.simple ul p { + margin-top: 0; +} + +ol.simple > li:not(:first-child) > p, +ul.simple > li:not(:first-child) > p { + margin-top: 0; +} + +ol.simple p, +ul.simple p { + margin-bottom: 0; +} + +/* Docutils 0.17 and older (footnotes & citations) */ +dl.footnote > dt, +dl.citation > dt { + float: left; + margin-right: 0.5em; +} + +dl.footnote > dd, +dl.citation > dd { + margin-bottom: 0em; +} + +dl.footnote > dd:after, +dl.citation > dd:after { + content: ""; + clear: both; +} + +/* Docutils 0.18+ (footnotes & citations) */ +aside.footnote > span, +div.citation > span { + float: left; +} +aside.footnote > span:last-of-type, +div.citation > span:last-of-type { + padding-right: 0.5em; +} +aside.footnote > p { + margin-left: 2em; +} +div.citation > p { + margin-left: 4em; +} +aside.footnote > p:last-of-type, +div.citation > p:last-of-type { + margin-bottom: 0em; +} +aside.footnote > p:last-of-type:after, +div.citation > p:last-of-type:after { + content: ""; + clear: both; +} + +/* Footnotes & citations ends */ + +dl.field-list { + display: grid; + grid-template-columns: fit-content(30%) auto; +} + +dl.field-list > dt { + font-weight: bold; + word-break: break-word; + padding-left: 0.5em; + padding-right: 5px; +} + +dl.field-list > dt:after { + content: ":"; +} + +dl.field-list > dd { + padding-left: 0.5em; + margin-top: 0em; + margin-left: 0em; + margin-bottom: 0em; +} + +dl { + margin-bottom: 15px; +} + +dd > :first-child { + margin-top: 0px; +} + +dd ul, dd table { + margin-bottom: 10px; +} + +dd { + margin-top: 3px; + margin-bottom: 10px; + margin-left: 30px; +} + +dl > dd:last-child, +dl > dd:last-child > :last-child { + margin-bottom: 0; +} + +dt:target, span.highlighted { + background-color: #fbe54e; +} + +rect.highlighted { + fill: #fbe54e; +} + +dl.glossary dt { + font-weight: bold; + font-size: 1.1em; +} + +.versionmodified { + font-style: italic; +} + +.system-message { + background-color: #fda; + padding: 5px; + border: 3px solid red; +} + +.footnote:target { + background-color: #ffa; +} + +.line-block { + display: block; + margin-top: 1em; + margin-bottom: 1em; +} + +.line-block .line-block { + margin-top: 0; + margin-bottom: 0; + margin-left: 1.5em; +} + +.guilabel, .menuselection { + font-family: sans-serif; +} + +.accelerator { + text-decoration: underline; +} + +.classifier { + font-style: oblique; +} + +.classifier:before { + font-style: normal; + margin: 0 0.5em; + content: ":"; + display: inline-block; +} + +abbr, acronym { + border-bottom: dotted 1px; + cursor: help; +} + +/* -- code displays --------------------------------------------------------- */ + +pre { + overflow: auto; + overflow-y: hidden; /* fixes display issues on Chrome browsers */ +} + +pre, div[class*="highlight-"] { + clear: both; +} + +span.pre { + -moz-hyphens: none; + -ms-hyphens: none; + -webkit-hyphens: none; + hyphens: none; + white-space: nowrap; +} + +div[class*="highlight-"] { + margin: 1em 0; +} + +td.linenos pre { + border: 0; + background-color: transparent; + color: #aaa; +} + +table.highlighttable { + display: block; +} + +table.highlighttable tbody { + display: block; +} + +table.highlighttable tr { + display: flex; +} + +table.highlighttable td { + margin: 0; + padding: 0; +} + +table.highlighttable td.linenos { + padding-right: 0.5em; +} + +table.highlighttable td.code { + flex: 1; + overflow: hidden; +} + +.highlight .hll { + display: block; +} + +div.highlight pre, +table.highlighttable pre { + margin: 0; +} + +div.code-block-caption + div { + margin-top: 0; +} + +div.code-block-caption { + margin-top: 1em; + padding: 2px 5px; + font-size: small; +} + +div.code-block-caption code { + background-color: transparent; +} + +table.highlighttable td.linenos, +span.linenos, +div.highlight span.gp { /* gp: Generic.Prompt */ + user-select: none; + -webkit-user-select: text; /* Safari fallback only */ + -webkit-user-select: none; /* Chrome/Safari */ + -moz-user-select: none; /* Firefox */ + -ms-user-select: none; /* IE10+ */ +} + +div.code-block-caption span.caption-number { + padding: 0.1em 0.3em; + font-style: italic; +} + +div.code-block-caption span.caption-text { +} + +div.literal-block-wrapper { + margin: 1em 0; +} + +code.xref, a code { + background-color: transparent; + font-weight: bold; +} + +h1 code, h2 code, h3 code, h4 code, h5 code, h6 code { + background-color: transparent; +} + +.viewcode-link { + float: right; +} + +.viewcode-back { + float: right; + font-family: sans-serif; +} + +div.viewcode-block:target { + margin: -1px -10px; + padding: 0 10px; +} + +/* -- math display ---------------------------------------------------------- */ + +img.math { + vertical-align: middle; +} + +div.body div.math p { + text-align: center; +} + +span.eqno { + float: right; +} + +span.eqno a.headerlink { + position: absolute; + z-index: 1; +} + +div.math:hover a.headerlink { + visibility: visible; +} + +/* -- printout stylesheet --------------------------------------------------- */ + +@media print { + div.document, + div.documentwrapper, + div.bodywrapper { + margin: 0 !important; + width: 100%; + } + + div.sphinxsidebar, + div.related, + div.footer, + #top-link { + display: none; + } +} \ No newline at end of file diff --git a/refs/pull/201/merge/it/_static/css/theme.css b/refs/pull/201/merge/it/_static/css/theme.css new file mode 100644 index 000000000..6c29bebea --- /dev/null +++ b/refs/pull/201/merge/it/_static/css/theme.css @@ -0,0 +1 @@ +@charset "UTF-8";@import url("https://fonts.googleapis.com/css?family=Lora:400,700");@import url("https://fonts.googleapis.com/css?family=Roboto+Mono:400,700");@import url("https://fonts.googleapis.com/css?family=Titillium+Web:300,400,600,700");.primary-bg{background-color:#06c}.primary-color{color:#06c}.primary-border-color,.primary-border-color.border{border-color:#06c!important}.white-bg{background-color:#fff}.white-color{color:#fff}.white-border-color-,.white-border-color-.border{border-color:#fff!important}.primary-bg-a1{background-color:#bfdfff}.primary-color-a1{color:#bfdfff}.primary-border-color-a1,.primary-border-color-a1.border{border-color:#bfdfff!important}.primary-bg-a2{background-color:#93c4f5}.primary-color-a2{color:#93c4f5}.primary-border-color-a2,.primary-border-color-a2.border{border-color:#93c4f5!important}.primary-bg-a3{background-color:#6aaaeb}.primary-color-a3{color:#6aaaeb}.primary-border-color-a3,.primary-border-color-a3.border{border-color:#6aaaeb!important}.primary-bg-a4{background-color:#4392e0}.primary-color-a4{color:#4392e0}.primary-border-color-a4,.primary-border-color-a4.border{border-color:#4392e0!important}.primary-bg-a5{background-color:#207bd6}.primary-color-a5{color:#207bd6}.primary-border-color-a5,.primary-border-color-a5.border{border-color:#207bd6!important}.primary-bg-a6{background-color:#06c}.primary-color-a6{color:#06c}.primary-border-color-a6,.primary-border-color-a6.border{border-color:#06c!important}.primary-bg-a7{background-color:#0059b3}.primary-color-a7{color:#0059b3}.primary-border-color-a7,.primary-border-color-a7.border{border-color:#0059b3!important}.primary-bg-a8{background-color:#004d99}.primary-color-a8{color:#004d99}.primary-border-color-a8,.primary-border-color-a8.border{border-color:#004d99!important}.primary-bg-a9{background-color:#004080}.primary-color-a9{color:#004080}.primary-border-color-a9,.primary-border-color-a9.border{border-color:#004080!important}.primary-bg-a10{background-color:#036}.primary-color-a10{color:#036}.primary-border-color-a10,.primary-border-color-a10.border{border-color:#036!important}.primary-bg-a11{background-color:#00264d}.primary-color-a11{color:#00264d}.primary-border-color-a11,.primary-border-color-a11.border{border-color:#00264d!important}.primary-bg-a12{background-color:#001a33}.primary-color-a12{color:#001a33}.primary-border-color-a12,.primary-border-color-a12.border{border-color:#001a33!important}.primary-bg-b1{background-color:#06c}.primary-color-b1{color:#06c}.primary-border-color-b1,.primary-border-color-b1.border{border-color:#06c!important}.primary-bg-b2{background-color:#1262b3}.primary-color-b2{color:#1262b3}.primary-border-color-b2,.primary-border-color-b2.border{border-color:#1262b3!important}.primary-bg-b3{background-color:#1f5c99}.primary-color-b3{color:#1f5c99}.primary-border-color-b3,.primary-border-color-b3.border{border-color:#1f5c99!important}.primary-bg-b4{background-color:#265380}.primary-color-b4{color:#265380}.primary-border-color-b4,.primary-border-color-b4.border{border-color:#265380!important}.primary-bg-b5{background-color:#294766}.primary-color-b5{color:#294766}.primary-border-color-b5,.primary-border-color-b5.border{border-color:#294766!important}.primary-bg-b6{background-color:#26394d}.primary-color-b6{color:#26394d}.primary-border-color-b6,.primary-border-color-b6.border{border-color:#26394d!important}.primary-bg-b7{background-color:#1f2933}.primary-color-b7{color:#1f2933}.primary-border-color-b7,.primary-border-color-b7.border{border-color:#1f2933!important}.primary-bg-b8{background-color:#12161a}.primary-color-b8{color:#12161a}.primary-border-color-b8,.primary-border-color-b8.border{border-color:#12161a!important}.primary-bg-c1{background-color:#dce9f5}.primary-color-c1{color:#dce9f5}.primary-border-color-c1,.primary-border-color-c1.border{border-color:#dce9f5!important}.primary-bg-c2{background-color:#c4dcf5}.primary-color-c2{color:#c4dcf5}.primary-border-color-c2,.primary-border-color-c2.border{border-color:#c4dcf5!important}.primary-bg-c3{background-color:#abd0f5}.primary-color-c3{color:#abd0f5}.primary-border-color-c3,.primary-border-color-c3.border{border-color:#abd0f5!important}.primary-bg-c4{background-color:#93c4f5}.primary-color-c4{color:#93c4f5}.primary-border-color-c4,.primary-border-color-c4.border{border-color:#93c4f5!important}.primary-bg-c5{background-color:#7ab8f5}.primary-color-c5{color:#7ab8f5}.primary-border-color-c5,.primary-border-color-c5.border{border-color:#7ab8f5!important}.primary-bg-c6{background-color:#62abf5}.primary-color-c6{color:#62abf5}.primary-border-color-c6,.primary-border-color-c6.border{border-color:#62abf5!important}.primary-bg-c7{background-color:#499ff5}.primary-color-c7{color:#499ff5}.primary-border-color-c7,.primary-border-color-c7.border{border-color:#499ff5!important}.primary-bg-c8{background-color:#3193f5}.primary-color-c8{color:#3193f5}.primary-border-color-c8,.primary-border-color-c8.border{border-color:#3193f5!important}.primary-bg-c9{background-color:#1887f5}.primary-color-c9{color:#1887f5}.primary-border-color-c9,.primary-border-color-c9.border{border-color:#1887f5!important}.primary-bg-c10{background-color:#007af5}.primary-color-c10{color:#007af5}.primary-border-color-c10,.primary-border-color-c10.border{border-color:#007af5!important}.primary-bg-c11{background-color:#0070e0}.primary-color-c11{color:#0070e0}.primary-border-color-c11,.primary-border-color-c11.border{border-color:#0070e0!important}.primary-bg-c12{background-color:#06c}.primary-color-c12{color:#06c}.primary-border-color-c12,.primary-border-color-c12.border{border-color:#06c!important}.analogue-1-bg-a1{background-color:#e7e6ff}.analogue-1-color-a1{color:#e7e6ff}.analogue-1-border-color-a1,.analogue-1-border-color-a1.border{border-color:#e7e6ff!important}.analogue-1-bg-a2{background-color:#bbb8f5}.analogue-1-color-a2{color:#bbb8f5}.analogue-1-border-color-a2,.analogue-1-border-color-a2.border{border-color:#bbb8f5!important}.analogue-1-bg-a3{background-color:#918deb}.analogue-1-color-a3{color:#918deb}.analogue-1-border-color-a3,.analogue-1-border-color-a3.border{border-color:#918deb!important}.analogue-1-bg-a4{background-color:#6b65e0}.analogue-1-color-a4{color:#6b65e0}.analogue-1-border-color-a4,.analogue-1-border-color-a4.border{border-color:#6b65e0!important}.analogue-1-bg-a5{background-color:#4840d6}.analogue-1-color-a5{color:#4840d6}.analogue-1-border-color-a5,.analogue-1-border-color-a5.border{border-color:#4840d6!important}.analogue-1-bg-a6{background-color:#271fcc}.analogue-1-color-a6{color:#271fcc}.analogue-1-border-color-a6,.analogue-1-border-color-a6.border{border-color:#271fcc!important}.analogue-1-bg-a7{background-color:#221bb3}.analogue-1-color-a7{color:#221bb3}.analogue-1-border-color-a7,.analogue-1-border-color-a7.border{border-color:#221bb3!important}.analogue-1-bg-a8{background-color:#1d1799}.analogue-1-color-a8{color:#1d1799}.analogue-1-border-color-a8,.analogue-1-border-color-a8.border{border-color:#1d1799!important}.analogue-1-bg-a9{background-color:#191380}.analogue-1-color-a9{color:#191380}.analogue-1-border-color-a9,.analogue-1-border-color-a9.border{border-color:#191380!important}.analogue-1-bg-a10{background-color:#140f66}.analogue-1-color-a10{color:#140f66}.analogue-1-border-color-a10,.analogue-1-border-color-a10.border{border-color:#140f66!important}.analogue-1-bg-a11{background-color:#0f0b4d}.analogue-1-color-a11{color:#0f0b4d}.analogue-1-border-color-a11,.analogue-1-border-color-a11.border{border-color:#0f0b4d!important}.analogue-1-bg-a12{background-color:#0a0833}.analogue-1-color-a12{color:#0a0833}.analogue-1-border-color-a12,.analogue-1-border-color-a12.border{border-color:#0a0833!important}.analogue-2-bg-a1{background-color:#ccfffd}.analogue-2-color-a1{color:#ccfffd}.analogue-2-border-color-a1,.analogue-2-border-color-a1.border{border-color:#ccfffd!important}.analogue-2-bg-a2{background-color:#9ff5f2}.analogue-2-color-a2{color:#9ff5f2}.analogue-2-border-color-a2,.analogue-2-border-color-a2.border{border-color:#9ff5f2!important}.analogue-2-bg-a3{background-color:#75ebe7}.analogue-2-color-a3{color:#75ebe7}.analogue-2-border-color-a3,.analogue-2-border-color-a3.border{border-color:#75ebe7!important}.analogue-2-bg-a4{background-color:#4fe0dc}.analogue-2-color-a4{color:#4fe0dc}.analogue-2-border-color-a4,.analogue-2-border-color-a4.border{border-color:#4fe0dc!important}.analogue-2-bg-a5{background-color:#2bd6d0}.analogue-2-color-a5{color:#2bd6d0}.analogue-2-border-color-a5,.analogue-2-border-color-a5.border{border-color:#2bd6d0!important}.analogue-2-bg-a6{background-color:#0accc6}.analogue-2-color-a6{color:#0accc6}.analogue-2-border-color-a6,.analogue-2-border-color-a6.border{border-color:#0accc6!important}.analogue-2-bg-a7{background-color:#09b3ad}.analogue-2-color-a7{color:#09b3ad}.analogue-2-border-color-a7,.analogue-2-border-color-a7.border{border-color:#09b3ad!important}.analogue-2-bg-a8{background-color:#089994}.analogue-2-color-a8{color:#089994}.analogue-2-border-color-a8,.analogue-2-border-color-a8.border{border-color:#089994!important}.analogue-2-bg-a9{background-color:#06807b}.analogue-2-color-a9{color:#06807b}.analogue-2-border-color-a9,.analogue-2-border-color-a9.border{border-color:#06807b!important}.analogue-2-bg-a10{background-color:#056663}.analogue-2-color-a10{color:#056663}.analogue-2-border-color-a10,.analogue-2-border-color-a10.border{border-color:#056663!important}.analogue-2-bg-a11{background-color:#044d4a}.analogue-2-color-a11{color:#044d4a}.analogue-2-border-color-a11,.analogue-2-border-color-a11.border{border-color:#044d4a!important}.analogue-2-bg-a12{background-color:#033331}.analogue-2-color-a12{color:#033331}.analogue-2-border-color-a12,.analogue-2-border-color-a12.border{border-color:#033331!important}.complementary-1-bg{background-color:#f73e5a}.complementary-1-color{color:#f90}.complementary-1-border-color-,.complementary-1-border-color-.border{border-color:#f73e5a!important}.complementary-1-bg-a1{background-color:#fffcfd}.complementary-1-color-a1{color:#fffcfd}.complementary-1-border-color-a1,.complementary-1-border-color-a1.border{border-color:#fffcfd!important}.complementary-1-bg-a2{background-color:#f5d0d6}.complementary-1-color-a2{color:#f5d0d6}.complementary-1-border-color-a2,.complementary-1-border-color-a2.border{border-color:#f5d0d6!important}.complementary-1-bg-a3{background-color:#eba4af}.complementary-1-color-a3{color:#eba4af}.complementary-1-border-color-a3,.complementary-1-border-color-a3.border{border-color:#eba4af!important}.complementary-1-bg-a4{background-color:#e07b8b}.complementary-1-color-a4{color:#e07b8b}.complementary-1-border-color-a4,.complementary-1-border-color-a4.border{border-color:#e07b8b!important}.complementary-1-bg-a5{background-color:#d65669}.complementary-1-color-a5{color:#d65669}.complementary-1-border-color-a5,.complementary-1-border-color-a5.border{border-color:#d65669!important}.complementary-1-bg-a6{background-color:#cc334a}.complementary-1-color-a6{color:#cc334a}.complementary-1-border-color-a6,.complementary-1-border-color-a6.border{border-color:#cc334a!important}.complementary-1-bg-a7{background-color:#b32d41}.complementary-1-color-a7{color:#b32d41}.complementary-1-border-color-a7,.complementary-1-border-color-a7.border{border-color:#b32d41!important}.complementary-1-bg-a8{background-color:#992637}.complementary-1-color-a8{color:#992637}.complementary-1-border-color-a8,.complementary-1-border-color-a8.border{border-color:#992637!important}.complementary-1-bg-a9{background-color:#80202e}.complementary-1-color-a9{color:#80202e}.complementary-1-border-color-a9,.complementary-1-border-color-a9.border{border-color:#80202e!important}.complementary-1-bg-a10{background-color:#661a25}.complementary-1-color-a10{color:#661a25}.complementary-1-border-color-a10,.complementary-1-border-color-a10.border{border-color:#661a25!important}.complementary-1-bg-a11{background-color:#4d131c}.complementary-1-color-a11{color:#4d131c}.complementary-1-border-color-a11,.complementary-1-border-color-a11.border{border-color:#4d131c!important}.complementary-1-bg-a12{background-color:#330d12}.complementary-1-color-a12{color:#330d12}.complementary-1-border-color-a12,.complementary-1-border-color-a12.border{border-color:#330d12!important}.complementary-2-bg{background-color:#f90}.complementary-2-color{color:#f90}.complementary-2-border-color-,.complementary-2-border-color-.border{border-color:#f90!important}.complementary-2-bg-a1{background-color:#ffe6bf}.complementary-2-color-a1{color:#ffe6bf}.complementary-2-border-color-a1,.complementary-2-border-color-a1.border{border-color:#ffe6bf!important}.complementary-2-bg-a2{background-color:#f5ce93}.complementary-2-color-a2{color:#f5ce93}.complementary-2-border-color-a2,.complementary-2-border-color-a2.border{border-color:#f5ce93!important}.complementary-2-bg-a3{background-color:#ebb76a}.complementary-2-color-a3{color:#ebb76a}.complementary-2-border-color-a3,.complementary-2-border-color-a3.border{border-color:#ebb76a!important}.complementary-2-bg-a4{background-color:#e0a243}.complementary-2-color-a4{color:#e0a243}.complementary-2-border-color-a4,.complementary-2-border-color-a4.border{border-color:#e0a243!important}.complementary-2-bg-a5{background-color:#d68d20}.complementary-2-color-a5{color:#d68d20}.complementary-2-border-color-a5,.complementary-2-border-color-a5.border{border-color:#d68d20!important}.complementary-2-bg-a6{background-color:#cc7a00}.complementary-2-color-a6{color:#cc7a00}.complementary-2-border-color-a6,.complementary-2-border-color-a6.border{border-color:#cc7a00!important}.complementary-2-bg-a7{background-color:#b36b00}.complementary-2-color-a7{color:#b36b00}.complementary-2-border-color-a7,.complementary-2-border-color-a7.border{border-color:#b36b00!important}.complementary-2-bg-a8{background-color:#995c00}.complementary-2-color-a8{color:#995c00}.complementary-2-border-color-a8,.complementary-2-border-color-a8.border{border-color:#995c00!important}.complementary-2-bg-a9{background-color:#804d00}.complementary-2-color-a9{color:#804d00}.complementary-2-border-color-a9,.complementary-2-border-color-a9.border{border-color:#804d00!important}.complementary-2-bg-a10{background-color:#663d00}.complementary-2-color-a10{color:#663d00}.complementary-2-border-color-a10,.complementary-2-border-color-a10.border{border-color:#663d00!important}.complementary-2-bg-a11{background-color:#4d2e00}.complementary-2-color-a11{color:#4d2e00}.complementary-2-border-color-a11,.complementary-2-border-color-a11.border{border-color:#4d2e00!important}.complementary-2-bg-a12{background-color:#331f00}.complementary-2-color-a12{color:#331f00}.complementary-2-border-color-a12,.complementary-2-border-color-a12.border{border-color:#331f00!important}.complementary-3-bg{background-color:#00cf86}.complementary-3-color{color:#00cf86}.complementary-3-border-color-,.complementary-3-border-color-.border{border-color:#00cf86!important}.complementary-3-bg-a1{background-color:#bfffe9}.complementary-3-color-a1{color:#bfffe9}.complementary-3-border-color-a1,.complementary-3-border-color-a1.border{border-color:#bfffe9!important}.complementary-3-bg-a2{background-color:#93f5d3}.complementary-3-color-a2{color:#93f5d3}.complementary-3-border-color-a2,.complementary-3-border-color-a2.border{border-color:#93f5d3!important}.complementary-3-bg-a3{background-color:#6aebbd}.complementary-3-color-a3{color:#6aebbd}.complementary-3-border-color-a3,.complementary-3-border-color-a3.border{border-color:#6aebbd!important}.complementary-3-bg-a4{background-color:#43e0a9}.complementary-3-color-a4{color:#43e0a9}.complementary-3-border-color-a4,.complementary-3-border-color-a4.border{border-color:#43e0a9!important}.complementary-3-bg-a5{background-color:#20d696}.complementary-3-color-a5{color:#20d696}.complementary-3-border-color-a5,.complementary-3-border-color-a5.border{border-color:#20d696!important}.complementary-3-bg-a6{background-color:#00cc85}.complementary-3-color-a6{color:#00cc85}.complementary-3-border-color-a6,.complementary-3-border-color-a6.border{border-color:#00cc85!important}.complementary-3-bg-a7{background-color:#00b374}.complementary-3-color-a7{color:#00b374}.complementary-3-border-color-a7,.complementary-3-border-color-a7.border{border-color:#00b374!important}.complementary-3-bg-a8{background-color:#009963}.complementary-3-color-a8{color:#009963}.complementary-3-border-color-a8,.complementary-3-border-color-a8.border{border-color:#009963!important}.complementary-3-bg-a9{background-color:#008053}.complementary-3-color-a9{color:#008053}.complementary-3-border-color-a9,.complementary-3-border-color-a9.border{border-color:#008053!important}.complementary-3-bg-a10{background-color:#006642}.complementary-3-color-a10{color:#006642}.complementary-3-border-color-a10,.complementary-3-border-color-a10.border{border-color:#006642!important}.complementary-3-bg-a11{background-color:#004d32}.complementary-3-color-a11{color:#004d32}.complementary-3-border-color-a11,.complementary-3-border-color-a11.border{border-color:#004d32!important}.complementary-3-bg-a12{background-color:#003321}.complementary-3-color-a12{color:#003321}.complementary-3-border-color-a12,.complementary-3-border-color-a12.border{border-color:#003321!important}.analogue-1-bg{background-color:#3126ff}.analogue-1-color{color:#3126ff}.analogue-1-border-color-,.analogue-1-border-color-.border{border-color:#3126ff!important}.analogue-1-bg-b1{background-color:#3126ff}.analogue-1-color-b1{color:#3126ff}.analogue-1-border-color-b1,.analogue-1-border-color-b1.border{border-color:#3126ff!important}.analogue-1-bg-b2{background-color:#4239e6}.analogue-1-color-b2{color:#4239e6}.analogue-1-border-color-b2,.analogue-1-border-color-b2.border{border-color:#4239e6!important}.analogue-1-bg-b3{background-color:#4e47cc}.analogue-1-color-b3{color:#4e47cc}.analogue-1-border-color-b3,.analogue-1-border-color-b3.border{border-color:#4e47cc!important}.analogue-1-bg-b4{background-color:#5550b3}.analogue-1-color-b4{color:#5550b3}.analogue-1-border-color-b4,.analogue-1-border-color-b4.border{border-color:#5550b3!important}.analogue-1-bg-b5{background-color:#585499}.analogue-1-color-b5{color:#585499}.analogue-1-border-color-b5,.analogue-1-border-color-b5.border{border-color:#585499!important}.analogue-1-bg-b6{background-color:#555380}.analogue-1-color-b6{color:#555380}.analogue-1-border-color-b6,.analogue-1-border-color-b6.border{border-color:#555380!important}.analogue-1-bg-b7{background-color:#4e4d66}.analogue-1-color-b7{color:#4e4d66}.analogue-1-border-color-b7,.analogue-1-border-color-b7.border{border-color:#4e4d66!important}.analogue-1-bg-b8{background-color:#42414d}.analogue-1-color-b8{color:#42414d}.analogue-1-border-color-b8,.analogue-1-border-color-b8.border{border-color:#42414d!important}.analogue-2-bg{background-color:#0bd9d2}.analogue-2-color{color:#0bd9d2}.analogue-2-border-color-,.analogue-2-border-color-.border{border-color:#0bd9d2!important}.analogue-2-bg-b1{background-color:#0bd9d2}.analogue-2-color-b1{color:#0bd9d2}.analogue-2-border-color-b1,.analogue-2-border-color-b1.border{border-color:#0bd9d2!important}.analogue-2-bg-b2{background-color:#1dbfba}.analogue-2-color-b2{color:#1dbfba}.analogue-2-border-color-b2,.analogue-2-border-color-b2.border{border-color:#1dbfba!important}.analogue-2-bg-b3{background-color:#29a6a2}.analogue-2-color-b3{color:#29a6a2}.analogue-2-border-color-b3,.analogue-2-border-color-b3.border{border-color:#29a6a2!important}.analogue-2-bg-b4{background-color:#318c89}.analogue-2-color-b4{color:#318c89}.analogue-2-border-color-b4,.analogue-2-border-color-b4.border{border-color:#318c89!important}.analogue-2-bg-b5{background-color:#347371}.analogue-2-color-b5{color:#347371}.analogue-2-border-color-b5,.analogue-2-border-color-b5.border{border-color:#347371!important}.analogue-2-bg-b6{background-color:#315958}.analogue-2-color-b6{color:#315958}.analogue-2-border-color-b6,.analogue-2-border-color-b6.border{border-color:#315958!important}.analogue-2-bg-b7{background-color:#29403f}.analogue-2-color-b7{color:#29403f}.analogue-2-border-color-b7,.analogue-2-border-color-b7.border{border-color:#29403f!important}.analogue-2-bg-b8{background-color:#1d2626}.analogue-2-color-b8{color:#1d2626}.analogue-2-border-color-b8,.analogue-2-border-color-b8.border{border-color:#1d2626!important}.complementary-1-bg-b1{background-color:#f73e5a}.complementary-1-color-b1{color:#f73e5a}.complementary-1-border-color-b1,.complementary-1-border-color-b1.border{border-color:#f73e5a!important}.complementary-1-bg-b2{background-color:#de4e63}.complementary-1-color-b2{color:#de4e63}.complementary-1-border-color-b2,.complementary-1-border-color-b2.border{border-color:#de4e63!important}.complementary-1-bg-b3{background-color:#c45869}.complementary-1-color-b3{color:#c45869}.complementary-1-border-color-b3,.complementary-1-border-color-b3.border{border-color:#c45869!important}.complementary-1-bg-b4{background-color:#ab5e69}.complementary-1-color-b4{color:#ab5e69}.complementary-1-border-color-b4,.complementary-1-border-color-b4.border{border-color:#ab5e69!important}.complementary-1-bg-b5{background-color:#915e66}.complementary-1-color-b5{color:#915e66}.complementary-1-border-color-b5,.complementary-1-border-color-b5.border{border-color:#915e66!important}.complementary-1-bg-b6{background-color:#785a5e}.complementary-1-color-b6{color:#785a5e}.complementary-1-border-color-b6,.complementary-1-border-color-b6.border{border-color:#785a5e!important}.complementary-1-bg-b7{background-color:#5e5052}.complementary-1-color-b7{color:#5e5052}.complementary-1-border-color-b7,.complementary-1-border-color-b7.border{border-color:#5e5052!important}.complementary-1-bg-b8{background-color:#454142}.complementary-1-color-b8{color:#454142}.complementary-1-border-color-b8,.complementary-1-border-color-b8.border{border-color:#454142!important}.complementary-2-bg-b1{background-color:#f90}.complementary-2-color-b1{color:#f90}.complementary-2-border-color-b1,.complementary-2-border-color-b1.border{border-color:#f90!important}.complementary-2-bg-b2{background-color:#e69317}.complementary-2-color-b2{color:#e69317}.complementary-2-border-color-b2,.complementary-2-border-color-b2.border{border-color:#e69317!important}.complementary-2-bg-b3{background-color:#cc8b29}.complementary-2-color-b3{color:#cc8b29}.complementary-2-border-color-b3,.complementary-2-border-color-b3.border{border-color:#cc8b29!important}.complementary-2-bg-b4{background-color:#b38136}.complementary-2-color-b4{color:#b38136}.complementary-2-border-color-b4,.complementary-2-border-color-b4.border{border-color:#b38136!important}.complementary-2-bg-b5{background-color:#99743d}.complementary-2-color-b5{color:#99743d}.complementary-2-border-color-b5,.complementary-2-border-color-b5.border{border-color:#99743d!important}.complementary-2-bg-b6{background-color:#806640}.complementary-2-color-b6{color:#806640}.complementary-2-border-color-b6,.complementary-2-border-color-b6.border{border-color:#806640!important}.complementary-2-bg-b7{background-color:#66563d}.complementary-2-color-b7{color:#66563d}.complementary-2-border-color-b7,.complementary-2-border-color-b7.border{border-color:#66563d!important}.complementary-2-bg-b8{background-color:#4d4336}.complementary-2-color-b8{color:#4d4336}.complementary-2-border-color-b8,.complementary-2-border-color-b8.border{border-color:#4d4336!important}.complementary-3-bg-b1{background-color:#00cf86}.complementary-3-color-b1{color:#00cf86}.complementary-3-border-color-b1,.complementary-3-border-color-b1.border{border-color:#00cf86!important}.complementary-3-bg-b2{background-color:#12b57c}.complementary-3-color-b2{color:#12b57c}.complementary-3-border-color-b2,.complementary-3-border-color-b2.border{border-color:#12b57c!important}.complementary-3-bg-b3{background-color:#1f9c70}.complementary-3-color-b3{color:#1f9c70}.complementary-3-border-color-b3,.complementary-3-border-color-b3.border{border-color:#1f9c70!important}.complementary-3-bg-b4{background-color:#278262}.complementary-3-color-b4{color:#278262}.complementary-3-border-color-b4,.complementary-3-border-color-b4.border{border-color:#278262!important}.complementary-3-bg-b5{background-color:#2a6953}.complementary-3-color-b5{color:#2a6953}.complementary-3-border-color-b5,.complementary-3-border-color-b5.border{border-color:#2a6953!important}.complementary-3-bg-b6{background-color:#284f41}.complementary-3-color-b6{color:#284f41}.complementary-3-border-color-b6,.complementary-3-border-color-b6.border{border-color:#284f41!important}.complementary-3-bg-b7{background-color:#20362e}.complementary-3-color-b7{color:#20362e}.complementary-3-border-color-b7,.complementary-3-border-color-b7.border{border-color:#20362e!important}.complementary-3-bg-b8{background-color:#141c19}.complementary-3-color-b8{color:#141c19}.complementary-3-border-color-b8,.complementary-3-border-color-b8.border{border-color:#141c19!important}.neutral-1-bg{background-color:#17324d}.neutral-1-color{color:#17324d}.neutral-1-border-color-,.neutral-1-border-color-.border{border-color:#17324d!important}.neutral-1-bg-a1{background-color:#ebeced}.neutral-1-color-a1{color:#ebeced}.neutral-1-border-color-a1,.neutral-1-border-color-a1.border{border-color:#ebeced!important}.neutral-1-bg-a2{background-color:#d9dadb}.neutral-1-color-a2{color:#d9dadb}.neutral-1-border-color-a2,.neutral-1-border-color-a2.border{border-color:#d9dadb!important}.neutral-1-bg-a3{background-color:#c5c7c9}.neutral-1-color-a3{color:#c5c7c9}.neutral-1-border-color-a3,.neutral-1-border-color-a3.border{border-color:#c5c7c9!important}.neutral-1-bg-a4{background-color:#adb2b8}.neutral-1-color-a4{color:#adb2b8}.neutral-1-border-color-a4,.neutral-1-border-color-a4.border{border-color:#adb2b8!important}.neutral-1-bg-a5{background-color:#959da6}.neutral-1-color-a5{color:#959da6}.neutral-1-border-color-a5,.neutral-1-border-color-a5.border{border-color:#959da6!important}.neutral-1-bg-a6{background-color:#768594}.neutral-1-color-a6{color:#768594}.neutral-1-border-color-a6,.neutral-1-border-color-a6.border{border-color:#768594!important}.neutral-1-bg-a7{background-color:#5b6f82}.neutral-1-color-a7{color:#5b6f82}.neutral-1-border-color-a7,.neutral-1-border-color-a7.border{border-color:#5b6f82!important}.neutral-1-bg-a8{background-color:#435a70}.neutral-1-color-a8{color:#435a70}.neutral-1-border-color-a8,.neutral-1-border-color-a8.border{border-color:#435a70!important}.neutral-1-bg-a9{background-color:#2f475e}.neutral-1-color-a9{color:#2f475e}.neutral-1-border-color-a9,.neutral-1-border-color-a9.border{border-color:#2f475e!important}.neutral-1-bg-a10{background-color:#17324d}.neutral-1-color-a10{color:#17324d}.neutral-1-border-color-a10,.neutral-1-border-color-a10.border{border-color:#17324d!important}.neutral-2-bg{background-color:#e6ecf2}.neutral-2-color{color:#e6ecf2}.neutral-2-border-color-{border-color:#e6ecf2}.neutral-2-bg-b1{background-color:#e6ecf2}.neutral-2-color-b1{color:#e6ecf2}.neutral-2-border-color-b1,.neutral-2-border-color-b1.border{border-color:#e6ecf2!important}.neutral-2-bg-b2{background-color:#c2c7cc}.neutral-2-color-b2{color:#c2c7cc}.neutral-2-border-color-b2,.neutral-2-border-color-b2.border{border-color:#c2c7cc!important}.neutral-2-bg-b3{background-color:#9da2a6}.neutral-2-color-b3{color:#9da2a6}.neutral-2-border-color-b3,.neutral-2-border-color-b3.border{border-color:#9da2a6!important}.neutral-2-bg-b4{background-color:#797c80}.neutral-2-color-b4{color:#797c80}.neutral-2-border-color-b4,.neutral-2-border-color-b4.border{border-color:#797c80!important}.neutral-2-bg-b5{background-color:#565759}.neutral-2-color-b5{color:#565759}.neutral-2-border-color-b5,.neutral-2-border-color-b5.border{border-color:#565759!important}.neutral-2-bg-b6{background-color:#2f3133}.neutral-2-color-b6{color:#2f3133}.neutral-2-border-color-b6,.neutral-2-border-color-b6.border{border-color:#2f3133!important}.neutral-2-bg-b7{background-color:#0c0c0d}.neutral-2-color-b7{color:#0c0c0d}.neutral-2-border-color-b7,.neutral-2-border-color-b7.border{border-color:#0c0c0d!important}.neutral-2-bg-a1{background-color:#e6ecf2}.neutral-2-color-a1{color:#e6ecf2}.neutral-2-border-color-a1,.neutral-2-border-color-a1.border{border-color:#e6ecf2!important}.neutral-2-bg-a2{background-color:#bcc4cc}.neutral-2-color-a2{color:#bcc4cc}.neutral-2-border-color-a2,.neutral-2-border-color-a2.border{border-color:#bcc4cc!important}.neutral-2-bg-a3{background-color:#9aa0a6}.neutral-2-color-a3{color:#9aa0a6}.neutral-2-border-color-a3,.neutral-2-border-color-a3.border{border-color:#9aa0a6!important}.neutral-2-bg-a4{background-color:#777b80}.neutral-2-color-a4{color:#777b80}.neutral-2-border-color-a4,.neutral-2-border-color-a4.border{border-color:#777b80!important}.neutral-2-bg-a5{background-color:#535659}.neutral-2-color-a5{color:#535659}.neutral-2-border-color-a5,.neutral-2-border-color-a5.border{border-color:#535659!important}.neutral-2-bg-a6{background-color:#2f3133}.neutral-2-color-a6{color:#2f3133}.neutral-2-border-color-a6,.neutral-2-border-color-a6.border{border-color:#2f3133!important}.neutral-2-bg-a7{background-color:#17181a}.neutral-2-color-a7{color:#17181a}.neutral-2-border-color-a7,.neutral-2-border-color-a7.border{border-color:#17181a!important}.lightgrey-bg-a1{background-color:#e8f2fc}.lightgrey-color-a1{color:#e8f2fc}.lightgrey-border-color-a1,.lightgrey-border-color-a1.border{border-color:#e8f2fc!important}.lightgrey-bg-a2{background-color:#edf5fc}.lightgrey-color-a2{color:#edf5fc}.lightgrey-border-color-a2,.lightgrey-border-color-a2.border{border-color:#edf5fc!important}.lightgrey-bg-a3{background-color:#f2f7fc}.lightgrey-color-a3{color:#f2f7fc}.lightgrey-border-color-a3,.lightgrey-border-color-a3.border{border-color:#f2f7fc!important}.lightgrey-bg-a4{background-color:#f5f9fc}.lightgrey-color-a4{color:#f5f9fc}.lightgrey-border-color-a4,.lightgrey-border-color-a4.border{border-color:#f5f9fc!important}.lightgrey-bg-b1{background-color:#e6f0fa}.lightgrey-color-b1{color:#e6f0fa}.lightgrey-border-color-b1,.lightgrey-border-color-b1.border{border-color:#e6f0fa!important}.lightgrey-bg-b2{background-color:#ebf2fa}.lightgrey-color-b2{color:#ebf2fa}.lightgrey-border-color-b2,.lightgrey-border-color-b2.border{border-color:#ebf2fa!important}.lightgrey-bg-b3{background-color:#edf4fa}.lightgrey-color-b3{color:#edf4fa}.lightgrey-border-color-b3,.lightgrey-border-color-b3.border{border-color:#edf4fa!important}.lightgrey-bg-b4{background-color:#f2f6fa}.lightgrey-color-b4{color:#f2f6fa}.lightgrey-border-color-b4,.lightgrey-border-color-b4.border{border-color:#f2f6fa!important}.lightgrey-bg-c1{background-color:#f7f9fa}.lightgrey-color-c1{color:#f7f9fa}.lightgrey-border-color-c1,.lightgrey-border-color-c1.border{border-color:#f7f9fa!important}.lightgrey-bg-c2{background-color:#f5f6f7}.lightgrey-color-c2{color:#f5f6f7}.lightgrey-border-color-c2,.lightgrey-border-color-c2.border{border-color:#f5f6f7!important}:root{--blue:#0073e6;--indigo:#554dff;--purple:#9e99ff;--pink:#ffb3bf;--red:#f73e5a;--orange:#f90;--yellow:#ffda73;--green:#00cc85;--teal:#0bd9d2;--cyan:#00fff7;--white:#fff;--gray:#656566;--gray-dark:#323333;--italia:#06c;--gray-secondary:#5c6f82;--gray-tertiary:#5a768a;--gray-quaternary:#fcfdff;--primary:#0073e6;--secondary:#5c6f82;--success:#00cc85;--info:#979899;--warning:#f90;--danger:#f73e5a;--light:#e9e6f2;--dark:#17324d;--100:#e3e4e6;--200:#cacacc;--300:#b1b1b3;--400:#979899;--500:#7e7f80;--600:#656566;--700:#4c4c4d;--800:#323333;--900:#19191a;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Titillium Web",Geneva,Tahoma,sans-serif;--font-family-monospace:"Roboto Mono",monospace}@media print{*,:after,:before{text-shadow:none!important;-webkit-box-shadow:none!important;box-shadow:none!important}a:not(.btn){text-decoration:underline}abbr[title]:after{content:" (" attr(title) ")"}pre{white-space:pre-wrap!important}blockquote,pre{border:1px solid #7e7f80;page-break-inside:avoid}thead{display:table-header-group}img,tr{page-break-inside:avoid}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}@page{size:a3}.container,body{min-width:992px!important}.navbar{display:none}.badge{border:1px solid #000}.table{border-collapse:collapse!important}.table td,.table th{background-color:#fff!important}.table-bordered td,.table-bordered th{border:1px solid #b1b1b3!important}.table-dark{color:inherit}.table-dark tbody+tbody,.table-dark td,.table-dark th,.table-dark thead th{border-color:#d6dce3}.table .thead-dark th{color:inherit;border-color:#d6dce3}}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-family:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:rgba(0,0,0,0)}article,aside,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}body{margin:0;font-family:Titillium Web,Geneva,Tahoma,sans-serif;font-size:16px;font-size:1rem;font-weight:300;line-height:1.5;color:#19191a;text-align:left;background-color:#fff}[tabindex="-1"]:focus{outline:0!important}hr{-webkit-box-sizing:content-box;box-sizing:content-box;height:0;overflow:visible}h1,h2,h3,h4,h5,h6{margin-top:0;margin-bottom:8px}p{margin-top:0;margin-bottom:1rem}abbr[data-original-title],abbr[title]{text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0;text-decoration-skip-ink:none}address{font-style:normal;line-height:inherit}address,dl,ol,ul{margin-bottom:1rem}dl,ol,ul{margin-top:0}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{margin-bottom:.5rem;margin-left:0}blockquote{margin:0 0 1rem}b,strong{font-weight:bolder}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}a{color:#0073e6;text-decoration:none;background-color:transparent}a:hover{color:#004d99;text-decoration:underline}a:not([href]):not([tabindex]),a:not([href]):not([tabindex]):focus,a:not([href]):not([tabindex]):hover{color:inherit;text-decoration:none}a:not([href]):not([tabindex]):focus{outline:0}code,kbd,pre,samp{font-family:Roboto Mono,monospace;font-size:1em}pre{margin-top:0;margin-bottom:1rem;overflow:auto}figure{margin:0 0 1rem}img{border-style:none}img,svg{vertical-align:middle}svg{overflow:hidden}table{border-collapse:collapse}caption{padding-top:1em;padding-bottom:1em;color:#5a768a;text-align:left;caption-side:bottom}th{text-align:inherit}label{display:inline-block;margin-bottom:.5rem}button{border-radius:0}button:focus{outline:1px dotted;outline:5px auto -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,input{overflow:visible}button,select{text-transform:none}select{word-wrap:normal}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]:not(:disabled),[type=reset]:not(:disabled),[type=submit]:not(:disabled),button:not(:disabled){cursor:pointer}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{padding:0;border-style:none}input[type=checkbox],input[type=radio]{-webkit-box-sizing:border-box;box-sizing:border-box;padding:0}input[type=date],input[type=datetime-local],input[type=month],input[type=time]{-webkit-appearance:listbox}textarea{overflow:auto;resize:vertical}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;max-width:100%;padding:0;margin-bottom:.5rem;font-size:24px;font-size:1.5rem;line-height:inherit;color:inherit;white-space:normal}progress{vertical-align:baseline}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{outline-offset:-2px;-webkit-appearance:none}[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{font:inherit;-webkit-appearance:button}output{display:inline-block}summary{display:list-item;cursor:pointer}template{display:none}[hidden]{display:none!important}.h1,.h2,.h3,.h4,.h5,.h6,h1,h2,h3,h4,h5,h6{margin-bottom:8px;font-weight:700;line-height:1.2}.h1,h1{font-size:40px;font-size:2.5rem}.h2,h2{font-size:32px;font-size:2rem}.h3,h3{font-size:28px;font-size:1.75rem}.h4,h4{font-size:24px;font-size:1.5rem}.h5,h5{font-size:20px;font-size:1.25rem}.h6,h6{font-size:16px;font-size:1rem}.lead{font-size:20px;font-size:1.25rem;font-weight:300}.display-1{font-size:56px;font-size:3.5rem}.display-1,.display-2{font-weight:700;line-height:1.2}.display-2{font-size:40px;font-size:2.5rem}.display-3{font-size:24px;font-size:1.5rem}.display-3,.display-4{font-weight:700;line-height:1.2}.display-4{font-size:20px;font-size:1.25rem}hr{margin-top:16px;margin-bottom:16px;border:0;border-top:1px solid rgba(0,0,0,.1)}.small,small{font-size:12.432px;font-size:.777rem}.mark,mark{padding:.2em;background-color:#fcf8e3}.list-inline,.list-unstyled{padding-left:0;list-style:none}.list-inline-item{display:inline-block}.list-inline-item:not(:last-child){margin-right:.5rem}.initialism{font-size:90%;text-transform:uppercase}.blockquote{margin-bottom:16px;font-size:20px;font-size:1.25rem}.blockquote-footer{display:block;font-size:12.432px;font-size:.777rem}.blockquote-footer:before{content:"\2014\00A0"}.img-fluid,.img-thumbnail{max-width:100%;height:auto}.img-thumbnail{padding:.25rem;background-color:#fff;border:1px solid #b1b1b3;border-radius:4px;-webkit-box-shadow:0 1px 2px rgba(0,0,0,.075);box-shadow:0 1px 2px rgba(0,0,0,.075)}.figure{display:inline-block}.figure-img{margin-bottom:8px;line-height:1}.figure-caption{font-size:90%;color:#656566}code{font-size:87.5%;color:#17324d;word-break:break-word}a>code{color:inherit}kbd{padding:.2rem .4rem;font-size:87.5%;color:#fff;background-color:#19191a;border-radius:2px;-webkit-box-shadow:inset 0 -.1rem 0 rgba(0,0,0,.25);box-shadow:inset 0 -.1rem 0 rgba(0,0,0,.25)}kbd kbd{padding:0;font-size:100%;font-weight:700;-webkit-box-shadow:none;box-shadow:none}pre{display:block;font-size:87.5%;color:#19191a}pre code{font-size:inherit;color:inherit;word-break:normal}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{width:100%;padding-right:6px;padding-left:6px;margin-right:auto;margin-left:auto}@media (min-width:576px){.container{max-width:540px}}@media (min-width:768px){.container{max-width:720px}}@media (min-width:992px){.container{max-width:960px}}@media (min-width:1200px){.container{max-width:1140px}}.container-fluid{width:100%;padding-right:6px;padding-left:6px;margin-right:auto;margin-left:auto}.row{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;margin-right:-6px;margin-left:-6px}.no-gutters{margin-right:0;margin-left:0}.no-gutters>.col,.no-gutters>[class*=col-]{padding-right:0;padding-left:0}.col,.col-1,.col-2,.col-3,.col-4,.col-5,.col-6,.col-7,.col-8,.col-9,.col-10,.col-11,.col-12,.col-auto,.col-lg,.col-lg-1,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-auto,.col-md,.col-md-1,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-10,.col-md-11,.col-md-12,.col-md-auto,.col-sm,.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-auto,.col-xl,.col-xl-1,.col-xl-2,.col-xl-3,.col-xl-4,.col-xl-5,.col-xl-6,.col-xl-7,.col-xl-8,.col-xl-9,.col-xl-10,.col-xl-11,.col-xl-12,.col-xl-auto{position:relative;width:100%;padding-right:6px;padding-left:6px}.col{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-auto{-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-1,.col-auto{-webkit-box-flex:0}.col-1{-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-2{-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-2,.col-3{-webkit-box-flex:0}.col-3{-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-4{-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-4,.col-5{-webkit-box-flex:0}.col-5{-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-6{-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-6,.col-7{-webkit-box-flex:0}.col-7{-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-8{-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-8,.col-9{-webkit-box-flex:0}.col-9{-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-10{-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-10,.col-11{-webkit-box-flex:0}.col-11{-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-1{margin-left:8.3333333333%}.offset-2{margin-left:16.6666666667%}.offset-3{margin-left:25%}.offset-4{margin-left:33.3333333333%}.offset-5{margin-left:41.6666666667%}.offset-6{margin-left:50%}.offset-7{margin-left:58.3333333333%}.offset-8{margin-left:66.6666666667%}.offset-9{margin-left:75%}.offset-10{margin-left:83.3333333333%}.offset-11{margin-left:91.6666666667%}@media (min-width:576px){.col-sm{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-sm-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-sm-1{-webkit-box-flex:0;-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-sm-2{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-sm-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-sm-4{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-sm-5{-webkit-box-flex:0;-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-sm-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-sm-7{-webkit-box-flex:0;-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-sm-8{-webkit-box-flex:0;-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-sm-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-sm-10{-webkit-box-flex:0;-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-sm-11{-webkit-box-flex:0;-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-sm-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-sm-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-sm-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-sm-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-sm-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-sm-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-sm-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-sm-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-sm-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-sm-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-sm-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-sm-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-sm-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-sm-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-sm-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-sm-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-sm-0{margin-left:0}.offset-sm-1{margin-left:8.3333333333%}.offset-sm-2{margin-left:16.6666666667%}.offset-sm-3{margin-left:25%}.offset-sm-4{margin-left:33.3333333333%}.offset-sm-5{margin-left:41.6666666667%}.offset-sm-6{margin-left:50%}.offset-sm-7{margin-left:58.3333333333%}.offset-sm-8{margin-left:66.6666666667%}.offset-sm-9{margin-left:75%}.offset-sm-10{margin-left:83.3333333333%}.offset-sm-11{margin-left:91.6666666667%}}@media (min-width:768px){.col-md{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-md-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-md-1{-webkit-box-flex:0;-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-md-2{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-md-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-md-4{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-md-5{-webkit-box-flex:0;-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-md-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-md-7{-webkit-box-flex:0;-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-md-8{-webkit-box-flex:0;-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-md-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-md-10{-webkit-box-flex:0;-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-md-11{-webkit-box-flex:0;-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-md-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-md-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-md-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-md-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-md-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-md-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-md-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-md-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-md-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-md-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-md-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-md-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-md-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-md-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-md-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-md-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-md-0{margin-left:0}.offset-md-1{margin-left:8.3333333333%}.offset-md-2{margin-left:16.6666666667%}.offset-md-3{margin-left:25%}.offset-md-4{margin-left:33.3333333333%}.offset-md-5{margin-left:41.6666666667%}.offset-md-6{margin-left:50%}.offset-md-7{margin-left:58.3333333333%}.offset-md-8{margin-left:66.6666666667%}.offset-md-9{margin-left:75%}.offset-md-10{margin-left:83.3333333333%}.offset-md-11{margin-left:91.6666666667%}}@media (min-width:992px){.col-lg{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-lg-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-lg-1{-webkit-box-flex:0;-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-lg-2{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-lg-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-lg-4{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-lg-5{-webkit-box-flex:0;-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-lg-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-lg-7{-webkit-box-flex:0;-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-lg-8{-webkit-box-flex:0;-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-lg-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-lg-10{-webkit-box-flex:0;-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-lg-11{-webkit-box-flex:0;-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-lg-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-lg-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-lg-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-lg-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-lg-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-lg-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-lg-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-lg-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-lg-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-lg-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-lg-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-lg-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-lg-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-lg-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-lg-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-lg-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-lg-0{margin-left:0}.offset-lg-1{margin-left:8.3333333333%}.offset-lg-2{margin-left:16.6666666667%}.offset-lg-3{margin-left:25%}.offset-lg-4{margin-left:33.3333333333%}.offset-lg-5{margin-left:41.6666666667%}.offset-lg-6{margin-left:50%}.offset-lg-7{margin-left:58.3333333333%}.offset-lg-8{margin-left:66.6666666667%}.offset-lg-9{margin-left:75%}.offset-lg-10{margin-left:83.3333333333%}.offset-lg-11{margin-left:91.6666666667%}}@media (min-width:1200px){.col-xl{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-xl-auto{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;width:auto;max-width:100%}.col-xl-1{-webkit-box-flex:0;-ms-flex:0 0 8.3333333333%;flex:0 0 8.3333333333%;max-width:8.3333333333%}.col-xl-2{-webkit-box-flex:0;-ms-flex:0 0 16.6666666667%;flex:0 0 16.6666666667%;max-width:16.6666666667%}.col-xl-3{-webkit-box-flex:0;-ms-flex:0 0 25%;flex:0 0 25%;max-width:25%}.col-xl-4{-webkit-box-flex:0;-ms-flex:0 0 33.3333333333%;flex:0 0 33.3333333333%;max-width:33.3333333333%}.col-xl-5{-webkit-box-flex:0;-ms-flex:0 0 41.6666666667%;flex:0 0 41.6666666667%;max-width:41.6666666667%}.col-xl-6{-webkit-box-flex:0;-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-xl-7{-webkit-box-flex:0;-ms-flex:0 0 58.3333333333%;flex:0 0 58.3333333333%;max-width:58.3333333333%}.col-xl-8{-webkit-box-flex:0;-ms-flex:0 0 66.6666666667%;flex:0 0 66.6666666667%;max-width:66.6666666667%}.col-xl-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-xl-10{-webkit-box-flex:0;-ms-flex:0 0 83.3333333333%;flex:0 0 83.3333333333%;max-width:83.3333333333%}.col-xl-11{-webkit-box-flex:0;-ms-flex:0 0 91.6666666667%;flex:0 0 91.6666666667%;max-width:91.6666666667%}.col-xl-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-xl-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order:-1}.order-xl-last{-webkit-box-ordinal-group:14;-ms-flex-order:13;order:13}.order-xl-0{-webkit-box-ordinal-group:1;-ms-flex-order:0;order:0}.order-xl-1{-webkit-box-ordinal-group:2;-ms-flex-order:1;order:1}.order-xl-2{-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}.order-xl-3{-webkit-box-ordinal-group:4;-ms-flex-order:3;order:3}.order-xl-4{-webkit-box-ordinal-group:5;-ms-flex-order:4;order:4}.order-xl-5{-webkit-box-ordinal-group:6;-ms-flex-order:5;order:5}.order-xl-6{-webkit-box-ordinal-group:7;-ms-flex-order:6;order:6}.order-xl-7{-webkit-box-ordinal-group:8;-ms-flex-order:7;order:7}.order-xl-8{-webkit-box-ordinal-group:9;-ms-flex-order:8;order:8}.order-xl-9{-webkit-box-ordinal-group:10;-ms-flex-order:9;order:9}.order-xl-10{-webkit-box-ordinal-group:11;-ms-flex-order:10;order:10}.order-xl-11{-webkit-box-ordinal-group:12;-ms-flex-order:11;order:11}.order-xl-12{-webkit-box-ordinal-group:13;-ms-flex-order:12;order:12}.offset-xl-0{margin-left:0}.offset-xl-1{margin-left:8.3333333333%}.offset-xl-2{margin-left:16.6666666667%}.offset-xl-3{margin-left:25%}.offset-xl-4{margin-left:33.3333333333%}.offset-xl-5{margin-left:41.6666666667%}.offset-xl-6{margin-left:50%}.offset-xl-7{margin-left:58.3333333333%}.offset-xl-8{margin-left:66.6666666667%}.offset-xl-9{margin-left:75%}.offset-xl-10{margin-left:83.3333333333%}.offset-xl-11{margin-left:91.6666666667%}}.table{width:100%;margin-bottom:16px;color:#19191a}.table td,.table th{padding:1em;vertical-align:top;border-top:1px solid #d6dce3}.table thead th{vertical-align:bottom;border-bottom:2px solid #d6dce3}.table tbody+tbody{border-top:2px solid #d6dce3}.table-sm td,.table-sm th{padding:.3rem}.table-bordered,.table-bordered td,.table-bordered th{border:1px solid #d6dce3}.table-bordered thead td,.table-bordered thead th{border-bottom-width:2px}.table-borderless tbody+tbody,.table-borderless td,.table-borderless th,.table-borderless thead th{border:0}.table-striped tbody tr:nth-of-type(odd){background-color:#f6f7f9}.table-hover tbody tr:hover{color:#19191a;background-color:#e5f1fa}.table-primary,.table-primary>td,.table-primary>th{background-color:#b8d8f8}.table-primary tbody+tbody,.table-primary td,.table-primary th,.table-primary thead th{border-color:#7ab6f2}.table-hover .table-primary:hover,.table-hover .table-primary:hover>td,.table-hover .table-primary:hover>th{background-color:#a1cbf6}.table-secondary,.table-secondary>td,.table-secondary>th{background-color:#d1d7dc}.table-secondary tbody+tbody,.table-secondary td,.table-secondary th,.table-secondary thead th{border-color:#aab4be}.table-hover .table-secondary:hover,.table-hover .table-secondary:hover>td,.table-hover .table-secondary:hover>th{background-color:#c3cad1}.table-success,.table-success>td,.table-success>th{background-color:#b8f1dd}.table-success tbody+tbody,.table-success td,.table-success th,.table-success thead th{border-color:#7ae4c0}.table-hover .table-success:hover,.table-hover .table-success:hover>td,.table-hover .table-success:hover>th{background-color:#a3edd3}.table-info,.table-info>td,.table-info>th{background-color:#e2e2e2}.table-info tbody+tbody,.table-info td,.table-info th,.table-info thead th{border-color:#c9c9ca}.table-hover .table-info:hover,.table-hover .table-info:hover>td,.table-hover .table-info:hover>th{background-color:#d5d5d5}.table-warning,.table-warning>td,.table-warning>th{background-color:#ffe2b8}.table-warning tbody+tbody,.table-warning td,.table-warning th,.table-warning thead th{border-color:#ffca7a}.table-hover .table-warning:hover,.table-hover .table-warning:hover>td,.table-hover .table-warning:hover>th{background-color:#ffd89f}.table-danger,.table-danger>td,.table-danger>th{background-color:#fdc9d1}.table-danger tbody+tbody,.table-danger td,.table-danger th,.table-danger thead th{border-color:#fb9ba9}.table-hover .table-danger:hover,.table-hover .table-danger:hover>td,.table-hover .table-danger:hover>th{background-color:#fcb0bc}.table-light,.table-light>td,.table-light>th{background-color:#f9f8fb}.table-light tbody+tbody,.table-light td,.table-light th,.table-light thead th{border-color:#f4f2f8}.table-hover .table-light:hover,.table-hover .table-light:hover>td,.table-hover .table-light:hover>th{background-color:#ebe8f2}.table-dark,.table-dark>td,.table-dark>th{background-color:#bec6cd}.table-dark tbody+tbody,.table-dark td,.table-dark th,.table-dark thead th{border-color:#8694a2}.table-hover .table-dark:hover,.table-hover .table-dark:hover>td,.table-hover .table-dark:hover>th{background-color:#b0b9c2}.table-100,.table-100>td,.table-100>th{background-color:#f7f7f8}.table-100 tbody+tbody,.table-100 td,.table-100 th,.table-100 thead th{border-color:#f0f1f2}.table-hover .table-100:hover,.table-hover .table-100:hover>td,.table-hover .table-100:hover>th{background-color:#e9e9ec}.table-200,.table-200>td,.table-200>th{background-color:#f0f0f1}.table-200 tbody+tbody,.table-200 td,.table-200 th,.table-200 thead th{border-color:#e3e3e4}.table-hover .table-200:hover,.table-hover .table-200:hover>td,.table-hover .table-200:hover>th{background-color:#e3e3e5}.table-300,.table-300>td,.table-300>th{background-color:#e9e9ea}.table-300 tbody+tbody,.table-300 td,.table-300 th,.table-300 thead th{border-color:#d6d6d7}.table-hover .table-300:hover,.table-hover .table-300:hover>td,.table-hover .table-300:hover>th{background-color:#dcdcde}.table-400,.table-400>td,.table-400>th{background-color:#e2e2e2}.table-400 tbody+tbody,.table-400 td,.table-400 th,.table-400 thead th{border-color:#c9c9ca}.table-hover .table-400:hover,.table-hover .table-400:hover>td,.table-hover .table-400:hover>th{background-color:#d5d5d5}.table-500,.table-500>td,.table-500>th{background-color:#dbdbdb}.table-500 tbody+tbody,.table-500 td,.table-500 th,.table-500 thead th{border-color:#bcbcbd}.table-hover .table-500:hover,.table-hover .table-500:hover>td,.table-hover .table-500:hover>th{background-color:#cecece}.table-600,.table-600>td,.table-600>th{background-color:#d4d4d4}.table-600 tbody+tbody,.table-600 td,.table-600 th,.table-600 thead th{border-color:#afafaf}.table-hover .table-600:hover,.table-hover .table-600:hover>td,.table-hover .table-600:hover>th{background-color:#c7c7c7}.table-700,.table-700>td,.table-700>th{background-color:#cdcdcd}.table-700 tbody+tbody,.table-700 td,.table-700 th,.table-700 thead th{border-color:#a2a2a2}.table-hover .table-700:hover,.table-hover .table-700:hover>td,.table-hover .table-700:hover>th{background-color:silver}.table-800,.table-800>td,.table-800>th{background-color:#c6c6c6}.table-800 tbody+tbody,.table-800 td,.table-800 th,.table-800 thead th{border-color:#949595}.table-hover .table-800:hover,.table-hover .table-800:hover>td,.table-hover .table-800:hover>th{background-color:#b9b9b9}.table-900,.table-900>td,.table-900>th{background-color:#bfbfbf}.table-900 tbody+tbody,.table-900 td,.table-900 th,.table-900 thead th{border-color:#878788}.table-hover .table-900:hover,.table-hover .table-900:hover>td,.table-hover .table-900:hover>th{background-color:#b2b2b2}.table-active,.table-active>td,.table-active>th{background-color:#e5f1fa}.table-hover .table-active:hover,.table-hover .table-active:hover>td,.table-hover .table-active:hover>th{background-color:#d0e5f6}.table .thead-dark th{color:#fff;background-color:#323333;border-color:#464646}.table .thead-light th{color:#4c4c4d;background-color:#cacacc;border-color:#d6dce3}.table-dark{color:#fff;background-color:#323333}.table-dark td,.table-dark th,.table-dark thead th{border-color:#464646}.table-dark.table-bordered{border:0}.table-dark.table-striped tbody tr:nth-of-type(odd){background-color:hsla(0,0%,100%,.05)}.table-dark.table-hover tbody tr:hover{color:#fff;background-color:hsla(0,0%,100%,.075)}@media (max-width:575.98px){.table-responsive-sm{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive-sm>.table-bordered{border:0}}@media (max-width:767.98px){.table-responsive-md{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive-md>.table-bordered{border:0}}@media (max-width:991.98px){.table-responsive-lg{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive-lg>.table-bordered{border:0}}@media (max-width:1199.98px){.table-responsive-xl{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive-xl>.table-bordered{border:0}}.table-responsive{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive>.table-bordered{border:0}.form-control{display:block;width:100%;height:calc(1.5em + .75rem + 2px);padding:.375rem .75rem;font-size:16px;font-size:1rem;font-weight:300;line-height:1.5;color:#4c4c4d;background-color:#fff;background-clip:padding-box;border:1px solid #979899;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075);-webkit-transition:border-color .15s ease-in-out,-webkit-box-shadow .15s ease-in-out;transition:border-color .15s ease-in-out,-webkit-box-shadow .15s ease-in-out;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out,-webkit-box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.form-control{-webkit-transition:none;transition:none}}.form-control::-ms-expand{background-color:transparent;border:0}.form-control:focus{color:#4c4c4d;background-color:#fff;border-color:#5c6f82;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,115,230,.25);box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,115,230,.25)}.form-control::-webkit-input-placeholder{color:#656566;opacity:1}.form-control::-moz-placeholder{color:#656566;opacity:1}.form-control::-ms-input-placeholder{color:#656566;opacity:1}.form-control::placeholder{color:#656566;opacity:1}.form-control:disabled,.form-control[readonly]{background-color:#cacacc;opacity:1}select.form-control:focus::-ms-value{color:#4c4c4d;background-color:#fff}.form-control-file,.form-control-range{display:block;width:100%}.col-form-label{padding-top:calc(.375rem + 1px);padding-bottom:calc(.375rem + 1px);margin-bottom:0;font-size:inherit;line-height:1.5}.col-form-label-lg{padding-top:calc(.5rem + 1px);padding-bottom:calc(.5rem + 1px);font-size:20px;font-size:1.25rem;line-height:1.556}.col-form-label-sm{padding-top:calc(.25rem + 1px);padding-bottom:calc(.25rem + 1px);font-size:14px;font-size:.875rem;line-height:1.428}.form-control-plaintext{display:block;width:100%;padding-top:.375rem;padding-bottom:.375rem;margin-bottom:0;line-height:1.5;color:#19191a;background-color:transparent;border:solid transparent;border-width:1px 0}.form-control-plaintext.form-control-lg,.form-control-plaintext.form-control-sm{padding-right:0;padding-left:0}.form-control-sm{height:calc(1.428em + .5rem + 2px);padding:.25rem .5rem;font-size:14px;font-size:.875rem;line-height:1.428;border-radius:2px}.form-control-lg{height:calc(1.556em + 1rem + 2px);padding:.5rem 1rem;font-size:20px;font-size:1.25rem;line-height:1.556;border-radius:8px}select.form-control[multiple],select.form-control[size],textarea.form-control{height:auto}.form-group{margin-bottom:1rem}.form-text{display:block;margin-top:.25rem}.form-row{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;margin-right:-5px;margin-left:-5px}.form-row>.col,.form-row>[class*=col-]{padding-right:5px;padding-left:5px}.form-check{position:relative;display:block;padding-left:1.25rem}.form-check-input{position:absolute;margin-top:.3rem;margin-left:-1.25rem}.form-check-input:disabled~.form-check-label{color:#5a768a}.form-check-label{margin-bottom:0}.form-check-inline{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;padding-left:0;margin-right:.75rem}.form-check-inline .form-check-input{position:static;margin-top:0;margin-right:.3125rem;margin-left:0}.valid-feedback{display:none;width:100%;margin-top:.25rem;font-size:12.432px;font-size:.777rem;color:#00cc85}.valid-tooltip{position:absolute;top:100%;z-index:5;display:none;max-width:100%;padding:1rem;margin-top:.1rem;font-size:14px;font-size:.875rem;line-height:1.5;color:#19191a;background-color:#00cc85;border-radius:4px}.form-control.is-valid,.was-validated .form-control:valid{border-color:#00cc85;padding-right:calc(1.5em + .75rem);background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3E%3Cpath fill='%2300cc85' d='M2.3 6.73L.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1z'/%3E%3C/svg%3E");background-repeat:no-repeat;background-position:100% calc(.375em + .1875rem);background-size:calc(.75em + .375rem) calc(.75em + .375rem)}.form-control.is-valid:focus,.was-validated .form-control:valid:focus{border-color:#00cc85;-webkit-box-shadow:0 0 0 .2rem rgba(0,204,133,.25);box-shadow:0 0 0 .2rem rgba(0,204,133,.25)}.form-control.is-valid~.valid-feedback,.form-control.is-valid~.valid-tooltip,.was-validated .form-control:valid~.valid-feedback,.was-validated .form-control:valid~.valid-tooltip{display:block}.was-validated textarea.form-control:valid,textarea.form-control.is-valid{padding-right:calc(1.5em + .75rem);background-position:top calc(.375em + .1875rem) right calc(.375em + .1875rem)}.custom-select.is-valid,.was-validated .custom-select:valid{border-color:#00cc85;padding-right:calc((3em + 2.25rem)/4 + 1.75rem);background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 4 5'%3E%3Cpath fill='%23323333' d='M2 0L0 2h4zm0 5L0 3h4z'/%3E%3C/svg%3E") no-repeat right .75rem center/8px 10px,url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3E%3Cpath fill='%2300cc85' d='M2.3 6.73L.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1z'/%3E%3C/svg%3E") #fff no-repeat center right 1.75rem/calc(.75em + .375rem) calc(.75em + .375rem)}.custom-select.is-valid:focus,.was-validated .custom-select:valid:focus{border-color:#00cc85;-webkit-box-shadow:0 0 0 .2rem rgba(0,204,133,.25);box-shadow:0 0 0 .2rem rgba(0,204,133,.25)}.custom-select.is-valid~.valid-feedback,.custom-select.is-valid~.valid-tooltip,.form-control-file.is-valid~.valid-feedback,.form-control-file.is-valid~.valid-tooltip,.was-validated .custom-select:valid~.valid-feedback,.was-validated .custom-select:valid~.valid-tooltip,.was-validated .form-control-file:valid~.valid-feedback,.was-validated .form-control-file:valid~.valid-tooltip{display:block}.form-check-input.is-valid~.form-check-label,.was-validated .form-check-input:valid~.form-check-label{color:#00cc85}.form-check-input.is-valid~.valid-feedback,.form-check-input.is-valid~.valid-tooltip,.was-validated .form-check-input:valid~.valid-feedback,.was-validated .form-check-input:valid~.valid-tooltip{display:block}.custom-control-input.is-valid~.custom-control-label,.was-validated .custom-control-input:valid~.custom-control-label{color:#00cc85}.custom-control-input.is-valid~.custom-control-label:before,.was-validated .custom-control-input:valid~.custom-control-label:before{border-color:#00cc85}.custom-control-input.is-valid~.valid-feedback,.custom-control-input.is-valid~.valid-tooltip,.was-validated .custom-control-input:valid~.valid-feedback,.was-validated .custom-control-input:valid~.valid-tooltip{display:block}.custom-control-input.is-valid:checked~.custom-control-label:before,.was-validated .custom-control-input:valid:checked~.custom-control-label:before{border-color:#00ffa6;background-color:#00ffa6}.custom-control-input.is-valid:focus~.custom-control-label:before,.was-validated .custom-control-input:valid:focus~.custom-control-label:before{-webkit-box-shadow:0 0 0 .2rem rgba(0,204,133,.25);box-shadow:0 0 0 .2rem rgba(0,204,133,.25)}.custom-control-input.is-valid:focus:not(:checked)~.custom-control-label:before,.custom-file-input.is-valid~.custom-file-label,.was-validated .custom-control-input:valid:focus:not(:checked)~.custom-control-label:before,.was-validated .custom-file-input:valid~.custom-file-label{border-color:#00cc85}.custom-file-input.is-valid~.valid-feedback,.custom-file-input.is-valid~.valid-tooltip,.was-validated .custom-file-input:valid~.valid-feedback,.was-validated .custom-file-input:valid~.valid-tooltip{display:block}.custom-file-input.is-valid:focus~.custom-file-label,.was-validated .custom-file-input:valid:focus~.custom-file-label{border-color:#00cc85;-webkit-box-shadow:0 0 0 .2rem rgba(0,204,133,.25);box-shadow:0 0 0 .2rem rgba(0,204,133,.25)}.invalid-feedback{display:none;width:100%;margin-top:.25rem;font-size:12.432px;font-size:.777rem;color:#f73e5a}.invalid-tooltip{position:absolute;top:100%;z-index:5;display:none;max-width:100%;padding:1rem;margin-top:.1rem;font-size:14px;font-size:.875rem;line-height:1.5;color:#19191a;background-color:#f73e5a;border-radius:4px}.form-control.is-invalid,.was-validated .form-control:invalid{border-color:#f73e5a;padding-right:calc(1.5em + .75rem);background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%23f73e5a' viewBox='-2 -2 7 7'%3E%3Cpath stroke='%23f73e5a' d='M0 0l3 3m0-3L0 3'/%3E%3Ccircle r='.5'/%3E%3Ccircle cx='3' r='.5'/%3E%3Ccircle cy='3' r='.5'/%3E%3Ccircle cx='3' cy='3' r='.5'/%3E%3C/svg%3E");background-repeat:no-repeat;background-position:100% calc(.375em + .1875rem);background-size:calc(.75em + .375rem) calc(.75em + .375rem)}.form-control.is-invalid:focus,.was-validated .form-control:invalid:focus{border-color:#f73e5a;-webkit-box-shadow:0 0 0 .2rem rgba(247,62,90,.25);box-shadow:0 0 0 .2rem rgba(247,62,90,.25)}.form-control.is-invalid~.invalid-feedback,.form-control.is-invalid~.invalid-tooltip,.was-validated .form-control:invalid~.invalid-feedback,.was-validated .form-control:invalid~.invalid-tooltip{display:block}.was-validated textarea.form-control:invalid,textarea.form-control.is-invalid{padding-right:calc(1.5em + .75rem);background-position:top calc(.375em + .1875rem) right calc(.375em + .1875rem)}.custom-select.is-invalid,.was-validated .custom-select:invalid{border-color:#f73e5a;padding-right:calc((3em + 2.25rem)/4 + 1.75rem);background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 4 5'%3E%3Cpath fill='%23323333' d='M2 0L0 2h4zm0 5L0 3h4z'/%3E%3C/svg%3E") no-repeat right .75rem center/8px 10px,url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%23f73e5a' viewBox='-2 -2 7 7'%3E%3Cpath stroke='%23f73e5a' d='M0 0l3 3m0-3L0 3'/%3E%3Ccircle r='.5'/%3E%3Ccircle cx='3' r='.5'/%3E%3Ccircle cy='3' r='.5'/%3E%3Ccircle cx='3' cy='3' r='.5'/%3E%3C/svg%3E") #fff no-repeat center right 1.75rem/calc(.75em + .375rem) calc(.75em + .375rem)}.custom-select.is-invalid:focus,.was-validated .custom-select:invalid:focus{border-color:#f73e5a;-webkit-box-shadow:0 0 0 .2rem rgba(247,62,90,.25);box-shadow:0 0 0 .2rem rgba(247,62,90,.25)}.custom-select.is-invalid~.invalid-feedback,.custom-select.is-invalid~.invalid-tooltip,.form-control-file.is-invalid~.invalid-feedback,.form-control-file.is-invalid~.invalid-tooltip,.was-validated .custom-select:invalid~.invalid-feedback,.was-validated .custom-select:invalid~.invalid-tooltip,.was-validated .form-control-file:invalid~.invalid-feedback,.was-validated .form-control-file:invalid~.invalid-tooltip{display:block}.form-check-input.is-invalid~.form-check-label,.was-validated .form-check-input:invalid~.form-check-label{color:#f73e5a}.form-check-input.is-invalid~.invalid-feedback,.form-check-input.is-invalid~.invalid-tooltip,.was-validated .form-check-input:invalid~.invalid-feedback,.was-validated .form-check-input:invalid~.invalid-tooltip{display:block}.custom-control-input.is-invalid~.custom-control-label,.was-validated .custom-control-input:invalid~.custom-control-label{color:#f73e5a}.custom-control-input.is-invalid~.custom-control-label:before,.was-validated .custom-control-input:invalid~.custom-control-label:before{border-color:#f73e5a}.custom-control-input.is-invalid~.invalid-feedback,.custom-control-input.is-invalid~.invalid-tooltip,.was-validated .custom-control-input:invalid~.invalid-feedback,.was-validated .custom-control-input:invalid~.invalid-tooltip{display:block}.custom-control-input.is-invalid:checked~.custom-control-label:before,.was-validated .custom-control-input:invalid:checked~.custom-control-label:before{border-color:#f96f84;background-color:#f96f84}.custom-control-input.is-invalid:focus~.custom-control-label:before,.was-validated .custom-control-input:invalid:focus~.custom-control-label:before{-webkit-box-shadow:0 0 0 .2rem rgba(247,62,90,.25);box-shadow:0 0 0 .2rem rgba(247,62,90,.25)}.custom-control-input.is-invalid:focus:not(:checked)~.custom-control-label:before,.custom-file-input.is-invalid~.custom-file-label,.was-validated .custom-control-input:invalid:focus:not(:checked)~.custom-control-label:before,.was-validated .custom-file-input:invalid~.custom-file-label{border-color:#f73e5a}.custom-file-input.is-invalid~.invalid-feedback,.custom-file-input.is-invalid~.invalid-tooltip,.was-validated .custom-file-input:invalid~.invalid-feedback,.was-validated .custom-file-input:invalid~.invalid-tooltip{display:block}.custom-file-input.is-invalid:focus~.custom-file-label,.was-validated .custom-file-input:invalid:focus~.custom-file-label{border-color:#f73e5a;-webkit-box-shadow:0 0 0 .2rem rgba(247,62,90,.25);box-shadow:0 0 0 .2rem rgba(247,62,90,.25)}.form-inline{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.form-inline .form-check{width:100%}@media (min-width:576px){.form-inline label{-ms-flex-align:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.form-inline .form-group,.form-inline label{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;align-items:center;margin-bottom:0}.form-inline .form-group{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap;-ms-flex-align:center}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-plaintext{display:inline-block}.form-inline .custom-select,.form-inline .input-group{width:auto}.form-inline .form-check{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;width:auto;padding-left:0}.form-inline .form-check-input{position:relative;-ms-flex-negative:0;flex-shrink:0;margin-top:0;margin-right:.25rem;margin-left:0}.form-inline .custom-control{-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.form-inline .custom-control-label{margin-bottom:0}}.btn{display:inline-block;font-weight:600;color:#19191a;text-align:center;vertical-align:middle;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-color:transparent;border:0 solid transparent;padding:.375rem .75rem;font-size:1rem;line-height:1.5;border-radius:4px;-webkit-transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,-webkit-box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,-webkit-box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out,-webkit-box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.btn{-webkit-transition:none;transition:none}}.btn:hover{color:#19191a;text-decoration:none}.btn.focus,.btn:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(0,115,230,.25);box-shadow:0 0 0 .2rem rgba(0,115,230,.25)}.btn.disabled,.btn:disabled{opacity:.65;-webkit-box-shadow:none;box-shadow:none}.btn:not(:disabled):not(.disabled).active,.btn:not(:disabled):not(.disabled):active{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn:not(:disabled):not(.disabled).active:focus,.btn:not(:disabled):not(.disabled):active:focus{-webkit-box-shadow:0 0 0 .2rem rgba(0,115,230,.25),inset 0 3px 5px rgba(0,0,0,.125);box-shadow:0 0 0 .2rem rgba(0,115,230,.25),inset 0 3px 5px rgba(0,0,0,.125)}a.btn.disabled,fieldset:disabled a.btn{pointer-events:none}.btn-primary{color:#fff;background-color:#0073e6;border-color:#0073e6;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-primary:hover{color:#fff;background-color:#0060bf;border-color:#0059b3}.btn-primary.focus,.btn-primary:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,115,230,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,115,230,.5)}.btn-primary.disabled,.btn-primary:disabled{color:#fff;background-color:#0073e6;border-color:#0073e6}.btn-primary:not(:disabled):not(.disabled).active,.btn-primary:not(:disabled):not(.disabled):active,.show>.btn-primary.dropdown-toggle{color:#fff;background-color:#0059b3;border-color:#0053a6}.btn-primary:not(:disabled):not(.disabled).active:focus,.btn-primary:not(:disabled):not(.disabled):active:focus,.show>.btn-primary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,115,230,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,115,230,.5)}.btn-secondary{color:#fff;background-color:#5c6f82;border-color:#5c6f82;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-secondary:hover{color:#fff;background-color:#4c5c6c;border-color:#475664}.btn-secondary.focus,.btn-secondary:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(92,111,130,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(92,111,130,.5)}.btn-secondary.disabled,.btn-secondary:disabled{color:#fff;background-color:#5c6f82;border-color:#5c6f82}.btn-secondary:not(:disabled):not(.disabled).active,.btn-secondary:not(:disabled):not(.disabled):active,.show>.btn-secondary.dropdown-toggle{color:#fff;background-color:#475664;border-color:#424f5d}.btn-secondary:not(:disabled):not(.disabled).active:focus,.btn-secondary:not(:disabled):not(.disabled):active:focus,.show>.btn-secondary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(92,111,130,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(92,111,130,.5)}.btn-success{color:#19191a;background-color:#00cc85;border-color:#00cc85;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-success:hover{color:#fff;background-color:#00a66c;border-color:#009963}.btn-success.focus,.btn-success:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,204,133,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,204,133,.5)}.btn-success.disabled,.btn-success:disabled{color:#19191a;background-color:#00cc85;border-color:#00cc85}.btn-success:not(:disabled):not(.disabled).active,.btn-success:not(:disabled):not(.disabled):active,.show>.btn-success.dropdown-toggle{color:#fff;background-color:#009963;border-color:#008c5b}.btn-success:not(:disabled):not(.disabled).active:focus,.btn-success:not(:disabled):not(.disabled):active:focus,.show>.btn-success.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,204,133,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,204,133,.5)}.btn-info{color:#19191a;background-color:#979899;border-color:#979899;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-info:hover{color:#19191a;background-color:#848586;border-color:#7e7e80}.btn-info.focus,.btn-info:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(151,152,153,.5)}.btn-info.disabled,.btn-info:disabled{color:#19191a;background-color:#979899;border-color:#979899}.btn-info:not(:disabled):not(.disabled).active,.btn-info:not(:disabled):not(.disabled):active,.show>.btn-info.dropdown-toggle{color:#19191a;background-color:#7e7e80;border-color:#777879}.btn-info:not(:disabled):not(.disabled).active:focus,.btn-info:not(:disabled):not(.disabled):active:focus,.show>.btn-info.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5)}.btn-warning{color:#19191a;background-color:#f90;border-color:#f90;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-warning:hover{color:#19191a;background-color:#d98200;border-color:#cc7a00}.btn-warning.focus,.btn-warning:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(255,153,0,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(255,153,0,.5)}.btn-warning.disabled,.btn-warning:disabled{color:#19191a;background-color:#f90;border-color:#f90}.btn-warning:not(:disabled):not(.disabled).active,.btn-warning:not(:disabled):not(.disabled):active,.show>.btn-warning.dropdown-toggle{color:#19191a;background-color:#cc7a00;border-color:#bf7300}.btn-warning:not(:disabled):not(.disabled).active:focus,.btn-warning:not(:disabled):not(.disabled):active:focus,.show>.btn-warning.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(255,153,0,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(255,153,0,.5)}.btn-danger{color:#19191a;background-color:#f73e5a;border-color:#f73e5a;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-danger:hover{color:#fff;background-color:#f6193a;border-color:#f50d30}.btn-danger.focus,.btn-danger:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(247,62,90,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(247,62,90,.5)}.btn-danger.disabled,.btn-danger:disabled{color:#19191a;background-color:#f73e5a;border-color:#f73e5a}.btn-danger:not(:disabled):not(.disabled).active,.btn-danger:not(:disabled):not(.disabled):active,.show>.btn-danger.dropdown-toggle{color:#fff;background-color:#f50d30;border-color:#ec092b}.btn-danger:not(:disabled):not(.disabled).active:focus,.btn-danger:not(:disabled):not(.disabled):active:focus,.show>.btn-danger.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(247,62,90,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(247,62,90,.5)}.btn-light{color:#19191a;background-color:#e9e6f2;border-color:#e9e6f2;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-light:hover{color:#19191a;background-color:#d3cde5;border-color:#ccc4e1}.btn-light.focus,.btn-light:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(233,230,242,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(233,230,242,.5)}.btn-light.disabled,.btn-light:disabled{color:#19191a;background-color:#e9e6f2;border-color:#e9e6f2}.btn-light:not(:disabled):not(.disabled).active,.btn-light:not(:disabled):not(.disabled):active,.show>.btn-light.dropdown-toggle{color:#19191a;background-color:#ccc4e1;border-color:#c4bcdd}.btn-light:not(:disabled):not(.disabled).active:focus,.btn-light:not(:disabled):not(.disabled):active:focus,.show>.btn-light.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(233,230,242,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(233,230,242,.5)}.btn-dark{color:#fff;background-color:#17324d;border-color:#17324d;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-dark:hover{color:#fff;background-color:#0e1f2f;border-color:#0b1825}.btn-dark.focus,.btn-dark:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(23,50,77,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(23,50,77,.5)}.btn-dark.disabled,.btn-dark:disabled{color:#fff;background-color:#17324d;border-color:#17324d}.btn-dark:not(:disabled):not(.disabled).active,.btn-dark:not(:disabled):not(.disabled):active,.show>.btn-dark.dropdown-toggle{color:#fff;background-color:#0b1825;border-color:#08121b}.btn-dark:not(:disabled):not(.disabled).active:focus,.btn-dark:not(:disabled):not(.disabled):active:focus,.show>.btn-dark.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(23,50,77,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(23,50,77,.5)}.btn-100{color:#19191a;background-color:#e3e4e6;border-color:#e3e4e6;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-100:hover{color:#19191a;background-color:#cfd0d3;border-color:#c9cacd}.btn-100.focus,.btn-100:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(227,228,230,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(227,228,230,.5)}.btn-100.disabled,.btn-100:disabled{color:#19191a;background-color:#e3e4e6;border-color:#e3e4e6}.btn-100:not(:disabled):not(.disabled).active,.btn-100:not(:disabled):not(.disabled):active,.show>.btn-100.dropdown-toggle{color:#19191a;background-color:#c9cacd;border-color:#c2c3c7}.btn-100:not(:disabled):not(.disabled).active:focus,.btn-100:not(:disabled):not(.disabled):active:focus,.show>.btn-100.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(227,228,230,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(227,228,230,.5)}.btn-200{color:#19191a;background-color:#cacacc;border-color:#cacacc;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-200:hover{color:#19191a;background-color:#b6b7b9;border-color:#b0b1b3}.btn-200.focus,.btn-200:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(202,202,204,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(202,202,204,.5)}.btn-200.disabled,.btn-200:disabled{color:#19191a;background-color:#cacacc;border-color:#cacacc}.btn-200:not(:disabled):not(.disabled).active,.btn-200:not(:disabled):not(.disabled):active,.show>.btn-200.dropdown-toggle{color:#19191a;background-color:#b0b1b3;border-color:#a9aaad}.btn-200:not(:disabled):not(.disabled).active:focus,.btn-200:not(:disabled):not(.disabled):active:focus,.show>.btn-200.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(202,202,204,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(202,202,204,.5)}.btn-300{color:#19191a;background-color:#b1b1b3;border-color:#b1b1b3;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-300:hover{color:#19191a;background-color:#9d9ea0;border-color:#979899}.btn-300.focus,.btn-300:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(177,177,179,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(177,177,179,.5)}.btn-300.disabled,.btn-300:disabled{color:#19191a;background-color:#b1b1b3;border-color:#b1b1b3}.btn-300:not(:disabled):not(.disabled).active,.btn-300:not(:disabled):not(.disabled):active,.show>.btn-300.dropdown-toggle{color:#19191a;background-color:#979899;border-color:#909193}.btn-300:not(:disabled):not(.disabled).active:focus,.btn-300:not(:disabled):not(.disabled):active:focus,.show>.btn-300.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(177,177,179,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(177,177,179,.5)}.btn-400{color:#19191a;background-color:#979899;border-color:#979899;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-400:hover{color:#19191a;background-color:#848586;border-color:#7e7e80}.btn-400.focus,.btn-400:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(151,152,153,.5)}.btn-400.disabled,.btn-400:disabled{color:#19191a;background-color:#979899;border-color:#979899}.btn-400:not(:disabled):not(.disabled).active,.btn-400:not(:disabled):not(.disabled):active,.show>.btn-400.dropdown-toggle{color:#19191a;background-color:#7e7e80;border-color:#777879}.btn-400:not(:disabled):not(.disabled).active:focus,.btn-400:not(:disabled):not(.disabled):active:focus,.show>.btn-400.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5)}.btn-500{color:#19191a;background-color:#7e7f80;border-color:#7e7f80;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-500:hover{color:#fff;background-color:#6b6b6c;border-color:#656566}.btn-500.focus,.btn-500:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(126,127,128,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(126,127,128,.5)}.btn-500.disabled,.btn-500:disabled{color:#19191a;background-color:#7e7f80;border-color:#7e7f80}.btn-500:not(:disabled):not(.disabled).active,.btn-500:not(:disabled):not(.disabled):active,.show>.btn-500.dropdown-toggle{color:#fff;background-color:#656566;border-color:#5f5f5f}.btn-500:not(:disabled):not(.disabled).active:focus,.btn-500:not(:disabled):not(.disabled):active:focus,.show>.btn-500.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(126,127,128,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(126,127,128,.5)}.btn-600{color:#fff;background-color:#656566;border-color:#656566;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-600:hover{color:#fff;background-color:#525253;border-color:#4c4c4c}.btn-600.focus,.btn-600:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(101,101,102,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(101,101,102,.5)}.btn-600.disabled,.btn-600:disabled{color:#fff;background-color:#656566;border-color:#656566}.btn-600:not(:disabled):not(.disabled).active,.btn-600:not(:disabled):not(.disabled):active,.show>.btn-600.dropdown-toggle{color:#fff;background-color:#4c4c4c;border-color:#454546}.btn-600:not(:disabled):not(.disabled).active:focus,.btn-600:not(:disabled):not(.disabled):active:focus,.show>.btn-600.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(101,101,102,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(101,101,102,.5)}.btn-700{color:#fff;background-color:#4c4c4d;border-color:#4c4c4d;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-700:hover{color:#fff;background-color:#393939;border-color:#323233}.btn-700.focus,.btn-700:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(76,76,77,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(76,76,77,.5)}.btn-700.disabled,.btn-700:disabled{color:#fff;background-color:#4c4c4d;border-color:#4c4c4d}.btn-700:not(:disabled):not(.disabled).active,.btn-700:not(:disabled):not(.disabled):active,.show>.btn-700.dropdown-toggle{color:#fff;background-color:#323233;border-color:#2c2c2c}.btn-700:not(:disabled):not(.disabled).active:focus,.btn-700:not(:disabled):not(.disabled):active:focus,.show>.btn-700.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(76,76,77,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(76,76,77,.5)}.btn-800{color:#fff;background-color:#323333;border-color:#323333;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-800:hover{color:#fff;background-color:#1f2020;border-color:#191919}.btn-800.focus,.btn-800:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(50,51,51,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(50,51,51,.5)}.btn-800.disabled,.btn-800:disabled{color:#fff;background-color:#323333;border-color:#323333}.btn-800:not(:disabled):not(.disabled).active,.btn-800:not(:disabled):not(.disabled):active,.show>.btn-800.dropdown-toggle{color:#fff;background-color:#191919;border-color:#131313}.btn-800:not(:disabled):not(.disabled).active:focus,.btn-800:not(:disabled):not(.disabled):active:focus,.show>.btn-800.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(50,51,51,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(50,51,51,.5)}.btn-900{color:#fff;background-color:#19191a;border-color:#19191a;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075)}.btn-900:hover{color:#fff;background-color:#060606;border-color:#000}.btn-900.focus,.btn-900:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(25,25,26,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(25,25,26,.5)}.btn-900.disabled,.btn-900:disabled{color:#fff;background-color:#19191a;border-color:#19191a}.btn-900:not(:disabled):not(.disabled).active,.btn-900:not(:disabled):not(.disabled):active,.show>.btn-900.dropdown-toggle{color:#fff;background-color:#000;border-color:#000}.btn-900:not(:disabled):not(.disabled).active:focus,.btn-900:not(:disabled):not(.disabled):active:focus,.show>.btn-900.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(25,25,26,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(25,25,26,.5)}.btn-outline-primary{color:#0073e6;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #0073e6;box-shadow:inset 0 0 0 1px #0073e6}.btn-outline-primary:hover{color:#0959aa;-webkit-box-shadow:inset 0 0 0 1px #0959aa;box-shadow:inset 0 0 0 1px #0959aa}.btn-outline-primary.focus,.btn-outline-primary:focus{-webkit-box-shadow:inset 0 0 0 1px #0073e6,0 0 0 .2rem rgba(0,115,230,.5);box-shadow:inset 0 0 0 1px #0073e6,0 0 0 .2rem rgba(0,115,230,.5)}.btn-outline-primary.disabled,.btn-outline-primary:disabled{color:#0073e6;background-color:transparent}.btn-outline-primary:not(:disabled):not(.disabled).active,.btn-outline-primary:not(:disabled):not(.disabled):active,.show>.btn-outline-primary.dropdown-toggle{color:#0073e6;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #0073e6;box-shadow:inset 0 0 0 1px #0073e6}.btn-outline-primary:not(:disabled):not(.disabled).active:focus,.btn-outline-primary:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-primary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,115,230,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,115,230,.5)}.btn-outline-secondary{color:#5c6f82;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #5c6f82;box-shadow:inset 0 0 0 1px #5c6f82}.btn-outline-secondary:hover{color:#50565c;-webkit-box-shadow:inset 0 0 0 1px #50565c;box-shadow:inset 0 0 0 1px #50565c}.btn-outline-secondary.focus,.btn-outline-secondary:focus{-webkit-box-shadow:inset 0 0 0 1px #5c6f82,0 0 0 .2rem rgba(92,111,130,.5);box-shadow:inset 0 0 0 1px #5c6f82,0 0 0 .2rem rgba(92,111,130,.5)}.btn-outline-secondary.disabled,.btn-outline-secondary:disabled{color:#5c6f82;background-color:transparent}.btn-outline-secondary:not(:disabled):not(.disabled).active,.btn-outline-secondary:not(:disabled):not(.disabled):active,.show>.btn-outline-secondary.dropdown-toggle{color:#5c6f82;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #5c6f82;box-shadow:inset 0 0 0 1px #5c6f82}.btn-outline-secondary:not(:disabled):not(.disabled).active:focus,.btn-outline-secondary:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-secondary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(92,111,130,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(92,111,130,.5)}.btn-outline-success{color:#00cc85;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #00cc85;box-shadow:inset 0 0 0 1px #00cc85}.btn-outline-success:hover{color:#089161;-webkit-box-shadow:inset 0 0 0 1px #089161;box-shadow:inset 0 0 0 1px #089161}.btn-outline-success.focus,.btn-outline-success:focus{-webkit-box-shadow:inset 0 0 0 1px #00cc85,0 0 0 .2rem rgba(0,204,133,.5);box-shadow:inset 0 0 0 1px #00cc85,0 0 0 .2rem rgba(0,204,133,.5)}.btn-outline-success.disabled,.btn-outline-success:disabled{color:#00cc85;background-color:transparent}.btn-outline-success:not(:disabled):not(.disabled).active,.btn-outline-success:not(:disabled):not(.disabled):active,.show>.btn-outline-success.dropdown-toggle{color:#00cc85;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #00cc85;box-shadow:inset 0 0 0 1px #00cc85}.btn-outline-success:not(:disabled):not(.disabled).active:focus,.btn-outline-success:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-success.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,204,133,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,204,133,.5)}.btn-outline-info{color:#979899;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #979899;box-shadow:inset 0 0 0 1px #979899}.btn-outline-info:hover{color:#7f7f7f;-webkit-box-shadow:inset 0 0 0 1px #7f7f7f;box-shadow:inset 0 0 0 1px #7f7f7f}.btn-outline-info.focus,.btn-outline-info:focus{-webkit-box-shadow:inset 0 0 0 1px #979899,0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 0 0 1px #979899,0 0 0 .2rem rgba(151,152,153,.5)}.btn-outline-info.disabled,.btn-outline-info:disabled{color:#979899;background-color:transparent}.btn-outline-info:not(:disabled):not(.disabled).active,.btn-outline-info:not(:disabled):not(.disabled):active,.show>.btn-outline-info.dropdown-toggle{color:#979899;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #979899;box-shadow:inset 0 0 0 1px #979899}.btn-outline-info:not(:disabled):not(.disabled).active:focus,.btn-outline-info:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-info.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5)}.btn-outline-warning{color:#f90;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #f90;box-shadow:inset 0 0 0 1px #f90}.btn-outline-warning:hover{color:#c2780a;-webkit-box-shadow:inset 0 0 0 1px #c2780a;box-shadow:inset 0 0 0 1px #c2780a}.btn-outline-warning.focus,.btn-outline-warning:focus{-webkit-box-shadow:inset 0 0 0 1px #f90,0 0 0 .2rem rgba(255,153,0,.5);box-shadow:inset 0 0 0 1px #f90,0 0 0 .2rem rgba(255,153,0,.5)}.btn-outline-warning.disabled,.btn-outline-warning:disabled{color:#f90;background-color:transparent}.btn-outline-warning:not(:disabled):not(.disabled).active,.btn-outline-warning:not(:disabled):not(.disabled):active,.show>.btn-outline-warning.dropdown-toggle{color:#f90;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #f90;box-shadow:inset 0 0 0 1px #f90}.btn-outline-warning:not(:disabled):not(.disabled).active:focus,.btn-outline-warning:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-warning.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(255,153,0,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(255,153,0,.5)}.btn-outline-danger{color:#f73e5a;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #f73e5a;box-shadow:inset 0 0 0 1px #f73e5a}.btn-outline-danger:hover{color:#e91938;-webkit-box-shadow:inset 0 0 0 1px #e91938;box-shadow:inset 0 0 0 1px #e91938}.btn-outline-danger.focus,.btn-outline-danger:focus{-webkit-box-shadow:inset 0 0 0 1px #f73e5a,0 0 0 .2rem rgba(247,62,90,.5);box-shadow:inset 0 0 0 1px #f73e5a,0 0 0 .2rem rgba(247,62,90,.5)}.btn-outline-danger.disabled,.btn-outline-danger:disabled{color:#f73e5a;background-color:transparent}.btn-outline-danger:not(:disabled):not(.disabled).active,.btn-outline-danger:not(:disabled):not(.disabled):active,.show>.btn-outline-danger.dropdown-toggle{color:#f73e5a;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #f73e5a;box-shadow:inset 0 0 0 1px #f73e5a}.btn-outline-danger:not(:disabled):not(.disabled).active:focus,.btn-outline-danger:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-danger.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(247,62,90,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(247,62,90,.5)}.btn-outline-light{color:#e9e6f2;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #e9e6f2;box-shadow:inset 0 0 0 1px #e9e6f2}.btn-outline-light:hover{color:#cec9dd;-webkit-box-shadow:inset 0 0 0 1px #cec9dd;box-shadow:inset 0 0 0 1px #cec9dd}.btn-outline-light.focus,.btn-outline-light:focus{-webkit-box-shadow:inset 0 0 0 1px #e9e6f2,0 0 0 .2rem rgba(233,230,242,.5);box-shadow:inset 0 0 0 1px #e9e6f2,0 0 0 .2rem rgba(233,230,242,.5)}.btn-outline-light.disabled,.btn-outline-light:disabled{color:#e9e6f2;background-color:transparent}.btn-outline-light:not(:disabled):not(.disabled).active,.btn-outline-light:not(:disabled):not(.disabled):active,.show>.btn-outline-light.dropdown-toggle{color:#e9e6f2;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #e9e6f2;box-shadow:inset 0 0 0 1px #e9e6f2}.btn-outline-light:not(:disabled):not(.disabled).active:focus,.btn-outline-light:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-light.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(233,230,242,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(233,230,242,.5)}.btn-outline-dark{color:#17324d;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #17324d;box-shadow:inset 0 0 0 1px #17324d}.btn-outline-dark:hover{color:#0e1823;-webkit-box-shadow:inset 0 0 0 1px #0e1823;box-shadow:inset 0 0 0 1px #0e1823}.btn-outline-dark.focus,.btn-outline-dark:focus{-webkit-box-shadow:inset 0 0 0 1px #17324d,0 0 0 .2rem rgba(23,50,77,.5);box-shadow:inset 0 0 0 1px #17324d,0 0 0 .2rem rgba(23,50,77,.5)}.btn-outline-dark.disabled,.btn-outline-dark:disabled{color:#17324d;background-color:transparent}.btn-outline-dark:not(:disabled):not(.disabled).active,.btn-outline-dark:not(:disabled):not(.disabled):active,.show>.btn-outline-dark.dropdown-toggle{color:#17324d;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #17324d;box-shadow:inset 0 0 0 1px #17324d}.btn-outline-dark:not(:disabled):not(.disabled).active:focus,.btn-outline-dark:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-dark.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(23,50,77,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(23,50,77,.5)}.btn-outline-100{color:#e3e4e6;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #e3e4e6;box-shadow:inset 0 0 0 1px #e3e4e6}.btn-outline-100:hover{color:#cbcbcb;-webkit-box-shadow:inset 0 0 0 1px #cbcbcb;box-shadow:inset 0 0 0 1px #cbcbcb}.btn-outline-100.focus,.btn-outline-100:focus{-webkit-box-shadow:inset 0 0 0 1px #e3e4e6,0 0 0 .2rem rgba(227,228,230,.5);box-shadow:inset 0 0 0 1px #e3e4e6,0 0 0 .2rem rgba(227,228,230,.5)}.btn-outline-100.disabled,.btn-outline-100:disabled{color:#e3e4e6;background-color:transparent}.btn-outline-100:not(:disabled):not(.disabled).active,.btn-outline-100:not(:disabled):not(.disabled):active,.show>.btn-outline-100.dropdown-toggle{color:#e3e4e6;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #e3e4e6;box-shadow:inset 0 0 0 1px #e3e4e6}.btn-outline-100:not(:disabled):not(.disabled).active:focus,.btn-outline-100:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-100.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(227,228,230,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(227,228,230,.5)}.btn-outline-200{color:#cacacc;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #cacacc;box-shadow:inset 0 0 0 1px #cacacc}.btn-outline-200:hover{color:#b1b1b1;-webkit-box-shadow:inset 0 0 0 1px #b1b1b1;box-shadow:inset 0 0 0 1px #b1b1b1}.btn-outline-200.focus,.btn-outline-200:focus{-webkit-box-shadow:inset 0 0 0 1px #cacacc,0 0 0 .2rem rgba(202,202,204,.5);box-shadow:inset 0 0 0 1px #cacacc,0 0 0 .2rem rgba(202,202,204,.5)}.btn-outline-200.disabled,.btn-outline-200:disabled{color:#cacacc;background-color:transparent}.btn-outline-200:not(:disabled):not(.disabled).active,.btn-outline-200:not(:disabled):not(.disabled):active,.show>.btn-outline-200.dropdown-toggle{color:#cacacc;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #cacacc;box-shadow:inset 0 0 0 1px #cacacc}.btn-outline-200:not(:disabled):not(.disabled).active:focus,.btn-outline-200:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-200.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(202,202,204,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(202,202,204,.5)}.btn-outline-300{color:#b1b1b3;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #b1b1b3;box-shadow:inset 0 0 0 1px #b1b1b3}.btn-outline-300:hover{color:#989898;-webkit-box-shadow:inset 0 0 0 1px #989898;box-shadow:inset 0 0 0 1px #989898}.btn-outline-300.focus,.btn-outline-300:focus{-webkit-box-shadow:inset 0 0 0 1px #b1b1b3,0 0 0 .2rem rgba(177,177,179,.5);box-shadow:inset 0 0 0 1px #b1b1b3,0 0 0 .2rem rgba(177,177,179,.5)}.btn-outline-300.disabled,.btn-outline-300:disabled{color:#b1b1b3;background-color:transparent}.btn-outline-300:not(:disabled):not(.disabled).active,.btn-outline-300:not(:disabled):not(.disabled):active,.show>.btn-outline-300.dropdown-toggle{color:#b1b1b3;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #b1b1b3;box-shadow:inset 0 0 0 1px #b1b1b3}.btn-outline-300:not(:disabled):not(.disabled).active:focus,.btn-outline-300:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-300.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(177,177,179,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(177,177,179,.5)}.btn-outline-400{color:#979899;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #979899;box-shadow:inset 0 0 0 1px #979899}.btn-outline-400:hover{color:#7f7f7f;-webkit-box-shadow:inset 0 0 0 1px #7f7f7f;box-shadow:inset 0 0 0 1px #7f7f7f}.btn-outline-400.focus,.btn-outline-400:focus{-webkit-box-shadow:inset 0 0 0 1px #979899,0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 0 0 1px #979899,0 0 0 .2rem rgba(151,152,153,.5)}.btn-outline-400.disabled,.btn-outline-400:disabled{color:#979899;background-color:transparent}.btn-outline-400:not(:disabled):not(.disabled).active,.btn-outline-400:not(:disabled):not(.disabled):active,.show>.btn-outline-400.dropdown-toggle{color:#979899;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #979899;box-shadow:inset 0 0 0 1px #979899}.btn-outline-400:not(:disabled):not(.disabled).active:focus,.btn-outline-400:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-400.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(151,152,153,.5)}.btn-outline-500{color:#7e7f80;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #7e7f80;box-shadow:inset 0 0 0 1px #7e7f80}.btn-outline-500:hover{color:#656565;-webkit-box-shadow:inset 0 0 0 1px #656565;box-shadow:inset 0 0 0 1px #656565}.btn-outline-500.focus,.btn-outline-500:focus{-webkit-box-shadow:inset 0 0 0 1px #7e7f80,0 0 0 .2rem rgba(126,127,128,.5);box-shadow:inset 0 0 0 1px #7e7f80,0 0 0 .2rem rgba(126,127,128,.5)}.btn-outline-500.disabled,.btn-outline-500:disabled{color:#7e7f80;background-color:transparent}.btn-outline-500:not(:disabled):not(.disabled).active,.btn-outline-500:not(:disabled):not(.disabled):active,.show>.btn-outline-500.dropdown-toggle{color:#7e7f80;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #7e7f80;box-shadow:inset 0 0 0 1px #7e7f80}.btn-outline-500:not(:disabled):not(.disabled).active:focus,.btn-outline-500:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-500.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(126,127,128,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(126,127,128,.5)}.btn-outline-600{color:#656566;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #656566;box-shadow:inset 0 0 0 1px #656566}.btn-outline-600:hover{color:#4c4c4c;-webkit-box-shadow:inset 0 0 0 1px #4c4c4c;box-shadow:inset 0 0 0 1px #4c4c4c}.btn-outline-600.focus,.btn-outline-600:focus{-webkit-box-shadow:inset 0 0 0 1px #656566,0 0 0 .2rem rgba(101,101,102,.5);box-shadow:inset 0 0 0 1px #656566,0 0 0 .2rem rgba(101,101,102,.5)}.btn-outline-600.disabled,.btn-outline-600:disabled{color:#656566;background-color:transparent}.btn-outline-600:not(:disabled):not(.disabled).active,.btn-outline-600:not(:disabled):not(.disabled):active,.show>.btn-outline-600.dropdown-toggle{color:#656566;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #656566;box-shadow:inset 0 0 0 1px #656566}.btn-outline-600:not(:disabled):not(.disabled).active:focus,.btn-outline-600:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-600.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(101,101,102,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(101,101,102,.5)}.btn-outline-700{color:#4c4c4d;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #4c4c4d;box-shadow:inset 0 0 0 1px #4c4c4d}.btn-outline-700:hover{color:#333;-webkit-box-shadow:inset 0 0 0 1px #333;box-shadow:inset 0 0 0 1px #333}.btn-outline-700.focus,.btn-outline-700:focus{-webkit-box-shadow:inset 0 0 0 1px #4c4c4d,0 0 0 .2rem rgba(76,76,77,.5);box-shadow:inset 0 0 0 1px #4c4c4d,0 0 0 .2rem rgba(76,76,77,.5)}.btn-outline-700.disabled,.btn-outline-700:disabled{color:#4c4c4d;background-color:transparent}.btn-outline-700:not(:disabled):not(.disabled).active,.btn-outline-700:not(:disabled):not(.disabled):active,.show>.btn-outline-700.dropdown-toggle{color:#4c4c4d;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #4c4c4d;box-shadow:inset 0 0 0 1px #4c4c4d}.btn-outline-700:not(:disabled):not(.disabled).active:focus,.btn-outline-700:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-700.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(76,76,77,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(76,76,77,.5)}.btn-outline-800{color:#323333;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #323333;box-shadow:inset 0 0 0 1px #323333}.btn-outline-800:hover{color:#191919;-webkit-box-shadow:inset 0 0 0 1px #191919;box-shadow:inset 0 0 0 1px #191919}.btn-outline-800.focus,.btn-outline-800:focus{-webkit-box-shadow:inset 0 0 0 1px #323333,0 0 0 .2rem rgba(50,51,51,.5);box-shadow:inset 0 0 0 1px #323333,0 0 0 .2rem rgba(50,51,51,.5)}.btn-outline-800.disabled,.btn-outline-800:disabled{color:#323333;background-color:transparent}.btn-outline-800:not(:disabled):not(.disabled).active,.btn-outline-800:not(:disabled):not(.disabled):active,.show>.btn-outline-800.dropdown-toggle{color:#323333;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #323333;box-shadow:inset 0 0 0 1px #323333}.btn-outline-800:not(:disabled):not(.disabled).active:focus,.btn-outline-800:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-800.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(50,51,51,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(50,51,51,.5)}.btn-outline-900{color:#19191a;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #19191a;box-shadow:inset 0 0 0 1px #19191a}.btn-outline-900:hover{color:#000;-webkit-box-shadow:inset 0 0 0 1px #000;box-shadow:inset 0 0 0 1px #000}.btn-outline-900.focus,.btn-outline-900:focus{-webkit-box-shadow:inset 0 0 0 1px #19191a,0 0 0 .2rem rgba(25,25,26,.5);box-shadow:inset 0 0 0 1px #19191a,0 0 0 .2rem rgba(25,25,26,.5)}.btn-outline-900.disabled,.btn-outline-900:disabled{color:#19191a;background-color:transparent}.btn-outline-900:not(:disabled):not(.disabled).active,.btn-outline-900:not(:disabled):not(.disabled):active,.show>.btn-outline-900.dropdown-toggle{color:#19191a;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #19191a;box-shadow:inset 0 0 0 1px #19191a}.btn-outline-900:not(:disabled):not(.disabled).active:focus,.btn-outline-900:not(:disabled):not(.disabled):active:focus,.show>.btn-outline-900.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(25,25,26,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(25,25,26,.5)}.btn-link{font-weight:400;color:#0073e6;text-decoration:none}.btn-link:hover{color:#004d99;text-decoration:underline}.btn-link.focus,.btn-link:focus{text-decoration:underline;-webkit-box-shadow:none;box-shadow:none}.btn-link.disabled,.btn-link:disabled{color:#656566;pointer-events:none}.btn-group-lg>.btn,.btn-lg{padding:.5rem 1rem;font-size:1.125rem;border-radius:8px}.btn-group-sm>.btn,.btn-sm{padding:.25rem .5rem;font-size:.875rem;border-radius:2px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:.5rem}input[type=button].btn-block,input[type=reset].btn-block,input[type=submit].btn-block{width:100%}.fade{-webkit-transition:opacity .15s linear;transition:opacity .15s linear}@media (prefers-reduced-motion:reduce){.fade{-webkit-transition:none;transition:none}}.fade:not(.show){opacity:0}.collapse:not(.show){display:none}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;transition:height .35s ease}@media (prefers-reduced-motion:reduce){.collapsing{-webkit-transition:none;transition:none}}.dropdown,.dropleft,.dropright,.dropup{position:relative}.dropdown-toggle{white-space:nowrap}.dropdown-toggle:after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";border-top:.3em solid;border-right:.3em solid transparent;border-bottom:0;border-left:.3em solid transparent}.dropdown-toggle:empty:after{margin-left:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;min-width:10rem;padding:.5rem 0;margin:.125rem 0 0;font-size:16px;font-size:1rem;color:#19191a;text-align:left;list-style:none;background-clip:padding-box;border:0 solid transparent;border-radius:4px;-webkit-box-shadow:0 0 30px 5px rgba(0,0,0,.05);box-shadow:0 0 30px 5px rgba(0,0,0,.05)}.dropdown-menu-left{right:auto;left:0}.dropdown-menu-right{right:0;left:auto}@media (min-width:576px){.dropdown-menu-sm-left{right:auto;left:0}.dropdown-menu-sm-right{right:0;left:auto}}@media (min-width:768px){.dropdown-menu-md-left{right:auto;left:0}.dropdown-menu-md-right{right:0;left:auto}}@media (min-width:992px){.dropdown-menu-lg-left{right:auto;left:0}.dropdown-menu-lg-right{right:0;left:auto}}@media (min-width:1200px){.dropdown-menu-xl-left{right:auto;left:0}.dropdown-menu-xl-right{right:0;left:auto}}.dropup .dropdown-menu{top:auto;bottom:100%;margin-top:0;margin-bottom:.125rem}.dropup .dropdown-toggle:after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";border-top:0;border-right:.3em solid transparent;border-bottom:.3em solid;border-left:.3em solid transparent}.dropup .dropdown-toggle:empty:after{margin-left:0}.dropright .dropdown-menu{top:0;right:auto;left:100%;margin-top:0;margin-left:.125rem}.dropright .dropdown-toggle:after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";border-top:.3em solid transparent;border-right:0;border-bottom:.3em solid transparent;border-left:.3em solid}.dropright .dropdown-toggle:empty:after{margin-left:0}.dropright .dropdown-toggle:after{vertical-align:0}.dropleft .dropdown-menu{top:0;right:100%;left:auto;margin-top:0;margin-right:.125rem}.dropleft .dropdown-toggle:after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";display:none}.dropleft .dropdown-toggle:before{display:inline-block;margin-right:.255em;vertical-align:.255em;content:"";border-top:.3em solid transparent;border-right:.3em solid;border-bottom:.3em solid transparent}.dropleft .dropdown-toggle:empty:after{margin-left:0}.dropleft .dropdown-toggle:before{vertical-align:0}.dropdown-divider{height:0;margin:8px 0;overflow:hidden;border-top:1px solid #cacacc}.dropdown-item{display:block;width:100%;padding:12px 24px;clear:both;font-weight:400;color:#17324d;text-align:inherit;white-space:nowrap;background-color:transparent;border:0}.dropdown-item:focus,.dropdown-item:hover{color:#17324d;text-decoration:none;background-color:#e6ecf2}.dropdown-item.active,.dropdown-item:active{color:#fff;text-decoration:none;background-color:#0073e6}.dropdown-item.disabled,.dropdown-item:disabled{color:#656566;pointer-events:none;background-color:transparent}.dropdown-menu.show{display:block}.dropdown-header{display:block;padding:.5rem 24px;margin-bottom:0;font-size:14px;font-size:.875rem;color:#17324d;white-space:nowrap}.dropdown-item-text{display:block;padding:12px 24px;color:#17324d}.btn-group,.btn-group-vertical{position:relative;display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;vertical-align:middle}.btn-group-vertical>.btn,.btn-group>.btn{position:relative;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto}.btn-group-vertical>.btn.active,.btn-group-vertical>.btn:active,.btn-group-vertical>.btn:focus,.btn-group-vertical>.btn:hover,.btn-group>.btn.active,.btn-group>.btn:active,.btn-group>.btn:focus,.btn-group>.btn:hover{z-index:1}.btn-toolbar{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.btn-toolbar .input-group{width:auto}.btn-group>.btn-group:not(:first-child),.btn-group>.btn:not(:first-child){margin-left:0}.btn-group>.btn-group:not(:last-child)>.btn,.btn-group>.btn:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:not(:first-child)>.btn,.btn-group>.btn:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.dropdown-toggle-split{padding-right:.5625rem;padding-left:.5625rem}.dropdown-toggle-split:after,.dropright .dropdown-toggle-split:after,.dropup .dropdown-toggle-split:after{margin-left:0}.dropleft .dropdown-toggle-split:before{margin-right:0}.btn-group-sm>.btn+.dropdown-toggle-split,.btn-sm+.dropdown-toggle-split{padding-right:.375rem;padding-left:.375rem}.btn-group-lg>.btn+.dropdown-toggle-split,.btn-lg+.dropdown-toggle-split{padding-right:.75rem;padding-left:.75rem}.btn-group.show .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn-group.show .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn-group-vertical{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group{width:100%}.btn-group-vertical>.btn-group:not(:first-child),.btn-group-vertical>.btn:not(:first-child){margin-top:0}.btn-group-vertical>.btn-group:not(:last-child)>.btn,.btn-group-vertical>.btn:not(:last-child):not(.dropdown-toggle){border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:not(:first-child)>.btn,.btn-group-vertical>.btn:not(:first-child){border-top-left-radius:0;border-top-right-radius:0}.btn-group-toggle>.btn,.btn-group-toggle>.btn-group>.btn{margin-bottom:0}.btn-group-toggle>.btn-group>.btn input[type=checkbox],.btn-group-toggle>.btn-group>.btn input[type=radio],.btn-group-toggle>.btn input[type=checkbox],.btn-group-toggle>.btn input[type=radio]{position:absolute;clip:rect(0,0,0,0);pointer-events:none}.input-group{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;width:100%}.input-group>.custom-file,.input-group>.custom-select,.input-group>.form-control,.input-group>.form-control-plaintext{position:relative;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;width:1%;margin-bottom:0}.input-group>.custom-file+.custom-file,.input-group>.custom-file+.custom-select,.input-group>.custom-file+.form-control,.input-group>.custom-select+.custom-file,.input-group>.custom-select+.custom-select,.input-group>.custom-select+.form-control,.input-group>.form-control+.custom-file,.input-group>.form-control+.custom-select,.input-group>.form-control+.form-control,.input-group>.form-control-plaintext+.custom-file,.input-group>.form-control-plaintext+.custom-select,.input-group>.form-control-plaintext+.form-control{margin-left:-1px}.input-group>.custom-file .custom-file-input:focus~.custom-file-label,.input-group>.custom-select:focus,.input-group>.form-control:focus{z-index:3}.input-group>.custom-file .custom-file-input:focus{z-index:4}.input-group>.custom-select:not(:last-child),.input-group>.form-control:not(:last-child){border-top-right-radius:0;border-bottom-right-radius:0}.input-group>.custom-select:not(:first-child),.input-group>.form-control:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.input-group>.custom-file{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.input-group>.custom-file:not(:last-child) .custom-file-label,.input-group>.custom-file:not(:last-child) .custom-file-label:after{border-top-right-radius:0;border-bottom-right-radius:0}.input-group>.custom-file:not(:first-child) .custom-file-label{border-top-left-radius:0;border-bottom-left-radius:0}.input-group-append,.input-group-prepend{display:-webkit-box;display:-ms-flexbox;display:flex}.input-group-append .btn,.input-group-prepend .btn{position:relative;z-index:2}.input-group-append .btn:focus,.input-group-prepend .btn:focus{z-index:3}.input-group-append .btn+.btn,.input-group-append .btn+.input-group-text,.input-group-append .input-group-text+.btn,.input-group-append .input-group-text+.input-group-text,.input-group-prepend .btn+.btn,.input-group-prepend .btn+.input-group-text,.input-group-prepend .input-group-text+.btn,.input-group-prepend .input-group-text+.input-group-text{margin-left:-1px}.input-group-prepend{margin-right:-1px}.input-group-append{margin-left:-1px}.input-group-text{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;padding:.375rem .75rem;margin-bottom:0;font-size:16px;font-size:1rem;font-weight:400;line-height:1.5;color:#4c4c4d;text-align:center;white-space:nowrap;background-color:#cacacc;border:1px solid #979899;border-radius:4px}.input-group-text input[type=checkbox],.input-group-text input[type=radio]{margin-top:0}.input-group-lg>.custom-select,.input-group-lg>.form-control:not(textarea){height:calc(1.556em + 1rem + 2px)}.input-group-lg>.custom-select,.input-group-lg>.form-control,.input-group-lg>.input-group-append>.btn,.input-group-lg>.input-group-append>.input-group-text,.input-group-lg>.input-group-prepend>.btn,.input-group-lg>.input-group-prepend>.input-group-text{padding:.5rem 1rem;font-size:20px;font-size:1.25rem;line-height:1.556;border-radius:8px}.input-group-sm>.custom-select,.input-group-sm>.form-control:not(textarea){height:calc(1.428em + .5rem + 2px)}.input-group-sm>.custom-select,.input-group-sm>.form-control,.input-group-sm>.input-group-append>.btn,.input-group-sm>.input-group-append>.input-group-text,.input-group-sm>.input-group-prepend>.btn,.input-group-sm>.input-group-prepend>.input-group-text{padding:.25rem .5rem;font-size:14px;font-size:.875rem;line-height:1.428;border-radius:2px}.input-group-lg>.custom-select,.input-group-sm>.custom-select{padding-right:1.75rem}.input-group>.input-group-append:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group>.input-group-append:last-child>.input-group-text:not(:last-child),.input-group>.input-group-append:not(:last-child)>.btn,.input-group>.input-group-append:not(:last-child)>.input-group-text,.input-group>.input-group-prepend>.btn,.input-group>.input-group-prepend>.input-group-text{border-top-right-radius:0;border-bottom-right-radius:0}.input-group>.input-group-append>.btn,.input-group>.input-group-append>.input-group-text,.input-group>.input-group-prepend:first-child>.btn:not(:first-child),.input-group>.input-group-prepend:first-child>.input-group-text:not(:first-child),.input-group>.input-group-prepend:not(:first-child)>.btn,.input-group>.input-group-prepend:not(:first-child)>.input-group-text{border-top-left-radius:0;border-bottom-left-radius:0}.nav{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;padding-left:0;margin-bottom:0;list-style:none}.nav-link{display:block;padding:.5rem 1rem}.nav-link:focus,.nav-link:hover{text-decoration:none}.nav-link.disabled{color:#656566;pointer-events:none;cursor:default}.nav-tabs{border-bottom:1px solid #b1b1b3}.nav-tabs .nav-item{margin-bottom:-1px}.nav-tabs .nav-link{border:1px solid transparent;border-top-left-radius:4px;border-top-right-radius:4px}.nav-tabs .nav-link:focus,.nav-tabs .nav-link:hover{border-color:#cacacc #cacacc #b1b1b3}.nav-tabs .nav-link.disabled{color:#656566;background-color:transparent;border-color:transparent}.nav-tabs .nav-item.show .nav-link,.nav-tabs .nav-link.active{color:#4c4c4d;background-color:#fff;border-color:#b1b1b3 #b1b1b3 #fff}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-left-radius:0;border-top-right-radius:0}.nav-pills .nav-link{border-radius:4px}.nav-pills .nav-link.active,.nav-pills .show>.nav-link{color:#fff;background-color:#0073e6}.nav-fill .nav-item{-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;text-align:center}.nav-justified .nav-item{-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;text-align:center}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.navbar{position:relative;padding:8px 16px}.navbar,.navbar>.container,.navbar>.container-fluid{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between}.navbar-brand{display:inline-block;padding-top:.5rem;padding-bottom:.5rem;margin-right:16px;font-size:16px;font-size:1rem;line-height:inherit;white-space:nowrap}.navbar-brand:focus,.navbar-brand:hover{text-decoration:none}.navbar-nav{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;padding-left:0;margin-bottom:0;list-style:none}.navbar-nav .nav-link{padding-right:0;padding-left:0}.navbar-nav .dropdown-menu{position:static;float:none}.navbar-text{display:inline-block;padding-top:.5rem;padding-bottom:.5rem}.navbar-collapse{-ms-flex-preferred-size:100%;flex-basis:100%;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.navbar-toggler{padding:.25rem .75rem;font-size:20px;font-size:1.25rem;line-height:1;background-color:transparent;border:1px solid transparent;border-radius:0}.navbar-toggler:focus,.navbar-toggler:hover{text-decoration:none}.navbar-toggler-icon{display:inline-block;width:1.5em;height:1.5em;vertical-align:middle;content:"";background:no-repeat 50%;background-size:100% 100%}@media (max-width:575.98px){.navbar-expand-sm>.container,.navbar-expand-sm>.container-fluid{padding-right:0;padding-left:0}}@media (min-width:576px){.navbar-expand-sm{-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-sm,.navbar-expand-sm .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal}.navbar-expand-sm .navbar-nav{-ms-flex-direction:row;flex-direction:row}.navbar-expand-sm .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-sm .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand-sm>.container,.navbar-expand-sm>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-sm .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-sm .navbar-toggler{display:none}}@media (max-width:767.98px){.navbar-expand-md>.container,.navbar-expand-md>.container-fluid{padding-right:0;padding-left:0}}@media (min-width:768px){.navbar-expand-md{-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-md,.navbar-expand-md .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal}.navbar-expand-md .navbar-nav{-ms-flex-direction:row;flex-direction:row}.navbar-expand-md .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-md .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand-md>.container,.navbar-expand-md>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-md .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-md .navbar-toggler{display:none}}@media (max-width:991.98px){.navbar-expand-lg>.container,.navbar-expand-lg>.container-fluid{padding-right:0;padding-left:0}}@media (min-width:992px){.navbar-expand-lg{-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-lg,.navbar-expand-lg .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal}.navbar-expand-lg .navbar-nav{-ms-flex-direction:row;flex-direction:row}.navbar-expand-lg .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-lg .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand-lg>.container,.navbar-expand-lg>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-lg .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-lg .navbar-toggler{display:none}}@media (max-width:1199.98px){.navbar-expand-xl>.container,.navbar-expand-xl>.container-fluid{padding-right:0;padding-left:0}}@media (min-width:1200px){.navbar-expand-xl{-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand-xl,.navbar-expand-xl .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal}.navbar-expand-xl .navbar-nav{-ms-flex-direction:row;flex-direction:row}.navbar-expand-xl .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-xl .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand-xl>.container,.navbar-expand-xl>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand-xl .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand-xl .navbar-toggler{display:none}}.navbar-expand{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row nowrap;flex-flow:row nowrap;-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}.navbar-expand>.container,.navbar-expand>.container-fluid{padding-right:0;padding-left:0}.navbar-expand .navbar-nav{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.navbar-expand .navbar-nav .dropdown-menu{position:absolute}.navbar-expand .navbar-nav .nav-link{padding-right:.5rem;padding-left:.5rem}.navbar-expand>.container,.navbar-expand>.container-fluid{-ms-flex-wrap:nowrap;flex-wrap:nowrap}.navbar-expand .navbar-collapse{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important;-ms-flex-preferred-size:auto;flex-basis:auto}.navbar-expand .navbar-toggler{display:none}.navbar-light .navbar-brand,.navbar-light .navbar-brand:focus,.navbar-light .navbar-brand:hover{color:rgba(0,0,0,.9)}.navbar-light .navbar-nav .nav-link{color:rgba(0,0,0,.5)}.navbar-light .navbar-nav .nav-link:focus,.navbar-light .navbar-nav .nav-link:hover{color:rgba(0,0,0,.7)}.navbar-light .navbar-nav .nav-link.disabled{color:rgba(0,0,0,.3)}.navbar-light .navbar-nav .active>.nav-link,.navbar-light .navbar-nav .nav-link.active,.navbar-light .navbar-nav .nav-link.show,.navbar-light .navbar-nav .show>.nav-link{color:rgba(0,0,0,.9)}.navbar-light .navbar-toggler{color:rgba(0,0,0,.5);border-color:rgba(0,0,0,.1)}.navbar-light .navbar-toggler-icon{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg viewBox='0 0 30 30' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath stroke='rgba(0, 0, 0, 0.5)' stroke-width='2' stroke-linecap='round' stroke-miterlimit='10' d='M4 7h22M4 15h22M4 23h22'/%3E%3C/svg%3E")}.navbar-light .navbar-text{color:rgba(0,0,0,.5)}.navbar-light .navbar-text a,.navbar-light .navbar-text a:focus,.navbar-light .navbar-text a:hover{color:rgba(0,0,0,.9)}.navbar-dark .navbar-brand,.navbar-dark .navbar-brand:focus,.navbar-dark .navbar-brand:hover{color:#fff}.navbar-dark .navbar-nav .nav-link{color:hsla(0,0%,100%,.5)}.navbar-dark .navbar-nav .nav-link:focus,.navbar-dark .navbar-nav .nav-link:hover{color:hsla(0,0%,100%,.75)}.navbar-dark .navbar-nav .nav-link.disabled{color:hsla(0,0%,100%,.25)}.navbar-dark .navbar-nav .active>.nav-link,.navbar-dark .navbar-nav .nav-link.active,.navbar-dark .navbar-nav .nav-link.show,.navbar-dark .navbar-nav .show>.nav-link{color:#fff}.navbar-dark .navbar-toggler{color:hsla(0,0%,100%,.5);border-color:transparent}.navbar-dark .navbar-toggler-icon{background-image:url(data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTkuMiIgaGVpZ2h0PSIxNiIgdmlld0JveD0iMCAwIDEyIDEwIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxwYXRoIGQ9Ik0wIDRoMTJ2MkgwVjR6bTAtNGg4djJIMFYwem0wIDhoOHYySDBWOHoiIGZpbGw9IiNGRkYiIGZpbGwtcnVsZT0iZXZlbm9kZCIvPjwvc3ZnPg==)}.navbar-dark .navbar-text{color:hsla(0,0%,100%,.5)}.navbar-dark .navbar-text a,.navbar-dark .navbar-text a:focus,.navbar-dark .navbar-text a:hover{color:#fff}.card{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;min-width:0;word-wrap:break-word;background-color:#fff;background-clip:border-box;border:1px solid rgba(0,0,0,.125);border-radius:0}.card>hr{margin-right:0;margin-left:0}.card>.list-group:first-child .list-group-item:first-child{border-top-left-radius:0;border-top-right-radius:0}.card>.list-group:last-child .list-group-item:last-child{border-bottom-right-radius:0;border-bottom-left-radius:0}.card-body{-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;padding:2rem}.card-title{margin-bottom:1rem}.card-subtitle{margin-top:-.5rem}.card-subtitle,.card-text:last-child{margin-bottom:0}.card-link:hover{text-decoration:none}.card-link+.card-link{margin-left:2rem}.card-header{padding:1rem 2rem;margin-bottom:0;background-color:transparent;border-bottom:1px solid rgba(0,0,0,.125)}.card-header:first-child{border-radius:-1px -1px 0 0}.card-header+.list-group .list-group-item:first-child{border-top:0}.card-footer{padding:1rem 2rem;background-color:transparent;border-top:1px solid rgba(0,0,0,.125)}.card-footer:last-child{border-radius:0 0 -1px -1px}.card-header-tabs{margin-bottom:-1rem;border-bottom:0}.card-header-pills,.card-header-tabs{margin-right:-1rem;margin-left:-1rem}.card-img-overlay{position:absolute;top:0;right:0;bottom:0;left:0;padding:1.25rem}.card-img{width:100%;border-radius:-1px}.card-img-top{width:100%;border-top-left-radius:-1px;border-top-right-radius:-1px}.card-img-bottom{width:100%;border-bottom-right-radius:-1px;border-bottom-left-radius:-1px}.card-deck{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.card-deck .card{margin-bottom:6px}@media (min-width:576px){.card-deck{-webkit-box-orient:horizontal;-ms-flex-flow:row wrap;flex-flow:row wrap;margin-right:-6px;margin-left:-6px}.card-deck,.card-deck .card{-webkit-box-direction:normal}.card-deck .card{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-flex:1;-ms-flex:1 0 0%;flex:1 0 0%;-webkit-box-orient:vertical;-ms-flex-direction:column;flex-direction:column;margin-right:6px;margin-bottom:0;margin-left:6px}}.card-group{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.card-group>.card{margin-bottom:6px}@media (min-width:576px){.card-group{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-flow:row wrap;flex-flow:row wrap}.card-group>.card{-webkit-box-flex:1;-ms-flex:1 0 0%;flex:1 0 0%;margin-bottom:0}.card-group>.card+.card{margin-left:0;border-left:0}.card-group>.card:not(:last-child){border-top-right-radius:0;border-bottom-right-radius:0}.card-group>.card:not(:last-child) .card-header,.card-group>.card:not(:last-child) .card-img-top{border-top-right-radius:0}.card-group>.card:not(:last-child) .card-footer,.card-group>.card:not(:last-child) .card-img-bottom{border-bottom-right-radius:0}.card-group>.card:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.card-group>.card:not(:first-child) .card-header,.card-group>.card:not(:first-child) .card-img-top{border-top-left-radius:0}.card-group>.card:not(:first-child) .card-footer,.card-group>.card:not(:first-child) .card-img-bottom{border-bottom-left-radius:0}}.card-columns .card{margin-bottom:1rem}@media (min-width:576px){.card-columns{-webkit-column-count:3;-moz-column-count:3;column-count:3;-webkit-column-gap:1.25rem;-moz-column-gap:1.25rem;column-gap:1.25rem;orphans:1;widows:1}.card-columns .card{display:inline-block;width:100%}}.accordion>.card{overflow:hidden}.accordion>.card:not(:first-of-type) .card-header:first-child{border-radius:0}.accordion>.card:not(:first-of-type):not(:last-of-type){border-bottom:0;border-radius:0}.accordion>.card:first-of-type{border-bottom:0;border-bottom-right-radius:0;border-bottom-left-radius:0}.accordion>.card:last-of-type{border-top-left-radius:0;border-top-right-radius:0}.accordion>.card .card-header{margin-bottom:-1px}.breadcrumb{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;padding:.75rem 1rem;margin-bottom:1rem;list-style:none;background-color:transparent;border-radius:0}.breadcrumb-item+.breadcrumb-item{padding-left:.5rem}.breadcrumb-item+.breadcrumb-item:before{display:inline-block;padding-right:.5rem;color:#656566;content:"/"}.breadcrumb-item+.breadcrumb-item:hover:before{text-decoration:underline;text-decoration:none}.breadcrumb-item.active{color:#656566}.pagination{display:-webkit-box;display:-ms-flexbox;display:flex;padding-left:0;list-style:none;border-radius:4px}.page-link{position:relative;display:block;padding:.5rem .75rem;margin-left:-1px;line-height:1.25;color:#0073e6;background-color:#fff;border:1px solid #b1b1b3}.page-link:hover{z-index:2;color:#004d99;text-decoration:none;background-color:#cacacc;border-color:#b1b1b3}.page-link:focus{z-index:2;outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(0,115,230,.25);box-shadow:0 0 0 .2rem rgba(0,115,230,.25)}.page-item:first-child .page-link{margin-left:0;border-top-left-radius:4px;border-bottom-left-radius:4px}.page-item:last-child .page-link{border-top-right-radius:4px;border-bottom-right-radius:4px}.page-item.active .page-link{z-index:1;color:#fff;background-color:#0073e6;border-color:#0073e6}.page-item.disabled .page-link{color:#656566;pointer-events:none;cursor:auto;background-color:#fff;border-color:#b1b1b3}.pagination-lg .page-link{padding:.75rem 1.5rem;font-size:20px;font-size:1.25rem;line-height:1.5}.pagination-lg .page-item:first-child .page-link{border-top-left-radius:8px;border-bottom-left-radius:8px}.pagination-lg .page-item:last-child .page-link{border-top-right-radius:8px;border-bottom-right-radius:8px}.pagination-sm .page-link{padding:.25rem .5rem;font-size:14px;font-size:.875rem;line-height:1.5}.pagination-sm .page-item:first-child .page-link{border-top-left-radius:2px;border-bottom-left-radius:2px}.pagination-sm .page-item:last-child .page-link{border-top-right-radius:2px;border-bottom-right-radius:2px}.badge{display:inline-block;padding:.25em .4em;font-size:75%;font-weight:700;line-height:1;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:4px;-webkit-transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,-webkit-box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,-webkit-box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out,-webkit-box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.badge{-webkit-transition:none;transition:none}}a.badge:focus,a.badge:hover{text-decoration:none}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.badge-pill{padding-right:.6em;padding-left:.6em;border-radius:10rem}.badge-primary{color:#fff;background-color:#0073e6}a.badge-primary:focus,a.badge-primary:hover{color:#fff;background-color:#0059b3}a.badge-primary.focus,a.badge-primary:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(0,115,230,.5);box-shadow:0 0 0 .2rem rgba(0,115,230,.5)}.badge-secondary{color:#fff;background-color:#5c6f82}a.badge-secondary:focus,a.badge-secondary:hover{color:#fff;background-color:#475664}a.badge-secondary.focus,a.badge-secondary:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(92,111,130,.5);box-shadow:0 0 0 .2rem rgba(92,111,130,.5)}.badge-success{color:#19191a;background-color:#00cc85}a.badge-success:focus,a.badge-success:hover{color:#19191a;background-color:#009963}a.badge-success.focus,a.badge-success:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(0,204,133,.5);box-shadow:0 0 0 .2rem rgba(0,204,133,.5)}.badge-info{color:#19191a;background-color:#979899}a.badge-info:focus,a.badge-info:hover{color:#19191a;background-color:#7e7e80}a.badge-info.focus,a.badge-info:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(151,152,153,.5);box-shadow:0 0 0 .2rem rgba(151,152,153,.5)}.badge-warning{color:#19191a;background-color:#f90}a.badge-warning:focus,a.badge-warning:hover{color:#19191a;background-color:#cc7a00}a.badge-warning.focus,a.badge-warning:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(255,153,0,.5);box-shadow:0 0 0 .2rem rgba(255,153,0,.5)}.badge-danger{color:#19191a;background-color:#f73e5a}a.badge-danger:focus,a.badge-danger:hover{color:#19191a;background-color:#f50d30}a.badge-danger.focus,a.badge-danger:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(247,62,90,.5);box-shadow:0 0 0 .2rem rgba(247,62,90,.5)}.badge-light{color:#19191a;background-color:#e9e6f2}a.badge-light:focus,a.badge-light:hover{color:#19191a;background-color:#ccc4e1}a.badge-light.focus,a.badge-light:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(233,230,242,.5);box-shadow:0 0 0 .2rem rgba(233,230,242,.5)}.badge-dark{color:#fff;background-color:#17324d}a.badge-dark:focus,a.badge-dark:hover{color:#fff;background-color:#0b1825}a.badge-dark.focus,a.badge-dark:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(23,50,77,.5);box-shadow:0 0 0 .2rem rgba(23,50,77,.5)}.badge-100{color:#19191a;background-color:#e3e4e6}a.badge-100:focus,a.badge-100:hover{color:#19191a;background-color:#c9cacd}a.badge-100.focus,a.badge-100:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(227,228,230,.5);box-shadow:0 0 0 .2rem rgba(227,228,230,.5)}.badge-200{color:#19191a;background-color:#cacacc}a.badge-200:focus,a.badge-200:hover{color:#19191a;background-color:#b0b1b3}a.badge-200.focus,a.badge-200:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(202,202,204,.5);box-shadow:0 0 0 .2rem rgba(202,202,204,.5)}.badge-300{color:#19191a;background-color:#b1b1b3}a.badge-300:focus,a.badge-300:hover{color:#19191a;background-color:#979899}a.badge-300.focus,a.badge-300:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(177,177,179,.5);box-shadow:0 0 0 .2rem rgba(177,177,179,.5)}.badge-400{color:#19191a;background-color:#979899}a.badge-400:focus,a.badge-400:hover{color:#19191a;background-color:#7e7e80}a.badge-400.focus,a.badge-400:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(151,152,153,.5);box-shadow:0 0 0 .2rem rgba(151,152,153,.5)}.badge-500{color:#19191a;background-color:#7e7f80}a.badge-500:focus,a.badge-500:hover{color:#19191a;background-color:#656566}a.badge-500.focus,a.badge-500:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(126,127,128,.5);box-shadow:0 0 0 .2rem rgba(126,127,128,.5)}.badge-600{color:#fff;background-color:#656566}a.badge-600:focus,a.badge-600:hover{color:#fff;background-color:#4c4c4c}a.badge-600.focus,a.badge-600:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(101,101,102,.5);box-shadow:0 0 0 .2rem rgba(101,101,102,.5)}.badge-700{color:#fff;background-color:#4c4c4d}a.badge-700:focus,a.badge-700:hover{color:#fff;background-color:#323233}a.badge-700.focus,a.badge-700:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(76,76,77,.5);box-shadow:0 0 0 .2rem rgba(76,76,77,.5)}.badge-800{color:#fff;background-color:#323333}a.badge-800:focus,a.badge-800:hover{color:#fff;background-color:#191919}a.badge-800.focus,a.badge-800:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(50,51,51,.5);box-shadow:0 0 0 .2rem rgba(50,51,51,.5)}.badge-900{color:#fff;background-color:#19191a}a.badge-900:focus,a.badge-900:hover{color:#fff;background-color:#000}a.badge-900.focus,a.badge-900:focus{outline:0;-webkit-box-shadow:0 0 0 .2rem rgba(25,25,26,.5);box-shadow:0 0 0 .2rem rgba(25,25,26,.5)}@-webkit-keyframes progress-bar-stripes{0%{background-position:16px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{0%{background-position:16px 0}to{background-position:0 0}}.progress{height:16px;overflow:hidden;font-size:12px;font-size:.75rem;background-color:#cacacc;border-radius:0;-webkit-box-shadow:inset 0 .1rem .1rem rgba(0,0,0,.1);box-shadow:inset 0 .1rem .1rem rgba(0,0,0,.1)}.progress,.progress-bar{display:-webkit-box;display:-ms-flexbox;display:flex}.progress-bar{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;color:#fff;text-align:center;white-space:nowrap;background-color:#0073e6;-webkit-transition:width .6s ease;transition:width .6s ease}@media (prefers-reduced-motion:reduce){.progress-bar{-webkit-transition:none;transition:none}}.progress-bar-striped{background-image:linear-gradient(45deg,hsla(0,0%,100%,.15) 25%,transparent 0,transparent 50%,hsla(0,0%,100%,.15) 0,hsla(0,0%,100%,.15) 75%,transparent 0,transparent);background-size:16px 16px}.progress-bar-animated{-webkit-animation:progress-bar-stripes 1s linear infinite;animation:progress-bar-stripes 1s linear infinite}@media (prefers-reduced-motion:reduce){.progress-bar-animated{-webkit-animation:none;animation:none}}.media{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start}.media-body{-webkit-box-flex:1;-ms-flex:1;flex:1}.list-group{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;padding-left:0;margin-bottom:0}.list-group-item-action{width:100%;color:#0073e6;text-align:inherit}.list-group-item-action:focus,.list-group-item-action:hover{z-index:1;color:#00264d;text-decoration:none}.list-group-item-action:active{color:#19191a;background-color:#cacacc}.list-group-item{position:relative;display:block;padding:1rem 1.25rem;margin-bottom:-1px;background-color:#fff;border:1px solid rgba(0,0,0,.125)}.list-group-item:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.list-group-item.disabled,.list-group-item:disabled{color:#656566;pointer-events:none;background-color:#fff}.list-group-item.active{z-index:2;color:#fff;background-color:#0073e6;border-color:#0073e6}.list-group-horizontal{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal .list-group-item{margin-right:-1px;margin-bottom:0}.list-group-horizontal .list-group-item:first-child{border-top-left-radius:4px;border-bottom-left-radius:4px;border-top-right-radius:0}.list-group-horizontal .list-group-item:last-child{margin-right:0;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:0}@media (min-width:576px){.list-group-horizontal-sm{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal-sm .list-group-item{margin-right:-1px;margin-bottom:0}.list-group-horizontal-sm .list-group-item:first-child{border-top-left-radius:4px;border-bottom-left-radius:4px;border-top-right-radius:0}.list-group-horizontal-sm .list-group-item:last-child{margin-right:0;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:0}}@media (min-width:768px){.list-group-horizontal-md{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal-md .list-group-item{margin-right:-1px;margin-bottom:0}.list-group-horizontal-md .list-group-item:first-child{border-top-left-radius:4px;border-bottom-left-radius:4px;border-top-right-radius:0}.list-group-horizontal-md .list-group-item:last-child{margin-right:0;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:0}}@media (min-width:992px){.list-group-horizontal-lg{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal-lg .list-group-item{margin-right:-1px;margin-bottom:0}.list-group-horizontal-lg .list-group-item:first-child{border-top-left-radius:4px;border-bottom-left-radius:4px;border-top-right-radius:0}.list-group-horizontal-lg .list-group-item:last-child{margin-right:0;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:0}}@media (min-width:1200px){.list-group-horizontal-xl{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.list-group-horizontal-xl .list-group-item{margin-right:-1px;margin-bottom:0}.list-group-horizontal-xl .list-group-item:first-child{border-top-left-radius:4px;border-bottom-left-radius:4px;border-top-right-radius:0}.list-group-horizontal-xl .list-group-item:last-child{margin-right:0;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:0}}.list-group-flush .list-group-item{border-right:0;border-left:0;border-radius:0}.list-group-flush .list-group-item:last-child{margin-bottom:-1px}.list-group-flush:first-child .list-group-item:first-child{border-top:0}.list-group-flush:last-child .list-group-item:last-child{margin-bottom:0;border-bottom:0}.list-group-item-primary{color:#003c78;background-color:#b8d8f8}.list-group-item-primary.list-group-item-action:focus,.list-group-item-primary.list-group-item-action:hover{color:#003c78;background-color:#a1cbf6}.list-group-item-primary.list-group-item-action.active{color:#fff;background-color:#003c78;border-color:#003c78}.list-group-item-secondary{color:#303a44;background-color:#d1d7dc}.list-group-item-secondary.list-group-item-action:focus,.list-group-item-secondary.list-group-item-action:hover{color:#303a44;background-color:#c3cad1}.list-group-item-secondary.list-group-item-action.active{color:#fff;background-color:#303a44;border-color:#303a44}.list-group-item-success{color:#006a45;background-color:#b8f1dd}.list-group-item-success.list-group-item-action:focus,.list-group-item-success.list-group-item-action:hover{color:#006a45;background-color:#a3edd3}.list-group-item-success.list-group-item-action.active{color:#fff;background-color:#006a45;border-color:#006a45}.list-group-item-info{color:#4f4f50;background-color:#e2e2e2}.list-group-item-info.list-group-item-action:focus,.list-group-item-info.list-group-item-action:hover{color:#4f4f50;background-color:#d5d5d5}.list-group-item-info.list-group-item-action.active{color:#fff;background-color:#4f4f50;border-color:#4f4f50}.list-group-item-warning{color:#855000;background-color:#ffe2b8}.list-group-item-warning.list-group-item-action:focus,.list-group-item-warning.list-group-item-action:hover{color:#855000;background-color:#ffd89f}.list-group-item-warning.list-group-item-action.active{color:#fff;background-color:#855000;border-color:#855000}.list-group-item-danger{color:#80202f;background-color:#fdc9d1}.list-group-item-danger.list-group-item-action:focus,.list-group-item-danger.list-group-item-action:hover{color:#80202f;background-color:#fcb0bc}.list-group-item-danger.list-group-item-action.active{color:#fff;background-color:#80202f;border-color:#80202f}.list-group-item-light{color:#79787e;background-color:#f9f8fb}.list-group-item-light.list-group-item-action:focus,.list-group-item-light.list-group-item-action:hover{color:#79787e;background-color:#ebe8f2}.list-group-item-light.list-group-item-action.active{color:#fff;background-color:#79787e;border-color:#79787e}.list-group-item-dark{color:#0c1a28;background-color:#bec6cd}.list-group-item-dark.list-group-item-action:focus,.list-group-item-dark.list-group-item-action:hover{color:#0c1a28;background-color:#b0b9c2}.list-group-item-dark.list-group-item-action.active{color:#fff;background-color:#0c1a28;border-color:#0c1a28}.list-group-item-100{color:#767778;background-color:#f7f7f8}.list-group-item-100.list-group-item-action:focus,.list-group-item-100.list-group-item-action:hover{color:#767778;background-color:#e9e9ec}.list-group-item-100.list-group-item-action.active{color:#fff;background-color:#767778;border-color:#767778}.list-group-item-200{color:#69696a;background-color:#f0f0f1}.list-group-item-200.list-group-item-action:focus,.list-group-item-200.list-group-item-action:hover{color:#69696a;background-color:#e3e3e5}.list-group-item-200.list-group-item-action.active{color:#fff;background-color:#69696a;border-color:#69696a}.list-group-item-300{color:#5c5c5d;background-color:#e9e9ea}.list-group-item-300.list-group-item-action:focus,.list-group-item-300.list-group-item-action:hover{color:#5c5c5d;background-color:#dcdcde}.list-group-item-300.list-group-item-action.active{color:#fff;background-color:#5c5c5d;border-color:#5c5c5d}.list-group-item-400{color:#4f4f50;background-color:#e2e2e2}.list-group-item-400.list-group-item-action:focus,.list-group-item-400.list-group-item-action:hover{color:#4f4f50;background-color:#d5d5d5}.list-group-item-400.list-group-item-action.active{color:#fff;background-color:#4f4f50;border-color:#4f4f50}.list-group-item-500{color:#424243;background-color:#dbdbdb}.list-group-item-500.list-group-item-action:focus,.list-group-item-500.list-group-item-action:hover{color:#424243;background-color:#cecece}.list-group-item-500.list-group-item-action.active{color:#fff;background-color:#424243;border-color:#424243}.list-group-item-600{color:#353535;background-color:#d4d4d4}.list-group-item-600.list-group-item-action:focus,.list-group-item-600.list-group-item-action:hover{color:#353535;background-color:#c7c7c7}.list-group-item-600.list-group-item-action.active{color:#fff;background-color:#353535;border-color:#353535}.list-group-item-700{color:#282828;background-color:#cdcdcd}.list-group-item-700.list-group-item-action:focus,.list-group-item-700.list-group-item-action:hover{color:#282828;background-color:silver}.list-group-item-700.list-group-item-action.active{color:#fff;background-color:#282828;border-color:#282828}.list-group-item-800{color:#1a1b1b;background-color:#c6c6c6}.list-group-item-800.list-group-item-action:focus,.list-group-item-800.list-group-item-action:hover{color:#1a1b1b;background-color:#b9b9b9}.list-group-item-800.list-group-item-action.active{color:#fff;background-color:#1a1b1b;border-color:#1a1b1b}.list-group-item-900{color:#0d0d0e;background-color:#bfbfbf}.list-group-item-900.list-group-item-action:focus,.list-group-item-900.list-group-item-action:hover{color:#0d0d0e;background-color:#b2b2b2}.list-group-item-900.list-group-item-action.active{color:#fff;background-color:#0d0d0e;border-color:#0d0d0e}.close{float:right;font-size:24px;font-size:1.5rem;font-weight:700;line-height:1;color:#000;text-shadow:0 1px 0 #fff;opacity:.5}.close:hover{color:#000;text-decoration:none}.close:not(:disabled):not(.disabled):focus,.close:not(:disabled):not(.disabled):hover{opacity:.75}button.close{padding:0;background-color:transparent;border:0;-webkit-appearance:none;-moz-appearance:none;appearance:none}a.close.disabled{pointer-events:none}.modal-open{overflow:hidden}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal{position:fixed;top:0;left:0;z-index:1050;display:none;width:100%;height:100%;overflow:hidden;outline:0}.modal-dialog{position:relative;width:auto;margin:.5rem;pointer-events:none}.modal.fade .modal-dialog{-webkit-transition:-webkit-transform .3s ease-out;transition:-webkit-transform .3s ease-out;transition:transform .3s ease-out;transition:transform .3s ease-out,-webkit-transform .3s ease-out;-webkit-transform:translateY(-50px);transform:translateY(-50px)}@media (prefers-reduced-motion:reduce){.modal.fade .modal-dialog{-webkit-transition:none;transition:none}}.modal.show .modal-dialog{-webkit-transform:none;transform:none}.modal-dialog-scrollable{display:-webkit-box;display:-ms-flexbox;display:flex;max-height:calc(100% - 1rem)}.modal-dialog-scrollable .modal-content{max-height:calc(100vh - 1rem);overflow:hidden}.modal-dialog-scrollable .modal-footer,.modal-dialog-scrollable .modal-header{-ms-flex-negative:0;flex-shrink:0}.modal-dialog-scrollable .modal-body{overflow-y:auto}.modal-dialog-centered{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;min-height:calc(100% - 1rem)}.modal-dialog-centered:before{display:block;height:calc(100vh - 1rem);content:""}.modal-dialog-centered.modal-dialog-scrollable{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;height:100%}.modal-dialog-centered.modal-dialog-scrollable .modal-content{max-height:none}.modal-dialog-centered.modal-dialog-scrollable:before{content:none}.modal-content{position:relative;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;width:100%;pointer-events:auto;background-color:#fff;background-clip:padding-box;border:1px solid rgba(0,0,0,.2);border-radius:8px;-webkit-box-shadow:0 .25rem .5rem rgba(0,0,0,.5);box-shadow:0 .25rem .5rem rgba(0,0,0,.5);outline:0}.modal-backdrop{position:fixed;top:0;left:0;z-index:1040;width:100vw;height:100vh;background-color:#000}.modal-backdrop.fade{opacity:0}.modal-backdrop.show{opacity:.8}.modal-header{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;padding:1.5rem;border-bottom:0 solid #b1b1b3;border-top-left-radius:8px;border-top-right-radius:8px}.modal-header .close{padding:1.5rem;margin:-1rem -1rem -1rem auto}.modal-title{margin-bottom:0;line-height:1.5}.modal-body{position:relative;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;padding:1.5rem}.modal-footer{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:end;-ms-flex-pack:end;justify-content:flex-end;padding:1.5rem;border-top:0 solid #b1b1b3;border-bottom-right-radius:8px;border-bottom-left-radius:8px}.modal-footer>:not(:first-child){margin-left:.25rem}.modal-footer>:not(:last-child){margin-right:.25rem}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:576px){.modal-dialog{max-width:500px;margin:1.5rem auto}.modal-dialog-scrollable{max-height:calc(100% - 3rem)}.modal-dialog-scrollable .modal-content{max-height:calc(100vh - 3rem)}.modal-dialog-centered{min-height:calc(100% - 3rem)}.modal-dialog-centered:before{height:calc(100vh - 3rem)}.modal-content{-webkit-box-shadow:0 .5rem 1rem rgba(0,0,0,.5);box-shadow:0 .5rem 1rem rgba(0,0,0,.5)}.modal-sm{max-width:300px}}@media (min-width:992px){.modal-lg,.modal-xl{max-width:800px}}@media (min-width:1200px){.modal-xl{max-width:1140px}}.tooltip{position:absolute;z-index:1070;display:block;margin:0;font-family:Titillium Web,Geneva,Tahoma,sans-serif;font-style:normal;font-weight:400;line-height:1.5;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;white-space:normal;line-break:auto;font-size:14px;font-size:.875rem;word-wrap:break-word;opacity:0}.tooltip.show{opacity:1}.tooltip .arrow{position:absolute;display:block;width:12.8px;width:.8rem;height:6.4px;height:.4rem}.tooltip .arrow:before{position:absolute;content:"";border-color:transparent;border-style:solid}.bs-tooltip-auto[x-placement^=top],.bs-tooltip-top{padding:.4rem 0}.bs-tooltip-auto[x-placement^=top] .arrow,.bs-tooltip-top .arrow{bottom:0}.bs-tooltip-auto[x-placement^=top] .arrow:before,.bs-tooltip-top .arrow:before{top:0;border-width:.4rem .4rem 0;border-top-color:#004a4d}.bs-tooltip-auto[x-placement^=right],.bs-tooltip-right{padding:0 .4rem}.bs-tooltip-auto[x-placement^=right] .arrow,.bs-tooltip-right .arrow{left:0;width:6.4px;width:.4rem;height:12.8px;height:.8rem}.bs-tooltip-auto[x-placement^=right] .arrow:before,.bs-tooltip-right .arrow:before{right:0;border-width:.4rem .4rem .4rem 0;border-right-color:#004a4d}.bs-tooltip-auto[x-placement^=bottom],.bs-tooltip-bottom{padding:.4rem 0}.bs-tooltip-auto[x-placement^=bottom] .arrow,.bs-tooltip-bottom .arrow{top:0}.bs-tooltip-auto[x-placement^=bottom] .arrow:before,.bs-tooltip-bottom .arrow:before{bottom:0;border-width:0 .4rem .4rem;border-bottom-color:#004a4d}.bs-tooltip-auto[x-placement^=left],.bs-tooltip-left{padding:0 .4rem}.bs-tooltip-auto[x-placement^=left] .arrow,.bs-tooltip-left .arrow{right:0;width:6.4px;width:.4rem;height:12.8px;height:.8rem}.bs-tooltip-auto[x-placement^=left] .arrow:before,.bs-tooltip-left .arrow:before{left:0;border-width:.4rem 0 .4rem .4rem;border-left-color:#004a4d}.tooltip-inner{max-width:32em;padding:1rem;color:#fff;text-align:center;background-color:#004a4d;border-radius:4px}.popover{top:0;left:0;z-index:1060;max-width:276px;font-family:Titillium Web,Geneva,Tahoma,sans-serif;font-style:normal;font-weight:400;line-height:1.5;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;white-space:normal;line-break:auto;font-size:14px;font-size:.875rem;word-wrap:break-word;background-color:#fff;background-clip:padding-box;border:1px solid rgba(0,0,0,.2);border-radius:8px;-webkit-box-shadow:0 .25rem .5rem rgba(0,0,0,.2);box-shadow:0 .25rem .5rem rgba(0,0,0,.2)}.popover,.popover .arrow{position:absolute;display:block}.popover .arrow{width:16px;width:1rem;height:8px;height:.5rem;margin:0 8px}.popover .arrow:after,.popover .arrow:before{position:absolute;display:block;content:"";border-color:transparent;border-style:solid}.bs-popover-auto[x-placement^=top],.bs-popover-top{margin-bottom:.5rem}.bs-popover-auto[x-placement^=top]>.arrow,.bs-popover-top>.arrow{bottom:calc(-.5rem + -1px)}.bs-popover-auto[x-placement^=top]>.arrow:before,.bs-popover-top>.arrow:before{bottom:0;border-width:.5rem .5rem 0;border-top-color:rgba(0,0,0,.25)}.bs-popover-auto[x-placement^=top]>.arrow:after,.bs-popover-top>.arrow:after{bottom:1px;border-width:.5rem .5rem 0;border-top-color:#fff}.bs-popover-auto[x-placement^=right],.bs-popover-right{margin-left:.5rem}.bs-popover-auto[x-placement^=right]>.arrow,.bs-popover-right>.arrow{left:calc(-.5rem + -1px);width:8px;width:.5rem;height:16px;height:1rem;margin:8px 0}.bs-popover-auto[x-placement^=right]>.arrow:before,.bs-popover-right>.arrow:before{left:0;border-width:.5rem .5rem .5rem 0;border-right-color:rgba(0,0,0,.25)}.bs-popover-auto[x-placement^=right]>.arrow:after,.bs-popover-right>.arrow:after{left:1px;border-width:.5rem .5rem .5rem 0;border-right-color:#fff}.bs-popover-auto[x-placement^=bottom],.bs-popover-bottom{margin-top:.5rem}.bs-popover-auto[x-placement^=bottom]>.arrow,.bs-popover-bottom>.arrow{top:calc(-.5rem + -1px)}.bs-popover-auto[x-placement^=bottom]>.arrow:before,.bs-popover-bottom>.arrow:before{top:0;border-width:0 .5rem .5rem;border-bottom-color:rgba(0,0,0,.25)}.bs-popover-auto[x-placement^=bottom]>.arrow:after,.bs-popover-bottom>.arrow:after{top:1px;border-width:0 .5rem .5rem;border-bottom-color:#fff}.bs-popover-auto[x-placement^=bottom] .popover-header:before,.bs-popover-bottom .popover-header:before{position:absolute;top:0;left:50%;display:block;width:16px;width:1rem;margin-left:-.5rem;content:"";border-bottom:1px solid #f7f7f7}.bs-popover-auto[x-placement^=left],.bs-popover-left{margin-right:.5rem}.bs-popover-auto[x-placement^=left]>.arrow,.bs-popover-left>.arrow{right:calc(-.5rem + -1px);width:8px;width:.5rem;height:16px;height:1rem;margin:8px 0}.bs-popover-auto[x-placement^=left]>.arrow:before,.bs-popover-left>.arrow:before{right:0;border-width:.5rem 0 .5rem .5rem;border-left-color:rgba(0,0,0,.25)}.bs-popover-auto[x-placement^=left]>.arrow:after,.bs-popover-left>.arrow:after{right:1px;border-width:.5rem 0 .5rem .5rem;border-left-color:#fff}.popover-header{padding:.5rem .75rem;margin-bottom:0;font-size:16px;font-size:1rem;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-top-left-radius:7px;border-top-right-radius:7px}.popover-header:empty{display:none}.popover-body{padding:.5rem .75rem;color:#19191a}.carousel{position:relative}.carousel.pointer-event{-ms-touch-action:pan-y;touch-action:pan-y}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner:after{display:block;clear:both;content:""}.carousel-item{position:relative;display:none;float:left;width:100%;margin-right:-100%;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-transition:-webkit-transform .6s ease-in-out;transition:-webkit-transform .6s ease-in-out;transition:transform .6s ease-in-out;transition:transform .6s ease-in-out,-webkit-transform .6s ease-in-out}@media (prefers-reduced-motion:reduce){.carousel-item{-webkit-transition:none;transition:none}}.carousel-item-next,.carousel-item-prev,.carousel-item.active{display:block}.active.carousel-item-right,.carousel-item-next:not(.carousel-item-left){-webkit-transform:translateX(100%);transform:translateX(100%)}.active.carousel-item-left,.carousel-item-prev:not(.carousel-item-right){-webkit-transform:translateX(-100%);transform:translateX(-100%)}.carousel-fade .carousel-item{opacity:0;-webkit-transition-property:opacity;transition-property:opacity;-webkit-transform:none;transform:none}.carousel-fade .carousel-item-next.carousel-item-left,.carousel-fade .carousel-item-prev.carousel-item-right,.carousel-fade .carousel-item.active{z-index:1;opacity:1}.carousel-fade .active.carousel-item-left,.carousel-fade .active.carousel-item-right{z-index:0;opacity:0;-webkit-transition:opacity 0s .6s;transition:opacity 0s .6s}@media (prefers-reduced-motion:reduce){.carousel-fade .active.carousel-item-left,.carousel-fade .active.carousel-item-right{-webkit-transition:none;transition:none}}.carousel-control-next,.carousel-control-prev{position:absolute;top:0;bottom:0;z-index:1;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;width:auto;color:#5c6f82;text-align:center;opacity:1;-webkit-transition:opacity .15s ease;transition:opacity .15s ease}@media (prefers-reduced-motion:reduce){.carousel-control-next,.carousel-control-prev{-webkit-transition:none;transition:none}}.carousel-control-next:focus,.carousel-control-next:hover,.carousel-control-prev:focus,.carousel-control-prev:hover{color:#5c6f82;text-decoration:none;outline:0;opacity:.9}.carousel-control-prev{left:0}.carousel-control-next{right:0}.carousel-control-next-icon,.carousel-control-prev-icon{display:inline-block;width:32px;height:32px;background:no-repeat 50%/100% 100%}.carousel-control-prev-icon{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%235c6f82' viewBox='0 0 8 8'%3E%3Cpath d='M5.25 0l-4 4 4 4 1.5-1.5L4.25 4l2.5-2.5L5.25 0z'/%3E%3C/svg%3E")}.carousel-control-next-icon{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%235c6f82' viewBox='0 0 8 8'%3E%3Cpath d='M2.75 0l-1.5 1.5L3.75 4l-2.5 2.5L2.75 8l4-4-4-4z'/%3E%3C/svg%3E")}.carousel-indicators{position:absolute;right:0;bottom:0;left:0;z-index:15;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;padding-left:0;margin-right:auto;margin-left:auto;list-style:none}.carousel-indicators li{-webkit-box-sizing:content-box;box-sizing:content-box;-webkit-box-flex:0;-ms-flex:0 1 auto;flex:0 1 auto;width:30px;height:3px;margin-right:3px;margin-left:3px;text-indent:-999px;cursor:pointer;background-color:#fff;background-clip:padding-box;border-top:10px solid transparent;border-bottom:10px solid transparent;opacity:.5;-webkit-transition:opacity .6s ease;transition:opacity .6s ease}@media (prefers-reduced-motion:reduce){.carousel-indicators li{-webkit-transition:none;transition:none}}.carousel-indicators .active{opacity:1}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center}.align-baseline{vertical-align:baseline!important}.align-top{vertical-align:top!important}.align-middle{vertical-align:middle!important}.align-bottom{vertical-align:bottom!important}.align-text-bottom{vertical-align:text-bottom!important}.align-text-top{vertical-align:text-top!important}.bg-primary{background-color:#0073e6!important}a.bg-primary:focus,a.bg-primary:hover,button.bg-primary:focus,button.bg-primary:hover{background-color:#0059b3!important}.bg-secondary{background-color:#5c6f82!important}a.bg-secondary:focus,a.bg-secondary:hover,button.bg-secondary:focus,button.bg-secondary:hover{background-color:#475664!important}.bg-success{background-color:#00cc85!important}a.bg-success:focus,a.bg-success:hover,button.bg-success:focus,button.bg-success:hover{background-color:#009963!important}.bg-info{background-color:#979899!important}a.bg-info:focus,a.bg-info:hover,button.bg-info:focus,button.bg-info:hover{background-color:#7e7e80!important}.bg-warning{background-color:#f90!important}a.bg-warning:focus,a.bg-warning:hover,button.bg-warning:focus,button.bg-warning:hover{background-color:#cc7a00!important}.bg-danger{background-color:#f73e5a!important}a.bg-danger:focus,a.bg-danger:hover,button.bg-danger:focus,button.bg-danger:hover{background-color:#f50d30!important}.bg-light{background-color:#e9e6f2!important}a.bg-light:focus,a.bg-light:hover,button.bg-light:focus,button.bg-light:hover{background-color:#ccc4e1!important}.bg-dark{background-color:#17324d!important}a.bg-dark:focus,a.bg-dark:hover,button.bg-dark:focus,button.bg-dark:hover{background-color:#0b1825!important}.bg-100{background-color:#e3e4e6!important}a.bg-100:focus,a.bg-100:hover,button.bg-100:focus,button.bg-100:hover{background-color:#c9cacd!important}.bg-200{background-color:#cacacc!important}a.bg-200:focus,a.bg-200:hover,button.bg-200:focus,button.bg-200:hover{background-color:#b0b1b3!important}.bg-300{background-color:#b1b1b3!important}.bg-400,a.bg-300:focus,a.bg-300:hover,button.bg-300:focus,button.bg-300:hover{background-color:#979899!important}a.bg-400:focus,a.bg-400:hover,button.bg-400:focus,button.bg-400:hover{background-color:#7e7e80!important}.bg-500{background-color:#7e7f80!important}.bg-600,a.bg-500:focus,a.bg-500:hover,button.bg-500:focus,button.bg-500:hover{background-color:#656566!important}a.bg-600:focus,a.bg-600:hover,button.bg-600:focus,button.bg-600:hover{background-color:#4c4c4c!important}.bg-700{background-color:#4c4c4d!important}a.bg-700:focus,a.bg-700:hover,button.bg-700:focus,button.bg-700:hover{background-color:#323233!important}.bg-800{background-color:#323333!important}a.bg-800:focus,a.bg-800:hover,button.bg-800:focus,button.bg-800:hover{background-color:#191919!important}.bg-900{background-color:#19191a!important}a.bg-900:focus,a.bg-900:hover,button.bg-900:focus,button.bg-900:hover{background-color:#000!important}.bg-white{background-color:#fff!important}.bg-transparent{background-color:transparent!important}.border{border:1px solid #b1b1b3!important}.border-top{border-top:1px solid #b1b1b3!important}.border-right{border-right:1px solid #b1b1b3!important}.border-bottom{border-bottom:1px solid #b1b1b3!important}.border-left{border-left:1px solid #b1b1b3!important}.border-0{border:0!important}.border-top-0{border-top:0!important}.border-right-0{border-right:0!important}.border-bottom-0{border-bottom:0!important}.border-left-0{border-left:0!important}.border-primary{border-color:#0073e6!important}.border-secondary{border-color:#5c6f82!important}.border-success{border-color:#00cc85!important}.border-info{border-color:#979899!important}.border-warning{border-color:#f90!important}.border-danger{border-color:#f73e5a!important}.border-light{border-color:#e9e6f2!important}.border-dark{border-color:#17324d!important}.border-100{border-color:#e3e4e6!important}.border-200{border-color:#cacacc!important}.border-300{border-color:#b1b1b3!important}.border-400{border-color:#979899!important}.border-500{border-color:#7e7f80!important}.border-600{border-color:#656566!important}.border-700{border-color:#4c4c4d!important}.border-800{border-color:#323333!important}.border-900{border-color:#19191a!important}.border-white{border-color:#fff!important}.rounded-sm{border-radius:2px!important}.rounded{border-radius:4px!important}.rounded-top{border-top-left-radius:4px!important}.rounded-right,.rounded-top{border-top-right-radius:4px!important}.rounded-bottom,.rounded-right{border-bottom-right-radius:4px!important}.rounded-bottom,.rounded-left{border-bottom-left-radius:4px!important}.rounded-left{border-top-left-radius:4px!important}.rounded-lg{border-radius:8px!important}.rounded-circle{border-radius:50%!important}.rounded-pill{border-radius:50rem!important}.rounded-0{border-radius:0!important}.clearfix:after{display:block;clear:both;content:""}.d-none{display:none!important}.d-inline{display:inline!important}.d-inline-block{display:inline-block!important}.d-block{display:block!important}.d-table{display:table!important}.d-table-row{display:table-row!important}.d-table-cell{display:table-cell!important}.d-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}@media (min-width:576px){.d-sm-none{display:none!important}.d-sm-inline{display:inline!important}.d-sm-inline-block{display:inline-block!important}.d-sm-block{display:block!important}.d-sm-table{display:table!important}.d-sm-table-row{display:table-row!important}.d-sm-table-cell{display:table-cell!important}.d-sm-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-sm-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}@media (min-width:768px){.d-md-none{display:none!important}.d-md-inline{display:inline!important}.d-md-inline-block{display:inline-block!important}.d-md-block{display:block!important}.d-md-table{display:table!important}.d-md-table-row{display:table-row!important}.d-md-table-cell{display:table-cell!important}.d-md-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-md-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}@media (min-width:992px){.d-lg-none{display:none!important}.d-lg-inline{display:inline!important}.d-lg-inline-block{display:inline-block!important}.d-lg-block{display:block!important}.d-lg-table{display:table!important}.d-lg-table-row{display:table-row!important}.d-lg-table-cell{display:table-cell!important}.d-lg-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-lg-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}@media (min-width:1200px){.d-xl-none{display:none!important}.d-xl-inline{display:inline!important}.d-xl-inline-block{display:inline-block!important}.d-xl-block{display:block!important}.d-xl-table{display:table!important}.d-xl-table-row{display:table-row!important}.d-xl-table-cell{display:table-cell!important}.d-xl-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-xl-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}@media print{.d-print-none{display:none!important}.d-print-inline{display:inline!important}.d-print-inline-block{display:inline-block!important}.d-print-block{display:block!important}.d-print-table{display:table!important}.d-print-table-row{display:table-row!important}.d-print-table-cell{display:table-cell!important}.d-print-flex{display:-webkit-box!important;display:-ms-flexbox!important;display:flex!important}.d-print-inline-flex{display:-webkit-inline-box!important;display:-ms-inline-flexbox!important;display:inline-flex!important}}.embed-responsive{position:relative;display:block;width:100%;padding:0;overflow:hidden}.embed-responsive:before{display:block;content:""}.embed-responsive .embed-responsive-item,.embed-responsive embed,.embed-responsive iframe,.embed-responsive object,.embed-responsive video{position:absolute;top:0;bottom:0;left:0;width:100%;height:100%;border:0}.embed-responsive-21by9:before{padding-top:42.8571428571%}.embed-responsive-16by9:before{padding-top:56.25%}.embed-responsive-4by3:before{padding-top:75%}.embed-responsive-1by1:before{padding-top:100%}.flex-row{-webkit-box-orient:horizontal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-column,.flex-row{-webkit-box-direction:normal!important}.flex-column{-webkit-box-orient:vertical!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-row-reverse{-webkit-box-orient:horizontal!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-column-reverse,.flex-row-reverse{-webkit-box-direction:reverse!important}.flex-column-reverse{-webkit-box-orient:vertical!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.flex-fill{-webkit-box-flex:1!important;-ms-flex:1 1 auto!important;flex:1 1 auto!important}.flex-grow-0{-webkit-box-flex:0!important;-ms-flex-positive:0!important;flex-grow:0!important}.flex-grow-1{-webkit-box-flex:1!important;-ms-flex-positive:1!important;flex-grow:1!important}.flex-shrink-0{-ms-flex-negative:0!important;flex-shrink:0!important}.flex-shrink-1{-ms-flex-negative:1!important;flex-shrink:1!important}.justify-content-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}@media (min-width:576px){.flex-sm-row{-webkit-box-orient:horizontal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-sm-column,.flex-sm-row{-webkit-box-direction:normal!important}.flex-sm-column{-webkit-box-orient:vertical!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-sm-row-reverse{-webkit-box-orient:horizontal!important;-webkit-box-direction:reverse!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-sm-column-reverse{-webkit-box-orient:vertical!important;-webkit-box-direction:reverse!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-sm-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-sm-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-sm-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.flex-sm-fill{-webkit-box-flex:1!important;-ms-flex:1 1 auto!important;flex:1 1 auto!important}.flex-sm-grow-0{-webkit-box-flex:0!important;-ms-flex-positive:0!important;flex-grow:0!important}.flex-sm-grow-1{-webkit-box-flex:1!important;-ms-flex-positive:1!important;flex-grow:1!important}.flex-sm-shrink-0{-ms-flex-negative:0!important;flex-shrink:0!important}.flex-sm-shrink-1{-ms-flex-negative:1!important;flex-shrink:1!important}.justify-content-sm-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-sm-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-sm-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-sm-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-sm-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-sm-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-sm-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-sm-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-sm-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-sm-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-sm-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-sm-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-sm-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-sm-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-sm-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-sm-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-sm-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-sm-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-sm-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-sm-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-sm-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-sm-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}}@media (min-width:768px){.flex-md-row{-webkit-box-orient:horizontal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-md-column,.flex-md-row{-webkit-box-direction:normal!important}.flex-md-column{-webkit-box-orient:vertical!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-md-row-reverse{-webkit-box-orient:horizontal!important;-webkit-box-direction:reverse!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-md-column-reverse{-webkit-box-orient:vertical!important;-webkit-box-direction:reverse!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-md-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-md-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-md-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.flex-md-fill{-webkit-box-flex:1!important;-ms-flex:1 1 auto!important;flex:1 1 auto!important}.flex-md-grow-0{-webkit-box-flex:0!important;-ms-flex-positive:0!important;flex-grow:0!important}.flex-md-grow-1{-webkit-box-flex:1!important;-ms-flex-positive:1!important;flex-grow:1!important}.flex-md-shrink-0{-ms-flex-negative:0!important;flex-shrink:0!important}.flex-md-shrink-1{-ms-flex-negative:1!important;flex-shrink:1!important}.justify-content-md-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-md-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-md-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-md-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-md-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-md-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-md-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-md-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-md-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-md-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-md-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-md-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-md-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-md-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-md-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-md-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-md-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-md-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-md-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-md-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-md-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-md-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}}@media (min-width:992px){.flex-lg-row{-webkit-box-orient:horizontal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-lg-column,.flex-lg-row{-webkit-box-direction:normal!important}.flex-lg-column{-webkit-box-orient:vertical!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-lg-row-reverse{-webkit-box-orient:horizontal!important;-webkit-box-direction:reverse!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-lg-column-reverse{-webkit-box-orient:vertical!important;-webkit-box-direction:reverse!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-lg-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-lg-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-lg-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.flex-lg-fill{-webkit-box-flex:1!important;-ms-flex:1 1 auto!important;flex:1 1 auto!important}.flex-lg-grow-0{-webkit-box-flex:0!important;-ms-flex-positive:0!important;flex-grow:0!important}.flex-lg-grow-1{-webkit-box-flex:1!important;-ms-flex-positive:1!important;flex-grow:1!important}.flex-lg-shrink-0{-ms-flex-negative:0!important;flex-shrink:0!important}.flex-lg-shrink-1{-ms-flex-negative:1!important;flex-shrink:1!important}.justify-content-lg-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-lg-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-lg-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-lg-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-lg-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-lg-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-lg-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-lg-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-lg-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-lg-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-lg-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-lg-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-lg-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-lg-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-lg-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-lg-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-lg-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-lg-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-lg-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-lg-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-lg-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-lg-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}}@media (min-width:1200px){.flex-xl-row{-webkit-box-orient:horizontal!important;-ms-flex-direction:row!important;flex-direction:row!important}.flex-xl-column,.flex-xl-row{-webkit-box-direction:normal!important}.flex-xl-column{-webkit-box-orient:vertical!important;-ms-flex-direction:column!important;flex-direction:column!important}.flex-xl-row-reverse{-webkit-box-orient:horizontal!important;-webkit-box-direction:reverse!important;-ms-flex-direction:row-reverse!important;flex-direction:row-reverse!important}.flex-xl-column-reverse{-webkit-box-orient:vertical!important;-webkit-box-direction:reverse!important;-ms-flex-direction:column-reverse!important;flex-direction:column-reverse!important}.flex-xl-wrap{-ms-flex-wrap:wrap!important;flex-wrap:wrap!important}.flex-xl-nowrap{-ms-flex-wrap:nowrap!important;flex-wrap:nowrap!important}.flex-xl-wrap-reverse{-ms-flex-wrap:wrap-reverse!important;flex-wrap:wrap-reverse!important}.flex-xl-fill{-webkit-box-flex:1!important;-ms-flex:1 1 auto!important;flex:1 1 auto!important}.flex-xl-grow-0{-webkit-box-flex:0!important;-ms-flex-positive:0!important;flex-grow:0!important}.flex-xl-grow-1{-webkit-box-flex:1!important;-ms-flex-positive:1!important;flex-grow:1!important}.flex-xl-shrink-0{-ms-flex-negative:0!important;flex-shrink:0!important}.flex-xl-shrink-1{-ms-flex-negative:1!important;flex-shrink:1!important}.justify-content-xl-start{-webkit-box-pack:start!important;-ms-flex-pack:start!important;justify-content:flex-start!important}.justify-content-xl-end{-webkit-box-pack:end!important;-ms-flex-pack:end!important;justify-content:flex-end!important}.justify-content-xl-center{-webkit-box-pack:center!important;-ms-flex-pack:center!important;justify-content:center!important}.justify-content-xl-between{-webkit-box-pack:justify!important;-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-xl-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-xl-start{-webkit-box-align:start!important;-ms-flex-align:start!important;align-items:flex-start!important}.align-items-xl-end{-webkit-box-align:end!important;-ms-flex-align:end!important;align-items:flex-end!important}.align-items-xl-center{-webkit-box-align:center!important;-ms-flex-align:center!important;align-items:center!important}.align-items-xl-baseline{-webkit-box-align:baseline!important;-ms-flex-align:baseline!important;align-items:baseline!important}.align-items-xl-stretch{-webkit-box-align:stretch!important;-ms-flex-align:stretch!important;align-items:stretch!important}.align-content-xl-start{-ms-flex-line-pack:start!important;align-content:flex-start!important}.align-content-xl-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-xl-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-xl-between{-ms-flex-line-pack:justify!important;align-content:space-between!important}.align-content-xl-around{-ms-flex-line-pack:distribute!important;align-content:space-around!important}.align-content-xl-stretch{-ms-flex-line-pack:stretch!important;align-content:stretch!important}.align-self-xl-auto{-ms-flex-item-align:auto!important;align-self:auto!important}.align-self-xl-start{-ms-flex-item-align:start!important;align-self:flex-start!important}.align-self-xl-end{-ms-flex-item-align:end!important;align-self:flex-end!important}.align-self-xl-center{-ms-flex-item-align:center!important;align-self:center!important}.align-self-xl-baseline{-ms-flex-item-align:baseline!important;align-self:baseline!important}.align-self-xl-stretch{-ms-flex-item-align:stretch!important;align-self:stretch!important}}.float-left{float:left!important}.float-right{float:right!important}.float-none{float:none!important}@media (min-width:576px){.float-sm-left{float:left!important}.float-sm-right{float:right!important}.float-sm-none{float:none!important}}@media (min-width:768px){.float-md-left{float:left!important}.float-md-right{float:right!important}.float-md-none{float:none!important}}@media (min-width:992px){.float-lg-left{float:left!important}.float-lg-right{float:right!important}.float-lg-none{float:none!important}}@media (min-width:1200px){.float-xl-left{float:left!important}.float-xl-right{float:right!important}.float-xl-none{float:none!important}}.overflow-auto{overflow:auto!important}.overflow-hidden{overflow:hidden!important}.position-static{position:static!important}.position-relative{position:relative!important}.position-absolute{position:absolute!important}.position-fixed{position:fixed!important}.position-sticky{position:-webkit-sticky!important;position:sticky!important}.fixed-top{top:0}.fixed-bottom,.fixed-top{position:fixed;right:0;left:0;z-index:1030}.fixed-bottom{bottom:0}@supports ((position:-webkit-sticky) or (position:sticky)){.sticky-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}}.sr-only{position:absolute;width:1px;height:1px;padding:0;overflow:hidden;clip:rect(0,0,0,0);white-space:nowrap;border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;overflow:visible;clip:auto;white-space:normal}.shadow-sm{-webkit-box-shadow:0 .125rem .25rem rgba(0,0,0,.075)!important;box-shadow:0 .125rem .25rem rgba(0,0,0,.075)!important}.shadow{-webkit-box-shadow:0 .5rem 1rem rgba(0,0,0,.15)!important;box-shadow:0 .5rem 1rem rgba(0,0,0,.15)!important}.shadow-lg{-webkit-box-shadow:0 1rem 3rem rgba(0,0,0,.175)!important;box-shadow:0 1rem 3rem rgba(0,0,0,.175)!important}.shadow-none{-webkit-box-shadow:none!important;box-shadow:none!important}.w-25{width:25%!important}.w-50{width:50%!important}.w-75{width:75%!important}.w-100{width:100%!important}.w-auto{width:auto!important}.h-25{height:25%!important}.h-50{height:50%!important}.h-75{height:75%!important}.h-100{height:100%!important}.h-auto{height:auto!important}.mw-100{max-width:100%!important}.mh-100{max-height:100%!important}.min-vw-100{min-width:100vw!important}.min-vh-100{min-height:100vh!important}.vw-100{width:100vw!important}.vh-100{height:100vh!important}.stretched-link:after{position:absolute;top:0;right:0;bottom:0;left:0;z-index:1;pointer-events:auto;content:"";background-color:transparent}.m-0{margin:0!important}.mt-0,.my-0{margin-top:0!important}.mr-0,.mx-0{margin-right:0!important}.mb-0,.my-0{margin-bottom:0!important}.ml-0,.mx-0{margin-left:0!important}.m-1{margin:4px!important}.mt-1,.my-1{margin-top:4px!important}.mr-1,.mx-1{margin-right:4px!important}.mb-1,.my-1{margin-bottom:4px!important}.ml-1,.mx-1{margin-left:4px!important}.m-2{margin:8px!important}.mt-2,.my-2{margin-top:8px!important}.mr-2,.mx-2{margin-right:8px!important}.mb-2,.my-2{margin-bottom:8px!important}.ml-2,.mx-2{margin-left:8px!important}.m-3{margin:16px!important}.mt-3,.my-3{margin-top:16px!important}.mr-3,.mx-3{margin-right:16px!important}.mb-3,.my-3{margin-bottom:16px!important}.ml-3,.mx-3{margin-left:16px!important}.m-4{margin:24px!important}.mt-4,.my-4{margin-top:24px!important}.mr-4,.mx-4{margin-right:24px!important}.mb-4,.my-4{margin-bottom:24px!important}.ml-4,.mx-4{margin-left:24px!important}.m-5{margin:48px!important}.mt-5,.my-5{margin-top:48px!important}.mr-5,.mx-5{margin-right:48px!important}.mb-5,.my-5{margin-bottom:48px!important}.ml-5,.mx-5{margin-left:48px!important}.p-0{padding:0!important}.pt-0,.py-0{padding-top:0!important}.pr-0,.px-0{padding-right:0!important}.pb-0,.py-0{padding-bottom:0!important}.pl-0,.px-0{padding-left:0!important}.p-1{padding:4px!important}.pt-1,.py-1{padding-top:4px!important}.pr-1,.px-1{padding-right:4px!important}.pb-1,.py-1{padding-bottom:4px!important}.pl-1,.px-1{padding-left:4px!important}.p-2{padding:8px!important}.pt-2,.py-2{padding-top:8px!important}.pr-2,.px-2{padding-right:8px!important}.pb-2,.py-2{padding-bottom:8px!important}.pl-2,.px-2{padding-left:8px!important}.p-3{padding:16px!important}.pt-3,.py-3{padding-top:16px!important}.pr-3,.px-3{padding-right:16px!important}.pb-3,.py-3{padding-bottom:16px!important}.pl-3,.px-3{padding-left:16px!important}.p-4{padding:24px!important}.pt-4,.py-4{padding-top:24px!important}.pr-4,.px-4{padding-right:24px!important}.pb-4,.py-4{padding-bottom:24px!important}.pl-4,.px-4{padding-left:24px!important}.p-5{padding:48px!important}.pt-5,.py-5{padding-top:48px!important}.pr-5,.px-5{padding-right:48px!important}.pb-5,.py-5{padding-bottom:48px!important}.pl-5,.px-5{padding-left:48px!important}.m-n1{margin:-4px!important}.mt-n1,.my-n1{margin-top:-4px!important}.mr-n1,.mx-n1{margin-right:-4px!important}.mb-n1,.my-n1{margin-bottom:-4px!important}.ml-n1,.mx-n1{margin-left:-4px!important}.m-n2{margin:-8px!important}.mt-n2,.my-n2{margin-top:-8px!important}.mr-n2,.mx-n2{margin-right:-8px!important}.mb-n2,.my-n2{margin-bottom:-8px!important}.ml-n2,.mx-n2{margin-left:-8px!important}.m-n3{margin:-16px!important}.mt-n3,.my-n3{margin-top:-16px!important}.mr-n3,.mx-n3{margin-right:-16px!important}.mb-n3,.my-n3{margin-bottom:-16px!important}.ml-n3,.mx-n3{margin-left:-16px!important}.m-n4{margin:-24px!important}.mt-n4,.my-n4{margin-top:-24px!important}.mr-n4,.mx-n4{margin-right:-24px!important}.mb-n4,.my-n4{margin-bottom:-24px!important}.ml-n4,.mx-n4{margin-left:-24px!important}.m-n5{margin:-48px!important}.mt-n5,.my-n5{margin-top:-48px!important}.mr-n5,.mx-n5{margin-right:-48px!important}.mb-n5,.my-n5{margin-bottom:-48px!important}.ml-n5,.mx-n5{margin-left:-48px!important}.m-auto{margin:auto!important}.mt-auto,.my-auto{margin-top:auto!important}.mr-auto,.mx-auto{margin-right:auto!important}.mb-auto,.my-auto{margin-bottom:auto!important}.ml-auto,.mx-auto{margin-left:auto!important}@media (min-width:576px){.m-sm-0{margin:0!important}.mt-sm-0,.my-sm-0{margin-top:0!important}.mr-sm-0,.mx-sm-0{margin-right:0!important}.mb-sm-0,.my-sm-0{margin-bottom:0!important}.ml-sm-0,.mx-sm-0{margin-left:0!important}.m-sm-1{margin:4px!important}.mt-sm-1,.my-sm-1{margin-top:4px!important}.mr-sm-1,.mx-sm-1{margin-right:4px!important}.mb-sm-1,.my-sm-1{margin-bottom:4px!important}.ml-sm-1,.mx-sm-1{margin-left:4px!important}.m-sm-2{margin:8px!important}.mt-sm-2,.my-sm-2{margin-top:8px!important}.mr-sm-2,.mx-sm-2{margin-right:8px!important}.mb-sm-2,.my-sm-2{margin-bottom:8px!important}.ml-sm-2,.mx-sm-2{margin-left:8px!important}.m-sm-3{margin:16px!important}.mt-sm-3,.my-sm-3{margin-top:16px!important}.mr-sm-3,.mx-sm-3{margin-right:16px!important}.mb-sm-3,.my-sm-3{margin-bottom:16px!important}.ml-sm-3,.mx-sm-3{margin-left:16px!important}.m-sm-4{margin:24px!important}.mt-sm-4,.my-sm-4{margin-top:24px!important}.mr-sm-4,.mx-sm-4{margin-right:24px!important}.mb-sm-4,.my-sm-4{margin-bottom:24px!important}.ml-sm-4,.mx-sm-4{margin-left:24px!important}.m-sm-5{margin:48px!important}.mt-sm-5,.my-sm-5{margin-top:48px!important}.mr-sm-5,.mx-sm-5{margin-right:48px!important}.mb-sm-5,.my-sm-5{margin-bottom:48px!important}.ml-sm-5,.mx-sm-5{margin-left:48px!important}.p-sm-0{padding:0!important}.pt-sm-0,.py-sm-0{padding-top:0!important}.pr-sm-0,.px-sm-0{padding-right:0!important}.pb-sm-0,.py-sm-0{padding-bottom:0!important}.pl-sm-0,.px-sm-0{padding-left:0!important}.p-sm-1{padding:4px!important}.pt-sm-1,.py-sm-1{padding-top:4px!important}.pr-sm-1,.px-sm-1{padding-right:4px!important}.pb-sm-1,.py-sm-1{padding-bottom:4px!important}.pl-sm-1,.px-sm-1{padding-left:4px!important}.p-sm-2{padding:8px!important}.pt-sm-2,.py-sm-2{padding-top:8px!important}.pr-sm-2,.px-sm-2{padding-right:8px!important}.pb-sm-2,.py-sm-2{padding-bottom:8px!important}.pl-sm-2,.px-sm-2{padding-left:8px!important}.p-sm-3{padding:16px!important}.pt-sm-3,.py-sm-3{padding-top:16px!important}.pr-sm-3,.px-sm-3{padding-right:16px!important}.pb-sm-3,.py-sm-3{padding-bottom:16px!important}.pl-sm-3,.px-sm-3{padding-left:16px!important}.p-sm-4{padding:24px!important}.pt-sm-4,.py-sm-4{padding-top:24px!important}.pr-sm-4,.px-sm-4{padding-right:24px!important}.pb-sm-4,.py-sm-4{padding-bottom:24px!important}.pl-sm-4,.px-sm-4{padding-left:24px!important}.p-sm-5{padding:48px!important}.pt-sm-5,.py-sm-5{padding-top:48px!important}.pr-sm-5,.px-sm-5{padding-right:48px!important}.pb-sm-5,.py-sm-5{padding-bottom:48px!important}.pl-sm-5,.px-sm-5{padding-left:48px!important}.m-sm-n1{margin:-4px!important}.mt-sm-n1,.my-sm-n1{margin-top:-4px!important}.mr-sm-n1,.mx-sm-n1{margin-right:-4px!important}.mb-sm-n1,.my-sm-n1{margin-bottom:-4px!important}.ml-sm-n1,.mx-sm-n1{margin-left:-4px!important}.m-sm-n2{margin:-8px!important}.mt-sm-n2,.my-sm-n2{margin-top:-8px!important}.mr-sm-n2,.mx-sm-n2{margin-right:-8px!important}.mb-sm-n2,.my-sm-n2{margin-bottom:-8px!important}.ml-sm-n2,.mx-sm-n2{margin-left:-8px!important}.m-sm-n3{margin:-16px!important}.mt-sm-n3,.my-sm-n3{margin-top:-16px!important}.mr-sm-n3,.mx-sm-n3{margin-right:-16px!important}.mb-sm-n3,.my-sm-n3{margin-bottom:-16px!important}.ml-sm-n3,.mx-sm-n3{margin-left:-16px!important}.m-sm-n4{margin:-24px!important}.mt-sm-n4,.my-sm-n4{margin-top:-24px!important}.mr-sm-n4,.mx-sm-n4{margin-right:-24px!important}.mb-sm-n4,.my-sm-n4{margin-bottom:-24px!important}.ml-sm-n4,.mx-sm-n4{margin-left:-24px!important}.m-sm-n5{margin:-48px!important}.mt-sm-n5,.my-sm-n5{margin-top:-48px!important}.mr-sm-n5,.mx-sm-n5{margin-right:-48px!important}.mb-sm-n5,.my-sm-n5{margin-bottom:-48px!important}.ml-sm-n5,.mx-sm-n5{margin-left:-48px!important}.m-sm-auto{margin:auto!important}.mt-sm-auto,.my-sm-auto{margin-top:auto!important}.mr-sm-auto,.mx-sm-auto{margin-right:auto!important}.mb-sm-auto,.my-sm-auto{margin-bottom:auto!important}.ml-sm-auto,.mx-sm-auto{margin-left:auto!important}}@media (min-width:768px){.m-md-0{margin:0!important}.mt-md-0,.my-md-0{margin-top:0!important}.mr-md-0,.mx-md-0{margin-right:0!important}.mb-md-0,.my-md-0{margin-bottom:0!important}.ml-md-0,.mx-md-0{margin-left:0!important}.m-md-1{margin:4px!important}.mt-md-1,.my-md-1{margin-top:4px!important}.mr-md-1,.mx-md-1{margin-right:4px!important}.mb-md-1,.my-md-1{margin-bottom:4px!important}.ml-md-1,.mx-md-1{margin-left:4px!important}.m-md-2{margin:8px!important}.mt-md-2,.my-md-2{margin-top:8px!important}.mr-md-2,.mx-md-2{margin-right:8px!important}.mb-md-2,.my-md-2{margin-bottom:8px!important}.ml-md-2,.mx-md-2{margin-left:8px!important}.m-md-3{margin:16px!important}.mt-md-3,.my-md-3{margin-top:16px!important}.mr-md-3,.mx-md-3{margin-right:16px!important}.mb-md-3,.my-md-3{margin-bottom:16px!important}.ml-md-3,.mx-md-3{margin-left:16px!important}.m-md-4{margin:24px!important}.mt-md-4,.my-md-4{margin-top:24px!important}.mr-md-4,.mx-md-4{margin-right:24px!important}.mb-md-4,.my-md-4{margin-bottom:24px!important}.ml-md-4,.mx-md-4{margin-left:24px!important}.m-md-5{margin:48px!important}.mt-md-5,.my-md-5{margin-top:48px!important}.mr-md-5,.mx-md-5{margin-right:48px!important}.mb-md-5,.my-md-5{margin-bottom:48px!important}.ml-md-5,.mx-md-5{margin-left:48px!important}.p-md-0{padding:0!important}.pt-md-0,.py-md-0{padding-top:0!important}.pr-md-0,.px-md-0{padding-right:0!important}.pb-md-0,.py-md-0{padding-bottom:0!important}.pl-md-0,.px-md-0{padding-left:0!important}.p-md-1{padding:4px!important}.pt-md-1,.py-md-1{padding-top:4px!important}.pr-md-1,.px-md-1{padding-right:4px!important}.pb-md-1,.py-md-1{padding-bottom:4px!important}.pl-md-1,.px-md-1{padding-left:4px!important}.p-md-2{padding:8px!important}.pt-md-2,.py-md-2{padding-top:8px!important}.pr-md-2,.px-md-2{padding-right:8px!important}.pb-md-2,.py-md-2{padding-bottom:8px!important}.pl-md-2,.px-md-2{padding-left:8px!important}.p-md-3{padding:16px!important}.pt-md-3,.py-md-3{padding-top:16px!important}.pr-md-3,.px-md-3{padding-right:16px!important}.pb-md-3,.py-md-3{padding-bottom:16px!important}.pl-md-3,.px-md-3{padding-left:16px!important}.p-md-4{padding:24px!important}.pt-md-4,.py-md-4{padding-top:24px!important}.pr-md-4,.px-md-4{padding-right:24px!important}.pb-md-4,.py-md-4{padding-bottom:24px!important}.pl-md-4,.px-md-4{padding-left:24px!important}.p-md-5{padding:48px!important}.pt-md-5,.py-md-5{padding-top:48px!important}.pr-md-5,.px-md-5{padding-right:48px!important}.pb-md-5,.py-md-5{padding-bottom:48px!important}.pl-md-5,.px-md-5{padding-left:48px!important}.m-md-n1{margin:-4px!important}.mt-md-n1,.my-md-n1{margin-top:-4px!important}.mr-md-n1,.mx-md-n1{margin-right:-4px!important}.mb-md-n1,.my-md-n1{margin-bottom:-4px!important}.ml-md-n1,.mx-md-n1{margin-left:-4px!important}.m-md-n2{margin:-8px!important}.mt-md-n2,.my-md-n2{margin-top:-8px!important}.mr-md-n2,.mx-md-n2{margin-right:-8px!important}.mb-md-n2,.my-md-n2{margin-bottom:-8px!important}.ml-md-n2,.mx-md-n2{margin-left:-8px!important}.m-md-n3{margin:-16px!important}.mt-md-n3,.my-md-n3{margin-top:-16px!important}.mr-md-n3,.mx-md-n3{margin-right:-16px!important}.mb-md-n3,.my-md-n3{margin-bottom:-16px!important}.ml-md-n3,.mx-md-n3{margin-left:-16px!important}.m-md-n4{margin:-24px!important}.mt-md-n4,.my-md-n4{margin-top:-24px!important}.mr-md-n4,.mx-md-n4{margin-right:-24px!important}.mb-md-n4,.my-md-n4{margin-bottom:-24px!important}.ml-md-n4,.mx-md-n4{margin-left:-24px!important}.m-md-n5{margin:-48px!important}.mt-md-n5,.my-md-n5{margin-top:-48px!important}.mr-md-n5,.mx-md-n5{margin-right:-48px!important}.mb-md-n5,.my-md-n5{margin-bottom:-48px!important}.ml-md-n5,.mx-md-n5{margin-left:-48px!important}.m-md-auto{margin:auto!important}.mt-md-auto,.my-md-auto{margin-top:auto!important}.mr-md-auto,.mx-md-auto{margin-right:auto!important}.mb-md-auto,.my-md-auto{margin-bottom:auto!important}.ml-md-auto,.mx-md-auto{margin-left:auto!important}}@media (min-width:992px){.m-lg-0{margin:0!important}.mt-lg-0,.my-lg-0{margin-top:0!important}.mr-lg-0,.mx-lg-0{margin-right:0!important}.mb-lg-0,.my-lg-0{margin-bottom:0!important}.ml-lg-0,.mx-lg-0{margin-left:0!important}.m-lg-1{margin:4px!important}.mt-lg-1,.my-lg-1{margin-top:4px!important}.mr-lg-1,.mx-lg-1{margin-right:4px!important}.mb-lg-1,.my-lg-1{margin-bottom:4px!important}.ml-lg-1,.mx-lg-1{margin-left:4px!important}.m-lg-2{margin:8px!important}.mt-lg-2,.my-lg-2{margin-top:8px!important}.mr-lg-2,.mx-lg-2{margin-right:8px!important}.mb-lg-2,.my-lg-2{margin-bottom:8px!important}.ml-lg-2,.mx-lg-2{margin-left:8px!important}.m-lg-3{margin:16px!important}.mt-lg-3,.my-lg-3{margin-top:16px!important}.mr-lg-3,.mx-lg-3{margin-right:16px!important}.mb-lg-3,.my-lg-3{margin-bottom:16px!important}.ml-lg-3,.mx-lg-3{margin-left:16px!important}.m-lg-4{margin:24px!important}.mt-lg-4,.my-lg-4{margin-top:24px!important}.mr-lg-4,.mx-lg-4{margin-right:24px!important}.mb-lg-4,.my-lg-4{margin-bottom:24px!important}.ml-lg-4,.mx-lg-4{margin-left:24px!important}.m-lg-5{margin:48px!important}.mt-lg-5,.my-lg-5{margin-top:48px!important}.mr-lg-5,.mx-lg-5{margin-right:48px!important}.mb-lg-5,.my-lg-5{margin-bottom:48px!important}.ml-lg-5,.mx-lg-5{margin-left:48px!important}.p-lg-0{padding:0!important}.pt-lg-0,.py-lg-0{padding-top:0!important}.pr-lg-0,.px-lg-0{padding-right:0!important}.pb-lg-0,.py-lg-0{padding-bottom:0!important}.pl-lg-0,.px-lg-0{padding-left:0!important}.p-lg-1{padding:4px!important}.pt-lg-1,.py-lg-1{padding-top:4px!important}.pr-lg-1,.px-lg-1{padding-right:4px!important}.pb-lg-1,.py-lg-1{padding-bottom:4px!important}.pl-lg-1,.px-lg-1{padding-left:4px!important}.p-lg-2{padding:8px!important}.pt-lg-2,.py-lg-2{padding-top:8px!important}.pr-lg-2,.px-lg-2{padding-right:8px!important}.pb-lg-2,.py-lg-2{padding-bottom:8px!important}.pl-lg-2,.px-lg-2{padding-left:8px!important}.p-lg-3{padding:16px!important}.pt-lg-3,.py-lg-3{padding-top:16px!important}.pr-lg-3,.px-lg-3{padding-right:16px!important}.pb-lg-3,.py-lg-3{padding-bottom:16px!important}.pl-lg-3,.px-lg-3{padding-left:16px!important}.p-lg-4{padding:24px!important}.pt-lg-4,.py-lg-4{padding-top:24px!important}.pr-lg-4,.px-lg-4{padding-right:24px!important}.pb-lg-4,.py-lg-4{padding-bottom:24px!important}.pl-lg-4,.px-lg-4{padding-left:24px!important}.p-lg-5{padding:48px!important}.pt-lg-5,.py-lg-5{padding-top:48px!important}.pr-lg-5,.px-lg-5{padding-right:48px!important}.pb-lg-5,.py-lg-5{padding-bottom:48px!important}.pl-lg-5,.px-lg-5{padding-left:48px!important}.m-lg-n1{margin:-4px!important}.mt-lg-n1,.my-lg-n1{margin-top:-4px!important}.mr-lg-n1,.mx-lg-n1{margin-right:-4px!important}.mb-lg-n1,.my-lg-n1{margin-bottom:-4px!important}.ml-lg-n1,.mx-lg-n1{margin-left:-4px!important}.m-lg-n2{margin:-8px!important}.mt-lg-n2,.my-lg-n2{margin-top:-8px!important}.mr-lg-n2,.mx-lg-n2{margin-right:-8px!important}.mb-lg-n2,.my-lg-n2{margin-bottom:-8px!important}.ml-lg-n2,.mx-lg-n2{margin-left:-8px!important}.m-lg-n3{margin:-16px!important}.mt-lg-n3,.my-lg-n3{margin-top:-16px!important}.mr-lg-n3,.mx-lg-n3{margin-right:-16px!important}.mb-lg-n3,.my-lg-n3{margin-bottom:-16px!important}.ml-lg-n3,.mx-lg-n3{margin-left:-16px!important}.m-lg-n4{margin:-24px!important}.mt-lg-n4,.my-lg-n4{margin-top:-24px!important}.mr-lg-n4,.mx-lg-n4{margin-right:-24px!important}.mb-lg-n4,.my-lg-n4{margin-bottom:-24px!important}.ml-lg-n4,.mx-lg-n4{margin-left:-24px!important}.m-lg-n5{margin:-48px!important}.mt-lg-n5,.my-lg-n5{margin-top:-48px!important}.mr-lg-n5,.mx-lg-n5{margin-right:-48px!important}.mb-lg-n5,.my-lg-n5{margin-bottom:-48px!important}.ml-lg-n5,.mx-lg-n5{margin-left:-48px!important}.m-lg-auto{margin:auto!important}.mt-lg-auto,.my-lg-auto{margin-top:auto!important}.mr-lg-auto,.mx-lg-auto{margin-right:auto!important}.mb-lg-auto,.my-lg-auto{margin-bottom:auto!important}.ml-lg-auto,.mx-lg-auto{margin-left:auto!important}}@media (min-width:1200px){.m-xl-0{margin:0!important}.mt-xl-0,.my-xl-0{margin-top:0!important}.mr-xl-0,.mx-xl-0{margin-right:0!important}.mb-xl-0,.my-xl-0{margin-bottom:0!important}.ml-xl-0,.mx-xl-0{margin-left:0!important}.m-xl-1{margin:4px!important}.mt-xl-1,.my-xl-1{margin-top:4px!important}.mr-xl-1,.mx-xl-1{margin-right:4px!important}.mb-xl-1,.my-xl-1{margin-bottom:4px!important}.ml-xl-1,.mx-xl-1{margin-left:4px!important}.m-xl-2{margin:8px!important}.mt-xl-2,.my-xl-2{margin-top:8px!important}.mr-xl-2,.mx-xl-2{margin-right:8px!important}.mb-xl-2,.my-xl-2{margin-bottom:8px!important}.ml-xl-2,.mx-xl-2{margin-left:8px!important}.m-xl-3{margin:16px!important}.mt-xl-3,.my-xl-3{margin-top:16px!important}.mr-xl-3,.mx-xl-3{margin-right:16px!important}.mb-xl-3,.my-xl-3{margin-bottom:16px!important}.ml-xl-3,.mx-xl-3{margin-left:16px!important}.m-xl-4{margin:24px!important}.mt-xl-4,.my-xl-4{margin-top:24px!important}.mr-xl-4,.mx-xl-4{margin-right:24px!important}.mb-xl-4,.my-xl-4{margin-bottom:24px!important}.ml-xl-4,.mx-xl-4{margin-left:24px!important}.m-xl-5{margin:48px!important}.mt-xl-5,.my-xl-5{margin-top:48px!important}.mr-xl-5,.mx-xl-5{margin-right:48px!important}.mb-xl-5,.my-xl-5{margin-bottom:48px!important}.ml-xl-5,.mx-xl-5{margin-left:48px!important}.p-xl-0{padding:0!important}.pt-xl-0,.py-xl-0{padding-top:0!important}.pr-xl-0,.px-xl-0{padding-right:0!important}.pb-xl-0,.py-xl-0{padding-bottom:0!important}.pl-xl-0,.px-xl-0{padding-left:0!important}.p-xl-1{padding:4px!important}.pt-xl-1,.py-xl-1{padding-top:4px!important}.pr-xl-1,.px-xl-1{padding-right:4px!important}.pb-xl-1,.py-xl-1{padding-bottom:4px!important}.pl-xl-1,.px-xl-1{padding-left:4px!important}.p-xl-2{padding:8px!important}.pt-xl-2,.py-xl-2{padding-top:8px!important}.pr-xl-2,.px-xl-2{padding-right:8px!important}.pb-xl-2,.py-xl-2{padding-bottom:8px!important}.pl-xl-2,.px-xl-2{padding-left:8px!important}.p-xl-3{padding:16px!important}.pt-xl-3,.py-xl-3{padding-top:16px!important}.pr-xl-3,.px-xl-3{padding-right:16px!important}.pb-xl-3,.py-xl-3{padding-bottom:16px!important}.pl-xl-3,.px-xl-3{padding-left:16px!important}.p-xl-4{padding:24px!important}.pt-xl-4,.py-xl-4{padding-top:24px!important}.pr-xl-4,.px-xl-4{padding-right:24px!important}.pb-xl-4,.py-xl-4{padding-bottom:24px!important}.pl-xl-4,.px-xl-4{padding-left:24px!important}.p-xl-5{padding:48px!important}.pt-xl-5,.py-xl-5{padding-top:48px!important}.pr-xl-5,.px-xl-5{padding-right:48px!important}.pb-xl-5,.py-xl-5{padding-bottom:48px!important}.pl-xl-5,.px-xl-5{padding-left:48px!important}.m-xl-n1{margin:-4px!important}.mt-xl-n1,.my-xl-n1{margin-top:-4px!important}.mr-xl-n1,.mx-xl-n1{margin-right:-4px!important}.mb-xl-n1,.my-xl-n1{margin-bottom:-4px!important}.ml-xl-n1,.mx-xl-n1{margin-left:-4px!important}.m-xl-n2{margin:-8px!important}.mt-xl-n2,.my-xl-n2{margin-top:-8px!important}.mr-xl-n2,.mx-xl-n2{margin-right:-8px!important}.mb-xl-n2,.my-xl-n2{margin-bottom:-8px!important}.ml-xl-n2,.mx-xl-n2{margin-left:-8px!important}.m-xl-n3{margin:-16px!important}.mt-xl-n3,.my-xl-n3{margin-top:-16px!important}.mr-xl-n3,.mx-xl-n3{margin-right:-16px!important}.mb-xl-n3,.my-xl-n3{margin-bottom:-16px!important}.ml-xl-n3,.mx-xl-n3{margin-left:-16px!important}.m-xl-n4{margin:-24px!important}.mt-xl-n4,.my-xl-n4{margin-top:-24px!important}.mr-xl-n4,.mx-xl-n4{margin-right:-24px!important}.mb-xl-n4,.my-xl-n4{margin-bottom:-24px!important}.ml-xl-n4,.mx-xl-n4{margin-left:-24px!important}.m-xl-n5{margin:-48px!important}.mt-xl-n5,.my-xl-n5{margin-top:-48px!important}.mr-xl-n5,.mx-xl-n5{margin-right:-48px!important}.mb-xl-n5,.my-xl-n5{margin-bottom:-48px!important}.ml-xl-n5,.mx-xl-n5{margin-left:-48px!important}.m-xl-auto{margin:auto!important}.mt-xl-auto,.my-xl-auto{margin-top:auto!important}.mr-xl-auto,.mx-xl-auto{margin-right:auto!important}.mb-xl-auto,.my-xl-auto{margin-bottom:auto!important}.ml-xl-auto,.mx-xl-auto{margin-left:auto!important}}.text-monospace{font-family:Roboto Mono,monospace!important}.text-justify{text-align:justify!important}.text-wrap{white-space:normal!important}.text-nowrap{white-space:nowrap!important}.text-truncate{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.text-left{text-align:left!important}.text-right{text-align:right!important}.text-center{text-align:center!important}@media (min-width:576px){.text-sm-left{text-align:left!important}.text-sm-right{text-align:right!important}.text-sm-center{text-align:center!important}}@media (min-width:768px){.text-md-left{text-align:left!important}.text-md-right{text-align:right!important}.text-md-center{text-align:center!important}}@media (min-width:992px){.text-lg-left{text-align:left!important}.text-lg-right{text-align:right!important}.text-lg-center{text-align:center!important}}@media (min-width:1200px){.text-xl-left{text-align:left!important}.text-xl-right{text-align:right!important}.text-xl-center{text-align:center!important}}.text-lowercase{text-transform:lowercase!important}.text-uppercase{text-transform:uppercase!important}.text-capitalize{text-transform:capitalize!important}.font-weight-light{font-weight:300!important}.font-weight-lighter{font-weight:lighter!important}.font-weight-normal{font-weight:400!important}.font-weight-bold{font-weight:700!important}.font-weight-bolder{font-weight:bolder!important}.font-italic{font-style:italic!important}.text-white{color:#fff!important}.text-primary{color:#004d99!important}a.text-primary:focus,a.text-primary:hover{color:#004080!important}.text-secondary{color:#3d4955!important}a.text-secondary:focus,a.text-secondary:hover{color:#323c46!important}.text-success{color:#008053!important}a.text-success:focus,a.text-success:hover{color:#006642!important}.text-info{color:#717273!important}a.text-info:focus,a.text-info:hover{color:#646566!important}.text-warning{color:#a36200!important}a.text-warning:focus,a.text-warning:hover{color:#995c00!important}.text-danger{color:#e00929!important}a.text-danger:focus,a.text-danger:hover{color:#c70825!important}.text-light{color:#bdb4d8!important}a.text-light:focus,a.text-light:hover{color:#aea3d0!important}.text-dark{color:#050b12!important}a.text-dark:focus,a.text-dark:hover{color:#000!important}.text-100{color:#bbbdc1!important}a.text-100:focus,a.text-100:hover{color:#aeb0b5!important}.text-200{color:#a3a4a7!important}a.text-200:focus,a.text-200:hover{color:#96979a!important}.text-300{color:#8a8b8d!important}a.text-300:focus,a.text-300:hover{color:#7d7e80!important}.text-400{color:#717273!important}a.text-400:focus,a.text-400:hover{color:#646566!important}.text-500{color:#585859!important}a.text-500:focus,a.text-500:hover{color:#4b4c4c!important}.text-600{color:#3f3f40!important}a.text-600:focus,a.text-600:hover{color:#323233!important}.text-700{color:#262626!important}a.text-700:focus,a.text-700:hover{color:#191919!important}.text-800{color:#0c0c0d!important}.text-900,a.text-800:focus,a.text-800:hover,a.text-900:focus,a.text-900:hover{color:#000!important}.text-body{color:#19191a!important}.text-muted{color:#5a768a!important}.text-black-50{color:rgba(0,0,0,.5)!important}.text-white-50{color:hsla(0,0%,100%,.5)!important}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.text-decoration-none{text-decoration:none!important}.text-break{word-break:break-word!important;overflow-wrap:break-word!important}.text-reset{color:inherit!important}.visible{visibility:visible!important}.invisible{visibility:hidden!important}body,html{font-size:16px;line-height:1.5}@media (min-width:576px){body,html{font-size:18px;line-height:1.555}}.h1,h1{letter-spacing:-1px}@media (min-width:576px){.h1,h1{font-size:2.666rem;letter-spacing:-1.3px;line-height:1.25}}.h2,h2{line-height:1.25}@media (min-width:576px){.h2,h2{font-size:2.222rem;line-height:1.2;letter-spacing:-2px}}.h3,h3{line-height:1.1428}@media (min-width:576px){.h3,h3{font-size:1.777rem;line-height:1.25}}.h4,h4{line-height:1.1666}@media (min-width:576px){.h4,h4{font-size:1.555rem;line-height:1.428;font-weight:600}}.h5,h5{font-weight:400}@media (min-width:576px){.h5,h5{font-size:1.333rem}}.h6,h6{font-weight:600;line-height:1.5}.display-1{font-size:49.776px;font-size:3.111rem}@media (min-width:576px){.display-1{font-size:3.111rem;line-height:1.428}}.blockquote,blockquote{font-family:Lora,Georgia,serif;margin:1.5rem 0}caption{font-size:12.432px;font-size:.777rem;line-height:1.4285}b,strong{font-weight:600}.small,small{font-size:15px;font-size:.9375rem;font-weight:400}@media (min-width:576px){.small,small{font-size:.8888rem}}.x-small{font-size:14px;font-size:.875rem;font-weight:400}@media (min-width:576px){.x-small{font-size:.7777rem}}.blockquote-footer{color:#656566}.bg-dark .blockquote-footer{color:#979899}.row.variable-gutters{margin-right:-6px;margin-left:-6px}.row.variable-gutters>.col,.row.variable-gutters>[class*=col-]{padding-right:6px;padding-left:6px}@media (min-width:576px){.row.variable-gutters{margin-right:-6px;margin-left:-6px}.row.variable-gutters>.col,.row.variable-gutters>[class*=col-]{padding-right:6px;padding-left:6px}}@media (min-width:768px){.row.variable-gutters{margin-right:-10px;margin-left:-10px}.row.variable-gutters>.col,.row.variable-gutters>[class*=col-]{padding-right:10px;padding-left:10px}}@media (min-width:992px){.row.variable-gutters{margin-right:-10px;margin-left:-10px}.row.variable-gutters>.col,.row.variable-gutters>[class*=col-]{padding-right:10px;padding-left:10px}}@media (min-width:1200px){.row.variable-gutters{margin-right:-14px;margin-left:-14px}.row.variable-gutters>.col,.row.variable-gutters>[class*=col-]{padding-right:14px;padding-left:14px}}.table td,.table th{text-align:left;border-bottom:1px solid #d6dce3;border-top:none}.breadcrumb-container .breadcrumb{padding:24px;border-radius:0}.breadcrumb-container .breadcrumb .breadcrumb-item{padding-left:0}.breadcrumb-container .breadcrumb .breadcrumb-item+.breadcrumb-item:before{display:none}.breadcrumb-container .breadcrumb .breadcrumb-item i{padding-right:.5em}.breadcrumb-container .breadcrumb .breadcrumb-item a{color:#5b6f82;font-weight:600}.breadcrumb-container .breadcrumb .breadcrumb-item.active a{font-weight:400;pointer-events:none}.breadcrumb-container .breadcrumb .breadcrumb-item span.separator{display:inline-block;font-weight:600;padding:0 .5em}.breadcrumb-container .breadcrumb.dark{background:#435a70}.breadcrumb-container .breadcrumb.dark .breadcrumb-item a,.breadcrumb-container .breadcrumb.dark .breadcrumb-item span.separator{color:#fff}.breadcrumb-container .breadcrumb.dark .breadcrumb-item i{color:#0bd9d2}.modal-content,.modal-header{border-radius:0}[data-toggle=collapse] .collapse-icon:before{content:"";display:inline-block;width:0;height:0;border-top:.5rem solid;border-right:.5rem solid transparent;border-bottom:0;border-left:.5rem solid transparent;vertical-align:3px;vertical-align:.1875rem}[data-toggle=collapse].collapsed .collapse-icon:before{-webkit-transform:rotate(180deg);transform:rotate(180deg)}.collapse-div{border-bottom:1px solid #e3e4e6}.collapse-div .collapse-div{border:1px solid #e3e4e6;border-top:0}.collapse-header{position:relative}.collapse-header [data-toggle=collapse]{width:100%;text-align:left;border:0;background-color:transparent;border-top:1px solid #e3e4e6;padding:14px 24px;cursor:pointer;color:#5c6f82;font-weight:600}.collapse-header [data-toggle=collapse][aria-expanded=false]{color:#0073e6}.collapse-header [data-toggle=collapse][aria-expanded=false]:after{content:"\e818"}.collapse-header [data-toggle=collapse][aria-expanded=true]:before{height:2px;width:56px;border-radius:2px;background-color:#0073e6;position:absolute;top:0;display:block;content:"";left:20px}.collapse-header [data-toggle=collapse][aria-expanded=false]:hover:after,.collapse-header [data-toggle=collapse][aria-expanded=true]:hover:after{text-decoration:none}.collapse-header [data-toggle=collapse]:after{content:"\e810";font-family:italia-icon-font;font-style:normal;font-weight:400;float:right;text-decoration:inherit;width:1em;margin-right:.2em;margin-top:5px;text-align:center;font-variant:normal;text-transform:none;line-height:1em}.collapse-header [data-toggle=collapse]:hover{background-color:#e6ecf2;text-decoration:underline}.collapse-header [data-toggle=collapse]:active{background-color:#0073e6;color:#fff;border-color:#0073e6}.collapse-body{padding:12px 24px 42px}.collapse-body .collapse-header button[aria-expanded=true]:before{height:0;width:0}.carousel{background-color:#444e57;padding:3.5em 3em 3em}.carousel-control-next,.carousel-control-prev{top:1em;-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start}.carousel-control-prev{left:auto;right:6em}.carousel-control-next{right:3em}.carousel-caption{position:static;padding-bottom:0}.carousel-indicators li{background-color:rgba(101,220,223,.5)}.carousel-indicators .active{background-color:#5c6f82}.list-group-item{padding:1rem}.list-group-item.disabled,.list-group-item:disabled{cursor:default}.list-group-item-action:focus,.list-group-item-action:hover{text-decoration:underline;background-color:#d9e6f2}.list-group-item-action.disabled:focus,.list-group-item-action.disabled:hover,.list-group-item-action:disabled:focus,.list-group-item-action:disabled:hover{text-decoration:none;background-color:transparent;border-top-color:transparent}.list-group-item.active:focus,.list-group-item.active:hover{background-color:#0073e6}.alert{position:relative;margin-bottom:1rem;border:1px solid #b1b1b3;padding:1rem 1rem 1rem 4em}.alert-heading{color:inherit}.alert-link{font-weight:700}.alert-dismissible{padding-right:3.5rem}.alert-dismissible .close{position:absolute;top:0;right:0;padding:.8rem 1rem;color:inherit}.alert-success{border-left:8px solid #00cc85}.alert-info,.alert-success{background-position:1em .8em;background-repeat:no-repeat}.alert-info{border-left:8px solid #979899}.alert-warning{border-left:8px solid #f90}.alert-danger,.alert-warning{background-position:1em .8em;background-repeat:no-repeat}.alert-danger{border-left:8px solid #f73e5a;background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='32' height='32'%3E%3Cpath d='M16 1.6C24 1.6 30.4 8 30.4 16S24 30.4 16 30.4 1.6 24 1.6 16 8 1.6 16 1.6zM16 0C7.2 0 0 7.2 0 16s7.2 16 16 16 16-7.2 16-16S24.8 0 16 0z'/%3E%3Cpath d='M14.4 24c0-.96.64-1.6 1.6-1.6s1.6.64 1.6 1.6c0 .96-.64 1.6-1.6 1.6s-1.6-.64-1.6-1.6zm.64-3.2l-.32-14.4h2.56l-.32 14.4z'/%3E%3C/svg%3E")}.alert-warning{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='32' height='32'%3E%3Cpath d='M14.333 26c0-1 .667-1.667 1.667-1.667S17.667 25 17.667 26 17 27.667 16 27.667 14.333 27 14.333 26zM15 22.667l-.333-15h2.667l-.333 15z'/%3E%3Cpath d='M16 2.667c1 0 2 .5 2.5 1.333l10.333 20.833c.5.833.5 2 0 2.833s-1.5 1.5-2.5 1.5H5.666c-1 0-2-.5-2.5-1.5-.5-.833-.5-2 0-2.833L13.499 4c.5-.833 1.5-1.333 2.5-1.333zM16 1c-1.5 0-3 .833-4 2.333L1.667 24.166c-1.667 3 .5 6.833 4 6.833h20.667c3.5 0 5.667-3.833 4-6.833L20.001 3.333c-1-1.667-2.5-2.333-4-2.333z'/%3E%3C/svg%3E")}.alert-success{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='32' height='32'%3E%3Cpath d='M32 6.682l-2.824-2.635-18.447 18.635-8.094-8.094L0 17.412l8.094 7.906h-.188l2.824 2.635 2.635-2.635z'/%3E%3C/svg%3E")}.alert-info{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='32' height='32'%3E%3Cpath d='M16 1.6C24 1.6 30.4 8 30.4 16S24 30.4 16 30.4 1.6 24 1.6 16 8.16 1.6 16 1.6zM16 0C7.2 0 0 7.2 0 16s7.2 16 16 16 16-7.2 16-16S24.8 0 16 0z'/%3E%3Cpath d='M14.72 9.76V6.72h2.88v3.04h-2.88zm0 15.84V12h2.88v13.6h-2.88z'/%3E%3C/svg%3E")}.btn{padding:12px 24px;font-size:16px;white-space:normal}.btn-group-lg>.btn,.btn-group-sm>.btn,.btn-lg,.btn-sm,.btn-xs{border-radius:4px;line-height:1.5}.btn-xs{padding:8px;font-size:14px;line-height:1.428}.btn-group-sm>.btn,.btn-sm{padding:10px 20px;font-size:14px;line-height:1.428}.btn-group-lg>.btn,.btn-lg{padding:14px 28px;font-size:18px;line-height:1.556}.btn-block{border-radius:0}.btn-primary.disabled,.btn-primary:disabled{color:#bfc2c9;background-color:#e6e9f2;border-color:#dfe4f2}.btn-outline-secondary{background:#fcfdff;-webkit-box-shadow:inset 0 0 0 1px #e6e9f2;box-shadow:inset 0 0 0 1px #e6e9f2}.btn-outline-secondary:hover{-webkit-box-shadow:inset 0 0 0 1px #c9cedc;box-shadow:inset 0 0 0 1px #c9cedc}.bg-dark .btn-link{color:#fff}.bg-dark .btn-primary{color:#19191a;background-color:#fff;border-color:#0073e6;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);color:#0073e6}.bg-dark .btn-primary:hover{color:#19191a;background-color:#fff;border-color:#0059b3}.bg-dark .btn-primary.focus,.bg-dark .btn-primary:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,115,230,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem rgba(0,115,230,.5)}.bg-dark .btn-primary.disabled,.bg-dark .btn-primary:disabled{color:#19191a;background-color:#fff;border-color:#0073e6}.bg-dark .btn-primary:not(:disabled):not(.disabled).active,.bg-dark .btn-primary:not(:disabled):not(.disabled):active,.show>.bg-dark .btn-primary.dropdown-toggle{color:#19191a;background-color:#fff;border-color:#0053a6}.bg-dark .btn-primary:not(:disabled):not(.disabled).active:focus,.bg-dark .btn-primary:not(:disabled):not(.disabled):active:focus,.show>.bg-dark .btn-primary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,115,230,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem rgba(0,115,230,.5)}.bg-dark .btn-primary.disabled,.bg-dark .btn-primary:disabled,.bg-dark .btn-primary:hover{color:#0059b3}.bg-dark .btn-outline-primary{color:#fff;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #fff;box-shadow:inset 0 0 0 1px #fff;-webkit-box-shadow:inset 0 0 0 2px #fff;box-shadow:inset 0 0 0 2px #fff}.bg-dark .btn-outline-primary:hover{color:#e6e6e6;-webkit-box-shadow:inset 0 0 0 1px #e6e6e6;box-shadow:inset 0 0 0 1px #e6e6e6}.bg-dark .btn-outline-primary.focus,.bg-dark .btn-outline-primary:focus{-webkit-box-shadow:inset 0 0 0 1px #e6e6e6,0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 0 0 1px #e6e6e6,0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-primary.disabled,.bg-dark .btn-outline-primary:disabled{color:#fff;background-color:transparent}.bg-dark .btn-outline-primary:not(:disabled):not(.disabled).active,.bg-dark .btn-outline-primary:not(:disabled):not(.disabled):active,.show>.bg-dark .btn-outline-primary.dropdown-toggle{color:#e6e6e6;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #e6e6e6;box-shadow:inset 0 0 0 1px #e6e6e6}.bg-dark .btn-outline-primary:not(:disabled):not(.disabled).active:focus,.bg-dark .btn-outline-primary:not(:disabled):not(.disabled):active:focus,.show>.bg-dark .btn-outline-primary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-primary:hover{-webkit-box-shadow:inset 0 0 0 2px #e6e6e6;box-shadow:inset 0 0 0 2px #e6e6e6}.bg-dark .btn-outline-primary.focus,.bg-dark .btn-outline-primary:focus{-webkit-box-shadow:inset 0 0 0 2px #fff,0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 0 0 2px #fff,0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-primary:not(:disabled):not(.disabled).active,.bg-dark .btn-outline-primary:not(:disabled):not(.disabled):active,.show>.bg-dark .btn-outline-primary.dropdown-toggle{-webkit-box-shadow:inset 0 0 0 2px #fff;box-shadow:inset 0 0 0 2px #fff}.bg-dark .btn-secondary{background-color:#0073e6;border-color:#fff;-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075);color:#fff}.bg-dark .btn-secondary:hover{color:#fff;background-color:#0d86ff;border-color:#e6e6e6}.bg-dark .btn-secondary.focus,.bg-dark .btn-secondary:focus{-webkit-box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.15),0 1px 1px rgba(0,0,0,.075),0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-secondary.disabled,.bg-dark .btn-secondary:disabled{color:#fff;background-color:#0073e6;border-color:#fff}.bg-dark .btn-secondary:not(:disabled):not(.disabled).active,.bg-dark .btn-secondary:not(:disabled):not(.disabled):active,.show>.bg-dark .btn-secondary.dropdown-toggle{color:#fff;background-color:#1a8cff;border-color:#dfdfdf}.bg-dark .btn-secondary:not(:disabled):not(.disabled).active:focus,.bg-dark .btn-secondary:not(:disabled):not(.disabled):active:focus,.show>.bg-dark .btn-secondary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-secondary{color:#fff;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #fff;box-shadow:inset 0 0 0 1px #fff;-webkit-box-shadow:none;box-shadow:none}.bg-dark .btn-outline-secondary:hover{color:#e6e6e6;-webkit-box-shadow:inset 0 0 0 1px #e6e6e6;box-shadow:inset 0 0 0 1px #e6e6e6}.bg-dark .btn-outline-secondary.focus,.bg-dark .btn-outline-secondary:focus{-webkit-box-shadow:inset 0 0 0 1px #e6e6e6,0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 0 0 1px #e6e6e6,0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-secondary.disabled,.bg-dark .btn-outline-secondary:disabled{color:#fff;background-color:transparent}.bg-dark .btn-outline-secondary:not(:disabled):not(.disabled).active,.bg-dark .btn-outline-secondary:not(:disabled):not(.disabled):active,.show>.bg-dark .btn-outline-secondary.dropdown-toggle{color:#e6e6e6;background-color:transparent;background-image:none;-webkit-box-shadow:inset 0 0 0 1px #e6e6e6;box-shadow:inset 0 0 0 1px #e6e6e6}.bg-dark .btn-outline-secondary:not(:disabled):not(.disabled).active:focus,.bg-dark .btn-outline-secondary:not(:disabled):not(.disabled):active:focus,.show>.bg-dark .btn-outline-secondary.dropdown-toggle:focus{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:inset 0 3px 5px rgba(0,0,0,.125),0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-secondary:hover{-webkit-box-shadow:none;box-shadow:none}.bg-dark .btn-outline-secondary.focus,.bg-dark .btn-outline-secondary:focus{-webkit-box-shadow:0 0 0 .2rem hsla(0,0%,100%,.5);box-shadow:0 0 0 .2rem hsla(0,0%,100%,.5)}.bg-dark .btn-outline-secondary:not(:disabled):not(.disabled).active,.bg-dark .btn-outline-secondary:not(:disabled):not(.disabled):active,.show>.bg-dark .btn-outline-secondary.dropdown-toggle{-webkit-box-shadow:none;box-shadow:none}.form-group{position:relative;margin-bottom:4px;padding:1.5rem 0 1rem}.form-group button,.form-group input,.form-group optgroup,.form-group select,.form-group textarea{color:#17324d}.form-group label{position:absolute;color:#5c6f82;font-weight:600;line-height:40px;line-height:2.5rem;-webkit-transition:.2s ease-out;transition:.2s ease-out;top:24px;top:1.5rem;font-size:16px;font-size:1rem;cursor:text;display:block;width:100%;padding:0 .75rem;z-index:6}.form-group small.form-text{position:absolute;margin:0;padding:0 .75rem;font-size:12.432px;font-size:.777rem}.form-group.active label{-webkit-transform:translateY(-75%);transform:translateY(-75%);font-size:12.432px;font-size:.777rem}.form-group.active .ico-prefix,.form-group.active label{color:#5c6f82}.form-row .form-group{padding-bottom:0}input[type=date],input[type=datetime-local],input[type=email],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],select,textarea{border:none;border-bottom:1px solid #5c6f82;border-radius:0;outline:0;height:40px;height:2.5rem;width:100%;-webkit-box-shadow:none;box-shadow:none;-webkit-transition:all .3s;transition:all .3s;font-weight:700}select,textarea{border:1px solid #5c6f82}input[type=file]+label{background-color:transparent}.form-control-plaintext+label,.form-group input.form-control-file+label,.form-group label.active,.form-group select.form-control+label,.input-group+label,.input-group~label,:disabled .form-group label{-webkit-transform:translateY(-75%);transform:translateY(-75%);font-size:12.432px;font-size:.777rem;background:transparent}:disabled .form-group label{top:0}.form-group.active .form-file-name{padding-bottom:1.95rem}.form-control-plaintext{padding:.375rem .75rem;background-color:#fff}.form-control:active,.form-control:focus{-webkit-box-shadow:none!important;box-shadow:none!important}.custom-select.is-valid,.form-control.is-valid,.was-validated .custom-select:valid,.was-validated .form-control:valid{background-position:100%!important;background-repeat:no-repeat!important;background-size:45px 45%!important;background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%2300cc85' viewBox='0 0 192 512'%3E%3Cpath d='M435.848 83.466L172.804 346.51l-96.652-96.652c-4.686-4.686-12.284-4.686-16.971 0l-28.284 28.284c-4.686 4.686-4.686 12.284 0 16.971l133.421 133.421c4.686 4.686 12.284 4.686 16.971 0l299.813-299.813c4.686-4.686 4.686-12.284 0-16.971l-28.284-28.284c-4.686-4.686-12.284-4.686-16.97 0z'/%3E%3C/svg%3E")}.custom-select.is-invalid,.form-control.is-invalid,.was-validated .custom-select:invalid,.was-validated .form-control:invalid{background-position:100%!important;background-repeat:no-repeat!important;background-size:45px 45%!important;background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%23f73e5a' viewBox='0 0 384 512'%3E%3Cpath d='M231.6 256l130.1-130.1c4.7-4.7 4.7-12.3 0-17l-22.6-22.6c-4.7-4.7-12.3-4.7-17 0L192 216.4 61.9 86.3c-4.7-4.7-12.3-4.7-17 0l-22.6 22.6c-4.7 4.7-4.7 12.3 0 17L152.4 256 22.3 386.1c-4.7 4.7-4.7 12.3 0 17l22.6 22.6c4.7 4.7 12.3 4.7 17 0L192 295.6l130.1 130.1c4.7 4.7 12.3 4.7 17 0l22.6-22.6c4.7-4.7 4.7-12.3 0-17L231.6 256z'/%3E%3C/svg%3E")}.custom-select.warning,.form-control.warning{background-position:100%!important;background-repeat:no-repeat!important;background-size:25px 45%!important;border-color:#f90;background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%23f90' viewBox='0 0 192 512'%3E%3Cpath d='M176 432c0 44.112-35.888 80-80 80s-80-35.888-80-80 35.888-80 80-80 80 35.888 80 80zM25.26 25.199l13.6 272C39.499 309.972 50.041 320 62.83 320h66.34c12.789 0 23.331-10.028 23.97-22.801l13.6-272C167.425 11.49 156.496 0 142.77 0H49.23C35.504 0 24.575 11.49 25.26 25.199z'/%3E%3C/svg%3E")}.custom-select.is-valid~.warning-feedback,.form-control.is-valid~.warning-feedback{display:block}.warning-feedback{display:none;width:100%;margin-top:.25rem;font-size:12.432px;font-size:.777rem;color:#f90}.invalid-feedback,.valid-feedback,.warning-feedback{margin-left:.75rem}.form-file input[type=file]{filter:alpha(opacity=0);margin:0;max-width:100%;opacity:0}.form-file .form-file-name{border-bottom:1px solid rgba(0,0,0,.15);border-radius:0;color:#464a4c;left:0;overflow:hidden;padding:.5rem .6rem 2rem;max-height:32px;max-height:2rem;pointer-events:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;z-index:5}.form-file .form-file-name,.form-file .form-file-name:before{background-color:#fff;line-height:1.7;position:absolute;right:0;top:0}.form-file .form-file-name:before{bottom:-1px;color:#0073e6;content:"Sfoglia";display:block;height:40px;height:2.5rem;padding:.4rem 1rem 1.5rem;border:1px solid #0073e6;z-index:6;border-top-right-radius:4px}.input-group-text{background-color:#f8f8f8;border:0;border-radius:0!important;border-bottom:1px solid #555}.input-group-prepend{margin-right:0}.input-group-append{margin-left:0}.input-group-lg>.form-control,.input-group-lg>.input-group-append>.btn,.input-group-lg>.input-group-append>.input-group-text,.input-group-lg>.input-group-prepend>.btn,.input-group-lg>.input-group-prepend>.input-group-text{padding:0 1rem;border-radius:0}.ico-prefix{position:absolute;width:48px;width:3rem;font-size:28.8px;font-size:1.8rem;z-index:10;text-align:center}.ico-prefix~.form-file-name{padding-left:3.5rem}.ico-prefix~.select-wrapper .select-dropdown,.ico-prefix~input,.ico-prefix~label,.ico-prefix~textarea{padding-left:3rem}.form-group.active .ico-prefix~label,.ico-prefix~.custom-select~label,.ico-prefix~label.active{padding-left:.75rem}.form-group .form-check,.form-row .form-check,.row .form-check{padding-left:0;margin-top:1rem}.form-check [type=checkbox],.form-check [type=radio]{position:absolute;left:-9999px}.form-check [type=checkbox]+label,.form-check [type=radio]+label{position:relative;padding-left:36px;cursor:pointer;display:inline-block;height:32px;line-height:32px;font-size:16px;font-size:1rem;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.form-check [type=checkbox]+label:after,.form-check [type=checkbox]+label:before{content:"";left:0;position:absolute;-webkit-transition:.2s;transition:.2s;z-index:1;border-style:solid;border-width:2px}.form-check [type=checkbox]+label:before{top:0;width:17px;height:17px;border:1px solid #e6e9f2;border-radius:1px;margin:2px 5px;-webkit-transform:rotate(37deg);transform:rotate(37deg);-webkit-transform-origin:100% 100%;transform-origin:100% 100%}.form-check [type=checkbox]+label:after{border-radius:4px;height:20px;width:20px;margin:6px 5px;top:0}.form-check [type=checkbox]:checked+label:before{top:6px;left:1px;width:8px;height:13px;border-color:transparent #fff #fff transparent;border-style:solid;border-width:2px;-webkit-transform:rotate(40deg);transform:rotate(40deg);-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-transform-origin:100% 100%;transform-origin:100% 100%;opacity:.8}.form-check [type=checkbox]:checked+label:after{border-color:#0073e6;background-color:#0073e6;z-index:0}.form-check [type=checkbox]:not(:checked)+label:after{background-color:transparent;border-color:#5c6f82;z-index:0}.form-check [type=checkbox]:not(:checked)+label:before{width:0;height:0;border-color:transparent;left:6px;top:10px}.form-check [type=checkbox]:disabled+label{cursor:not-allowed}.form-check [type=checkbox]:disabled:not(:checked)+label:after{border-color:#e6e9f2;background-color:#fff}.form-check [type=checkbox]:disabled:checked+label:after{background-color:#e6e9f2;border-color:#e6e9f2}.form-check [type=radio]+label{-webkit-transition:.2s ease;transition:.2s ease}.form-check [type=radio]+label:after,.form-check [type=radio]+label:before{content:"";position:absolute;left:0;top:0;margin:5px;width:22px;height:22px;z-index:0;border-radius:50%;border-style:solid;border-width:2px;-webkit-transition:.2s ease;transition:.2s ease}.form-check [type=radio]:not(:checked)+label:after,.form-check [type=radio]:not(:checked)+label:before{border-color:#5c6f82}.form-check [type=radio]:not(:checked)+label:after{z-index:-1;-webkit-transform:scale(0);transform:scale(0)}.form-check [type=radio]:checked+label:after{border-color:#0073e6;background-color:#0073e6;z-index:0;-webkit-transform:scale(.64);transform:scale(.64)}.form-check [type=radio]:checked+label:before{border-color:#0073e6}.form-check [type=radio]:disabled+label{cursor:not-allowed}.form-check [type=radio]:disabled:not(:checked)+label:after,.form-check [type=radio]:disabled:not(:checked)+label:before{border-color:#e6e9f2}.form-check [type=radio]:disabled:checked+label:after{border-color:#e6e9f2;background-color:#e6e9f2}.form-check [type=radio]:disabled:checked+label:before{border-color:#e6e9f2}.form-check.form-check-group{padding:0 0 8px;margin-bottom:16px;-webkit-box-shadow:inset 0 -1px 0 0 rgba(1,1,1,.1);box-shadow:inset 0 -1px 0 0 rgba(1,1,1,.1)}.form-check.form-check-group [type=checkbox]+label,.form-check.form-check-group [type=radio]+label{position:static;padding-left:8px;padding-right:52px}.form-check.form-check-group [type=checkbox]+label:after,.form-check.form-check-group [type=checkbox]+label:before,.form-check.form-check-group [type=radio]+label:after,.form-check.form-check-group [type=radio]+label:before{right:15px;left:auto}.form-check.form-check-group [type=checkbox]:checked+label:before{right:26px}.form-check.form-check-group [type=radio]:checked+label:before{right:15px}.form-check.form-check-group .form-text{opacity:.6;margin:0;padding-left:8px;padding-right:52px}.toggles,.toggles *{-webkit-appearance:none;-moz-appearance:none;appearance:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.toggles label{cursor:pointer;width:100%;margin:0 8px 8px;height:32px;line-height:32px;font-weight:700}.toggles label input[type=checkbox]{opacity:0;width:0;height:0}.toggles label input[type=checkbox]+.lever{content:"";position:relative;width:46px;height:16px;background-color:#e6e9f2;border-radius:10px;-webkit-transition:background .3s ease;transition:background .3s ease;vertical-align:middle;float:right;margin:8px 16px 0}.toggles label input[type=checkbox]+.lever:after,.toggles label input[type=checkbox]+.lever:before{content:"";position:absolute;display:inline-block;width:26px;height:26px;border-radius:50%;left:0;top:-5px;left:-3px;-webkit-transition:left .3s ease,background .1s ease,-webkit-transform .1s ease;transition:left .3s ease,background .1s ease,-webkit-transform .1s ease;transition:left .3s ease,background .1s ease,transform .1s ease;transition:left .3s ease,background .1s ease,transform .1s ease,-webkit-transform .1s ease}.toggles label input[type=checkbox]+.lever:before{background-color:rgba(0,115,230,.15)}.toggles label input[type=checkbox]+.lever:after{background-color:#5c6f82;background-size:10px 10px;background-repeat:no-repeat;background-position:50%;background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg width='10' height='10' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M6.364 4.95l3.535 3.535L8.485 9.9 4.95 6.364 1.414 9.899 0 8.485 3.536 4.95 0 1.414 1.414 0 4.95 3.536 8.485 0 9.9 1.414 6.364 4.95z' fill='%23FFF' fill-rule='evenodd' opacity='.8'/%3E%3C/svg%3E");border:2px solid #fff}.toggles label input[type=checkbox]:checked+.lever{background-color:#e6e9f2}.toggles label input[type=checkbox]:checked+.lever:after,.toggles label input[type=checkbox]:checked+.lever:before{left:23px}.toggles label input[type=checkbox]:checked+.lever:after{background-color:#0073e6;background-size:14px 14px;background-repeat:no-repeat;background-position:50%;background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg width='14' height='11' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M4.879 7.536l7.07-7.072 1.415 1.415-7.071 7.07-1.414 1.415L.636 6.121 2.05 4.707 4.88 7.536z' fill='%23FFF' fill-rule='evenodd' opacity='.5'/%3E%3C/svg%3E")}.toggles label input[type=checkbox][disabled]+.lever{cursor:default;background-color:#e6e9f2}.toggles label input[type=checkbox][disabled]+.lever:after,.toggles label input[type=checkbox][disabled]:checked+.lever:after{background-color:#e6e9f2}.select-wrapper{position:relative}.select-wrapper .search-wrap input{width:100%;border:none;border-bottom:1px solid #0073e6;font-size:14.4px;font-size:.9rem;padding:0 .5em}.select-wrapper .dropdown-menu{background-color:#fff;border-radius:0;-webkit-box-shadow:0 2px 4px 3px rgba(0,0,0,.1);box-shadow:0 2px 4px 3px rgba(0,0,0,.1);margin:0;display:none;min-width:100px;max-height:240px;overflow-y:auto;position:absolute;padding:.3rem;z-index:999;will-change:width,height;list-style-type:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;width:100%}.select-wrapper .dropdown-menu.show{display:block}.select-wrapper .dropdown-menu li{clear:both;color:#000;cursor:pointer;line-height:32px;width:100%;text-align:left;text-transform:none}.select-wrapper .dropdown-menu li.optgroup>span{color:#ccc;padding:0}.select-wrapper .dropdown-menu li:not(.disabled):focus,.select-wrapper .dropdown-menu li:not(.disabled):hover{background-color:#eee}.select-wrapper .dropdown-menu li.active>span:after{content:"";background-image:url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI1MTIiIGhlaWdodD0iNTEyIiB2aWV3Qm94PSIwIDAgNDQ4LjggNDQ4LjgiPjxwYXRoIGZpbGw9IiMwMDZERjAiIGQ9Ik0xNDIuOCAzMjMuODVMMzUuNyAyMTYuNzUgMCAyNTIuNDVsMTQyLjggMTQyLjggMzA2LTMwNi0zNS43LTM1Ljd6Ii8+PC9zdmc+");background-size:16px 16px;background-repeat:no-repeat;background-position:50%;float:right;display:block;height:32px;width:16px;opacity:.5}.select-wrapper .dropdown-menu li>a,.select-wrapper .dropdown-menu li>span{font-size:14px;color:#5c6f82;font-weight:600;display:block;padding:0 .5rem}.select-wrapper .dropdown-menu li>a.filtrable label,.select-wrapper .dropdown-menu li>a [type=checkbox],.select-wrapper .dropdown-menu li>span.filtrable label,.select-wrapper .dropdown-menu li>span [type=checkbox]{display:none}.select-wrapper .dropdown-menu li.disabled>span{cursor:unset;color:#ccc}.select-wrapper .dropdown-menu li>a>i{height:inherit;line-height:inherit}.select-wrapper .select-dropdown{color:#17324d;border-bottom:1px solid #5c6f82;position:relative;cursor:pointer;background-color:transparent;outline:0;width:100%;font-size:16px;font-size:1rem;margin:0 0 15px;display:block;line-height:24px;padding:12px 38px 12px 16px}.select-wrapper .select-dropdown:disabled{color:rgba(0,0,0,.3);border-bottom-color:rgba(0,0,0,.3);cursor:default}.select-wrapper .select-dropdown ul{list-style-type:none;padding:0}.select-wrapper .select-dropdown ul li.disabled,.select-wrapper .select-dropdown ul li.disabled>span,.select-wrapper .select-dropdown ul li.optgroup{color:rgba(0,0,0,.3);background-color:transparent!important;cursor:context-menu}.select-wrapper .select-dropdown ul li.optgroup{border-top:1px solid #eee}.select-wrapper .select-dropdown ul li.optgroup.selected>span{color:rgba(0,0,0,.7)}.select-wrapper .select-dropdown ul li.optgroup>span{color:rgba(0,0,0,.4)}.select-wrapper .caret{color:#757575;position:absolute;right:12px;line-height:16px;top:calc(50% - 8px)}.select-wrapper .caret .disabled{color:rgba(0,0,0,.46)}.select-wrapper.show .select-dropdown{color:#0073e6;border-bottom:1px solid #0073e6}.select-wrapper.show .caret{color:#0073e6}.select-wrapper+label{padding:0 .75rem!important;position:absolute;top:-18px;font-size:12.8px;font-size:.8rem}.select-wrapper select.custom-select{display:none!important}.select-wrapper select:disabled{color:rgba(0,0,0,.3)}.btn-eye{background-position:50%!important;background-repeat:no-repeat!important;width:28px;height:22px;position:absolute;right:8px;right:.5rem;top:36px;top:2.25rem;z-index:10;color:#5c6f82;cursor:pointer}.eye-on{background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%235c6f82' viewBox='0 0 576 512'%3E%3Cpath d='M272.702 359.139c-80.483-9.011-136.212-86.886-116.93-167.042l116.93 167.042zM288 392c-102.556 0-192.092-54.701-240-136 21.755-36.917 52.1-68.342 88.344-91.658l-27.541-39.343C67.001 152.234 31.921 188.741 6.646 231.631a47.999 47.999 0 0 0 0 48.739C63.004 376.006 168.14 440 288 440a332.89 332.89 0 0 0 39.648-2.367l-32.021-45.744A284.16 284.16 0 0 1 288 392zm281.354-111.631c-33.232 56.394-83.421 101.742-143.554 129.492l48.116 68.74c3.801 5.429 2.48 12.912-2.949 16.712L450.23 509.83c-5.429 3.801-12.912 2.48-16.712-2.949L102.084 33.399c-3.801-5.429-2.48-12.912 2.949-16.712L125.77 2.17c5.429-3.801 12.912-2.48 16.712 2.949l55.526 79.325C226.612 76.343 256.808 72 288 72c119.86 0 224.996 63.994 281.354 159.631a48.002 48.002 0 0 1 0 48.738zM528 256c-44.157-74.933-123.677-127.27-216.162-135.007C302.042 131.078 296 144.83 296 160c0 30.928 25.072 56 56 56s56-25.072 56-56l-.001-.042c30.632 57.277 16.739 130.26-36.928 171.719l26.695 38.135C452.626 346.551 498.308 306.386 528 256z'/%3E%3C/svg%3E")}.eye-off{background:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%235c6f82' viewBox='0 0 576 512'%3E%3Cpath d='M569.354 231.631C512.97 135.949 407.81 72 288 72 168.14 72 63.004 135.994 6.646 231.631a47.999 47.999 0 0 0 0 48.739C63.031 376.051 168.19 440 288 440c119.86 0 224.996-63.994 281.354-159.631a47.997 47.997 0 0 0 0-48.738zM288 392c-102.556 0-192.091-54.701-240-136 44.157-74.933 123.677-127.27 216.162-135.007C273.958 131.078 280 144.83 280 160c0 30.928-25.072 56-56 56s-56-25.072-56-56l.001-.042C157.794 179.043 152 200.844 152 224c0 75.111 60.889 136 136 136s136-60.889 136-136c0-31.031-10.4-59.629-27.895-82.515C451.704 164.638 498.009 205.106 528 256c-47.908 81.299-137.444 136-240 136z'/%3E%3C/svg%3E")}.psw-wrapper{padding:0 .75rem}.psw-meter{height:3px;max-width:180px}.psw-meter .col-3{height:3px}.psw-percent,.psw-text{font-size:12px;font-size:.75rem;display:block;padding:.25rem 0;font-weight:500}.psw-percent{margin-right:5px}@-webkit-keyframes dropdownFadeIn{0%{opacity:0;margin-top:0}to{opacity:1;margin-top:16px}}@keyframes dropdownFadeIn{0%{opacity:0;margin-top:0}to{opacity:1;margin-top:16px}}@-webkit-keyframes dropdownFadeInTop{0%{opacity:0;margin-top:0}to{opacity:1;margin-top:-16px}}@keyframes dropdownFadeInTop{0%{opacity:0;margin-top:0}to{opacity:1;margin-top:-16px}}.btn-dropdown{color:#06c;padding:0 4px;background-color:transparent;font-size:16px;font-size:1rem;border-radius:0}.btn-dropdown:not(:disabled):not(.disabled):active{-webkit-box-shadow:none;box-shadow:none}.btn-dropdown:after{content:"";font-size:12.8px;font-size:.8rem;font-family:italia-icon-font;font-style:normal;font-weight:400;speak:none;border:none;display:inline-block;vertical-align:0;width:auto;height:auto;-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s}.btn-dropdown[aria-expanded=true]:after{-webkit-transform:scaleY(-1);transform:scaleY(-1)}.dropdown-menu{border-radius:0 0 4px 4px}.dropdown-menu.full-width{width:100%}.dropdown-menu.full-width .link-list li{display:inline-block;width:auto}.dropdown-menu.full-width .link-list li:focus,.dropdown-menu.full-width .link-list li:hover{background:none;text-decoration:underline}.dropdown-menu .link-list{margin-bottom:0}.dropdown-menu .link-list h3{line-height:2.3em;margin-bottom:0}.dropdown-menu:before{content:"";position:absolute;top:-6px;left:24px;width:18px;height:18px;border-radius:4px;background-color:#fff;-webkit-transform:rotate(45deg);transform:rotate(45deg)}.dropdown-menu[x-placement=top-start]{border-radius:4px 4px 0 0}.dropdown-menu[x-placement=top-start]:before{bottom:-6px;top:auto}.dropdown-menu.dark{background-color:#435a70}.dropdown-menu.dark .link-list-wrapper ul span.divider{background:#2e465e}.dropdown-menu.dark .link-list-wrapper ul li a:hover span,.dropdown-menu.dark .link-list-wrapper ul li a span,.dropdown-menu.dark .link-list-wrapper ul li h3,.dropdown-menu.dark .link-list-wrapper ul li i{color:#fff}.dropdown-menu.dark .link-list-wrapper ul li a:not(.active):not(.disabled):hover i{color:#4fe0dc}.dropdown-menu.dark .link-list-wrapper ul li a.disabled span{color:#adb2b8}.dropdown-menu.dark:before{background-color:#435a70}nav.pagination-wrapper{display:-webkit-box;display:-ms-flexbox;display:flex}nav.pagination-wrapper,nav.pagination-wrapper.pagination-total{-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}nav.pagination-wrapper.pagination-total{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}nav.pagination-wrapper.pagination-total ul{margin-bottom:.5rem}nav.pagination-wrapper.pagination-total p{font-size:14.222px;font-size:.8888888889rem;color:#5b6f82;margin-bottom:1rem;font-weight:600;text-align:center}nav.pagination-wrapper .form-group{margin-left:2.5rem;width:72px;width:4.5rem;margin-top:0}nav.pagination-wrapper .form-group label{font-size:14.222px;font-size:.8888888889rem;color:#9da2a6}nav.pagination-wrapper .form-group.active label{font-size:12.8px;font-size:.8rem}nav.pagination-wrapper .btn.dropdown-toggle{font-size:14.222px;font-size:.8888888889rem;color:#5b6f82;font-weight:600;padding:12px;height:40px;height:2.5rem;border:none;width:100%}nav.pagination-wrapper .btn.dropdown-toggle:after{color:#0073e6;margin-left:.5rem}.pagination{-ms-flex-wrap:wrap;flex-wrap:wrap}.pagination .page-item{margin-right:5px}.pagination .page-item.disabled a.page-link,.pagination .page-item.disabled a.page-link i[class^=it-]{color:#c2c7cc}.pagination .page-item span.page-link{pointer-events:none}.pagination .page-item .page-link{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;height:40px;height:2.5rem;min-width:40px;min-width:2.5rem;border-radius:4px;border:none;font-size:14.222px;font-size:.8888888889rem;font-weight:600;color:#5b6f82;background-color:transparent}.pagination .page-item .page-link[aria-current]{border:1px solid #06c;color:#06c;pointer-events:none}.pagination .page-item .page-link.text,.pagination .page-item .page-link i[class^=it-]{color:#0073e6}.pagination .page-item .page-link i[class^=it-]{font-size:11.2px;font-size:.7rem}.pagination .page-item .page-link span.d-inline-block{margin-right:.5rem}.pagination .page-item .page-link:hover{color:#06c;background-color:transparent}.pagination .page-item .page-link:hover i[class^=it-]{color:#06c}@media (min-width:576px){.pagination .page-item .page-link{height:2.6666666667rem;min-width:2.6666666667rem}nav.pagination-wrapper .btn.dropdown-toggle{height:2.6666666667rem}}@media (min-width:768px){nav.pagination-wrapper{-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}nav.pagination-wrapper .dropdown{margin-left:2.6666666667rem}}@media (max-width:767.98px){.offcanvas-collapse{position:fixed;top:56px;bottom:0;left:1em;width:100%;overflow-y:auto;background-color:#323333;-webkit-transition:-webkit-transform .3s ease-in-out;transition:-webkit-transform .3s ease-in-out;transition:transform .3s ease-in-out;transition:transform .3s ease-in-out,-webkit-transform .3s ease-in-out;-webkit-transform:translateX(100%);transform:translateX(100%)}.offcanvas-collapse.open{-webkit-transform:translateX(-1rem);transform:translateX(-1rem)}}.nav-tabs{position:relative;background-color:#fff;border-bottom:0}.nav-tabs:after{content:"";position:absolute;z-index:-1;-webkit-box-shadow:0 0 2rem rgba(0,0,0,.15);box-shadow:0 0 2rem rgba(0,0,0,.15);bottom:0;left:10%;right:10%;width:80%;height:50%;border-radius:100%}.nav-tabs .nav-link{border-radius:0;font-weight:600;color:#5c6f82;border:none;border-bottom:2px solid transparent}.nav-tabs .nav-link.disabled{color:#b1b1b3;font-weight:400}.nav-tabs .nav-item.show .nav-link,.nav-tabs .nav-link.active{border-bottom:2px solid #06c;color:#06c;cursor:inherit}.nav-tabs .nav-item{margin-bottom:0}.nav-tabs.nav-dark{background-color:#455b71}.nav-tabs.nav-dark .nav-link{color:#c7d1d0}.nav-tabs.nav-dark .nav-item.show .nav-link,.nav-tabs.nav-dark .nav-link.active{background-color:#455b71;color:#00fff7;border-bottom:2px solid #00fff7}.it-ico-sm{font-size:28px;font-size:1.75rem}.it-ico{font-size:20px;font-size:1.25rem}.it-ico-lg{font-size:24px;font-size:1.5rem}.cookiebar{bottom:0;left:0;right:0;display:none;position:fixed;width:100%;z-index:1100}.cookiebar.cookiebar-top{bottom:auto;top:0}.cookiebar.show{display:block}.hero{padding:1rem;margin-bottom:1rem;background-color:#cacacc;border-radius:0}@media (min-width:576px){.hero{padding:1rem}}.hero .hero-heading{font-size:32px;font-size:2rem;font-weight:700;color:#00264d;margin-bottom:.8rem}.hero-fluid{padding-right:0;padding-left:0;border-radius:0}.forward{display:block;text-align:center;font-size:48px;font-size:3rem;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.forward:hover{text-decoration:none}.return-to-top{position:fixed;bottom:16px;right:16px;background:#0073e6;background:rgba(0,115,230,.7);width:48px;height:48px;display:block;text-decoration:none;border-radius:50%;display:none;text-align:center;z-index:1}.return-to-top,.return-to-top i{-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.return-to-top i{color:#fff;margin:0;position:relative;top:8px;font-size:20px}.return-to-top i:before{margin:0}.return-to-top:hover{background:rgba(0,115,230,.9);text-decoration:none}.return-to-top:hover i{color:#fff;top:4px}.autocomplete-clear{visibility:hidden;position:absolute;z-index:2;right:4px;right:.25rem;top:8px;top:.5rem;background:transparent;border:none;cursor:pointer}.autocomplete-clear svg{fill:#a6a6a6}.autocomplete-wrap{position:absolute;left:0;right:0;background:#fff;-webkit-box-shadow:0 2px 5px rgba(0,0,0,.25);box-shadow:0 2px 5px rgba(0,0,0,.25);z-index:100;max-height:240px;overflow-y:auto;padding-left:0;list-style-type:none}.autocomplete-wrap li{cursor:pointer;padding:12px 16px;font-size:14px;font-size:.875rem}.autocomplete-wrap li:hover{background:#eee}.link-list-wrapper ul{padding:0;list-style-type:none}.link-list-wrapper ul.link-sublist{padding-left:24px}.link-list-wrapper ul li a{font-size:.889em;line-height:2.3em;display:block;padding:0 24px;position:relative}.link-list-wrapper ul li a:hover:not(.disabled){text-decoration:none}.link-list-wrapper ul li a:hover:not(.disabled) span{color:#06c;text-decoration:underline}.link-list-wrapper ul li a:hover:not(.disabled) p{color:#06c;text-decoration:none}.link-list-wrapper ul li a.disabled:hover{text-decoration:none}.link-list-wrapper ul li a.medium{font-weight:600}.link-list-wrapper ul li a span{color:#06c;display:block;margin-right:24px}.link-list-wrapper ul li a.right-icon i.right{position:absolute;top:0;right:24px;-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s}.link-list-wrapper ul li a.right-icon i.right.secondary{color:#9da2a6}.link-list-wrapper ul li a.right-icon[aria-expanded=true] i.right{-webkit-transform:scaleY(-1);transform:scaleY(-1)}.link-list-wrapper ul li a.active span{color:#17324d;text-decoration:underline}.link-list-wrapper ul li a.disabled{cursor:not-allowed}.link-list-wrapper ul li a.disabled.left-icon i,.link-list-wrapper ul li a.disabled.left-icon i.secondary,.link-list-wrapper ul li a.disabled.right-icon i,.link-list-wrapper ul li a.disabled.right-icon i.secondary,.link-list-wrapper ul li a.disabled span{color:#adb2b8}.link-list-wrapper ul li a.left-icon{display:-webkit-box;display:-ms-flexbox;display:flex}.link-list-wrapper ul li a.left-icon i.left{margin-right:8px}.link-list-wrapper ul li a.large{font-size:1em}.link-list-wrapper ul li a p{font-size:.778em;line-height:normal;color:#5b6f82}.link-list-wrapper ul li a.avatar{display:-webkit-box;display:-ms-flexbox;display:flex;margin-bottom:8px}.link-list-wrapper ul li a.avatar .avatar{display:block;border-radius:50px;margin-right:8px}.link-list-wrapper ul li h3{font-size:1em;color:#17324d;padding:0 24px}.link-list-wrapper ul li h3 a{line-height:inherit;font-size:1em;padding:0}.link-list-wrapper ul .divider{display:block;height:1px;background:#ebeced;margin:8px 0}.link-list-wrapper ul .toggles label{padding:0 24px;font-size:.889em;line-height:2.3em;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;height:auto;font-weight:inherit;margin:0}.link-list-wrapper ul .toggles input[type=checkbox]+.lever{margin:8px 0 0}.link-list-wrapper ul .form-check.form-check-group{padding:0 24px;-webkit-box-shadow:none;box-shadow:none}.link-list-wrapper ul .form-check.form-check-group [type=checkbox]+label{padding-left:0;font-size:.889em;line-height:2.3em;height:inherit;margin-bottom:0}.link-list-wrapper ul .form-check.form-check-group [type=checkbox]+label:after{right:24px}.link-list-wrapper ul .form-check.form-check-group [type=checkbox]+label:before{right:35px}.link-list-wrapper ul .form-check.form-check-group [type=checkbox][disabled]+label{color:#adb2b8}@media (min-width:576px){.link-list-wrapper ul li a.large{font-size:1em;line-height:2.7em}}@media (min-width:768px){.link-list-wrapper ul li a.large{line-height:2.7em}}@-webkit-keyframes megamenuFadeIn{0%{opacity:0;margin-top:16px}to{opacity:1;margin-top:16px}}@keyframes megamenuFadeIn{0%{opacity:0;margin-top:16px}to{opacity:1;margin-top:16px}}.navbar{background:#06c}.navbar .navbar-collapsable{position:fixed;top:0;right:0;left:0;bottom:0;z-index:10;background:rgba(0,0,0,.6);display:none}.navbar .navbar-collapsable .menu-wrapper{background:#06c;position:absolute;top:0;bottom:0;right:0;left:48px;pointer-events:all;overflow-y:auto;-webkit-transform:translateX(100%);transform:translateX(100%);-webkit-transition:all .3s;transition:all .3s}.navbar .navbar-collapsable .navbar-nav{margin-top:102px;padding:24px 0}.navbar .navbar-collapsable .navbar-nav li a.nav-link{color:#fff;font-weight:400;padding:12px 24px;position:relative}.navbar .navbar-collapsable .navbar-nav li a.nav-link.active{border-left:2px solid #fff}.navbar .navbar-collapsable.expanded .close-div,.navbar .navbar-collapsable.expanded .menu-wrapper{-webkit-transform:translateX(0);transform:translateX(0)}.navbar .close-div{-webkit-transform:translateX(100%);transform:translateX(100%);padding:24px;position:fixed;left:48px;right:0;top:0;background:#06c;z-index:10;-webkit-transition:all .3s;transition:all .3s}.navbar .close-div .close-menu{background:transparent;color:#fff;text-align:center;font-size:.75em;text-transform:uppercase;padding:0}.navbar .close-div .close-menu span{display:block;text-align:center;font-size:2em}.navbar .close-div .close-menu span:before{margin-right:0}.navbar .dropdown-menu{background:transparent;-webkit-box-shadow:none;box-shadow:none}.navbar .dropdown-menu:before{display:none}.navbar .dropdown-menu .link-list-wrapper{padding-left:24px;padding-right:24px}.navbar .dropdown-menu .link-list-wrapper ul li a h3,.navbar .dropdown-menu .link-list-wrapper ul li a span,.navbar .dropdown-menu .link-list-wrapper ul li h3{color:#fff}.navbar .dropdown-toggle{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between}.navbar .dropdown-toggle:after{font-family:italia-icon-font;font-style:normal;font-weight:400;speak:none;display:inline-block;text-decoration:inherit;width:auto;height:auto;margin-right:.2em;text-align:center;font-variant:normal;text-transform:none;line-height:1em;content:"\e818";vertical-align:auto;border:none;border-bottom:0;font-size:.8em;line-height:2em;-webkit-transform-origin:center;transform-origin:center;-webkit-transition:all .3s;transition:all .3s}.navbar .dropdown-toggle[aria-expanded=true]:after{-webkit-transform:scaleY(-1);transform:scaleY(-1)}.custom-navbar-toggler{background:none;border:none}.custom-navbar-toggler span{color:#fff;font-size:1.625em}.inline-menu .link-list-wrapper .link-list,.inline-menu .link-list-wrapper .link-list li a{position:relative}.inline-menu .link-list-wrapper .link-list li a i{color:#6aaaeb}.inline-menu .link-list-wrapper .link-list li a:after{content:"";display:block;width:2px;background:#06c;position:absolute;right:0;top:0;height:100%;-webkit-transform-origin:center;transform-origin:center;-webkit-transform:scaleY(0);transform:scaleY(0);-webkit-transition:all .3s;transition:all .3s;z-index:1}.inline-menu .link-list-wrapper .link-list li a.active span{color:#06c;text-decoration:none}.inline-menu .link-list-wrapper .link-list li a[aria-expanded=true]:after{-webkit-transform:scaleY(1);transform:scaleY(1)}.inline-menu .link-list-wrapper .link-list:after{content:"";display:block;width:2px;background:-webkit-gradient(linear,left top,left bottom,from(#e6ecf2),to(rgba(230,236,242,.3)));background:linear-gradient(180deg,#e6ecf2 0,rgba(230,236,242,.3));position:absolute;right:0;top:0;height:100%}@media (min-width:992px){.navbar{background:#06c;padding:0}.navbar .navbar-collapsable{position:relative;z-index:auto;background:none;display:block!important}.navbar .navbar-collapsable,.navbar .navbar-collapsable .menu-wrapper{top:auto;right:auto;left:auto;bottom:auto;-webkit-transition:none;transition:none}.navbar .navbar-collapsable .menu-wrapper{position:inherit;overflow-y:visible;-webkit-transform:none;transform:none}.navbar .navbar-collapsable .navbar-nav{margin-top:0;padding:0 24px}.navbar .navbar-collapsable .navbar-nav li a.nav-link{font-weight:400;padding:12px 24px}.navbar .navbar-collapsable .navbar-nav li a.nav-link.active{border-left:0;border-bottom:2px solid #fff}.navbar .navbar-collapsable .navbar-nav li a.nav-link.disabled{opacity:.5;cursor:not-allowed}.navbar .close-div{display:none}.navbar .dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;float:left;min-width:10rem;padding:.5rem 0;margin:.125rem 0 0;font-size:1rem;color:#19191a;text-align:left;list-style:none;background-color:#fff;background-clip:padding-box;border:0 solid transparent;border-radius:4px;-webkit-box-shadow:0 0 30px 5px rgba(0,0,0,.05);box-shadow:0 0 30px 5px rgba(0,0,0,.05)}.navbar .dropdown-menu.show{-webkit-animation:dropdownFadeIn .3s forwards;animation:dropdownFadeIn .3s forwards;top:calc(100% - 16px)}.navbar .dropdown-menu:before{display:block}.navbar .dropdown-menu .link-list-wrapper{padding-left:0;padding-right:0}.navbar .dropdown-menu .link-list-wrapper ul li a h3,.navbar .dropdown-menu .link-list-wrapper ul li a span{color:#06c}.navbar .dropdown-menu .link-list-wrapper ul li h3{color:#19191a}.navbar .dropdown-toggle{display:block;-webkit-box-pack:inherit;-ms-flex-pack:inherit;justify-content:inherit}.navbar .dropdown-toggle:after{content:"";font-size:.8rem;font-family:italia-icon-font;font-style:normal;font-weight:400;speak:none;border:none;display:inline-block;vertical-align:0;width:auto;height:auto;-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s}.navbar.megamenu .navbar-collapsable{width:100%}.navbar.megamenu .navbar-collapsable .nav-item{position:static}.navbar.megamenu .navbar-collapsable .nav-item a{position:relative}.navbar.megamenu .navbar-collapsable .nav-item a:before{content:"";position:absolute;top:auto;bottom:-12px;left:24px;width:18px;height:18px;border-radius:4px;background-color:#fff;-webkit-transform:rotate(45deg);transform:rotate(45deg);opacity:0;-webkit-transition:opacity .3s;transition:opacity .3s}.navbar.megamenu .navbar-collapsable .nav-item.show a:before{opacity:1}.navbar.megamenu .navbar-collapsable .dropdown-menu{min-width:auto;left:24px;right:24px}.navbar.megamenu .navbar-collapsable .dropdown-menu:before{display:none}.navbar.megamenu .navbar-collapsable .dropdown-menu.show{-webkit-animation:megamenuFadeIn .3s forwards;animation:megamenuFadeIn .3s forwards}.custom-navbar-toggler{display:none}}.skiplinks{background-color:#0bd9d2;text-align:center}.skiplinks a{display:inline-block;padding:.5rem;display:block;font-weight:600;color:#5b6f82;text-decoration:underline}.componente-base{background-color:#0073e6;color:#fff;cursor:pointer;padding:8px}.focus--keyboard,.form-check [type=checkbox]:focus+label,.toggles label input[type=checkbox]:focus+.lever{border-color:#f90;-webkit-box-shadow:0 0 6px 2px #f90;box-shadow:0 0 6px 2px #f90;outline:none}.focus--mouse,.form-check [type=checkbox]:focus.focus--mouse+label,.toggles label input[type=checkbox]:focus.focus--mouse+.lever{border-color:inherit;-webkit-box-shadow:none;box-shadow:none;outline:none}.bg-primary--dark{background-color:#06c}.bg-primary--mid-dark{background-color:#004e95}.bg-primary--darken{background-color:#002b4d}.text-grey{color:#ccc}.text-sans-serif{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}.text-serif{font-family:Lora,serif}.text-light-blue{color:#e6f3fe}.text-blue{color:#0073e6}.border-dark-blue{border-color:#193e5e!important}.border-medium-blue{border-color:#06c!important}.border-grey-light{border-color:#eaebed!important}.border-width-2{border-width:2px!important}.stopScrolling--vertical{overflow-y:hidden}.deactive{display:none!important}@font-face{font-family:docs-icons;src:url(../font/docs.eot);src:url(../font/docs-italia.eot#iefix) format("embedded-opentype"),url(../font/docs-italia.ttf) format("truetype"),url(../font/docs-italia.woff) format("woff"),url(../font/docs-italia.svg#docs) format("svg");font-weight:400;font-style:normal}[class*=" docs-icon-"],[class^=docs-icon-]{font-family:docs-icons!important;speak:none;font-style:normal;font-weight:400;font-variant:normal;text-transform:none;line-height:1;vertical-align:middle;color:inherit;font-size:20.8px;font-size:1.3rem;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.docs-icon-more:before{content:""}.docs-icon-expand:before{content:""}.docs-icon-collapse:before{content:""}.docs-icon-plus:before{content:""}.docs-icon-minus:before{content:""}.docs-icon-document:before{content:""}.docs-icon-edit:before{content:""}.docs-icon-download:before{content:""}.docs-icon-info:before{content:""}.docs-icon-compare:before{content:""}.docs-icon-github:before{content:""}.docs-icon-share:before{content:""}.docs-icon-search:before{content:""}.docs-icon-link:before{content:""}.docs-icon-external-link:before{content:""}.docs-icon-comment:before{content:""}.docs-icon-attention:before,.docs-icon-warning:before{content:""}.docs-icon-example:before{content:""}.docs-icon-procedure:before{content:""}.docs-icon-hint:before{content:""}.docs-icon-note:before{content:""}.docs-icon-step:before{content:""}.docs-icon-pdf:before{content:""}.docs-icon-html:before{content:""}.docs-icon-project:before{content:""}.docs-icon-publisher:before{content:""}.docs-icon-docs:before{content:""}.docs-icon-user:before{content:""}.small{font-size:14px}.navbar-dark--text-white{color:#fff}.navbar-dark .lang-selector .nav-link,.navbar-dark .navbar-nav .nav-link{color:#fff!important}.navbar.bg-white{background-color:#fff}.navbar.primary-bg-a7{background-color:#0059b3}@media (min-width:992px){.dropdown-menu.dropdown-menu-right:before{right:24px;left:auto}}@media (min-width:992px){.navbar .dropdown-menu.dropdown-menu-right{left:auto;right:0}}@media (max-width:991.98px){.dropdown-menu-right{right:auto;left:auto}}.btn-group.show .dropdown-menu[x-placement=bottom-start],.dropdown.show .dropdown-menu[x-placement=bottom-start]{-webkit-animation:dropdownFadeIn .3s forwards;animation:dropdownFadeIn .3s forwards}.btn-group.show .dropdown-menu[x-placement=top-start],.dropdown.show .dropdown-menu[x-placement=top-start]{-webkit-animation:dropdownFadeInTop .3s forwards;animation:dropdownFadeInTop .3s forwards}.dropdown-menu[x-placement^=bottom],.dropdown-menu[x-placement^=left],.dropdown-menu[x-placement^=right],.dropdown-menu[x-placement^=top]{right:auto;bottom:auto}.dropdown-menu:before{z-index:-1}.injected{display:none}body{color:#596771;background-color:#002b4d}body.no-scroll{overflow-y:hidden}p{font-family:Lora,serif}h1,h2,h3,h4,h5{color:#000;margin-bottom:2rem}img{max-width:100%;height:auto}.container-fluid--desktop{max-width:1450px}@-webkit-keyframes pulsate{0%{-webkit-transform:scale(.1);transform:scale(.1);opacity:0}50%{opacity:1}to{-webkit-transform:scale(1.2);transform:scale(1.2);opacity:0}}@keyframes pulsate{0%{-webkit-transform:scale(.1);transform:scale(.1);opacity:0}50%{opacity:1}to{-webkit-transform:scale(1.2);transform:scale(1.2);opacity:0}}.loading{overflow:hidden}.loading:after{position:absolute;background:#0073e6;height:100%;width:100%;z-index:10;content:"";left:0;top:0}.loading:before{border:5px solid #fff;margin:-15px 0 0 -15px;border-radius:30px;position:absolute;content:"";z-index:11;height:30px;left:50%;top:50%;opacity:0;width:30px;-webkit-animation:pulsate 1s ease-out;animation:pulsate 1s ease-out;-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite}.loading.no-bg:after{background:none;position:relative}.dropdown-menu{background-color:#fff;padding:.5rem;margin:0;border-radius:.2rem;-webkit-box-shadow:2px 2px 8px 0 rgba(0,0,0,.35);box-shadow:2px 2px 8px 0 rgba(0,0,0,.35);z-index:100}.dropdown-menu .dropdown-item{color:#0073e6}.dropdown-menu .dropdown-item.active,.dropdown-menu .dropdown-item:active{font-weight:600;text-decoration:inherit;background-color:inherit}#version-list .dropdown-toggle .current-version{max-width:8em;text-overflow:ellipsis;overflow:hidden;display:inline-block;font-size:inherit;font-weight:400}#version-list .version-list-wrapper{max-height:10.2em;max-width:18em;overflow-y:scroll}#version-list .dropdown-item{text-overflow:ellipsis;max-width:16em;overflow-x:hidden}.document-actions .dropdown-toggle:after{vertical-align:middle;line-height:1.5}@media (max-width:767.98px){.document-actions .dropdown-toggle:after{font-family:italia-icon-font!important;border:none;margin:0 2em 0 0;width:auto;height:auto;float:right;content:"\e818";vertical-align:middle;font-size:.8em;line-height:2em;-webkit-transform-origin:center;transform-origin:center;-webkit-transition:all .3s;transition:all .3s}.document-actions .dropdown-toggle[aria-expanded=true]:after{-webkit-transform:scaleY(-1);transform:scaleY(-1)}.document-actions .dropdown-toggle:hover{text-decoration:none}.document-actions .dropdown-menu.show{position:static!important;-webkit-transform:none!important;transform:none!important;-webkit-box-shadow:none;box-shadow:none;padding:0;margin-top:16px;-webkit-animation:none;animation:none}.document-actions .dropdown-menu.show:before{display:none}}.header{font-size:16px;font-size:1rem}.header .navbar-brand{font-size:14.224px;font-size:.889rem;font-weight:600}.header .navbar-brand a{text-decoration:none}.header .navbar .dropdown-toggle:after{margin:0 .2rem;font-size:11.2px;font-size:.7rem}.header .nav-item{margin-left:.2rem}@media (min-width:992px){.header .nav-item{border-left:0;margin-left:0}}.header .nav-item.active{font-weight:600}.header .nav-item:not(.nav-text):not(.nav-item--no-underline).active,.header .nav-item:not(.nav-text):not(.nav-item--no-underline):hover{border-left:.2rem solid #fff;margin-left:0}@media (min-width:992px){.header .nav-item:not(.nav-text):not(.nav-item--no-underline).active,.header .nav-item:not(.nav-text):not(.nav-item--no-underline):hover{border-left:0;margin-left:0;border-bottom:2px solid #fff;margin-bottom:0}}.slim-header{font-size:14.224px;font-size:.889rem}.slim-header .navbar-toggler .navbar__icon{font-size:11.2px;font-size:.7rem;line-height:3em;display:inline-block;-webkit-transform:scaleY(-1);transform:scaleY(-1);-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s}.slim-header .navbar-toggler.collapsed .navbar__icon{-webkit-transform:scaleY(1);transform:scaleY(1)}.slim-header .navbar-toggler .dropdown-toggle:after{content:""}.slim-header.navbar .divider{border-top:.05rem solid #799ebc;padding-right:1px;width:10%;margin-top:.75rem;margin-bottom:1rem;margin-left:.2rem;padding-bottom:1px}.slim-header.navbar .divider:first-child{margin-top:1px}.slim-header.navbar .divider.divider--w-100{width:100%}@media (min-width:992px){.slim-header.navbar .divider.divider--w-100{width:inherit}}@media (min-width:992px){.slim-header.navbar .divider{border-top:0;width:inherit;margin-top:inherit;margin-bottom:inherit;border-right:.05rem solid #06c;padding-right:1px;margin-left:0}}.secondary-nav{font-weight:600}@media (max-width:991.98px){.secondary-nav.secondary-nav--offcanvas{-webkit-transform:translateX(-100%);transform:translateX(-100%);z-index:10;background-color:#fff;color:#06c;-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s;-webkit-transition-timing-function:ease-in-out;transition-timing-function:ease-in-out;position:fixed;top:0;left:0;bottom:0;right:25%;overflow-y:auto}.secondary-nav.secondary-nav--offcanvas.active{-webkit-transform:translateX(0);transform:translateX(0)}}.secondary-nav .navbar-nav li{padding:.5rem;border-bottom:.2rem solid transparent}.secondary-nav .nav-item:not(.nav-text):not(.nav-item--no-underline).active,.secondary-nav .nav-item:not(.nav-text):not(.nav-item--no-underline):hover{border-bottom:.2rem solid #fff}@media (max-width:991.98px){.article-intro-more .dropdown.show:before{content:"";width:100vw;height:100%;position:fixed;top:0;left:0;background-color:rgba(0,0,0,.5);z-index:999}}.article-intro-more .dropdown .dropdown-toggle:after{display:none}.article-intro-more .dropdown .dropdown-menu{background-color:#fff;padding:.5rem;margin:0;border-radius:.2rem;-webkit-box-shadow:2px 2px 8px 0 rgba(0,0,0,.35);box-shadow:2px 2px 8px 0 rgba(0,0,0,.35);z-index:100}@media (max-width:991.98px){.article-intro-more .dropdown .dropdown-menu{position:fixed!important;z-index:1001!important;top:calc(50% - 140px)!important;left:calc(50% - 140px)!important;-webkit-transform:none!important;transform:none!important}.article-intro-more .dropdown .dropdown-menu:before{display:none}}.article-intro-more .dropdown .dropdown-menu .dropdown-item{color:#0073e6}@media (max-width:991.98px){.lang-selector .dropdown.show:before{content:"";width:100vw;height:100%;position:fixed;top:0;left:0;background-color:rgba(0,0,0,.5);z-index:999}}.lang-selector .dropdown .dropdown-menu{background-color:#fff;padding:.5rem;margin:0;border-radius:.2rem;-webkit-box-shadow:2px 2px 8px 0 rgba(0,0,0,.35);box-shadow:2px 2px 8px 0 rgba(0,0,0,.35);z-index:100}@media (max-width:991.98px){.lang-selector .dropdown .dropdown-menu{position:fixed!important;z-index:1001!important;top:calc(50% - 80px)!important;left:calc(50% - 80px)!important;-webkit-transform:none!important;transform:none!important}.lang-selector .dropdown .dropdown-menu:before{display:none}}.lang-selector .dropdown .dropdown-menu .dropdown-item{color:#0073e6}.lang-selector .dropdown .dropdown-menu .dropdown-item.active,.lang-selector .dropdown .dropdown-menu .dropdown-item:active{font-weight:600;text-decoration:inherit;background-color:inherit}.h1--header{font-size:21.328px;font-size:1.333rem;font-weight:600;line-height:1.2;letter-spacing:unset}@media (min-width:576px){.h1--header{font-size:1.8rem}}.h1--header span{font-size:11.2px;font-size:.7rem;font-weight:400}.svg--header{width:39px;height:36px}@media (min-width:576px){.svg--header{width:65px;height:60px}}.h2--header{font-size:14px;font-weight:300;letter-spacing:unset}.docs__document-info{color:#fff;font-size:14.4px;font-size:.9rem;vertical-align:bottom}.docs__document-info .docs__document-info__icon{font-size:19.2px;font-size:1.2rem;vertical-align:bottom}.docs__document-info .docs__document-info__ownership .docs__document-info__label{font-size:12.8px;font-size:.8rem}.docs__document-info .docs__document-info__ownership .docs__document-info__icon{font-size:16px;font-size:1rem}.doc-header{-webkit-box-shadow:0 0 120px 0 rgba(0,0,0,.1);box-shadow:0 0 120px 0 rgba(0,0,0,.1);position:relative;z-index:10;color:#0073e6;font-size:16px;font-weight:600}.doc-header .progress-container{width:100%;height:4px;height:.25rem;background:#e6f3fe}.doc-header .progress-bar{height:4px;height:.25rem;background:#06c;width:0}.docs-italia #cerca{border:1px solid #ccc;font-size:12.8px;font-size:.8rem;font-weight:100}.docs-italia #cerca::-webkit-input-placeholder{color:#ccc}.docs-italia #cerca::-moz-placeholder{color:#ccc}.docs-italia #cerca::-ms-input-placeholder{color:#ccc}.docs-italia #cerca::placeholder{color:#ccc}.social{color:#fff}.social .social__label{font-size:15.2px;font-size:.95rem}.social .social__link{color:#fff;font-size:16px;font-size:1rem}.social .social__link:active,.social .social__link:hover{text-decoration:none}#rtd-search-form{border:1px solid #ccc}#rtd-search-form input[type=text]{border:none;height:100%}#rtd-search-form .input-group-append button{background-color:#fff}#rtd-search-form .input-group-append button .docs-icon-search{font-size:19.2px;font-size:1.2rem}#documentInfo .tag{font-family:Titillium Web,Geneva,Tahoma,sans-serif}.offcanvas-menu{position:fixed;z-index:1000;width:100vw;height:100vh;top:0;left:0;right:0;bottom:0}.offcanvas-menu.animate--left{-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0);-webkit-transition:-webkit-transform .4s;transition:-webkit-transform .4s;transition:transform .4s;transition:transform .4s,-webkit-transform .4s;-webkit-transition-timing-function:cubic-bezier(.7,0,.3,1);transition-timing-function:cubic-bezier(.7,0,.3,1)}.offcanvas-menu.js-active{-webkit-transform:translateZ(0);transform:translateZ(0);-webkit-transition:-webkit-transform .8s;transition:-webkit-transform .8s;transition:transform .8s;transition:transform .8s,-webkit-transform .8s;-webkit-transition-timing-function:cubic-bezier(.7,0,.3,1);transition-timing-function:cubic-bezier(.7,0,.3,1)}.offcanvas-menu .offcanvas-menu__inner{width:80%;background-color:#fff;height:100vh;-webkit-transform:translateX(0);transform:translateX(0);-webkit-transition:all .5s ease-out;transition:all .5s ease-out}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__header{padding:1.5rem 1.8rem 1rem}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__header .offcanvas-menu__title{font-weight:600;font-size:19.2px;font-size:1.2rem}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav{padding:.5rem 0 0;margin:0}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav .offcanvas-menu__nav__item{list-style:none;margin:0;padding:.5rem 1rem}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav .offcanvas-menu__nav__item:first-child,.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav .offcanvas-menu__nav__item:nth-child(4){position:relative}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav .offcanvas-menu__nav__item:first-child:before,.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav .offcanvas-menu__nav__item:nth-child(4):before{content:"";width:64px;height:1px;left:32px;left:2rem;border-top:1px solid rgba(0,102,204,.2);position:absolute;top:0}.offcanvas-menu .offcanvas-menu__inner .offcanvas-menu__nav .offcanvas-menu__nav__item .offcanvas-menu__nav__link{padding:.5rem 1rem;font-size:16px;font-size:1rem;display:block}.offcanvas-menu.deactive .offcanvas-menu__inner{margin-left:-80%;overflow:hidden}.offcanvas-menu .offcanvas-menu__extra{width:20%;height:100vh;position:fixed;right:0;top:0}body:before{position:fixed;top:0;left:0;z-index:999;bottom:0;right:0;background:rgba(0,0,0,.5);content:"";opacity:0;-webkit-transform:translate3d(100%,0,0);transform:translate3d(100%,0,0);-webkit-transition:opacity .4s,-webkit-transform 0s .4s;transition:opacity .4s,-webkit-transform 0s .4s;transition:opacity .4s,transform 0s .4s;transition:opacity .4s,transform 0s .4s,-webkit-transform 0s .4s;-webkit-transition-timing-function:cubic-bezier(.7,0,.3,1);transition-timing-function:cubic-bezier(.7,0,.3,1)}body.show-menu:before{opacity:1;-webkit-transition:opacity .8s;transition:opacity .8s;-webkit-transition-timing-function:cubic-bezier(.7,0,.3,1);transition-timing-function:cubic-bezier(.7,0,.3,1);-webkit-transform:translateZ(0);transform:translateZ(0)}#desktop-menu{-webkit-transform:translate(0);transform:translate(0);-webkit-transform:translateZ(0);transform:translateZ(0);will-change:position,transform;padding-bottom:5rem}#desktop-menu>button:first-of-type{margin-top:1.5rem}.col--nav{width:100%}@media (min-width:768px){.col--nav{width:420px;float:left;border-right:1px solid #eeeff0;padding-left:4.5rem}}.docs-menu{will-change:min-height;display:none}@media (min-width:768px){.docs-menu{display:block}}@media (max-width:767.98px){.docs-offcanvas-menu{-webkit-transform:translateX(100%);transform:translateX(100%);z-index:10;background-color:#fff;-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s;-webkit-transition-timing-function:ease-in-out;transition-timing-function:ease-in-out;position:fixed;top:0;left:0;bottom:0;right:0;overflow-y:auto}.docs-offcanvas-menu.active{-webkit-transform:translateX(0);transform:translateX(0)}}@media (min-width:768px){.docs-offcanvas-menu{display:none}}.navbar-toggler--wrap{position:fixed;bottom:0;left:0;right:0;z-index:9;background-color:#fff;-webkit-box-shadow:-1px -2px 62px -13px rgba(0,0,0,.25);box-shadow:-1px -2px 62px -13px rgba(0,0,0,.25)}@media (min-width:768px){.navbar-toggler--wrap{display:none}}.navbar-toggler{color:#06c;padding:1rem 1rem 1rem 2rem}.navbar-toggler__chapter{color:#000;font-size:12.8px;font-size:.8rem}.sidebar-tabs{position:fixed;top:0;left:0;right:0;background-color:#fff;-webkit-transform:translateX(100%);transform:translateX(100%);-webkit-transition:-webkit-transform .3s;transition:-webkit-transform .3s;transition:transform .3s;transition:transform .3s,-webkit-transform .3s;-webkit-transition-timing-function:ease-in-out;transition-timing-function:ease-in-out;z-index:11;-webkit-box-shadow:-1px -2px 62px -13px rgba(0,0,0,.25);box-shadow:-1px -2px 62px -13px rgba(0,0,0,.25)}.sidebar-tabs.active{-webkit-transform:translateX(0);transform:translateX(0)}@media (min-width:768px){.sidebar-tabs{display:none}}.sidebar-btn{text-transform:uppercase;color:#06c;font-weight:700;cursor:pointer;border:0;border-bottom:3px solid #0073e6;background:none}@media (min-width:768px){.sidebar-btn{border-bottom:2px solid #bbd8f1}}.sidebar-btn.sidebar-btn--mobile{display:inline-block;font-size:11.2px;font-size:.7rem;text-align:center;border:0}.sidebar-btn.sidebar-btn--mobile.active.show{border-bottom:3px solid #0073e6;text-decoration:none}@media (min-width:768px){.sidebar-btn.sidebar-btn--mobile.active.show{border-bottom:2px solid #bbd8f1}}.form-check [type=checkbox]:focus.focus--mouse+label.sidebar-btn,.sidebar-btn.focus--mouse,.toggles label input[type=checkbox]:focus.focus--mouse+.sidebar-btn.lever{border-color:#0073e6!important}@media (min-width:768px){.form-check [type=checkbox]:focus.focus--mouse+label.sidebar-btn,.sidebar-btn.focus--mouse,.toggles label input[type=checkbox]:focus.focus--mouse+.sidebar-btn.lever{border-color:#bbd8f1!important}}.sidebar-btn .it-collapse,.sidebar-btn .it-expand{font-size:9.6px;font-size:.6rem;line-height:2.5}.sidebar-btn .it-expand{display:inline-block}.sidebar-btn.collapsed .it-expand,.sidebar-btn .it-collapse{display:none}.sidebar-btn.collapsed .it-collapse{display:inline-block}@media (min-width:768px){.sidebar-btn{display:block;width:100%;text-align:left}}@media (max-width:767.98px){.sidebar-btn.collapsed .it-collapse,.sidebar-btn.collapsed .it-expand,.sidebar-btn .it-collapse,.sidebar-btn .it-expand{display:none}}.main-container{overflow:hidden;position:relative;background-color:#fff}.doc-content__consultation{position:absolute;right:0;left:0;top:0;background-color:#4bd4d6;text-align:left;text-transform:uppercase;font-weight:700;color:#000;padding:.5rem 0 .5rem 2rem}@media (min-width:992px){.doc-content__consultation{padding-left:4rem}}@media (min-width:1200px){.doc-content__consultation{-webkit-transform:rotate(45deg) translate(45px,-125px);transform:rotate(45deg) translate(45px,-125px);width:320px;-webkit-transform-origin:left;transform-origin:left;z-index:1;left:auto;text-align:center;padding-left:0}}.col-content{padding:4rem 2rem}@media (min-width:992px){.col-content{padding:4rem 4rem 5rem}}.caption-wrap{clear:both}.caption-wrap .caption--table{margin-top:1rem;margin-bottom:1rem;display:block;font-family:Lora,serif;font-style:italic;font-size:12px;font-size:.75rem;padding:0}@media (min-width:992px){.caption-wrap .caption--table{width:calc(100% - 200px);float:left}}.caption-wrap .reference--wrap{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;margin-top:1rem;margin-bottom:2rem;font-size:.9em}@media (min-width:768px){.caption-wrap .reference--wrap{width:200px;float:right;padding-left:2rem}}.caption-number{font-weight:700;color:#000}.chapter-header{margin-bottom:1rem;margin-left:.5rem}.chapter-nav{position:relative}@media (min-width:992px){.chapter-nav{width:200px;float:left}}.figure-fixed-wrap{display:block;width:100%;overflow-x:auto}.figure-fixed{max-width:none}.title__background{width:100%;background-color:#e6f3fe;position:absolute;top:-1px;height:auto;left:-8px;left:-.5rem;display:none;right:0;z-index:0}.title__background:after{content:"";position:absolute;left:100%;-webkit-transform:translateX(-50%);transform:translateX(-50%);top:0;bottom:0;width:0;height:0;border-left:20px solid transparent;border-right:20px solid transparent;border-top:20px solid #e6f3fe}.std-term{background-color:#bffffd;color:#000;padding:.2rem}.footer-buttons--next{clear:both;margin-top:4rem}.footer-buttons--next a{background-color:#0073e6;color:#fff;padding:.5rem 1rem;border-radius:.2rem;font-weight:700;display:inline-block}.footer-buttons--prev{margin-bottom:2.5rem}.reference-icon{vertical-align:middle;display:inline-block}#doc-content{width:100%;position:relative}@media (min-width:768px){#doc-content{width:calc(100% - 420px);float:left}}#doc-content a.reference[href]{text-decoration:underline}#doc-content .useful-docs .mimetype{display:none}#doc-content .useful-docs ul{list-style-type:none;padding-left:0}#doc-content .useful-docs li{border-top:1px solid #ccc;padding-top:1rem;padding-bottom:1rem;vertical-align:middle}#doc-content .useful-docs li:after{display:none}#doc-content .useful-docs [class*=" docs-icon-"],#doc-content .useful-docs [class^=docs-icon-]{font-size:30.4px;font-size:1.9rem;color:#0073e6}#doc-content ul.simple,#doc-content ul.simple ul{list-style-type:disc}#doc-content ul.simple li,#doc-content ul.simple ul li{position:relative;margin-bottom:.5rem;font-size:14.4px;font-size:.9rem}#doc-content ul.simple li ul li,#doc-content ul.simple ul li ul li{margin-top:.5rem}#doc-content .section{clear:both}#doc-content .section:after{content:"";display:table;clear:both}@media (min-width:992px){#doc-content .section>*{width:calc(100% - 200px);float:left;clear:left}}@media (min-width:992px){#doc-content .section .caption-wrap,#doc-content .section .chapter-header,#doc-content .section .figure,#doc-content .section .full-width,#doc-content .section .section,#doc-content .section .table-responsive,#doc-content .section>.toctree-wrapper.compound{width:100%}}#doc-content .section .figure{width:100%}#doc-content .section .figure[id],#doc-content .section .rubric.ref[id],#doc-content .section .section[id],#doc-content .section .table[id]{border-top:4.2rem solid transparent}#doc-content .section .glossary dt:not([id=""]){margin-top:-4em;padding-top:4em}#doc-content .section ol.loweralpha,#doc-content .section ol.loweralpha li{list-style:lower-alpha}#doc-content .section ol.upperalpha,#doc-content .section ol.upperalpha li{list-style:upper-alpha}#doc-content .section ol.upperroman,#doc-content .section ol.upperroman li{list-style:upper-roman}#doc-content .section ol,#doc-content .section ol.arabic{list-style:decimal}#doc-content .topic-title{color:#000;font-weight:700;font-size:22.4px;font-size:1.4rem;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}#doc-content .topic.procedure{margin-bottom:3rem}#doc-content .topic.procedure em{font-weight:700}#doc-content .topic.procedure ol{padding-left:1rem}#doc-content .topic.procedure ol li{position:relative;margin-bottom:1rem;padding-left:1rem;counter-increment:list;list-style-type:none;font-family:Lora,serif}#doc-content .topic.procedure ol li:after{position:absolute;left:-16px;left:-1rem;top:0;width:16px;width:1rem;height:24px;height:1.5rem;z-index:1;content:counter(list);color:#fff;text-align:center;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;font-weight:600}#doc-content .topic.procedure .topic-title{text-transform:uppercase;font-size:17.6px;font-size:1.1rem;font-weight:700;color:#002b4d;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;padding-bottom:.2rem;background:-webkit-gradient(linear,left top,left bottom,from(#004e95),to(#004e95)) no-repeat 100% 100%/calc(100% - 2rem) 2px;background:linear-gradient(#004e95,#004e95) no-repeat 100% 100%/calc(100% - 2rem) 2px;margin-bottom:1rem}#doc-content .topic.procedure .topic-title [class*=" docs-icon-"],#doc-content .topic.procedure .topic-title [class^=docs-icon-]{margin-right:.5rem}#doc-content .topic.procedure .procedure__img{padding-left:1.5rem;margin-bottom:2rem;margin-left:.5rem;margin-top:2rem;border-left:1px solid #799ebc}#doc-content .topic.procedure .procedure__img img{-webkit-box-shadow:0 0 61px 0 rgba(0,0,0,.15);box-shadow:0 0 61px 0 rgba(0,0,0,.15)}#doc-content .topic.procedure .procedure-internal-title{text-transform:uppercase;color:#000;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;font-size:12.8px;font-size:.8rem;font-weight:700}#doc-content .topic.procedure .docs-icon-step{color:#004e95;position:absolute;left:-24px;left:-1.5rem;font-size:32px;font-size:2rem}@media (min-width:992px){#doc-content .title-wrap{width:calc(100% - 200px);float:left;clear:left;position:relative}#doc-content .title-wrap h2{line-height:60px}#doc-content .title-wrap h3{line-height:46px}#doc-content .title-wrap h1,#doc-content .title-wrap h2,#doc-content .title-wrap h3{display:inline;cursor:pointer;position:relative;color:#000;box-shadow:.5rem 0 0 #fff,-.5rem 0 0 #fff;-webkit-box-shadow:.5rem 0 0 #fff,-.5rem 0 0 #fff;-webkit-box-decoration-break:clone;-ms-box-decoration-break:clone;-o-box-decoration-break:clone;box-decoration-break:clone;left:-.5rem;z-index:1}#doc-content .title-wrap h1 .title__chapter,#doc-content .title-wrap h2 .title__chapter,#doc-content .title-wrap h3 .title__chapter{position:relative;color:#0073e6}#doc-content .title-wrap h1{line-height:71px}#doc-content .title-wrap h1 .title__chapter{position:relative;background-color:#0073e6;color:#fff;margin-right:.5rem;padding-left:.5rem;padding-right:.5rem;display:inline-block;z-index:1}#doc-content .title-wrap h1 .title__chapter:after,#doc-content .title-wrap h1 .title__chapter:before{content:"";top:0;bottom:0;width:.5rem;background-color:#0073e6;position:absolute}#doc-content .title-wrap h1 .title__chapter:after{right:100%}#doc-content .title-wrap h1 .title__chapter:before{left:100%}}#doc-content .title-wrap.active h1,#doc-content .title-wrap.active h2,#doc-content .title-wrap.active h3{-webkit-box-shadow:.5rem 0 0 #e6f3fe,-.5rem 0 0 #e6f3fe;box-shadow:.5rem 0 0 #e6f3fe,-.5rem 0 0 #e6f3fe;background-color:#e6f3fe}#doc-content .title-wrap.active .title__background{display:block}#doc-content .headerlink{display:none}#doc-content .document-info{padding:0}#doc-content .document-info .docutils.field-list{width:100%;margin-bottom:2rem;border-bottom:1px solid #ccc;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;display:grid}#doc-content .document-info .docutils.field-list tr{display:block;margin-bottom:2rem}@media (min-width:576px){#doc-content .document-info .docutils.field-list tr{width:50%;float:left}}#doc-content .document-info .docutils.field-list .field-body,#doc-content .document-info .docutils.field-list .field-name{display:block;font-weight:400}#doc-content .document-info .docutils.field-list .field-body{color:#06c;text-decoration:underline}#doc-content dd>p{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}#doc-content .highlights{font-size:24px;font-size:1.5rem;font-family:Lora,serif}#doc-content blockquote.epigraph{margin-top:2rem;padding-left:2rem;border-left:4px solid #00c4c8;color:#596771;font-size:19.2px;font-size:1.2rem;margin-bottom:2rem}#doc-content blockquote.epigraph .attribution{margin-bottom:0;font-size:16px;font-size:1rem}#doc-content .question-and-answers blockquote{margin-top:.5rem;margin-bottom:0}#doc-content .question-and-answers blockquote>div{font-weight:700;font-family:Lora,serif}#doc-content .question-and-answers .pull-quote{max-width:490px;margin-bottom:2rem}#doc-content .question-and-answers .pull-quote ul{list-style-type:none;padding-left:1.5rem}#doc-content .question-and-answers .pull-quote ul li{display:inline-block;margin-top:1rem}#doc-content .question-and-answers .pull-quote ul li:after{display:none}#doc-content .question-and-answers .pull-quote ul li a{padding:.2rem .5rem;margin-right:.2rem;background-color:#bffffd;color:#000;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;border-bottom:2px dotted #ccc}#doc-content .question-and-answers .pull-quote>div>p{text-transform:uppercase;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;color:#0b0b0b;margin-bottom:0;font-weight:100}#doc-content .question-and-answers .pull-quote:nth-of-type(odd){float:left;clear:right}#doc-content .question-and-answers .pull-quote:nth-of-type(odd) blockquote>div,#doc-content .question-and-answers .pull-quote:nth-of-type(odd) ul{padding-left:1.5rem;border-left:5px solid #00c4c8}#doc-content .question-and-answers .pull-quote:nth-of-type(2n){float:right;text-align:right;clear:left}#doc-content .question-and-answers .pull-quote:nth-of-type(2n) blockquote>div,#doc-content .question-and-answers .pull-quote:nth-of-type(2n) ul{padding-right:1.5rem;border-right:5px solid #00c4c8}#doc-content .question-and-answers .glossary.docutils{display:none}#doc-content .highlighted{background:#bffffd;display:inline-block;font-weight:700}.highlight{padding:1rem;margin-bottom:1em}.highlight pre{margin:0;padding-bottom:1em}.highlighttable .highlight{padding:0}.code .highlight{background:none}code:not(.download) .pre{background-color:#efc;padding:.2rem}code.download{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;font-size:100%}#doc-content .admonition{margin-bottom:2rem;margin-top:2rem;padding-left:2rem;border-left:4px solid;color:#596771}#doc-content .admonition .more{padding:0}#doc-content .admonition .admonition-title{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;text-transform:uppercase;font-weight:700}#doc-content .admonition .admonition-title [class*=" docs-icon-"],#doc-content .admonition .admonition-title [class^=docs-icon-]{font-size:24px;font-size:1.5rem;margin-right:.5rem}#doc-content .admonition .admonition__hidden-paragraph{display:none}#doc-content .admonition .admonition__toggle-wrap{border-top:1px solid #ccc;padding-top:1rem;margin-top:1.5rem}#doc-content .admonition .admonition__toggle-btn{cursor:pointer;background:none;border:none;color:#0073e6;padding-left:0}#doc-content .admonition .admonition__toggle-btn [class*=" docs-icon-"],#doc-content .admonition .admonition__toggle-btn [class^=docs-icon-]{font-size:9.6px;font-size:.6rem;margin-left:.5rem;position:relative}#doc-content .admonition .admonition__toggle-btn [class*=" docs-icon-"]:after,#doc-content .admonition .admonition__toggle-btn [class^=docs-icon-]:after{content:"";width:16px;width:1rem;height:16px;height:1rem;border:2px solid #0073e6;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);transform:translate(-50%,-50%);position:absolute;border-radius:50%}#doc-content .admonition .admonition__toggle-btn .admonition__toggle-show-less:first-letter,#doc-content .admonition .admonition__toggle-btn .admonition__toggle-show-more:first-letter{text-transform:uppercase}#doc-content .admonition .admonition__toggle-btn .admonition__toggle-show-less{display:none}#doc-content .admonition .admonition__toggle-btn .admonition__toggle-show-more{display:inline-block}#doc-content .admonition .admonition__toggle-btn.active .admonition__toggle-show-more{display:none}#doc-content .admonition .admonition__toggle-btn.active .admonition__toggle-show-less{display:inline-block}#doc-content .admonition.display-page{background-color:#f9fafb;padding:2rem;position:relative;border:none}#doc-content .admonition.display-page:after,#doc-content .admonition.display-page:before{content:"";width:0;height:0;right:0;top:0;position:absolute;z-index:1}#doc-content .admonition.display-page:before{border-bottom:50px solid transparent;border-right:50px solid #fff}#doc-content .admonition.display-page:after{border-top:50px solid transparent;border-bottom:50px solid #ccc;border-right:50px solid transparent;-webkit-transform:translateY(-50%);transform:translateY(-50%)}#doc-content .admonition.display-page .admonition__hidden-paragraph p,#doc-content .admonition.display-page>p,#doc-content .admonition.display-page li{font-size:12.8px;font-size:.8rem;color:#002b4d}#doc-content .admonition.display-page ol{counter-reset:list}#doc-content .admonition.display-page ol li{margin-bottom:1rem;position:relative;list-style-type:none;counter-increment:list;color:#002b4d;font-family:Lora,serif;text-indent:16px;text-indent:1rem}#doc-content .admonition.display-page ol li:after{position:absolute;left:-16px;left:-1rem;top:0;width:17.6px;width:1.1rem;height:24px;height:1.5rem;z-index:1;content:counter(list) ".";text-align:center;font-weight:700}#doc-content .admonition.display-page ol li:before{position:absolute;left:-32px;left:-2rem;top:.65em;height:1px;z-index:1;content:"";font-weight:700;background-color:#002b4d;width:16px;width:1rem}#doc-content .admonition.display-page .admonition-title,#doc-content .admonition.display-page .code-block__header{color:#004e95;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}#doc-content .admonition.display-page .admonition-title{padding-bottom:.2rem;display:inline-block;background:-webkit-gradient(linear,left top,left bottom,from(#004e95),to(#004e95)) no-repeat 100% 100%/calc(100% - 2.2rem) 2px;background:linear-gradient(#004e95,#004e95) no-repeat 100% 100%/calc(100% - 2.2rem) 2px;margin-bottom:1rem;overflow:hidden}#doc-content .admonition.display-page .admonition-internal-title{text-transform:uppercase;font-size:12.8px;font-size:.8rem;font-weight:700;color:#002b4d;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}#doc-content .admonition.display-page .linenodiv pre{color:#8998a5;font-weight:400}#doc-content .admonition.display-page .highlighttable pre{font-size:12.8px;font-size:.8rem}#doc-content .admonition.admonition-consultation{padding-bottom:1rem;border-bottom:1px solid #ccc;position:relative}#doc-content .admonition.admonition-consultation a{text-decoration:underline}#doc-content .admonition.admonition-consultation .last{font-family:Lora,serif}#doc-content .admonition.admonition-consultation .admonition-title{color:#000;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}#doc-content .admonition.admonition-consultation .admonition-title [class*=" docs-icon-"],#doc-content .admonition.admonition-consultation .admonition-title [class^=docs-icon-]{font-size:19.2px;font-size:1.2rem}#doc-content .admonition.error{border-color:#d83750}#doc-content .admonition.error .admonition-title{color:#d83750}#doc-content .admonition.note{border-color:#004e95}#doc-content .admonition.note .admonition-title{color:#004e95}#doc-content .admonition.attention,#doc-content .admonition.warning{border-color:#df7d26}#doc-content .admonition.attention .admonition-title,#doc-content .admonition.warning .admonition-title{color:#df7d26}#doc-content .admonition.important{border-color:#008255}#doc-content .admonition.important .admonition-title{color:#008255}#doc-content .admonition.important .last{font-weight:700;font-size:19.2px;font-size:1.2rem}#doc-content .admonition.hint{border-color:#008255}#doc-content .admonition.hint .admonition-title{color:#008255}#doc-content .admonition.hint .reference.internal{font-size:12.8px;font-size:.8rem;position:relative}#doc-content .admonition.hint .reference.internal:after{content:"";width:6.4px;width:.4rem;height:6.4px;height:.4rem;border-top:1px solid #0073e6;border-right:1px solid #0073e6;left:100%;-webkit-transform:rotate(45deg) translateY(-50%);transform:rotate(45deg) translateY(-50%);position:absolute;top:50%}#doc-content .admonition.admonition-may,#doc-content .admonition.admonition-must,#doc-content .admonition.admonition-must-not,#doc-content .admonition.admonition-should,#doc-content .admonition.admonition-should-not,#doc-content .admonition.admonition-use,#doc-content .admonition.admonition-use-not{margin-top:2rem;border:2px solid;border-radius:1em;padding:2em;position:relative}#doc-content .admonition.admonition-may .admonition__header,#doc-content .admonition.admonition-must-not .admonition__header,#doc-content .admonition.admonition-must .admonition__header,#doc-content .admonition.admonition-should-not .admonition__header,#doc-content .admonition.admonition-should .admonition__header,#doc-content .admonition.admonition-use-not .admonition__header,#doc-content .admonition.admonition-use .admonition__header{display:inline-block;position:relative;padding:0 1em;background:#fff}#doc-content .admonition.admonition-may .admonition__header .admonition-title,#doc-content .admonition.admonition-must-not .admonition__header .admonition-title,#doc-content .admonition.admonition-must .admonition__header .admonition-title,#doc-content .admonition.admonition-should-not .admonition__header .admonition-title,#doc-content .admonition.admonition-should .admonition__header .admonition-title,#doc-content .admonition.admonition-use-not .admonition__header .admonition-title,#doc-content .admonition.admonition-use .admonition__header .admonition-title{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif;margin:0}#doc-content .admonition.admonition-may:before,#doc-content .admonition.admonition-must-not:before,#doc-content .admonition.admonition-must:before,#doc-content .admonition.admonition-should-not:before,#doc-content .admonition.admonition-should:before,#doc-content .admonition.admonition-use-not:before,#doc-content .admonition.admonition-use:before{position:absolute;right:4em;top:-.65em;width:6em;padding:0 1em;display:inline-block;background-color:#fff}#doc-content .admonition.admonition-may,#doc-content .admonition.admonition-must,#doc-content .admonition.admonition-must-not,#doc-content .admonition.admonition-should,#doc-content .admonition.admonition-should-not{border-color:#004080}#doc-content .admonition.admonition-may .admonition__header,#doc-content .admonition.admonition-must-not .admonition__header,#doc-content .admonition.admonition-must .admonition__header,#doc-content .admonition.admonition-should-not .admonition__header,#doc-content .admonition.admonition-should .admonition__header{top:-2.8em}#doc-content .admonition.admonition-may .admonition__header .admonition-title,#doc-content .admonition.admonition-must-not .admonition__header .admonition-title,#doc-content .admonition.admonition-must .admonition__header .admonition-title,#doc-content .admonition.admonition-should-not .admonition__header .admonition-title,#doc-content .admonition.admonition-should .admonition__header .admonition-title{color:#004080}#doc-content .admonition.admonition-use{border-color:#00cf86}#doc-content .admonition.admonition-use .admonition__header .admonition-title{color:#00cf86}#doc-content .admonition.admonition-use .admonition__header .admonition-title:before{content:""}#doc-content .admonition.admonition-use-not{border-color:#d1344c}#doc-content .admonition.admonition-use-not .admonition__header .admonition-title{color:#d1344c}#doc-content .admonition.admonition-use-not .admonition__header .admonition-title:before{content:""}#doc-content .admonition.admonition-use-not .admonition__header,#doc-content .admonition.admonition-use .admonition__header{top:-3.2em}#doc-content .admonition.admonition-use-not .admonition__header .admonition-title:before,#doc-content .admonition.admonition-use .admonition__header .admonition-title:before{font-family:docs-icons;margin-right:.5rem;font-size:1.6em;vertical-align:middle}#doc-content .admonition.admonition-must:before{content:url(../images/must.svg)}#doc-content .admonition.admonition-should:before{content:url(../images/should.svg)}#doc-content .admonition.admonition-must-not:before{content:url(../images/must_not.svg)}#doc-content .admonition.admonition-should-not:before{content:url(../images/should_not.svg)}#doc-content .admonition.admonition-may:before{content:url(../images/may.svg)}.footer *{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}.footer a:hover{text-decoration:none}.footer .in-collaboration{font-size:.8em}.footer .team-logo--icon{width:54px}.footer .team-logo--text{font-size:16px;font-size:1rem;line-height:18px;max-width:160px;text-transform:uppercase}.footer .agid-logo--icon{width:8em}@media (min-width:768px){.footer .agid-logo--icon{width:10em}}.footer .agid-logo--separator{border-left-width:2px!important;height:30px}@media (min-width:768px){.footer .agid-logo--separator{height:40px}}.footer .agid-logo--text{width:112px;width:7rem;line-height:1.2;font-size:1em;display:inline-block;vertical-align:middle}@media (min-width:768px){.footer .agid-logo--text{font-size:1.1em;width:8rem}}.footer .small-prints{color:#00fff8;font-weight:600}.footer .social{font-size:1em;color:#fff}.footer .social .icon{color:#00264d;background-color:#fff;padding:.3em;border-radius:100%;font-size:22px}.footer .colophon{border-top:1px solid hsla(0,0%,100%,.1);margin-top:1.5em}@media (min-width:992px){.footer .colophon{margin-top:2em}}.footer-menu__link:hover{color:#fff}.t_translate-wrap{display:none}.doc-tooltip{background-color:#fff;font-family:Lora,serif;-webkit-box-shadow:0 0 100px 0 rgba(0,0,0,.15);box-shadow:0 0 100px 0 rgba(0,0,0,.15)}.doc-tooltip.bs-popover-auto[x-placement^=bottom]:before,.doc-tooltip.bs-popover-auto[x-placement^=top]:before,.doc-tooltip.bs-popover-bottom:before,.doc-tooltip.bs-popover-top:before{content:"";width:0;height:0;border-top:40px solid transparent;border-bottom:40px solid transparent;border-left:40px solid #fff;position:absolute;left:0;z-index:-1}.doc-tooltip.bs-popover-auto[x-placement^=top]:before,.doc-tooltip.bs-popover-top:before{bottom:-40px}.doc-tooltip.bs-popover-auto[x-placement^=bottom]:before,.doc-tooltip.bs-popover-bottom:before{top:-40px}.doc-tooltip.bs-popover-auto[x-placement^=bottom]:after,.doc-tooltip.bs-popover-auto[x-placement^=top]:after,.doc-tooltip.bs-popover-bottom:after,.doc-tooltip.bs-popover-top:after{content:"";width:15px;height:15px;-webkit-transform:rotate(45deg);transform:rotate(45deg);position:absolute;left:5px;z-index:-2}.doc-tooltip.bs-popover-auto[x-placement^=top]:after,.doc-tooltip.bs-popover-top:after{-webkit-box-shadow:5px 5px 70px 8px rgba(0,0,0,.15);box-shadow:5px 5px 70px 8px rgba(0,0,0,.15);bottom:-20px}.doc-tooltip.bs-popover-auto[x-placement^=bottom]:after,.doc-tooltip.bs-popover-bottom:after{-webkit-box-shadow:-5px -5px 70px 8px rgba(0,0,0,.15);box-shadow:-5px -5px 70px 8px rgba(0,0,0,.15);top:-20px}.doc-tooltip.doc-tooltip--note:after,.doc-tooltip.doc-tooltip--note:before{content:none}.tooltip__wrap{overflow:hidden;width:330px;padding:2rem;font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}.tooltip__title{overflow:hidden;font-style:italic;margin-bottom:.5rem;font-size:1em;letter-spacing:0}.tooltip__content{font-size:14.4px;font-size:.9rem;font-style:italic;margin-bottom:0}.tooltip__close-btn{position:absolute;top:16px;top:1rem;right:16px;right:1rem;width:20px;height:20px;padding:0;background:none;border:0;cursor:pointer}.tooltip__close-btn:after,.tooltip__close-btn:before{content:"";position:absolute;height:20px;width:1px;background-color:#0073e6;top:0;left:50%}.tooltip__close-btn:after{-webkit-transform:rotate(45deg) translateX(-50%);transform:rotate(45deg) translateX(-50%)}.tooltip__close-btn:before{-webkit-transform:rotate(-45deg) translateX(-50%);transform:rotate(-45deg) translateX(-50%)}.tooltip__link{color:#0073e6;font-size:12.8px;font-size:.8rem;font-weight:100;text-transform:uppercase;letter-spacing:0;position:relative;display:inline-block;margin-top:1rem}.tooltip__link:after{content:"";position:absolute;left:100%;top:0;width:30px;background-image:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAsAAAAGCAYAAAAVMmT4AAAABmJLR0QAAAAAAAD5Q7t/AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4gUPDDQNy1r5IQAAAH5JREFUGNNj+I8HTD704v+ZR1/gfCYGPODNlz8MLv3XGc4+/srAwMDAwHjx6df//jNuYVX84esfhg9f/jAI8LAw3G4yYGD8+vPv/ztvfmBVPP3wK4YZ+14wdIfJM5Q4SzIw/v///z8uZzRsf8rAw8bEUOIsCRHA58EXn36h8AF2435mx6vmAAAAAABJRU5ErkJggg==");background-repeat:no-repeat;bottom:0;background-position:50%}@media (max-width:991.98px){.chapter-nav__list--hidden:not(.show){display:none}}@media (min-width:992px){.chapter-nav__list--hidden{visibility:hidden;opacity:0;-webkit-transition:visibility .35s,opacity .35s;transition:visibility .35s,opacity .35s}.chapter-nav__list--hidden.active{visibility:visible;opacity:1}}@media (max-width:991.98px){.chapter-nav__list-wrap{max-width:300px;margin-left:auto;margin-right:auto;border-radius:4px}}@media (min-width:992px){.chapter-nav__wrap{position:absolute;left:2rem;top:1rem}}.chapter-link{background:none;border:none;color:#0073e6;padding:0;display:inline-block;font-size:.9em;font-weight:400;cursor:pointer;vertical-align:middle}.chapter-link:hover{text-decoration:underline}.chapter-link__title{float:left}.chapter-link__counter{margin-right:.3rem;display:inline-block;float:left}.chapter-nav__list{list-style-type:none;margin-bottom:0;padding:1rem}@media (min-width:992px){.chapter-nav__list{padding:0}}.chapter-nav__title{padding:1rem;color:#000;font-size:12.8px;font-size:.8rem;font-weight:700;border-bottom:1px solid #ccc}.chapter-nav__title .title__chapter{color:#8998a5}@media (min-width:992px){.chapter-nav__title{display:none}}.chapter-nav__item:not(:last-child){margin-bottom:1rem}@media (min-width:992px){.chapter-nav__item:not(:last-child){margin-bottom:0}}.chapter-nav__list--visible{margin-top:1rem}@media (min-width:992px){.chapter-nav__list--visible{margin-top:-.5rem}}.chapter-nav__list--visible .chapter-nav__item{display:inline-block}@media (min-width:992px){.chapter-nav__list--visible .chapter-nav__item{display:block}}#doc-content ::-webkit-scrollbar{width:1em;height:14px}#doc-content ::-webkit-scrollbar-track{background-color:#e6f3fe;border-radius:7px;border:2px solid #fff}#doc-content ::-webkit-scrollbar-thumb{background-color:#0073e6;border-radius:7px;background-image:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAHCAYAAAABIM1CAAAALUlEQVQoU2N88+m/hggf4w0GLODJp//CLEwMUhI8jJexyT/7/l+OcdSAQRAGABbrTN6F2sNMAAAAAElFTkSuQmCC");background-repeat:no-repeat;background-position:50%}#doc-content table:not(.footnote){border:0}#doc-content table:not(.footnote) td{border-right:0;border-left:0}#doc-content table:not(.footnote):not(.highlighttable) td{min-width:220px}#doc-content table:not(.footnote) thead .head{border-right:0;border-left:0;text-transform:uppercase;color:#000;font-size:12px;font-size:.75rem;vertical-align:top}#doc-content table:not(.footnote) tr{font-size:12px;font-size:.75rem}#doc-content .footnote-reference{color:#193e5e;border:1px solid #193e5e;border-radius:3px;padding:0 .4rem;line-height:1.4}#doc-content .note-action{margin-top:.5rem}#doc-content .note-back-btn,#doc-content .note-close-btn{background:none;border:0;display:inline-block;color:#0073e6;font-size:1.2em;cursor:pointer}#doc-content .note-back-btn{position:relative}#doc-content .note-back-btn:before{content:"";top:0;bottom:0;width:1px;position:absolute;background-color:#0073e6;left:0}#doc-content .note-back-btn:hover{text-decoration:underline}#doc-content .docutils.footnote{color:#000;font-size:12.8px;font-size:.8rem;display:none;margin-bottom:2rem}#doc-content .docutils.footnote td{width:100%;float:left}#doc-content .docutils.footnote .fn-backref{color:#193e5e;border:1px solid #193e5e;border-radius:3px;padding:.2rem;line-height:1;display:inline-block;margin-bottom:.5rem}.block-comments{margin-top:4.4rem;padding-bottom:2rem}.block-comments__body p{font-family:Titillium Web,Geneva,Tahoma,sans-serif}.block-comments__header{border-bottom-color:#ccc!important;border-top-color:#eeeff0!important}.block-comments__header h6{color:#06c}.block-comments__img{width:56px}.block-comments__reply-anchor{margin-top:-5em;padding-top:5em}.block-comments__logout-link{display:none;padding-top:.25em}.block-comments__logout-link--icon{position:absolute;top:50%;left:50%;-webkit-transform:translate(-50%,-50%);transform:translate(-50%,-50%);color:#d83750;text-shadow:0 0 20px #000}.block-comments__logout-link--icon:hover{color:#fff}.block-comments__logout-link:hover{text-decoration:none}.block-comments__logout-link--visible{display:block;position:relative}.block-comments__input{margin-bottom:1em!important}.block-comments__toggle-btn{background:none;width:32px;width:2rem;height:32px;height:2rem}.block-comments__toggle-btn .docs-icon-minus,.block-comments__toggle-btn .docs-icon-plus{color:#06c;position:absolute;top:50%;left:50%;-webkit-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.block-comments__toggle-btn .docs-icon-plus{display:none}.block-comments__toggle-btn.collapsed .docs-icon-plus{display:block}.block-comments__toggle-btn.collapsed .docs-icon-minus{display:none}.block-comments__item-btn{background:none;width:32px;width:2rem;height:24px;height:1.5rem;border:0}.block-comments__item-btn .it-collapse,.block-comments__item-btn .it-expand{color:#06c}.block-comments__item-btn.collapsed .it-collapse,.block-comments__item-btn .it-expand{display:none}.block-comments__item-btn.collapsed .it-expand{display:inline-block}.block-comments__item{padding-top:1em}.block-comments__item.hidden{opacity:.5}.block-comments__item.is-new{background-color:#e6f3fe;-webkit-animation:background-fade-highlight 2s ease-out 1 forwards;animation:background-fade-highlight 2s ease-out 1 forwards}.block-comments__content{word-wrap:break-word}.block-comments__name{color:#06c;font-weight:400;font-size:16px;font-size:1rem;letter-spacing:0}.block-comments__date,.block-comments__role{font-size:14px;line-height:21px}.block-comments__role{letter-spacing:.88px}.block-comments__paragraph{font-size:14px;line-height:21px}.block-comments__paragraph a{text-decoration:underline}.box-comment{position:relative;width:100%}.box-comment:not(.sending) .loading{display:none}.box-comment.sending .loading{margin-left:1em;display:inline-block!important;position:relative;overflow:visible;width:40px;z-index:1}.box-comment.sending .loading:before{border:5px solid #0073e6!important;top:60%}.box-comment textarea{min-height:5em;font-weight:400;border:1px solid #eeeff0;border-radius:5px}.box-comment textarea:focus{border:1px solid #596771}.box-comment textarea::-webkit-input-placeholder{color:#ccc}.box-comment textarea::-moz-placeholder{color:#ccc}.box-comment textarea::-ms-input-placeholder{color:#ccc}.box-comment textarea::placeholder{color:#ccc}.box-comment__login{display:-webkit-box;display:-ms-flexbox;display:flex;border:1px solid #edf5fc;border-radius:5px;padding:1em}.box-comment__legend{font-size:12px}.box-comment__user-image{border-radius:50%;position:relative;height:56px;width:56px;float:left}.box-comment__user-image--anon{margin:.25em .75em .25em .25em;background-color:#e8f2fc}.box-comment__user-image i{position:absolute;top:50%;left:50%;-webkit-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.box-comment__buttons{float:left}.box-comment__required{float:right}.box-comment__required>span{font-size:.8em}.box-comment__submit{position:relative;overflow:hidden}.box-comment__submit .loading.no-bg{display:none;width:30px;height:0;content:" ";overflow:visible;margin-bottom:5px;margin-left:-15px;margin-right:5px}.box-comment__submit .loading.no-bg:before{left:auto}.box-comment__submit>div:not(.loading){display:inline}.box-comment__suggestions__tooltip .tooltip__content{font-style:normal;padding-left:1.75em;font-size:.95em}.missing_permission{width:100%}.missing_permission__text{border:1px solid #edf5fc;border-radius:5px;padding:1em}@-webkit-keyframes background-fade-highlight{to{background-color:transparent}}@keyframes background-fade-highlight{to{background-color:transparent}}@media (max-width:767.98px){.sidebar-nav{padding-top:5.5rem}}.sidebar-nav a{text-decoration:none;color:#596771;font-size:14.4px;font-size:.9rem;display:block;line-height:1.6;margin-bottom:1rem;margin-top:1rem}.sidebar-nav a.current_item{position:relative;z-index:1;margin-bottom:1rem;margin-top:1rem;-webkit-transition:margin-bottom .3s,margin-top .3s;transition:margin-bottom .3s,margin-top .3s}.sidebar-nav a.current_item:before{content:"";position:absolute;top:-8px;top:-.5rem;bottom:-8px;bottom:-.5rem;left:-8px;left:-.5rem;right:-8px;right:-.5rem;background-color:#bffffd;z-index:-1}.sidebar-nav a:focus,.sidebar-nav a:hover{text-decoration:underline}.sidebar-nav>.sidebar-list--wrapper{padding:1rem}@media (min-width:768px){.sidebar-nav>.sidebar-list--wrapper{padding:0}}.sidebar-nav>.sidebar-list--wrapper>ul>li{padding:.1rem 3rem .1rem 1rem}.sidebar-nav>.sidebar-list--wrapper>ul>li>a{font-weight:700}.sidebar-nav>.sidebar-list--wrapper ul{list-style-type:none;padding-left:0;margin-bottom:0}.sidebar-nav>.sidebar-list--wrapper ul.current>li.current{background-color:#f6fbff}.sidebar-nav>.sidebar-list--wrapper ul.current>li.current a{color:#004e95}.sidebar-nav>.sidebar-list--wrapper ul ul{padding-left:1rem}.sidebar-nav>.sidebar-list--wrapper.figures-index--menu,.sidebar-nav>.sidebar-list--wrapper.glossary-mobile--menu,.sidebar-nav>.sidebar-list--wrapper.table-index--menu{padding-top:1rem}.sidebar-nav>.sidebar-list--wrapper.figures-index--menu>ul>li,.sidebar-nav>.sidebar-list--wrapper.glossary-mobile--menu>ul>li,.sidebar-nav>.sidebar-list--wrapper.table-index--menu>ul>li{padding-bottom:0;padding-top:.5rem}#glossary-page>.chapter-header{display:none}#glossary-page .chapter-header{padding-top:2rem;padding-bottom:2rem;padding-left:.5rem;overflow:hidden}#glossary-page .chapter-header h2{font-size:128px;font-size:8rem;font-family:Lora,serif;line-height:1}#glossary-page .glossary-page__btn{border:0;background:none;cursor:pointer;color:#0073e6;display:block;width:100%;text-align:left;text-transform:uppercase;-webkit-transition:color .3s;transition:color .3s}#glossary-page .glossary-page__btn .docs-icon-minus,#glossary-page .glossary-page__btn .docs-icon-plus{color:#0073e6}#glossary-page .glossary-page__btn .docs-icon-minus{display:inline-block}#glossary-page .glossary-page__btn .docs-icon-plus{display:none}#glossary-page .glossary-page__btn.collapsed{color:#596771}#glossary-page .glossary-page__btn.collapsed .docs-icon-minus{display:none}#glossary-page .glossary-page__btn.collapsed .docs-icon-plus{display:inline-block}#glossary-page .term-content{padding-left:2.3rem}#glossary-page .term-content,#glossary-page .term-content p{font-family:Titillium Web,Helvetica Neue,Helvetica,Arial,sans-serif}#glossary-page .term-content:last-of-type.show,#glossary-page dt:last-of-type .glossary-page__btn.collapsed{border-bottom:2px solid #eaebed}.glossary-page__copy-link-wrap{color:#0073e6}.glossary-page__copy-link{background:none;border:none;color:#0073e6;cursor:pointer}@media (max-width:767.98px){.return-to-top{bottom:4rem}}.return-to-top i:before{margin:0}@media (max-width:767.98px){.modal.modal-sm-full .modal-dialog{margin:0;max-width:none}.modal.modal-sm-full .modal-dialog .modal-content{margin:0;width:100vw;height:100vh;border-radius:0!important;border:none}}@font-face{font-family:italia-icon-font;src:url(../font/italia-icon-font.eot?94539880);src:url(../font/italia-icon-font.eot?94539880#iefix) format("embedded-opentype"),url(../font/italia-icon-font.woff2?94539880) format("woff2"),url(../font/italia-icon-font.woff?94539880) format("woff"),url(../font/italia-icon-font.ttf?94539880) format("truetype"),url(../font/italia-icon-font.svg?94539880#italia-icon-font) format("svg");font-weight:400;font-style:normal}[class*=" it-"]:before,[class^=it-]:before{font-family:italia-icon-font;font-style:normal;font-weight:400;speak:none;display:inline-block;text-decoration:inherit;width:1em;margin-right:.2em;text-align:center;font-variant:normal;text-transform:none;line-height:1em;font-smoothing:antialiased}.it-app:before{content:"\e800"}.it-app-1:before{content:"\e801"}.it-arrow-down:before{content:"\e802"}.it-arrow-left:before{content:"\e803"}.it-arrow-right:before{content:"\e804"}.it-arrow-up:before{content:"\e805"}.it-behance:before{content:"\e806"}.it-calendar:before{content:"\e807"}.it-camera:before{content:"\e808"}.it-cancel:before{content:"\e809"}.it-check:before{content:"\e80a"}.it-chevron-left:before{content:"\e80d"}.it-chevron-right:before{content:"\e80e"}.it-close:before{content:"\e80f"}.it-collapse:before{content:"\e810"}.it-comment:before{content:"\e811"}.it-copy:before{content:"\e812"}.it-download:before{content:"\e813"}.it-drop-down:before{content:"\e814"}.it-drop-up:before{content:"\e815"}.it-help:before{content:"\e816"}.it-expand-media:before{content:"\e817"}.it-expand:before{content:"\e818"}.it-external-link:before{content:"\e819"}.it-facebook:before{content:"\e81a"}.it-favorite:before{content:"\e81b"}.it-file:before{content:"\e81c"}.it-flickr:before{content:"\e81d"}.it-github:before{content:"\e81e"}.it-googleplus:before{content:"\e81f"}.it-no:before{content:"\e820"}.it-instagram:before{content:"\e821"}.it-link:before{content:"\e822"}.it-linkedin:before{content:"\e823"}.it-list:before{content:"\e824"}.it-lock:before{content:"\e825"}.it-mail:before{content:"\e826"}.it-medium:before{content:"\e827"}.it-more-actions:before{content:"\e828"}.it-more-items:before{content:"\e829"}.it-pdf:before{content:"\e82a"}.it-pin:before{content:"\e82b"}.it-print:before{content:"\e82c"}.it-refresh:before{content:"\e82f"}.it-rss:before{content:"\e830"}.it-search:before{content:"\e831"}.it-settings:before{content:"\e832"}.it-share:before{content:"\e833"}.it-slideshare:before{content:"\e834"}.it-twitter:before{content:"\e835"}.it-unlock:before{content:"\e836"}.it-upload:before{content:"\e837"}.it-video:before{content:"\e838"}.it-warning:before{content:"\e839"}.it-whatsapp:before{content:"\e83a"}.it-youtube-text:before{content:"\e83b"}.it-youtube:before{content:"\e83c"}.it-zoom-in:before{content:"\e83d"}.it-zoom-out:before{content:"\e83e"}.it-error:before{content:"\e83f"}.it-info:before{content:"\e840"}.it-paper-plane:before{content:"\e841"} \ No newline at end of file diff --git a/refs/pull/201/merge/it/_static/data/glossary.json b/refs/pull/201/merge/it/_static/data/glossary.json new file mode 100644 index 000000000..9e26dfeeb --- /dev/null +++ b/refs/pull/201/merge/it/_static/data/glossary.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/refs/pull/201/merge/it/_static/doctools.js b/refs/pull/201/merge/it/_static/doctools.js new file mode 100644 index 000000000..c3db08d1c --- /dev/null +++ b/refs/pull/201/merge/it/_static/doctools.js @@ -0,0 +1,264 @@ +/* + * doctools.js + * ~~~~~~~~~~~ + * + * Base JavaScript utilities for all Sphinx HTML documentation. + * + * :copyright: Copyright 2007-2022 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ +"use strict"; + +const _ready = (callback) => { + if (document.readyState !== "loading") { + callback(); + } else { + document.addEventListener("DOMContentLoaded", callback); + } +}; + +/** + * highlight a given string on a node by wrapping it in + * span elements with the given class name. + */ +const _highlight = (node, addItems, text, className) => { + if (node.nodeType === Node.TEXT_NODE) { + const val = node.nodeValue; + const parent = node.parentNode; + const pos = val.toLowerCase().indexOf(text); + if ( + pos >= 0 && + !parent.classList.contains(className) && + !parent.classList.contains("nohighlight") + ) { + let span; + + const closestNode = parent.closest("body, svg, foreignObject"); + const isInSVG = closestNode && closestNode.matches("svg"); + if (isInSVG) { + span = document.createElementNS("http://www.w3.org/2000/svg", "tspan"); + } else { + span = document.createElement("span"); + span.classList.add(className); + } + + span.appendChild(document.createTextNode(val.substr(pos, text.length))); + parent.insertBefore( + span, + parent.insertBefore( + document.createTextNode(val.substr(pos + text.length)), + node.nextSibling + ) + ); + node.nodeValue = val.substr(0, pos); + + if (isInSVG) { + const rect = document.createElementNS( + "http://www.w3.org/2000/svg", + "rect" + ); + const bbox = parent.getBBox(); + rect.x.baseVal.value = bbox.x; + rect.y.baseVal.value = bbox.y; + rect.width.baseVal.value = bbox.width; + rect.height.baseVal.value = bbox.height; + rect.setAttribute("class", className); + addItems.push({ parent: parent, target: rect }); + } + } + } else if (node.matches && !node.matches("button, select, textarea")) { + node.childNodes.forEach((el) => _highlight(el, addItems, text, className)); + } +}; +const _highlightText = (thisNode, text, className) => { + let addItems = []; + _highlight(thisNode, addItems, text, className); + addItems.forEach((obj) => + obj.parent.insertAdjacentElement("beforebegin", obj.target) + ); +}; + +/** + * Small JavaScript module for the documentation. + */ +const Documentation = { + init: () => { + Documentation.highlightSearchWords(); + Documentation.initDomainIndexTable(); + Documentation.initOnKeyListeners(); + }, + + /** + * i18n support + */ + TRANSLATIONS: {}, + PLURAL_EXPR: (n) => (n === 1 ? 0 : 1), + LOCALE: "unknown", + + // gettext and ngettext don't access this so that the functions + // can safely bound to a different name (_ = Documentation.gettext) + gettext: (string) => { + const translated = Documentation.TRANSLATIONS[string]; + switch (typeof translated) { + case "undefined": + return string; // no translation + case "string": + return translated; // translation exists + default: + return translated[0]; // (singular, plural) translation tuple exists + } + }, + + ngettext: (singular, plural, n) => { + const translated = Documentation.TRANSLATIONS[singular]; + if (typeof translated !== "undefined") + return translated[Documentation.PLURAL_EXPR(n)]; + return n === 1 ? singular : plural; + }, + + addTranslations: (catalog) => { + Object.assign(Documentation.TRANSLATIONS, catalog.messages); + Documentation.PLURAL_EXPR = new Function( + "n", + `return (${catalog.plural_expr})` + ); + Documentation.LOCALE = catalog.locale; + }, + + /** + * highlight the search words provided in the url in the text + */ + highlightSearchWords: () => { + const highlight = + new URLSearchParams(window.location.search).get("highlight") || ""; + const terms = highlight.toLowerCase().split(/\s+/).filter(x => x); + if (terms.length === 0) return; // nothing to do + + // There should never be more than one element matching "div.body" + const divBody = document.querySelectorAll("div.body"); + const body = divBody.length ? divBody[0] : document.querySelector("body"); + window.setTimeout(() => { + terms.forEach((term) => _highlightText(body, term, "highlighted")); + }, 10); + + const searchBox = document.getElementById("searchbox"); + if (searchBox === null) return; + searchBox.appendChild( + document + .createRange() + .createContextualFragment( + '

' + + '' + + Documentation.gettext("Hide Search Matches") + + "

" + ) + ); + }, + + /** + * helper function to hide the search marks again + */ + hideSearchWords: () => { + document + .querySelectorAll("#searchbox .highlight-link") + .forEach((el) => el.remove()); + document + .querySelectorAll("span.highlighted") + .forEach((el) => el.classList.remove("highlighted")); + const url = new URL(window.location); + url.searchParams.delete("highlight"); + window.history.replaceState({}, "", url); + }, + + /** + * helper function to focus on search bar + */ + focusSearchBar: () => { + document.querySelectorAll("input[name=q]")[0]?.focus(); + }, + + /** + * Initialise the domain index toggle buttons + */ + initDomainIndexTable: () => { + const toggler = (el) => { + const idNumber = el.id.substr(7); + const toggledRows = document.querySelectorAll(`tr.cg-${idNumber}`); + if (el.src.substr(-9) === "minus.png") { + el.src = `${el.src.substr(0, el.src.length - 9)}plus.png`; + toggledRows.forEach((el) => (el.style.display = "none")); + } else { + el.src = `${el.src.substr(0, el.src.length - 8)}minus.png`; + toggledRows.forEach((el) => (el.style.display = "")); + } + }; + + const togglerElements = document.querySelectorAll("img.toggler"); + togglerElements.forEach((el) => + el.addEventListener("click", (event) => toggler(event.currentTarget)) + ); + togglerElements.forEach((el) => (el.style.display = "")); + if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) togglerElements.forEach(toggler); + }, + + initOnKeyListeners: () => { + // only install a listener if it is really needed + if ( + !DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS && + !DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS + ) + return; + + const blacklistedElements = new Set([ + "TEXTAREA", + "INPUT", + "SELECT", + "BUTTON", + ]); + document.addEventListener("keydown", (event) => { + if (blacklistedElements.has(document.activeElement.tagName)) return; // bail for input elements + if (event.altKey || event.ctrlKey || event.metaKey) return; // bail with special keys + + if (!event.shiftKey) { + switch (event.key) { + case "ArrowLeft": + if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break; + + const prevLink = document.querySelector('link[rel="prev"]'); + if (prevLink && prevLink.href) { + window.location.href = prevLink.href; + event.preventDefault(); + } + break; + case "ArrowRight": + if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break; + + const nextLink = document.querySelector('link[rel="next"]'); + if (nextLink && nextLink.href) { + window.location.href = nextLink.href; + event.preventDefault(); + } + break; + case "Escape": + if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) break; + Documentation.hideSearchWords(); + event.preventDefault(); + } + } + + // some keyboard layouts may need Shift to get / + switch (event.key) { + case "/": + if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) break; + Documentation.focusSearchBar(); + event.preventDefault(); + } + }); + }, +}; + +// quick alias for translations +const _ = Documentation.gettext; + +_ready(Documentation.init); diff --git a/refs/pull/201/merge/it/_static/documentation_options.js b/refs/pull/201/merge/it/_static/documentation_options.js new file mode 100644 index 000000000..860ac2179 --- /dev/null +++ b/refs/pull/201/merge/it/_static/documentation_options.js @@ -0,0 +1,14 @@ +var DOCUMENTATION_OPTIONS = { + URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'), + VERSION: 'version: latest', + LANGUAGE: 'en', + COLLAPSE_INDEX: false, + BUILDER: 'html', + FILE_SUFFIX: '.html', + LINK_SUFFIX: '.html', + HAS_SOURCE: true, + SOURCELINK_SUFFIX: '.txt', + NAVIGATION_WITH_KEYS: false, + SHOW_SEARCH_SUMMARY: true, + ENABLE_SEARCH_SHORTCUTS: false, +}; \ No newline at end of file diff --git a/refs/pull/201/merge/it/_static/file.png b/refs/pull/201/merge/it/_static/file.png new file mode 100644 index 000000000..a858a410e Binary files /dev/null and b/refs/pull/201/merge/it/_static/file.png differ diff --git a/refs/pull/201/merge/it/_static/font/docs-italia.eot b/refs/pull/201/merge/it/_static/font/docs-italia.eot new file mode 100644 index 000000000..169c6163b Binary files /dev/null and b/refs/pull/201/merge/it/_static/font/docs-italia.eot differ diff --git a/refs/pull/201/merge/it/_static/font/docs-italia.svg b/refs/pull/201/merge/it/_static/font/docs-italia.svg new file mode 100644 index 000000000..aac6164e3 --- /dev/null +++ b/refs/pull/201/merge/it/_static/font/docs-italia.svg @@ -0,0 +1,68 @@ + + + +Generated by IcoMoon + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/_static/font/docs-italia.ttf b/refs/pull/201/merge/it/_static/font/docs-italia.ttf new file mode 100644 index 000000000..96a7767f4 Binary files /dev/null and b/refs/pull/201/merge/it/_static/font/docs-italia.ttf differ diff --git a/refs/pull/201/merge/it/_static/font/docs-italia.woff b/refs/pull/201/merge/it/_static/font/docs-italia.woff new file mode 100644 index 000000000..cda2cacb9 Binary files /dev/null and b/refs/pull/201/merge/it/_static/font/docs-italia.woff differ diff --git a/refs/pull/201/merge/it/_static/font/italia-icon-font.eot b/refs/pull/201/merge/it/_static/font/italia-icon-font.eot new file mode 100644 index 000000000..5242e5383 Binary files /dev/null and b/refs/pull/201/merge/it/_static/font/italia-icon-font.eot differ diff --git a/refs/pull/201/merge/it/_static/font/italia-icon-font.svg b/refs/pull/201/merge/it/_static/font/italia-icon-font.svg new file mode 100644 index 000000000..183080348 --- /dev/null +++ b/refs/pull/201/merge/it/_static/font/italia-icon-font.svg @@ -0,0 +1,134 @@ + + + +Copyright (C) 2018 by original authors @ fontello.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/_static/font/italia-icon-font.ttf b/refs/pull/201/merge/it/_static/font/italia-icon-font.ttf new file mode 100644 index 000000000..f290bd6e0 Binary files /dev/null and b/refs/pull/201/merge/it/_static/font/italia-icon-font.ttf differ diff --git a/refs/pull/201/merge/it/_static/font/italia-icon-font.woff b/refs/pull/201/merge/it/_static/font/italia-icon-font.woff new file mode 100644 index 000000000..101f487bc Binary files /dev/null and b/refs/pull/201/merge/it/_static/font/italia-icon-font.woff differ diff --git a/refs/pull/201/merge/it/_static/font/italia-icon-font.woff2 b/refs/pull/201/merge/it/_static/font/italia-icon-font.woff2 new file mode 100644 index 000000000..4598d5a99 Binary files /dev/null and b/refs/pull/201/merge/it/_static/font/italia-icon-font.woff2 differ diff --git a/refs/pull/201/merge/it/_static/images/agid-logo.svg b/refs/pull/201/merge/it/_static/images/agid-logo.svg new file mode 100644 index 000000000..a81f5eb84 --- /dev/null +++ b/refs/pull/201/merge/it/_static/images/agid-logo.svg @@ -0,0 +1,25 @@ + + + +Logo dell&Agenzia per l&Italia Digitale +Emblema della Repubblica Italiana con accanto l&acronimo AGID + + + + + + + + + + + + + + + + + diff --git a/refs/pull/201/merge/it/_static/images/may.svg b/refs/pull/201/merge/it/_static/images/may.svg new file mode 100644 index 000000000..53670ba97 --- /dev/null +++ b/refs/pull/201/merge/it/_static/images/may.svg @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + + + + + + + diff --git a/refs/pull/201/merge/it/_static/images/must.svg b/refs/pull/201/merge/it/_static/images/must.svg new file mode 100644 index 000000000..177c3c51e --- /dev/null +++ b/refs/pull/201/merge/it/_static/images/must.svg @@ -0,0 +1,71 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/refs/pull/201/merge/it/_static/images/must_not.svg b/refs/pull/201/merge/it/_static/images/must_not.svg new file mode 100644 index 000000000..8c0c0d852 --- /dev/null +++ b/refs/pull/201/merge/it/_static/images/must_not.svg @@ -0,0 +1,65 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/refs/pull/201/merge/it/_static/images/should.svg b/refs/pull/201/merge/it/_static/images/should.svg new file mode 100644 index 000000000..c1f35d655 --- /dev/null +++ b/refs/pull/201/merge/it/_static/images/should.svg @@ -0,0 +1,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/refs/pull/201/merge/it/_static/images/should_not.svg b/refs/pull/201/merge/it/_static/images/should_not.svg new file mode 100644 index 000000000..88e64a64c --- /dev/null +++ b/refs/pull/201/merge/it/_static/images/should_not.svg @@ -0,0 +1,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/refs/pull/201/merge/it/_static/images/team-digitale-logo.svg b/refs/pull/201/merge/it/_static/images/team-digitale-logo.svg new file mode 100644 index 000000000..fa557011d --- /dev/null +++ b/refs/pull/201/merge/it/_static/images/team-digitale-logo.svg @@ -0,0 +1,15 @@ + + + + + + + + + diff --git a/refs/pull/201/merge/it/_static/jquery-3.6.0.js b/refs/pull/201/merge/it/_static/jquery-3.6.0.js new file mode 100644 index 000000000..fc6c299b7 --- /dev/null +++ b/refs/pull/201/merge/it/_static/jquery-3.6.0.js @@ -0,0 +1,10881 @@ +/*! + * jQuery JavaScript Library v3.6.0 + * https://jquery.com/ + * + * Includes Sizzle.js + * https://sizzlejs.com/ + * + * Copyright OpenJS Foundation and other contributors + * Released under the MIT license + * https://jquery.org/license + * + * Date: 2021-03-02T17:08Z + */ +( function( global, factory ) { + + "use strict"; + + if ( typeof module === "object" && typeof module.exports === "object" ) { + + // For CommonJS and CommonJS-like environments where a proper `window` + // is present, execute the factory and get jQuery. + // For environments that do not have a `window` with a `document` + // (such as Node.js), expose a factory as module.exports. + // This accentuates the need for the creation of a real `window`. + // e.g. var jQuery = require("jquery")(window); + // See ticket #14549 for more info. + module.exports = global.document ? + factory( global, true ) : + function( w ) { + if ( !w.document ) { + throw new Error( "jQuery requires a window with a document" ); + } + return factory( w ); + }; + } else { + factory( global ); + } + +// Pass this if window is not defined yet +} )( typeof window !== "undefined" ? window : this, function( window, noGlobal ) { + +// Edge <= 12 - 13+, Firefox <=18 - 45+, IE 10 - 11, Safari 5.1 - 9+, iOS 6 - 9.1 +// throw exceptions when non-strict code (e.g., ASP.NET 4.5) accesses strict mode +// arguments.callee.caller (trac-13335). But as of jQuery 3.0 (2016), strict mode should be common +// enough that all such attempts are guarded in a try block. +"use strict"; + +var arr = []; + +var getProto = Object.getPrototypeOf; + +var slice = arr.slice; + +var flat = arr.flat ? function( array ) { + return arr.flat.call( array ); +} : function( array ) { + return arr.concat.apply( [], array ); +}; + + +var push = arr.push; + +var indexOf = arr.indexOf; + +var class2type = {}; + +var toString = class2type.toString; + +var hasOwn = class2type.hasOwnProperty; + +var fnToString = hasOwn.toString; + +var ObjectFunctionString = fnToString.call( Object ); + +var support = {}; + +var isFunction = function isFunction( obj ) { + + // Support: Chrome <=57, Firefox <=52 + // In some browsers, typeof returns "function" for HTML elements + // (i.e., `typeof document.createElement( "object" ) === "function"`). + // We don't want to classify *any* DOM node as a function. + // Support: QtWeb <=3.8.5, WebKit <=534.34, wkhtmltopdf tool <=0.12.5 + // Plus for old WebKit, typeof returns "function" for HTML collections + // (e.g., `typeof document.getElementsByTagName("div") === "function"`). (gh-4756) + return typeof obj === "function" && typeof obj.nodeType !== "number" && + typeof obj.item !== "function"; + }; + + +var isWindow = function isWindow( obj ) { + return obj != null && obj === obj.window; + }; + + +var document = window.document; + + + + var preservedScriptAttributes = { + type: true, + src: true, + nonce: true, + noModule: true + }; + + function DOMEval( code, node, doc ) { + doc = doc || document; + + var i, val, + script = doc.createElement( "script" ); + + script.text = code; + if ( node ) { + for ( i in preservedScriptAttributes ) { + + // Support: Firefox 64+, Edge 18+ + // Some browsers don't support the "nonce" property on scripts. + // On the other hand, just using `getAttribute` is not enough as + // the `nonce` attribute is reset to an empty string whenever it + // becomes browsing-context connected. + // See https://github.com/whatwg/html/issues/2369 + // See https://html.spec.whatwg.org/#nonce-attributes + // The `node.getAttribute` check was added for the sake of + // `jQuery.globalEval` so that it can fake a nonce-containing node + // via an object. + val = node[ i ] || node.getAttribute && node.getAttribute( i ); + if ( val ) { + script.setAttribute( i, val ); + } + } + } + doc.head.appendChild( script ).parentNode.removeChild( script ); + } + + +function toType( obj ) { + if ( obj == null ) { + return obj + ""; + } + + // Support: Android <=2.3 only (functionish RegExp) + return typeof obj === "object" || typeof obj === "function" ? + class2type[ toString.call( obj ) ] || "object" : + typeof obj; +} +/* global Symbol */ +// Defining this global in .eslintrc.json would create a danger of using the global +// unguarded in another place, it seems safer to define global only for this module + + + +var + version = "3.6.0", + + // Define a local copy of jQuery + jQuery = function( selector, context ) { + + // The jQuery object is actually just the init constructor 'enhanced' + // Need init if jQuery is called (just allow error to be thrown if not included) + return new jQuery.fn.init( selector, context ); + }; + +jQuery.fn = jQuery.prototype = { + + // The current version of jQuery being used + jquery: version, + + constructor: jQuery, + + // The default length of a jQuery object is 0 + length: 0, + + toArray: function() { + return slice.call( this ); + }, + + // Get the Nth element in the matched element set OR + // Get the whole matched element set as a clean array + get: function( num ) { + + // Return all the elements in a clean array + if ( num == null ) { + return slice.call( this ); + } + + // Return just the one element from the set + return num < 0 ? this[ num + this.length ] : this[ num ]; + }, + + // Take an array of elements and push it onto the stack + // (returning the new matched element set) + pushStack: function( elems ) { + + // Build a new jQuery matched element set + var ret = jQuery.merge( this.constructor(), elems ); + + // Add the old object onto the stack (as a reference) + ret.prevObject = this; + + // Return the newly-formed element set + return ret; + }, + + // Execute a callback for every element in the matched set. + each: function( callback ) { + return jQuery.each( this, callback ); + }, + + map: function( callback ) { + return this.pushStack( jQuery.map( this, function( elem, i ) { + return callback.call( elem, i, elem ); + } ) ); + }, + + slice: function() { + return this.pushStack( slice.apply( this, arguments ) ); + }, + + first: function() { + return this.eq( 0 ); + }, + + last: function() { + return this.eq( -1 ); + }, + + even: function() { + return this.pushStack( jQuery.grep( this, function( _elem, i ) { + return ( i + 1 ) % 2; + } ) ); + }, + + odd: function() { + return this.pushStack( jQuery.grep( this, function( _elem, i ) { + return i % 2; + } ) ); + }, + + eq: function( i ) { + var len = this.length, + j = +i + ( i < 0 ? len : 0 ); + return this.pushStack( j >= 0 && j < len ? [ this[ j ] ] : [] ); + }, + + end: function() { + return this.prevObject || this.constructor(); + }, + + // For internal use only. + // Behaves like an Array's method, not like a jQuery method. + push: push, + sort: arr.sort, + splice: arr.splice +}; + +jQuery.extend = jQuery.fn.extend = function() { + var options, name, src, copy, copyIsArray, clone, + target = arguments[ 0 ] || {}, + i = 1, + length = arguments.length, + deep = false; + + // Handle a deep copy situation + if ( typeof target === "boolean" ) { + deep = target; + + // Skip the boolean and the target + target = arguments[ i ] || {}; + i++; + } + + // Handle case when target is a string or something (possible in deep copy) + if ( typeof target !== "object" && !isFunction( target ) ) { + target = {}; + } + + // Extend jQuery itself if only one argument is passed + if ( i === length ) { + target = this; + i--; + } + + for ( ; i < length; i++ ) { + + // Only deal with non-null/undefined values + if ( ( options = arguments[ i ] ) != null ) { + + // Extend the base object + for ( name in options ) { + copy = options[ name ]; + + // Prevent Object.prototype pollution + // Prevent never-ending loop + if ( name === "__proto__" || target === copy ) { + continue; + } + + // Recurse if we're merging plain objects or arrays + if ( deep && copy && ( jQuery.isPlainObject( copy ) || + ( copyIsArray = Array.isArray( copy ) ) ) ) { + src = target[ name ]; + + // Ensure proper type for the source value + if ( copyIsArray && !Array.isArray( src ) ) { + clone = []; + } else if ( !copyIsArray && !jQuery.isPlainObject( src ) ) { + clone = {}; + } else { + clone = src; + } + copyIsArray = false; + + // Never move original objects, clone them + target[ name ] = jQuery.extend( deep, clone, copy ); + + // Don't bring in undefined values + } else if ( copy !== undefined ) { + target[ name ] = copy; + } + } + } + } + + // Return the modified object + return target; +}; + +jQuery.extend( { + + // Unique for each copy of jQuery on the page + expando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ), + + // Assume jQuery is ready without the ready module + isReady: true, + + error: function( msg ) { + throw new Error( msg ); + }, + + noop: function() {}, + + isPlainObject: function( obj ) { + var proto, Ctor; + + // Detect obvious negatives + // Use toString instead of jQuery.type to catch host objects + if ( !obj || toString.call( obj ) !== "[object Object]" ) { + return false; + } + + proto = getProto( obj ); + + // Objects with no prototype (e.g., `Object.create( null )`) are plain + if ( !proto ) { + return true; + } + + // Objects with prototype are plain iff they were constructed by a global Object function + Ctor = hasOwn.call( proto, "constructor" ) && proto.constructor; + return typeof Ctor === "function" && fnToString.call( Ctor ) === ObjectFunctionString; + }, + + isEmptyObject: function( obj ) { + var name; + + for ( name in obj ) { + return false; + } + return true; + }, + + // Evaluates a script in a provided context; falls back to the global one + // if not specified. + globalEval: function( code, options, doc ) { + DOMEval( code, { nonce: options && options.nonce }, doc ); + }, + + each: function( obj, callback ) { + var length, i = 0; + + if ( isArrayLike( obj ) ) { + length = obj.length; + for ( ; i < length; i++ ) { + if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { + break; + } + } + } else { + for ( i in obj ) { + if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { + break; + } + } + } + + return obj; + }, + + // results is for internal usage only + makeArray: function( arr, results ) { + var ret = results || []; + + if ( arr != null ) { + if ( isArrayLike( Object( arr ) ) ) { + jQuery.merge( ret, + typeof arr === "string" ? + [ arr ] : arr + ); + } else { + push.call( ret, arr ); + } + } + + return ret; + }, + + inArray: function( elem, arr, i ) { + return arr == null ? -1 : indexOf.call( arr, elem, i ); + }, + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + merge: function( first, second ) { + var len = +second.length, + j = 0, + i = first.length; + + for ( ; j < len; j++ ) { + first[ i++ ] = second[ j ]; + } + + first.length = i; + + return first; + }, + + grep: function( elems, callback, invert ) { + var callbackInverse, + matches = [], + i = 0, + length = elems.length, + callbackExpect = !invert; + + // Go through the array, only saving the items + // that pass the validator function + for ( ; i < length; i++ ) { + callbackInverse = !callback( elems[ i ], i ); + if ( callbackInverse !== callbackExpect ) { + matches.push( elems[ i ] ); + } + } + + return matches; + }, + + // arg is for internal usage only + map: function( elems, callback, arg ) { + var length, value, + i = 0, + ret = []; + + // Go through the array, translating each of the items to their new values + if ( isArrayLike( elems ) ) { + length = elems.length; + for ( ; i < length; i++ ) { + value = callback( elems[ i ], i, arg ); + + if ( value != null ) { + ret.push( value ); + } + } + + // Go through every key on the object, + } else { + for ( i in elems ) { + value = callback( elems[ i ], i, arg ); + + if ( value != null ) { + ret.push( value ); + } + } + } + + // Flatten any nested arrays + return flat( ret ); + }, + + // A global GUID counter for objects + guid: 1, + + // jQuery.support is not used in Core but other projects attach their + // properties to it so it needs to exist. + support: support +} ); + +if ( typeof Symbol === "function" ) { + jQuery.fn[ Symbol.iterator ] = arr[ Symbol.iterator ]; +} + +// Populate the class2type map +jQuery.each( "Boolean Number String Function Array Date RegExp Object Error Symbol".split( " " ), + function( _i, name ) { + class2type[ "[object " + name + "]" ] = name.toLowerCase(); + } ); + +function isArrayLike( obj ) { + + // Support: real iOS 8.2 only (not reproducible in simulator) + // `in` check used to prevent JIT error (gh-2145) + // hasOwn isn't used here due to false negatives + // regarding Nodelist length in IE + var length = !!obj && "length" in obj && obj.length, + type = toType( obj ); + + if ( isFunction( obj ) || isWindow( obj ) ) { + return false; + } + + return type === "array" || length === 0 || + typeof length === "number" && length > 0 && ( length - 1 ) in obj; +} +var Sizzle = +/*! + * Sizzle CSS Selector Engine v2.3.6 + * https://sizzlejs.com/ + * + * Copyright JS Foundation and other contributors + * Released under the MIT license + * https://js.foundation/ + * + * Date: 2021-02-16 + */ +( function( window ) { +var i, + support, + Expr, + getText, + isXML, + tokenize, + compile, + select, + outermostContext, + sortInput, + hasDuplicate, + + // Local document vars + setDocument, + document, + docElem, + documentIsHTML, + rbuggyQSA, + rbuggyMatches, + matches, + contains, + + // Instance-specific data + expando = "sizzle" + 1 * new Date(), + preferredDoc = window.document, + dirruns = 0, + done = 0, + classCache = createCache(), + tokenCache = createCache(), + compilerCache = createCache(), + nonnativeSelectorCache = createCache(), + sortOrder = function( a, b ) { + if ( a === b ) { + hasDuplicate = true; + } + return 0; + }, + + // Instance methods + hasOwn = ( {} ).hasOwnProperty, + arr = [], + pop = arr.pop, + pushNative = arr.push, + push = arr.push, + slice = arr.slice, + + // Use a stripped-down indexOf as it's faster than native + // https://jsperf.com/thor-indexof-vs-for/5 + indexOf = function( list, elem ) { + var i = 0, + len = list.length; + for ( ; i < len; i++ ) { + if ( list[ i ] === elem ) { + return i; + } + } + return -1; + }, + + booleans = "checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|" + + "ismap|loop|multiple|open|readonly|required|scoped", + + // Regular expressions + + // http://www.w3.org/TR/css3-selectors/#whitespace + whitespace = "[\\x20\\t\\r\\n\\f]", + + // https://www.w3.org/TR/css-syntax-3/#ident-token-diagram + identifier = "(?:\\\\[\\da-fA-F]{1,6}" + whitespace + + "?|\\\\[^\\r\\n\\f]|[\\w-]|[^\0-\\x7f])+", + + // Attribute selectors: http://www.w3.org/TR/selectors/#attribute-selectors + attributes = "\\[" + whitespace + "*(" + identifier + ")(?:" + whitespace + + + // Operator (capture 2) + "*([*^$|!~]?=)" + whitespace + + + // "Attribute values must be CSS identifiers [capture 5] + // or strings [capture 3 or capture 4]" + "*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|(" + identifier + "))|)" + + whitespace + "*\\]", + + pseudos = ":(" + identifier + ")(?:\\((" + + + // To reduce the number of selectors needing tokenize in the preFilter, prefer arguments: + // 1. quoted (capture 3; capture 4 or capture 5) + "('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|" + + + // 2. simple (capture 6) + "((?:\\\\.|[^\\\\()[\\]]|" + attributes + ")*)|" + + + // 3. anything else (capture 2) + ".*" + + ")\\)|)", + + // Leading and non-escaped trailing whitespace, capturing some non-whitespace characters preceding the latter + rwhitespace = new RegExp( whitespace + "+", "g" ), + rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + + whitespace + "+$", "g" ), + + rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ), + rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + + "*" ), + rdescend = new RegExp( whitespace + "|>" ), + + rpseudo = new RegExp( pseudos ), + ridentifier = new RegExp( "^" + identifier + "$" ), + + matchExpr = { + "ID": new RegExp( "^#(" + identifier + ")" ), + "CLASS": new RegExp( "^\\.(" + identifier + ")" ), + "TAG": new RegExp( "^(" + identifier + "|[*])" ), + "ATTR": new RegExp( "^" + attributes ), + "PSEUDO": new RegExp( "^" + pseudos ), + "CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + + whitespace + "*(even|odd|(([+-]|)(\\d*)n|)" + whitespace + "*(?:([+-]|)" + + whitespace + "*(\\d+)|))" + whitespace + "*\\)|)", "i" ), + "bool": new RegExp( "^(?:" + booleans + ")$", "i" ), + + // For use in libraries implementing .is() + // We use this for POS matching in `select` + "needsContext": new RegExp( "^" + whitespace + + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" + whitespace + + "*((?:-\\d)?\\d*)" + whitespace + "*\\)|)(?=[^-]|$)", "i" ) + }, + + rhtml = /HTML$/i, + rinputs = /^(?:input|select|textarea|button)$/i, + rheader = /^h\d$/i, + + rnative = /^[^{]+\{\s*\[native \w/, + + // Easily-parseable/retrievable ID or TAG or CLASS selectors + rquickExpr = /^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/, + + rsibling = /[+~]/, + + // CSS escapes + // http://www.w3.org/TR/CSS21/syndata.html#escaped-characters + runescape = new RegExp( "\\\\[\\da-fA-F]{1,6}" + whitespace + "?|\\\\([^\\r\\n\\f])", "g" ), + funescape = function( escape, nonHex ) { + var high = "0x" + escape.slice( 1 ) - 0x10000; + + return nonHex ? + + // Strip the backslash prefix from a non-hex escape sequence + nonHex : + + // Replace a hexadecimal escape sequence with the encoded Unicode code point + // Support: IE <=11+ + // For values outside the Basic Multilingual Plane (BMP), manually construct a + // surrogate pair + high < 0 ? + String.fromCharCode( high + 0x10000 ) : + String.fromCharCode( high >> 10 | 0xD800, high & 0x3FF | 0xDC00 ); + }, + + // CSS string/identifier serialization + // https://drafts.csswg.org/cssom/#common-serializing-idioms + rcssescape = /([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g, + fcssescape = function( ch, asCodePoint ) { + if ( asCodePoint ) { + + // U+0000 NULL becomes U+FFFD REPLACEMENT CHARACTER + if ( ch === "\0" ) { + return "\uFFFD"; + } + + // Control characters and (dependent upon position) numbers get escaped as code points + return ch.slice( 0, -1 ) + "\\" + + ch.charCodeAt( ch.length - 1 ).toString( 16 ) + " "; + } + + // Other potentially-special ASCII characters get backslash-escaped + return "\\" + ch; + }, + + // Used for iframes + // See setDocument() + // Removing the function wrapper causes a "Permission Denied" + // error in IE + unloadHandler = function() { + setDocument(); + }, + + inDisabledFieldset = addCombinator( + function( elem ) { + return elem.disabled === true && elem.nodeName.toLowerCase() === "fieldset"; + }, + { dir: "parentNode", next: "legend" } + ); + +// Optimize for push.apply( _, NodeList ) +try { + push.apply( + ( arr = slice.call( preferredDoc.childNodes ) ), + preferredDoc.childNodes + ); + + // Support: Android<4.0 + // Detect silently failing push.apply + // eslint-disable-next-line no-unused-expressions + arr[ preferredDoc.childNodes.length ].nodeType; +} catch ( e ) { + push = { apply: arr.length ? + + // Leverage slice if possible + function( target, els ) { + pushNative.apply( target, slice.call( els ) ); + } : + + // Support: IE<9 + // Otherwise append directly + function( target, els ) { + var j = target.length, + i = 0; + + // Can't trust NodeList.length + while ( ( target[ j++ ] = els[ i++ ] ) ) {} + target.length = j - 1; + } + }; +} + +function Sizzle( selector, context, results, seed ) { + var m, i, elem, nid, match, groups, newSelector, + newContext = context && context.ownerDocument, + + // nodeType defaults to 9, since context defaults to document + nodeType = context ? context.nodeType : 9; + + results = results || []; + + // Return early from calls with invalid selector or context + if ( typeof selector !== "string" || !selector || + nodeType !== 1 && nodeType !== 9 && nodeType !== 11 ) { + + return results; + } + + // Try to shortcut find operations (as opposed to filters) in HTML documents + if ( !seed ) { + setDocument( context ); + context = context || document; + + if ( documentIsHTML ) { + + // If the selector is sufficiently simple, try using a "get*By*" DOM method + // (excepting DocumentFragment context, where the methods don't exist) + if ( nodeType !== 11 && ( match = rquickExpr.exec( selector ) ) ) { + + // ID selector + if ( ( m = match[ 1 ] ) ) { + + // Document context + if ( nodeType === 9 ) { + if ( ( elem = context.getElementById( m ) ) ) { + + // Support: IE, Opera, Webkit + // TODO: identify versions + // getElementById can match elements by name instead of ID + if ( elem.id === m ) { + results.push( elem ); + return results; + } + } else { + return results; + } + + // Element context + } else { + + // Support: IE, Opera, Webkit + // TODO: identify versions + // getElementById can match elements by name instead of ID + if ( newContext && ( elem = newContext.getElementById( m ) ) && + contains( context, elem ) && + elem.id === m ) { + + results.push( elem ); + return results; + } + } + + // Type selector + } else if ( match[ 2 ] ) { + push.apply( results, context.getElementsByTagName( selector ) ); + return results; + + // Class selector + } else if ( ( m = match[ 3 ] ) && support.getElementsByClassName && + context.getElementsByClassName ) { + + push.apply( results, context.getElementsByClassName( m ) ); + return results; + } + } + + // Take advantage of querySelectorAll + if ( support.qsa && + !nonnativeSelectorCache[ selector + " " ] && + ( !rbuggyQSA || !rbuggyQSA.test( selector ) ) && + + // Support: IE 8 only + // Exclude object elements + ( nodeType !== 1 || context.nodeName.toLowerCase() !== "object" ) ) { + + newSelector = selector; + newContext = context; + + // qSA considers elements outside a scoping root when evaluating child or + // descendant combinators, which is not what we want. + // In such cases, we work around the behavior by prefixing every selector in the + // list with an ID selector referencing the scope context. + // The technique has to be used as well when a leading combinator is used + // as such selectors are not recognized by querySelectorAll. + // Thanks to Andrew Dupont for this technique. + if ( nodeType === 1 && + ( rdescend.test( selector ) || rcombinators.test( selector ) ) ) { + + // Expand context for sibling selectors + newContext = rsibling.test( selector ) && testContext( context.parentNode ) || + context; + + // We can use :scope instead of the ID hack if the browser + // supports it & if we're not changing the context. + if ( newContext !== context || !support.scope ) { + + // Capture the context ID, setting it first if necessary + if ( ( nid = context.getAttribute( "id" ) ) ) { + nid = nid.replace( rcssescape, fcssescape ); + } else { + context.setAttribute( "id", ( nid = expando ) ); + } + } + + // Prefix every selector in the list + groups = tokenize( selector ); + i = groups.length; + while ( i-- ) { + groups[ i ] = ( nid ? "#" + nid : ":scope" ) + " " + + toSelector( groups[ i ] ); + } + newSelector = groups.join( "," ); + } + + try { + push.apply( results, + newContext.querySelectorAll( newSelector ) + ); + return results; + } catch ( qsaError ) { + nonnativeSelectorCache( selector, true ); + } finally { + if ( nid === expando ) { + context.removeAttribute( "id" ); + } + } + } + } + } + + // All others + return select( selector.replace( rtrim, "$1" ), context, results, seed ); +} + +/** + * Create key-value caches of limited size + * @returns {function(string, object)} Returns the Object data after storing it on itself with + * property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength) + * deleting the oldest entry + */ +function createCache() { + var keys = []; + + function cache( key, value ) { + + // Use (key + " ") to avoid collision with native prototype properties (see Issue #157) + if ( keys.push( key + " " ) > Expr.cacheLength ) { + + // Only keep the most recent entries + delete cache[ keys.shift() ]; + } + return ( cache[ key + " " ] = value ); + } + return cache; +} + +/** + * Mark a function for special use by Sizzle + * @param {Function} fn The function to mark + */ +function markFunction( fn ) { + fn[ expando ] = true; + return fn; +} + +/** + * Support testing using an element + * @param {Function} fn Passed the created element and returns a boolean result + */ +function assert( fn ) { + var el = document.createElement( "fieldset" ); + + try { + return !!fn( el ); + } catch ( e ) { + return false; + } finally { + + // Remove from its parent by default + if ( el.parentNode ) { + el.parentNode.removeChild( el ); + } + + // release memory in IE + el = null; + } +} + +/** + * Adds the same handler for all of the specified attrs + * @param {String} attrs Pipe-separated list of attributes + * @param {Function} handler The method that will be applied + */ +function addHandle( attrs, handler ) { + var arr = attrs.split( "|" ), + i = arr.length; + + while ( i-- ) { + Expr.attrHandle[ arr[ i ] ] = handler; + } +} + +/** + * Checks document order of two siblings + * @param {Element} a + * @param {Element} b + * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b + */ +function siblingCheck( a, b ) { + var cur = b && a, + diff = cur && a.nodeType === 1 && b.nodeType === 1 && + a.sourceIndex - b.sourceIndex; + + // Use IE sourceIndex if available on both nodes + if ( diff ) { + return diff; + } + + // Check if b follows a + if ( cur ) { + while ( ( cur = cur.nextSibling ) ) { + if ( cur === b ) { + return -1; + } + } + } + + return a ? 1 : -1; +} + +/** + * Returns a function to use in pseudos for input types + * @param {String} type + */ +function createInputPseudo( type ) { + return function( elem ) { + var name = elem.nodeName.toLowerCase(); + return name === "input" && elem.type === type; + }; +} + +/** + * Returns a function to use in pseudos for buttons + * @param {String} type + */ +function createButtonPseudo( type ) { + return function( elem ) { + var name = elem.nodeName.toLowerCase(); + return ( name === "input" || name === "button" ) && elem.type === type; + }; +} + +/** + * Returns a function to use in pseudos for :enabled/:disabled + * @param {Boolean} disabled true for :disabled; false for :enabled + */ +function createDisabledPseudo( disabled ) { + + // Known :disabled false positives: fieldset[disabled] > legend:nth-of-type(n+2) :can-disable + return function( elem ) { + + // Only certain elements can match :enabled or :disabled + // https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled + // https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled + if ( "form" in elem ) { + + // Check for inherited disabledness on relevant non-disabled elements: + // * listed form-associated elements in a disabled fieldset + // https://html.spec.whatwg.org/multipage/forms.html#category-listed + // https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled + // * option elements in a disabled optgroup + // https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled + // All such elements have a "form" property. + if ( elem.parentNode && elem.disabled === false ) { + + // Option elements defer to a parent optgroup if present + if ( "label" in elem ) { + if ( "label" in elem.parentNode ) { + return elem.parentNode.disabled === disabled; + } else { + return elem.disabled === disabled; + } + } + + // Support: IE 6 - 11 + // Use the isDisabled shortcut property to check for disabled fieldset ancestors + return elem.isDisabled === disabled || + + // Where there is no isDisabled, check manually + /* jshint -W018 */ + elem.isDisabled !== !disabled && + inDisabledFieldset( elem ) === disabled; + } + + return elem.disabled === disabled; + + // Try to winnow out elements that can't be disabled before trusting the disabled property. + // Some victims get caught in our net (label, legend, menu, track), but it shouldn't + // even exist on them, let alone have a boolean value. + } else if ( "label" in elem ) { + return elem.disabled === disabled; + } + + // Remaining elements are neither :enabled nor :disabled + return false; + }; +} + +/** + * Returns a function to use in pseudos for positionals + * @param {Function} fn + */ +function createPositionalPseudo( fn ) { + return markFunction( function( argument ) { + argument = +argument; + return markFunction( function( seed, matches ) { + var j, + matchIndexes = fn( [], seed.length, argument ), + i = matchIndexes.length; + + // Match elements found at the specified indexes + while ( i-- ) { + if ( seed[ ( j = matchIndexes[ i ] ) ] ) { + seed[ j ] = !( matches[ j ] = seed[ j ] ); + } + } + } ); + } ); +} + +/** + * Checks a node for validity as a Sizzle context + * @param {Element|Object=} context + * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value + */ +function testContext( context ) { + return context && typeof context.getElementsByTagName !== "undefined" && context; +} + +// Expose support vars for convenience +support = Sizzle.support = {}; + +/** + * Detects XML nodes + * @param {Element|Object} elem An element or a document + * @returns {Boolean} True iff elem is a non-HTML XML node + */ +isXML = Sizzle.isXML = function( elem ) { + var namespace = elem && elem.namespaceURI, + docElem = elem && ( elem.ownerDocument || elem ).documentElement; + + // Support: IE <=8 + // Assume HTML when documentElement doesn't yet exist, such as inside loading iframes + // https://bugs.jquery.com/ticket/4833 + return !rhtml.test( namespace || docElem && docElem.nodeName || "HTML" ); +}; + +/** + * Sets document-related variables once based on the current document + * @param {Element|Object} [doc] An element or document object to use to set the document + * @returns {Object} Returns the current document + */ +setDocument = Sizzle.setDocument = function( node ) { + var hasCompare, subWindow, + doc = node ? node.ownerDocument || node : preferredDoc; + + // Return early if doc is invalid or already selected + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( doc == document || doc.nodeType !== 9 || !doc.documentElement ) { + return document; + } + + // Update global variables + document = doc; + docElem = document.documentElement; + documentIsHTML = !isXML( document ); + + // Support: IE 9 - 11+, Edge 12 - 18+ + // Accessing iframe documents after unload throws "permission denied" errors (jQuery #13936) + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( preferredDoc != document && + ( subWindow = document.defaultView ) && subWindow.top !== subWindow ) { + + // Support: IE 11, Edge + if ( subWindow.addEventListener ) { + subWindow.addEventListener( "unload", unloadHandler, false ); + + // Support: IE 9 - 10 only + } else if ( subWindow.attachEvent ) { + subWindow.attachEvent( "onunload", unloadHandler ); + } + } + + // Support: IE 8 - 11+, Edge 12 - 18+, Chrome <=16 - 25 only, Firefox <=3.6 - 31 only, + // Safari 4 - 5 only, Opera <=11.6 - 12.x only + // IE/Edge & older browsers don't support the :scope pseudo-class. + // Support: Safari 6.0 only + // Safari 6.0 supports :scope but it's an alias of :root there. + support.scope = assert( function( el ) { + docElem.appendChild( el ).appendChild( document.createElement( "div" ) ); + return typeof el.querySelectorAll !== "undefined" && + !el.querySelectorAll( ":scope fieldset div" ).length; + } ); + + /* Attributes + ---------------------------------------------------------------------- */ + + // Support: IE<8 + // Verify that getAttribute really returns attributes and not properties + // (excepting IE8 booleans) + support.attributes = assert( function( el ) { + el.className = "i"; + return !el.getAttribute( "className" ); + } ); + + /* getElement(s)By* + ---------------------------------------------------------------------- */ + + // Check if getElementsByTagName("*") returns only elements + support.getElementsByTagName = assert( function( el ) { + el.appendChild( document.createComment( "" ) ); + return !el.getElementsByTagName( "*" ).length; + } ); + + // Support: IE<9 + support.getElementsByClassName = rnative.test( document.getElementsByClassName ); + + // Support: IE<10 + // Check if getElementById returns elements by name + // The broken getElementById methods don't pick up programmatically-set names, + // so use a roundabout getElementsByName test + support.getById = assert( function( el ) { + docElem.appendChild( el ).id = expando; + return !document.getElementsByName || !document.getElementsByName( expando ).length; + } ); + + // ID filter and find + if ( support.getById ) { + Expr.filter[ "ID" ] = function( id ) { + var attrId = id.replace( runescape, funescape ); + return function( elem ) { + return elem.getAttribute( "id" ) === attrId; + }; + }; + Expr.find[ "ID" ] = function( id, context ) { + if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { + var elem = context.getElementById( id ); + return elem ? [ elem ] : []; + } + }; + } else { + Expr.filter[ "ID" ] = function( id ) { + var attrId = id.replace( runescape, funescape ); + return function( elem ) { + var node = typeof elem.getAttributeNode !== "undefined" && + elem.getAttributeNode( "id" ); + return node && node.value === attrId; + }; + }; + + // Support: IE 6 - 7 only + // getElementById is not reliable as a find shortcut + Expr.find[ "ID" ] = function( id, context ) { + if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { + var node, i, elems, + elem = context.getElementById( id ); + + if ( elem ) { + + // Verify the id attribute + node = elem.getAttributeNode( "id" ); + if ( node && node.value === id ) { + return [ elem ]; + } + + // Fall back on getElementsByName + elems = context.getElementsByName( id ); + i = 0; + while ( ( elem = elems[ i++ ] ) ) { + node = elem.getAttributeNode( "id" ); + if ( node && node.value === id ) { + return [ elem ]; + } + } + } + + return []; + } + }; + } + + // Tag + Expr.find[ "TAG" ] = support.getElementsByTagName ? + function( tag, context ) { + if ( typeof context.getElementsByTagName !== "undefined" ) { + return context.getElementsByTagName( tag ); + + // DocumentFragment nodes don't have gEBTN + } else if ( support.qsa ) { + return context.querySelectorAll( tag ); + } + } : + + function( tag, context ) { + var elem, + tmp = [], + i = 0, + + // By happy coincidence, a (broken) gEBTN appears on DocumentFragment nodes too + results = context.getElementsByTagName( tag ); + + // Filter out possible comments + if ( tag === "*" ) { + while ( ( elem = results[ i++ ] ) ) { + if ( elem.nodeType === 1 ) { + tmp.push( elem ); + } + } + + return tmp; + } + return results; + }; + + // Class + Expr.find[ "CLASS" ] = support.getElementsByClassName && function( className, context ) { + if ( typeof context.getElementsByClassName !== "undefined" && documentIsHTML ) { + return context.getElementsByClassName( className ); + } + }; + + /* QSA/matchesSelector + ---------------------------------------------------------------------- */ + + // QSA and matchesSelector support + + // matchesSelector(:active) reports false when true (IE9/Opera 11.5) + rbuggyMatches = []; + + // qSa(:focus) reports false when true (Chrome 21) + // We allow this because of a bug in IE8/9 that throws an error + // whenever `document.activeElement` is accessed on an iframe + // So, we allow :focus to pass through QSA all the time to avoid the IE error + // See https://bugs.jquery.com/ticket/13378 + rbuggyQSA = []; + + if ( ( support.qsa = rnative.test( document.querySelectorAll ) ) ) { + + // Build QSA regex + // Regex strategy adopted from Diego Perini + assert( function( el ) { + + var input; + + // Select is set to empty string on purpose + // This is to test IE's treatment of not explicitly + // setting a boolean content attribute, + // since its presence should be enough + // https://bugs.jquery.com/ticket/12359 + docElem.appendChild( el ).innerHTML = "" + + ""; + + // Support: IE8, Opera 11-12.16 + // Nothing should be selected when empty strings follow ^= or $= or *= + // The test attribute must be unknown in Opera but "safe" for WinRT + // https://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section + if ( el.querySelectorAll( "[msallowcapture^='']" ).length ) { + rbuggyQSA.push( "[*^$]=" + whitespace + "*(?:''|\"\")" ); + } + + // Support: IE8 + // Boolean attributes and "value" are not treated correctly + if ( !el.querySelectorAll( "[selected]" ).length ) { + rbuggyQSA.push( "\\[" + whitespace + "*(?:value|" + booleans + ")" ); + } + + // Support: Chrome<29, Android<4.4, Safari<7.0+, iOS<7.0+, PhantomJS<1.9.8+ + if ( !el.querySelectorAll( "[id~=" + expando + "-]" ).length ) { + rbuggyQSA.push( "~=" ); + } + + // Support: IE 11+, Edge 15 - 18+ + // IE 11/Edge don't find elements on a `[name='']` query in some cases. + // Adding a temporary attribute to the document before the selection works + // around the issue. + // Interestingly, IE 10 & older don't seem to have the issue. + input = document.createElement( "input" ); + input.setAttribute( "name", "" ); + el.appendChild( input ); + if ( !el.querySelectorAll( "[name='']" ).length ) { + rbuggyQSA.push( "\\[" + whitespace + "*name" + whitespace + "*=" + + whitespace + "*(?:''|\"\")" ); + } + + // Webkit/Opera - :checked should return selected option elements + // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked + // IE8 throws error here and will not see later tests + if ( !el.querySelectorAll( ":checked" ).length ) { + rbuggyQSA.push( ":checked" ); + } + + // Support: Safari 8+, iOS 8+ + // https://bugs.webkit.org/show_bug.cgi?id=136851 + // In-page `selector#id sibling-combinator selector` fails + if ( !el.querySelectorAll( "a#" + expando + "+*" ).length ) { + rbuggyQSA.push( ".#.+[+~]" ); + } + + // Support: Firefox <=3.6 - 5 only + // Old Firefox doesn't throw on a badly-escaped identifier. + el.querySelectorAll( "\\\f" ); + rbuggyQSA.push( "[\\r\\n\\f]" ); + } ); + + assert( function( el ) { + el.innerHTML = "" + + ""; + + // Support: Windows 8 Native Apps + // The type and name attributes are restricted during .innerHTML assignment + var input = document.createElement( "input" ); + input.setAttribute( "type", "hidden" ); + el.appendChild( input ).setAttribute( "name", "D" ); + + // Support: IE8 + // Enforce case-sensitivity of name attribute + if ( el.querySelectorAll( "[name=d]" ).length ) { + rbuggyQSA.push( "name" + whitespace + "*[*^$|!~]?=" ); + } + + // FF 3.5 - :enabled/:disabled and hidden elements (hidden elements are still enabled) + // IE8 throws error here and will not see later tests + if ( el.querySelectorAll( ":enabled" ).length !== 2 ) { + rbuggyQSA.push( ":enabled", ":disabled" ); + } + + // Support: IE9-11+ + // IE's :disabled selector does not pick up the children of disabled fieldsets + docElem.appendChild( el ).disabled = true; + if ( el.querySelectorAll( ":disabled" ).length !== 2 ) { + rbuggyQSA.push( ":enabled", ":disabled" ); + } + + // Support: Opera 10 - 11 only + // Opera 10-11 does not throw on post-comma invalid pseudos + el.querySelectorAll( "*,:x" ); + rbuggyQSA.push( ",.*:" ); + } ); + } + + if ( ( support.matchesSelector = rnative.test( ( matches = docElem.matches || + docElem.webkitMatchesSelector || + docElem.mozMatchesSelector || + docElem.oMatchesSelector || + docElem.msMatchesSelector ) ) ) ) { + + assert( function( el ) { + + // Check to see if it's possible to do matchesSelector + // on a disconnected node (IE 9) + support.disconnectedMatch = matches.call( el, "*" ); + + // This should fail with an exception + // Gecko does not error, returns false instead + matches.call( el, "[s!='']:x" ); + rbuggyMatches.push( "!=", pseudos ); + } ); + } + + rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join( "|" ) ); + rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join( "|" ) ); + + /* Contains + ---------------------------------------------------------------------- */ + hasCompare = rnative.test( docElem.compareDocumentPosition ); + + // Element contains another + // Purposefully self-exclusive + // As in, an element does not contain itself + contains = hasCompare || rnative.test( docElem.contains ) ? + function( a, b ) { + var adown = a.nodeType === 9 ? a.documentElement : a, + bup = b && b.parentNode; + return a === bup || !!( bup && bup.nodeType === 1 && ( + adown.contains ? + adown.contains( bup ) : + a.compareDocumentPosition && a.compareDocumentPosition( bup ) & 16 + ) ); + } : + function( a, b ) { + if ( b ) { + while ( ( b = b.parentNode ) ) { + if ( b === a ) { + return true; + } + } + } + return false; + }; + + /* Sorting + ---------------------------------------------------------------------- */ + + // Document order sorting + sortOrder = hasCompare ? + function( a, b ) { + + // Flag for duplicate removal + if ( a === b ) { + hasDuplicate = true; + return 0; + } + + // Sort on method existence if only one input has compareDocumentPosition + var compare = !a.compareDocumentPosition - !b.compareDocumentPosition; + if ( compare ) { + return compare; + } + + // Calculate position if both inputs belong to the same document + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + compare = ( a.ownerDocument || a ) == ( b.ownerDocument || b ) ? + a.compareDocumentPosition( b ) : + + // Otherwise we know they are disconnected + 1; + + // Disconnected nodes + if ( compare & 1 || + ( !support.sortDetached && b.compareDocumentPosition( a ) === compare ) ) { + + // Choose the first element that is related to our preferred document + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( a == document || a.ownerDocument == preferredDoc && + contains( preferredDoc, a ) ) { + return -1; + } + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( b == document || b.ownerDocument == preferredDoc && + contains( preferredDoc, b ) ) { + return 1; + } + + // Maintain original order + return sortInput ? + ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : + 0; + } + + return compare & 4 ? -1 : 1; + } : + function( a, b ) { + + // Exit early if the nodes are identical + if ( a === b ) { + hasDuplicate = true; + return 0; + } + + var cur, + i = 0, + aup = a.parentNode, + bup = b.parentNode, + ap = [ a ], + bp = [ b ]; + + // Parentless nodes are either documents or disconnected + if ( !aup || !bup ) { + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + /* eslint-disable eqeqeq */ + return a == document ? -1 : + b == document ? 1 : + /* eslint-enable eqeqeq */ + aup ? -1 : + bup ? 1 : + sortInput ? + ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : + 0; + + // If the nodes are siblings, we can do a quick check + } else if ( aup === bup ) { + return siblingCheck( a, b ); + } + + // Otherwise we need full lists of their ancestors for comparison + cur = a; + while ( ( cur = cur.parentNode ) ) { + ap.unshift( cur ); + } + cur = b; + while ( ( cur = cur.parentNode ) ) { + bp.unshift( cur ); + } + + // Walk down the tree looking for a discrepancy + while ( ap[ i ] === bp[ i ] ) { + i++; + } + + return i ? + + // Do a sibling check if the nodes have a common ancestor + siblingCheck( ap[ i ], bp[ i ] ) : + + // Otherwise nodes in our document sort first + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + /* eslint-disable eqeqeq */ + ap[ i ] == preferredDoc ? -1 : + bp[ i ] == preferredDoc ? 1 : + /* eslint-enable eqeqeq */ + 0; + }; + + return document; +}; + +Sizzle.matches = function( expr, elements ) { + return Sizzle( expr, null, null, elements ); +}; + +Sizzle.matchesSelector = function( elem, expr ) { + setDocument( elem ); + + if ( support.matchesSelector && documentIsHTML && + !nonnativeSelectorCache[ expr + " " ] && + ( !rbuggyMatches || !rbuggyMatches.test( expr ) ) && + ( !rbuggyQSA || !rbuggyQSA.test( expr ) ) ) { + + try { + var ret = matches.call( elem, expr ); + + // IE 9's matchesSelector returns false on disconnected nodes + if ( ret || support.disconnectedMatch || + + // As well, disconnected nodes are said to be in a document + // fragment in IE 9 + elem.document && elem.document.nodeType !== 11 ) { + return ret; + } + } catch ( e ) { + nonnativeSelectorCache( expr, true ); + } + } + + return Sizzle( expr, document, null, [ elem ] ).length > 0; +}; + +Sizzle.contains = function( context, elem ) { + + // Set document vars if needed + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( ( context.ownerDocument || context ) != document ) { + setDocument( context ); + } + return contains( context, elem ); +}; + +Sizzle.attr = function( elem, name ) { + + // Set document vars if needed + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( ( elem.ownerDocument || elem ) != document ) { + setDocument( elem ); + } + + var fn = Expr.attrHandle[ name.toLowerCase() ], + + // Don't get fooled by Object.prototype properties (jQuery #13807) + val = fn && hasOwn.call( Expr.attrHandle, name.toLowerCase() ) ? + fn( elem, name, !documentIsHTML ) : + undefined; + + return val !== undefined ? + val : + support.attributes || !documentIsHTML ? + elem.getAttribute( name ) : + ( val = elem.getAttributeNode( name ) ) && val.specified ? + val.value : + null; +}; + +Sizzle.escape = function( sel ) { + return ( sel + "" ).replace( rcssescape, fcssescape ); +}; + +Sizzle.error = function( msg ) { + throw new Error( "Syntax error, unrecognized expression: " + msg ); +}; + +/** + * Document sorting and removing duplicates + * @param {ArrayLike} results + */ +Sizzle.uniqueSort = function( results ) { + var elem, + duplicates = [], + j = 0, + i = 0; + + // Unless we *know* we can detect duplicates, assume their presence + hasDuplicate = !support.detectDuplicates; + sortInput = !support.sortStable && results.slice( 0 ); + results.sort( sortOrder ); + + if ( hasDuplicate ) { + while ( ( elem = results[ i++ ] ) ) { + if ( elem === results[ i ] ) { + j = duplicates.push( i ); + } + } + while ( j-- ) { + results.splice( duplicates[ j ], 1 ); + } + } + + // Clear input after sorting to release objects + // See https://github.com/jquery/sizzle/pull/225 + sortInput = null; + + return results; +}; + +/** + * Utility function for retrieving the text value of an array of DOM nodes + * @param {Array|Element} elem + */ +getText = Sizzle.getText = function( elem ) { + var node, + ret = "", + i = 0, + nodeType = elem.nodeType; + + if ( !nodeType ) { + + // If no nodeType, this is expected to be an array + while ( ( node = elem[ i++ ] ) ) { + + // Do not traverse comment nodes + ret += getText( node ); + } + } else if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) { + + // Use textContent for elements + // innerText usage removed for consistency of new lines (jQuery #11153) + if ( typeof elem.textContent === "string" ) { + return elem.textContent; + } else { + + // Traverse its children + for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { + ret += getText( elem ); + } + } + } else if ( nodeType === 3 || nodeType === 4 ) { + return elem.nodeValue; + } + + // Do not include comment or processing instruction nodes + + return ret; +}; + +Expr = Sizzle.selectors = { + + // Can be adjusted by the user + cacheLength: 50, + + createPseudo: markFunction, + + match: matchExpr, + + attrHandle: {}, + + find: {}, + + relative: { + ">": { dir: "parentNode", first: true }, + " ": { dir: "parentNode" }, + "+": { dir: "previousSibling", first: true }, + "~": { dir: "previousSibling" } + }, + + preFilter: { + "ATTR": function( match ) { + match[ 1 ] = match[ 1 ].replace( runescape, funescape ); + + // Move the given value to match[3] whether quoted or unquoted + match[ 3 ] = ( match[ 3 ] || match[ 4 ] || + match[ 5 ] || "" ).replace( runescape, funescape ); + + if ( match[ 2 ] === "~=" ) { + match[ 3 ] = " " + match[ 3 ] + " "; + } + + return match.slice( 0, 4 ); + }, + + "CHILD": function( match ) { + + /* matches from matchExpr["CHILD"] + 1 type (only|nth|...) + 2 what (child|of-type) + 3 argument (even|odd|\d*|\d*n([+-]\d+)?|...) + 4 xn-component of xn+y argument ([+-]?\d*n|) + 5 sign of xn-component + 6 x of xn-component + 7 sign of y-component + 8 y of y-component + */ + match[ 1 ] = match[ 1 ].toLowerCase(); + + if ( match[ 1 ].slice( 0, 3 ) === "nth" ) { + + // nth-* requires argument + if ( !match[ 3 ] ) { + Sizzle.error( match[ 0 ] ); + } + + // numeric x and y parameters for Expr.filter.CHILD + // remember that false/true cast respectively to 0/1 + match[ 4 ] = +( match[ 4 ] ? + match[ 5 ] + ( match[ 6 ] || 1 ) : + 2 * ( match[ 3 ] === "even" || match[ 3 ] === "odd" ) ); + match[ 5 ] = +( ( match[ 7 ] + match[ 8 ] ) || match[ 3 ] === "odd" ); + + // other types prohibit arguments + } else if ( match[ 3 ] ) { + Sizzle.error( match[ 0 ] ); + } + + return match; + }, + + "PSEUDO": function( match ) { + var excess, + unquoted = !match[ 6 ] && match[ 2 ]; + + if ( matchExpr[ "CHILD" ].test( match[ 0 ] ) ) { + return null; + } + + // Accept quoted arguments as-is + if ( match[ 3 ] ) { + match[ 2 ] = match[ 4 ] || match[ 5 ] || ""; + + // Strip excess characters from unquoted arguments + } else if ( unquoted && rpseudo.test( unquoted ) && + + // Get excess from tokenize (recursively) + ( excess = tokenize( unquoted, true ) ) && + + // advance to the next closing parenthesis + ( excess = unquoted.indexOf( ")", unquoted.length - excess ) - unquoted.length ) ) { + + // excess is a negative index + match[ 0 ] = match[ 0 ].slice( 0, excess ); + match[ 2 ] = unquoted.slice( 0, excess ); + } + + // Return only captures needed by the pseudo filter method (type and argument) + return match.slice( 0, 3 ); + } + }, + + filter: { + + "TAG": function( nodeNameSelector ) { + var nodeName = nodeNameSelector.replace( runescape, funescape ).toLowerCase(); + return nodeNameSelector === "*" ? + function() { + return true; + } : + function( elem ) { + return elem.nodeName && elem.nodeName.toLowerCase() === nodeName; + }; + }, + + "CLASS": function( className ) { + var pattern = classCache[ className + " " ]; + + return pattern || + ( pattern = new RegExp( "(^|" + whitespace + + ")" + className + "(" + whitespace + "|$)" ) ) && classCache( + className, function( elem ) { + return pattern.test( + typeof elem.className === "string" && elem.className || + typeof elem.getAttribute !== "undefined" && + elem.getAttribute( "class" ) || + "" + ); + } ); + }, + + "ATTR": function( name, operator, check ) { + return function( elem ) { + var result = Sizzle.attr( elem, name ); + + if ( result == null ) { + return operator === "!="; + } + if ( !operator ) { + return true; + } + + result += ""; + + /* eslint-disable max-len */ + + return operator === "=" ? result === check : + operator === "!=" ? result !== check : + operator === "^=" ? check && result.indexOf( check ) === 0 : + operator === "*=" ? check && result.indexOf( check ) > -1 : + operator === "$=" ? check && result.slice( -check.length ) === check : + operator === "~=" ? ( " " + result.replace( rwhitespace, " " ) + " " ).indexOf( check ) > -1 : + operator === "|=" ? result === check || result.slice( 0, check.length + 1 ) === check + "-" : + false; + /* eslint-enable max-len */ + + }; + }, + + "CHILD": function( type, what, _argument, first, last ) { + var simple = type.slice( 0, 3 ) !== "nth", + forward = type.slice( -4 ) !== "last", + ofType = what === "of-type"; + + return first === 1 && last === 0 ? + + // Shortcut for :nth-*(n) + function( elem ) { + return !!elem.parentNode; + } : + + function( elem, _context, xml ) { + var cache, uniqueCache, outerCache, node, nodeIndex, start, + dir = simple !== forward ? "nextSibling" : "previousSibling", + parent = elem.parentNode, + name = ofType && elem.nodeName.toLowerCase(), + useCache = !xml && !ofType, + diff = false; + + if ( parent ) { + + // :(first|last|only)-(child|of-type) + if ( simple ) { + while ( dir ) { + node = elem; + while ( ( node = node[ dir ] ) ) { + if ( ofType ? + node.nodeName.toLowerCase() === name : + node.nodeType === 1 ) { + + return false; + } + } + + // Reverse direction for :only-* (if we haven't yet done so) + start = dir = type === "only" && !start && "nextSibling"; + } + return true; + } + + start = [ forward ? parent.firstChild : parent.lastChild ]; + + // non-xml :nth-child(...) stores cache data on `parent` + if ( forward && useCache ) { + + // Seek `elem` from a previously-cached index + + // ...in a gzip-friendly way + node = parent; + outerCache = node[ expando ] || ( node[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + ( outerCache[ node.uniqueID ] = {} ); + + cache = uniqueCache[ type ] || []; + nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; + diff = nodeIndex && cache[ 2 ]; + node = nodeIndex && parent.childNodes[ nodeIndex ]; + + while ( ( node = ++nodeIndex && node && node[ dir ] || + + // Fallback to seeking `elem` from the start + ( diff = nodeIndex = 0 ) || start.pop() ) ) { + + // When found, cache indexes on `parent` and break + if ( node.nodeType === 1 && ++diff && node === elem ) { + uniqueCache[ type ] = [ dirruns, nodeIndex, diff ]; + break; + } + } + + } else { + + // Use previously-cached element index if available + if ( useCache ) { + + // ...in a gzip-friendly way + node = elem; + outerCache = node[ expando ] || ( node[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + ( outerCache[ node.uniqueID ] = {} ); + + cache = uniqueCache[ type ] || []; + nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; + diff = nodeIndex; + } + + // xml :nth-child(...) + // or :nth-last-child(...) or :nth(-last)?-of-type(...) + if ( diff === false ) { + + // Use the same loop as above to seek `elem` from the start + while ( ( node = ++nodeIndex && node && node[ dir ] || + ( diff = nodeIndex = 0 ) || start.pop() ) ) { + + if ( ( ofType ? + node.nodeName.toLowerCase() === name : + node.nodeType === 1 ) && + ++diff ) { + + // Cache the index of each encountered element + if ( useCache ) { + outerCache = node[ expando ] || + ( node[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + ( outerCache[ node.uniqueID ] = {} ); + + uniqueCache[ type ] = [ dirruns, diff ]; + } + + if ( node === elem ) { + break; + } + } + } + } + } + + // Incorporate the offset, then check against cycle size + diff -= last; + return diff === first || ( diff % first === 0 && diff / first >= 0 ); + } + }; + }, + + "PSEUDO": function( pseudo, argument ) { + + // pseudo-class names are case-insensitive + // http://www.w3.org/TR/selectors/#pseudo-classes + // Prioritize by case sensitivity in case custom pseudos are added with uppercase letters + // Remember that setFilters inherits from pseudos + var args, + fn = Expr.pseudos[ pseudo ] || Expr.setFilters[ pseudo.toLowerCase() ] || + Sizzle.error( "unsupported pseudo: " + pseudo ); + + // The user may use createPseudo to indicate that + // arguments are needed to create the filter function + // just as Sizzle does + if ( fn[ expando ] ) { + return fn( argument ); + } + + // But maintain support for old signatures + if ( fn.length > 1 ) { + args = [ pseudo, pseudo, "", argument ]; + return Expr.setFilters.hasOwnProperty( pseudo.toLowerCase() ) ? + markFunction( function( seed, matches ) { + var idx, + matched = fn( seed, argument ), + i = matched.length; + while ( i-- ) { + idx = indexOf( seed, matched[ i ] ); + seed[ idx ] = !( matches[ idx ] = matched[ i ] ); + } + } ) : + function( elem ) { + return fn( elem, 0, args ); + }; + } + + return fn; + } + }, + + pseudos: { + + // Potentially complex pseudos + "not": markFunction( function( selector ) { + + // Trim the selector passed to compile + // to avoid treating leading and trailing + // spaces as combinators + var input = [], + results = [], + matcher = compile( selector.replace( rtrim, "$1" ) ); + + return matcher[ expando ] ? + markFunction( function( seed, matches, _context, xml ) { + var elem, + unmatched = matcher( seed, null, xml, [] ), + i = seed.length; + + // Match elements unmatched by `matcher` + while ( i-- ) { + if ( ( elem = unmatched[ i ] ) ) { + seed[ i ] = !( matches[ i ] = elem ); + } + } + } ) : + function( elem, _context, xml ) { + input[ 0 ] = elem; + matcher( input, null, xml, results ); + + // Don't keep the element (issue #299) + input[ 0 ] = null; + return !results.pop(); + }; + } ), + + "has": markFunction( function( selector ) { + return function( elem ) { + return Sizzle( selector, elem ).length > 0; + }; + } ), + + "contains": markFunction( function( text ) { + text = text.replace( runescape, funescape ); + return function( elem ) { + return ( elem.textContent || getText( elem ) ).indexOf( text ) > -1; + }; + } ), + + // "Whether an element is represented by a :lang() selector + // is based solely on the element's language value + // being equal to the identifier C, + // or beginning with the identifier C immediately followed by "-". + // The matching of C against the element's language value is performed case-insensitively. + // The identifier C does not have to be a valid language name." + // http://www.w3.org/TR/selectors/#lang-pseudo + "lang": markFunction( function( lang ) { + + // lang value must be a valid identifier + if ( !ridentifier.test( lang || "" ) ) { + Sizzle.error( "unsupported lang: " + lang ); + } + lang = lang.replace( runescape, funescape ).toLowerCase(); + return function( elem ) { + var elemLang; + do { + if ( ( elemLang = documentIsHTML ? + elem.lang : + elem.getAttribute( "xml:lang" ) || elem.getAttribute( "lang" ) ) ) { + + elemLang = elemLang.toLowerCase(); + return elemLang === lang || elemLang.indexOf( lang + "-" ) === 0; + } + } while ( ( elem = elem.parentNode ) && elem.nodeType === 1 ); + return false; + }; + } ), + + // Miscellaneous + "target": function( elem ) { + var hash = window.location && window.location.hash; + return hash && hash.slice( 1 ) === elem.id; + }, + + "root": function( elem ) { + return elem === docElem; + }, + + "focus": function( elem ) { + return elem === document.activeElement && + ( !document.hasFocus || document.hasFocus() ) && + !!( elem.type || elem.href || ~elem.tabIndex ); + }, + + // Boolean properties + "enabled": createDisabledPseudo( false ), + "disabled": createDisabledPseudo( true ), + + "checked": function( elem ) { + + // In CSS3, :checked should return both checked and selected elements + // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked + var nodeName = elem.nodeName.toLowerCase(); + return ( nodeName === "input" && !!elem.checked ) || + ( nodeName === "option" && !!elem.selected ); + }, + + "selected": function( elem ) { + + // Accessing this property makes selected-by-default + // options in Safari work properly + if ( elem.parentNode ) { + // eslint-disable-next-line no-unused-expressions + elem.parentNode.selectedIndex; + } + + return elem.selected === true; + }, + + // Contents + "empty": function( elem ) { + + // http://www.w3.org/TR/selectors/#empty-pseudo + // :empty is negated by element (1) or content nodes (text: 3; cdata: 4; entity ref: 5), + // but not by others (comment: 8; processing instruction: 7; etc.) + // nodeType < 6 works because attributes (2) do not appear as children + for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { + if ( elem.nodeType < 6 ) { + return false; + } + } + return true; + }, + + "parent": function( elem ) { + return !Expr.pseudos[ "empty" ]( elem ); + }, + + // Element/input types + "header": function( elem ) { + return rheader.test( elem.nodeName ); + }, + + "input": function( elem ) { + return rinputs.test( elem.nodeName ); + }, + + "button": function( elem ) { + var name = elem.nodeName.toLowerCase(); + return name === "input" && elem.type === "button" || name === "button"; + }, + + "text": function( elem ) { + var attr; + return elem.nodeName.toLowerCase() === "input" && + elem.type === "text" && + + // Support: IE<8 + // New HTML5 attribute values (e.g., "search") appear with elem.type === "text" + ( ( attr = elem.getAttribute( "type" ) ) == null || + attr.toLowerCase() === "text" ); + }, + + // Position-in-collection + "first": createPositionalPseudo( function() { + return [ 0 ]; + } ), + + "last": createPositionalPseudo( function( _matchIndexes, length ) { + return [ length - 1 ]; + } ), + + "eq": createPositionalPseudo( function( _matchIndexes, length, argument ) { + return [ argument < 0 ? argument + length : argument ]; + } ), + + "even": createPositionalPseudo( function( matchIndexes, length ) { + var i = 0; + for ( ; i < length; i += 2 ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ), + + "odd": createPositionalPseudo( function( matchIndexes, length ) { + var i = 1; + for ( ; i < length; i += 2 ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ), + + "lt": createPositionalPseudo( function( matchIndexes, length, argument ) { + var i = argument < 0 ? + argument + length : + argument > length ? + length : + argument; + for ( ; --i >= 0; ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ), + + "gt": createPositionalPseudo( function( matchIndexes, length, argument ) { + var i = argument < 0 ? argument + length : argument; + for ( ; ++i < length; ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ) + } +}; + +Expr.pseudos[ "nth" ] = Expr.pseudos[ "eq" ]; + +// Add button/input type pseudos +for ( i in { radio: true, checkbox: true, file: true, password: true, image: true } ) { + Expr.pseudos[ i ] = createInputPseudo( i ); +} +for ( i in { submit: true, reset: true } ) { + Expr.pseudos[ i ] = createButtonPseudo( i ); +} + +// Easy API for creating new setFilters +function setFilters() {} +setFilters.prototype = Expr.filters = Expr.pseudos; +Expr.setFilters = new setFilters(); + +tokenize = Sizzle.tokenize = function( selector, parseOnly ) { + var matched, match, tokens, type, + soFar, groups, preFilters, + cached = tokenCache[ selector + " " ]; + + if ( cached ) { + return parseOnly ? 0 : cached.slice( 0 ); + } + + soFar = selector; + groups = []; + preFilters = Expr.preFilter; + + while ( soFar ) { + + // Comma and first run + if ( !matched || ( match = rcomma.exec( soFar ) ) ) { + if ( match ) { + + // Don't consume trailing commas as valid + soFar = soFar.slice( match[ 0 ].length ) || soFar; + } + groups.push( ( tokens = [] ) ); + } + + matched = false; + + // Combinators + if ( ( match = rcombinators.exec( soFar ) ) ) { + matched = match.shift(); + tokens.push( { + value: matched, + + // Cast descendant combinators to space + type: match[ 0 ].replace( rtrim, " " ) + } ); + soFar = soFar.slice( matched.length ); + } + + // Filters + for ( type in Expr.filter ) { + if ( ( match = matchExpr[ type ].exec( soFar ) ) && ( !preFilters[ type ] || + ( match = preFilters[ type ]( match ) ) ) ) { + matched = match.shift(); + tokens.push( { + value: matched, + type: type, + matches: match + } ); + soFar = soFar.slice( matched.length ); + } + } + + if ( !matched ) { + break; + } + } + + // Return the length of the invalid excess + // if we're just parsing + // Otherwise, throw an error or return tokens + return parseOnly ? + soFar.length : + soFar ? + Sizzle.error( selector ) : + + // Cache the tokens + tokenCache( selector, groups ).slice( 0 ); +}; + +function toSelector( tokens ) { + var i = 0, + len = tokens.length, + selector = ""; + for ( ; i < len; i++ ) { + selector += tokens[ i ].value; + } + return selector; +} + +function addCombinator( matcher, combinator, base ) { + var dir = combinator.dir, + skip = combinator.next, + key = skip || dir, + checkNonElements = base && key === "parentNode", + doneName = done++; + + return combinator.first ? + + // Check against closest ancestor/preceding element + function( elem, context, xml ) { + while ( ( elem = elem[ dir ] ) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + return matcher( elem, context, xml ); + } + } + return false; + } : + + // Check against all ancestor/preceding elements + function( elem, context, xml ) { + var oldCache, uniqueCache, outerCache, + newCache = [ dirruns, doneName ]; + + // We can't set arbitrary data on XML nodes, so they don't benefit from combinator caching + if ( xml ) { + while ( ( elem = elem[ dir ] ) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + if ( matcher( elem, context, xml ) ) { + return true; + } + } + } + } else { + while ( ( elem = elem[ dir ] ) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + outerCache = elem[ expando ] || ( elem[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ elem.uniqueID ] || + ( outerCache[ elem.uniqueID ] = {} ); + + if ( skip && skip === elem.nodeName.toLowerCase() ) { + elem = elem[ dir ] || elem; + } else if ( ( oldCache = uniqueCache[ key ] ) && + oldCache[ 0 ] === dirruns && oldCache[ 1 ] === doneName ) { + + // Assign to newCache so results back-propagate to previous elements + return ( newCache[ 2 ] = oldCache[ 2 ] ); + } else { + + // Reuse newcache so results back-propagate to previous elements + uniqueCache[ key ] = newCache; + + // A match means we're done; a fail means we have to keep checking + if ( ( newCache[ 2 ] = matcher( elem, context, xml ) ) ) { + return true; + } + } + } + } + } + return false; + }; +} + +function elementMatcher( matchers ) { + return matchers.length > 1 ? + function( elem, context, xml ) { + var i = matchers.length; + while ( i-- ) { + if ( !matchers[ i ]( elem, context, xml ) ) { + return false; + } + } + return true; + } : + matchers[ 0 ]; +} + +function multipleContexts( selector, contexts, results ) { + var i = 0, + len = contexts.length; + for ( ; i < len; i++ ) { + Sizzle( selector, contexts[ i ], results ); + } + return results; +} + +function condense( unmatched, map, filter, context, xml ) { + var elem, + newUnmatched = [], + i = 0, + len = unmatched.length, + mapped = map != null; + + for ( ; i < len; i++ ) { + if ( ( elem = unmatched[ i ] ) ) { + if ( !filter || filter( elem, context, xml ) ) { + newUnmatched.push( elem ); + if ( mapped ) { + map.push( i ); + } + } + } + } + + return newUnmatched; +} + +function setMatcher( preFilter, selector, matcher, postFilter, postFinder, postSelector ) { + if ( postFilter && !postFilter[ expando ] ) { + postFilter = setMatcher( postFilter ); + } + if ( postFinder && !postFinder[ expando ] ) { + postFinder = setMatcher( postFinder, postSelector ); + } + return markFunction( function( seed, results, context, xml ) { + var temp, i, elem, + preMap = [], + postMap = [], + preexisting = results.length, + + // Get initial elements from seed or context + elems = seed || multipleContexts( + selector || "*", + context.nodeType ? [ context ] : context, + [] + ), + + // Prefilter to get matcher input, preserving a map for seed-results synchronization + matcherIn = preFilter && ( seed || !selector ) ? + condense( elems, preMap, preFilter, context, xml ) : + elems, + + matcherOut = matcher ? + + // If we have a postFinder, or filtered seed, or non-seed postFilter or preexisting results, + postFinder || ( seed ? preFilter : preexisting || postFilter ) ? + + // ...intermediate processing is necessary + [] : + + // ...otherwise use results directly + results : + matcherIn; + + // Find primary matches + if ( matcher ) { + matcher( matcherIn, matcherOut, context, xml ); + } + + // Apply postFilter + if ( postFilter ) { + temp = condense( matcherOut, postMap ); + postFilter( temp, [], context, xml ); + + // Un-match failing elements by moving them back to matcherIn + i = temp.length; + while ( i-- ) { + if ( ( elem = temp[ i ] ) ) { + matcherOut[ postMap[ i ] ] = !( matcherIn[ postMap[ i ] ] = elem ); + } + } + } + + if ( seed ) { + if ( postFinder || preFilter ) { + if ( postFinder ) { + + // Get the final matcherOut by condensing this intermediate into postFinder contexts + temp = []; + i = matcherOut.length; + while ( i-- ) { + if ( ( elem = matcherOut[ i ] ) ) { + + // Restore matcherIn since elem is not yet a final match + temp.push( ( matcherIn[ i ] = elem ) ); + } + } + postFinder( null, ( matcherOut = [] ), temp, xml ); + } + + // Move matched elements from seed to results to keep them synchronized + i = matcherOut.length; + while ( i-- ) { + if ( ( elem = matcherOut[ i ] ) && + ( temp = postFinder ? indexOf( seed, elem ) : preMap[ i ] ) > -1 ) { + + seed[ temp ] = !( results[ temp ] = elem ); + } + } + } + + // Add elements to results, through postFinder if defined + } else { + matcherOut = condense( + matcherOut === results ? + matcherOut.splice( preexisting, matcherOut.length ) : + matcherOut + ); + if ( postFinder ) { + postFinder( null, results, matcherOut, xml ); + } else { + push.apply( results, matcherOut ); + } + } + } ); +} + +function matcherFromTokens( tokens ) { + var checkContext, matcher, j, + len = tokens.length, + leadingRelative = Expr.relative[ tokens[ 0 ].type ], + implicitRelative = leadingRelative || Expr.relative[ " " ], + i = leadingRelative ? 1 : 0, + + // The foundational matcher ensures that elements are reachable from top-level context(s) + matchContext = addCombinator( function( elem ) { + return elem === checkContext; + }, implicitRelative, true ), + matchAnyContext = addCombinator( function( elem ) { + return indexOf( checkContext, elem ) > -1; + }, implicitRelative, true ), + matchers = [ function( elem, context, xml ) { + var ret = ( !leadingRelative && ( xml || context !== outermostContext ) ) || ( + ( checkContext = context ).nodeType ? + matchContext( elem, context, xml ) : + matchAnyContext( elem, context, xml ) ); + + // Avoid hanging onto element (issue #299) + checkContext = null; + return ret; + } ]; + + for ( ; i < len; i++ ) { + if ( ( matcher = Expr.relative[ tokens[ i ].type ] ) ) { + matchers = [ addCombinator( elementMatcher( matchers ), matcher ) ]; + } else { + matcher = Expr.filter[ tokens[ i ].type ].apply( null, tokens[ i ].matches ); + + // Return special upon seeing a positional matcher + if ( matcher[ expando ] ) { + + // Find the next relative operator (if any) for proper handling + j = ++i; + for ( ; j < len; j++ ) { + if ( Expr.relative[ tokens[ j ].type ] ) { + break; + } + } + return setMatcher( + i > 1 && elementMatcher( matchers ), + i > 1 && toSelector( + + // If the preceding token was a descendant combinator, insert an implicit any-element `*` + tokens + .slice( 0, i - 1 ) + .concat( { value: tokens[ i - 2 ].type === " " ? "*" : "" } ) + ).replace( rtrim, "$1" ), + matcher, + i < j && matcherFromTokens( tokens.slice( i, j ) ), + j < len && matcherFromTokens( ( tokens = tokens.slice( j ) ) ), + j < len && toSelector( tokens ) + ); + } + matchers.push( matcher ); + } + } + + return elementMatcher( matchers ); +} + +function matcherFromGroupMatchers( elementMatchers, setMatchers ) { + var bySet = setMatchers.length > 0, + byElement = elementMatchers.length > 0, + superMatcher = function( seed, context, xml, results, outermost ) { + var elem, j, matcher, + matchedCount = 0, + i = "0", + unmatched = seed && [], + setMatched = [], + contextBackup = outermostContext, + + // We must always have either seed elements or outermost context + elems = seed || byElement && Expr.find[ "TAG" ]( "*", outermost ), + + // Use integer dirruns iff this is the outermost matcher + dirrunsUnique = ( dirruns += contextBackup == null ? 1 : Math.random() || 0.1 ), + len = elems.length; + + if ( outermost ) { + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + outermostContext = context == document || context || outermost; + } + + // Add elements passing elementMatchers directly to results + // Support: IE<9, Safari + // Tolerate NodeList properties (IE: "length"; Safari: ) matching elements by id + for ( ; i !== len && ( elem = elems[ i ] ) != null; i++ ) { + if ( byElement && elem ) { + j = 0; + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( !context && elem.ownerDocument != document ) { + setDocument( elem ); + xml = !documentIsHTML; + } + while ( ( matcher = elementMatchers[ j++ ] ) ) { + if ( matcher( elem, context || document, xml ) ) { + results.push( elem ); + break; + } + } + if ( outermost ) { + dirruns = dirrunsUnique; + } + } + + // Track unmatched elements for set filters + if ( bySet ) { + + // They will have gone through all possible matchers + if ( ( elem = !matcher && elem ) ) { + matchedCount--; + } + + // Lengthen the array for every element, matched or not + if ( seed ) { + unmatched.push( elem ); + } + } + } + + // `i` is now the count of elements visited above, and adding it to `matchedCount` + // makes the latter nonnegative. + matchedCount += i; + + // Apply set filters to unmatched elements + // NOTE: This can be skipped if there are no unmatched elements (i.e., `matchedCount` + // equals `i`), unless we didn't visit _any_ elements in the above loop because we have + // no element matchers and no seed. + // Incrementing an initially-string "0" `i` allows `i` to remain a string only in that + // case, which will result in a "00" `matchedCount` that differs from `i` but is also + // numerically zero. + if ( bySet && i !== matchedCount ) { + j = 0; + while ( ( matcher = setMatchers[ j++ ] ) ) { + matcher( unmatched, setMatched, context, xml ); + } + + if ( seed ) { + + // Reintegrate element matches to eliminate the need for sorting + if ( matchedCount > 0 ) { + while ( i-- ) { + if ( !( unmatched[ i ] || setMatched[ i ] ) ) { + setMatched[ i ] = pop.call( results ); + } + } + } + + // Discard index placeholder values to get only actual matches + setMatched = condense( setMatched ); + } + + // Add matches to results + push.apply( results, setMatched ); + + // Seedless set matches succeeding multiple successful matchers stipulate sorting + if ( outermost && !seed && setMatched.length > 0 && + ( matchedCount + setMatchers.length ) > 1 ) { + + Sizzle.uniqueSort( results ); + } + } + + // Override manipulation of globals by nested matchers + if ( outermost ) { + dirruns = dirrunsUnique; + outermostContext = contextBackup; + } + + return unmatched; + }; + + return bySet ? + markFunction( superMatcher ) : + superMatcher; +} + +compile = Sizzle.compile = function( selector, match /* Internal Use Only */ ) { + var i, + setMatchers = [], + elementMatchers = [], + cached = compilerCache[ selector + " " ]; + + if ( !cached ) { + + // Generate a function of recursive functions that can be used to check each element + if ( !match ) { + match = tokenize( selector ); + } + i = match.length; + while ( i-- ) { + cached = matcherFromTokens( match[ i ] ); + if ( cached[ expando ] ) { + setMatchers.push( cached ); + } else { + elementMatchers.push( cached ); + } + } + + // Cache the compiled function + cached = compilerCache( + selector, + matcherFromGroupMatchers( elementMatchers, setMatchers ) + ); + + // Save selector and tokenization + cached.selector = selector; + } + return cached; +}; + +/** + * A low-level selection function that works with Sizzle's compiled + * selector functions + * @param {String|Function} selector A selector or a pre-compiled + * selector function built with Sizzle.compile + * @param {Element} context + * @param {Array} [results] + * @param {Array} [seed] A set of elements to match against + */ +select = Sizzle.select = function( selector, context, results, seed ) { + var i, tokens, token, type, find, + compiled = typeof selector === "function" && selector, + match = !seed && tokenize( ( selector = compiled.selector || selector ) ); + + results = results || []; + + // Try to minimize operations if there is only one selector in the list and no seed + // (the latter of which guarantees us context) + if ( match.length === 1 ) { + + // Reduce context if the leading compound selector is an ID + tokens = match[ 0 ] = match[ 0 ].slice( 0 ); + if ( tokens.length > 2 && ( token = tokens[ 0 ] ).type === "ID" && + context.nodeType === 9 && documentIsHTML && Expr.relative[ tokens[ 1 ].type ] ) { + + context = ( Expr.find[ "ID" ]( token.matches[ 0 ] + .replace( runescape, funescape ), context ) || [] )[ 0 ]; + if ( !context ) { + return results; + + // Precompiled matchers will still verify ancestry, so step up a level + } else if ( compiled ) { + context = context.parentNode; + } + + selector = selector.slice( tokens.shift().value.length ); + } + + // Fetch a seed set for right-to-left matching + i = matchExpr[ "needsContext" ].test( selector ) ? 0 : tokens.length; + while ( i-- ) { + token = tokens[ i ]; + + // Abort if we hit a combinator + if ( Expr.relative[ ( type = token.type ) ] ) { + break; + } + if ( ( find = Expr.find[ type ] ) ) { + + // Search, expanding context for leading sibling combinators + if ( ( seed = find( + token.matches[ 0 ].replace( runescape, funescape ), + rsibling.test( tokens[ 0 ].type ) && testContext( context.parentNode ) || + context + ) ) ) { + + // If seed is empty or no tokens remain, we can return early + tokens.splice( i, 1 ); + selector = seed.length && toSelector( tokens ); + if ( !selector ) { + push.apply( results, seed ); + return results; + } + + break; + } + } + } + } + + // Compile and execute a filtering function if one is not provided + // Provide `match` to avoid retokenization if we modified the selector above + ( compiled || compile( selector, match ) )( + seed, + context, + !documentIsHTML, + results, + !context || rsibling.test( selector ) && testContext( context.parentNode ) || context + ); + return results; +}; + +// One-time assignments + +// Sort stability +support.sortStable = expando.split( "" ).sort( sortOrder ).join( "" ) === expando; + +// Support: Chrome 14-35+ +// Always assume duplicates if they aren't passed to the comparison function +support.detectDuplicates = !!hasDuplicate; + +// Initialize against the default document +setDocument(); + +// Support: Webkit<537.32 - Safari 6.0.3/Chrome 25 (fixed in Chrome 27) +// Detached nodes confoundingly follow *each other* +support.sortDetached = assert( function( el ) { + + // Should return 1, but returns 4 (following) + return el.compareDocumentPosition( document.createElement( "fieldset" ) ) & 1; +} ); + +// Support: IE<8 +// Prevent attribute/property "interpolation" +// https://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx +if ( !assert( function( el ) { + el.innerHTML = ""; + return el.firstChild.getAttribute( "href" ) === "#"; +} ) ) { + addHandle( "type|href|height|width", function( elem, name, isXML ) { + if ( !isXML ) { + return elem.getAttribute( name, name.toLowerCase() === "type" ? 1 : 2 ); + } + } ); +} + +// Support: IE<9 +// Use defaultValue in place of getAttribute("value") +if ( !support.attributes || !assert( function( el ) { + el.innerHTML = ""; + el.firstChild.setAttribute( "value", "" ); + return el.firstChild.getAttribute( "value" ) === ""; +} ) ) { + addHandle( "value", function( elem, _name, isXML ) { + if ( !isXML && elem.nodeName.toLowerCase() === "input" ) { + return elem.defaultValue; + } + } ); +} + +// Support: IE<9 +// Use getAttributeNode to fetch booleans when getAttribute lies +if ( !assert( function( el ) { + return el.getAttribute( "disabled" ) == null; +} ) ) { + addHandle( booleans, function( elem, name, isXML ) { + var val; + if ( !isXML ) { + return elem[ name ] === true ? name.toLowerCase() : + ( val = elem.getAttributeNode( name ) ) && val.specified ? + val.value : + null; + } + } ); +} + +return Sizzle; + +} )( window ); + + + +jQuery.find = Sizzle; +jQuery.expr = Sizzle.selectors; + +// Deprecated +jQuery.expr[ ":" ] = jQuery.expr.pseudos; +jQuery.uniqueSort = jQuery.unique = Sizzle.uniqueSort; +jQuery.text = Sizzle.getText; +jQuery.isXMLDoc = Sizzle.isXML; +jQuery.contains = Sizzle.contains; +jQuery.escapeSelector = Sizzle.escape; + + + + +var dir = function( elem, dir, until ) { + var matched = [], + truncate = until !== undefined; + + while ( ( elem = elem[ dir ] ) && elem.nodeType !== 9 ) { + if ( elem.nodeType === 1 ) { + if ( truncate && jQuery( elem ).is( until ) ) { + break; + } + matched.push( elem ); + } + } + return matched; +}; + + +var siblings = function( n, elem ) { + var matched = []; + + for ( ; n; n = n.nextSibling ) { + if ( n.nodeType === 1 && n !== elem ) { + matched.push( n ); + } + } + + return matched; +}; + + +var rneedsContext = jQuery.expr.match.needsContext; + + + +function nodeName( elem, name ) { + + return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase(); + +} +var rsingleTag = ( /^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i ); + + + +// Implement the identical functionality for filter and not +function winnow( elements, qualifier, not ) { + if ( isFunction( qualifier ) ) { + return jQuery.grep( elements, function( elem, i ) { + return !!qualifier.call( elem, i, elem ) !== not; + } ); + } + + // Single element + if ( qualifier.nodeType ) { + return jQuery.grep( elements, function( elem ) { + return ( elem === qualifier ) !== not; + } ); + } + + // Arraylike of elements (jQuery, arguments, Array) + if ( typeof qualifier !== "string" ) { + return jQuery.grep( elements, function( elem ) { + return ( indexOf.call( qualifier, elem ) > -1 ) !== not; + } ); + } + + // Filtered directly for both simple and complex selectors + return jQuery.filter( qualifier, elements, not ); +} + +jQuery.filter = function( expr, elems, not ) { + var elem = elems[ 0 ]; + + if ( not ) { + expr = ":not(" + expr + ")"; + } + + if ( elems.length === 1 && elem.nodeType === 1 ) { + return jQuery.find.matchesSelector( elem, expr ) ? [ elem ] : []; + } + + return jQuery.find.matches( expr, jQuery.grep( elems, function( elem ) { + return elem.nodeType === 1; + } ) ); +}; + +jQuery.fn.extend( { + find: function( selector ) { + var i, ret, + len = this.length, + self = this; + + if ( typeof selector !== "string" ) { + return this.pushStack( jQuery( selector ).filter( function() { + for ( i = 0; i < len; i++ ) { + if ( jQuery.contains( self[ i ], this ) ) { + return true; + } + } + } ) ); + } + + ret = this.pushStack( [] ); + + for ( i = 0; i < len; i++ ) { + jQuery.find( selector, self[ i ], ret ); + } + + return len > 1 ? jQuery.uniqueSort( ret ) : ret; + }, + filter: function( selector ) { + return this.pushStack( winnow( this, selector || [], false ) ); + }, + not: function( selector ) { + return this.pushStack( winnow( this, selector || [], true ) ); + }, + is: function( selector ) { + return !!winnow( + this, + + // If this is a positional/relative selector, check membership in the returned set + // so $("p:first").is("p:last") won't return true for a doc with two "p". + typeof selector === "string" && rneedsContext.test( selector ) ? + jQuery( selector ) : + selector || [], + false + ).length; + } +} ); + + +// Initialize a jQuery object + + +// A central reference to the root jQuery(document) +var rootjQuery, + + // A simple way to check for HTML strings + // Prioritize #id over to avoid XSS via location.hash (#9521) + // Strict HTML recognition (#11290: must start with <) + // Shortcut simple #id case for speed + rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/, + + init = jQuery.fn.init = function( selector, context, root ) { + var match, elem; + + // HANDLE: $(""), $(null), $(undefined), $(false) + if ( !selector ) { + return this; + } + + // Method init() accepts an alternate rootjQuery + // so migrate can support jQuery.sub (gh-2101) + root = root || rootjQuery; + + // Handle HTML strings + if ( typeof selector === "string" ) { + if ( selector[ 0 ] === "<" && + selector[ selector.length - 1 ] === ">" && + selector.length >= 3 ) { + + // Assume that strings that start and end with <> are HTML and skip the regex check + match = [ null, selector, null ]; + + } else { + match = rquickExpr.exec( selector ); + } + + // Match html or make sure no context is specified for #id + if ( match && ( match[ 1 ] || !context ) ) { + + // HANDLE: $(html) -> $(array) + if ( match[ 1 ] ) { + context = context instanceof jQuery ? context[ 0 ] : context; + + // Option to run scripts is true for back-compat + // Intentionally let the error be thrown if parseHTML is not present + jQuery.merge( this, jQuery.parseHTML( + match[ 1 ], + context && context.nodeType ? context.ownerDocument || context : document, + true + ) ); + + // HANDLE: $(html, props) + if ( rsingleTag.test( match[ 1 ] ) && jQuery.isPlainObject( context ) ) { + for ( match in context ) { + + // Properties of context are called as methods if possible + if ( isFunction( this[ match ] ) ) { + this[ match ]( context[ match ] ); + + // ...and otherwise set as attributes + } else { + this.attr( match, context[ match ] ); + } + } + } + + return this; + + // HANDLE: $(#id) + } else { + elem = document.getElementById( match[ 2 ] ); + + if ( elem ) { + + // Inject the element directly into the jQuery object + this[ 0 ] = elem; + this.length = 1; + } + return this; + } + + // HANDLE: $(expr, $(...)) + } else if ( !context || context.jquery ) { + return ( context || root ).find( selector ); + + // HANDLE: $(expr, context) + // (which is just equivalent to: $(context).find(expr) + } else { + return this.constructor( context ).find( selector ); + } + + // HANDLE: $(DOMElement) + } else if ( selector.nodeType ) { + this[ 0 ] = selector; + this.length = 1; + return this; + + // HANDLE: $(function) + // Shortcut for document ready + } else if ( isFunction( selector ) ) { + return root.ready !== undefined ? + root.ready( selector ) : + + // Execute immediately if ready is not present + selector( jQuery ); + } + + return jQuery.makeArray( selector, this ); + }; + +// Give the init function the jQuery prototype for later instantiation +init.prototype = jQuery.fn; + +// Initialize central reference +rootjQuery = jQuery( document ); + + +var rparentsprev = /^(?:parents|prev(?:Until|All))/, + + // Methods guaranteed to produce a unique set when starting from a unique set + guaranteedUnique = { + children: true, + contents: true, + next: true, + prev: true + }; + +jQuery.fn.extend( { + has: function( target ) { + var targets = jQuery( target, this ), + l = targets.length; + + return this.filter( function() { + var i = 0; + for ( ; i < l; i++ ) { + if ( jQuery.contains( this, targets[ i ] ) ) { + return true; + } + } + } ); + }, + + closest: function( selectors, context ) { + var cur, + i = 0, + l = this.length, + matched = [], + targets = typeof selectors !== "string" && jQuery( selectors ); + + // Positional selectors never match, since there's no _selection_ context + if ( !rneedsContext.test( selectors ) ) { + for ( ; i < l; i++ ) { + for ( cur = this[ i ]; cur && cur !== context; cur = cur.parentNode ) { + + // Always skip document fragments + if ( cur.nodeType < 11 && ( targets ? + targets.index( cur ) > -1 : + + // Don't pass non-elements to Sizzle + cur.nodeType === 1 && + jQuery.find.matchesSelector( cur, selectors ) ) ) { + + matched.push( cur ); + break; + } + } + } + } + + return this.pushStack( matched.length > 1 ? jQuery.uniqueSort( matched ) : matched ); + }, + + // Determine the position of an element within the set + index: function( elem ) { + + // No argument, return index in parent + if ( !elem ) { + return ( this[ 0 ] && this[ 0 ].parentNode ) ? this.first().prevAll().length : -1; + } + + // Index in selector + if ( typeof elem === "string" ) { + return indexOf.call( jQuery( elem ), this[ 0 ] ); + } + + // Locate the position of the desired element + return indexOf.call( this, + + // If it receives a jQuery object, the first element is used + elem.jquery ? elem[ 0 ] : elem + ); + }, + + add: function( selector, context ) { + return this.pushStack( + jQuery.uniqueSort( + jQuery.merge( this.get(), jQuery( selector, context ) ) + ) + ); + }, + + addBack: function( selector ) { + return this.add( selector == null ? + this.prevObject : this.prevObject.filter( selector ) + ); + } +} ); + +function sibling( cur, dir ) { + while ( ( cur = cur[ dir ] ) && cur.nodeType !== 1 ) {} + return cur; +} + +jQuery.each( { + parent: function( elem ) { + var parent = elem.parentNode; + return parent && parent.nodeType !== 11 ? parent : null; + }, + parents: function( elem ) { + return dir( elem, "parentNode" ); + }, + parentsUntil: function( elem, _i, until ) { + return dir( elem, "parentNode", until ); + }, + next: function( elem ) { + return sibling( elem, "nextSibling" ); + }, + prev: function( elem ) { + return sibling( elem, "previousSibling" ); + }, + nextAll: function( elem ) { + return dir( elem, "nextSibling" ); + }, + prevAll: function( elem ) { + return dir( elem, "previousSibling" ); + }, + nextUntil: function( elem, _i, until ) { + return dir( elem, "nextSibling", until ); + }, + prevUntil: function( elem, _i, until ) { + return dir( elem, "previousSibling", until ); + }, + siblings: function( elem ) { + return siblings( ( elem.parentNode || {} ).firstChild, elem ); + }, + children: function( elem ) { + return siblings( elem.firstChild ); + }, + contents: function( elem ) { + if ( elem.contentDocument != null && + + // Support: IE 11+ + // elements with no `data` attribute has an object + // `contentDocument` with a `null` prototype. + getProto( elem.contentDocument ) ) { + + return elem.contentDocument; + } + + // Support: IE 9 - 11 only, iOS 7 only, Android Browser <=4.3 only + // Treat the template element as a regular one in browsers that + // don't support it. + if ( nodeName( elem, "template" ) ) { + elem = elem.content || elem; + } + + return jQuery.merge( [], elem.childNodes ); + } +}, function( name, fn ) { + jQuery.fn[ name ] = function( until, selector ) { + var matched = jQuery.map( this, fn, until ); + + if ( name.slice( -5 ) !== "Until" ) { + selector = until; + } + + if ( selector && typeof selector === "string" ) { + matched = jQuery.filter( selector, matched ); + } + + if ( this.length > 1 ) { + + // Remove duplicates + if ( !guaranteedUnique[ name ] ) { + jQuery.uniqueSort( matched ); + } + + // Reverse order for parents* and prev-derivatives + if ( rparentsprev.test( name ) ) { + matched.reverse(); + } + } + + return this.pushStack( matched ); + }; +} ); +var rnothtmlwhite = ( /[^\x20\t\r\n\f]+/g ); + + + +// Convert String-formatted options into Object-formatted ones +function createOptions( options ) { + var object = {}; + jQuery.each( options.match( rnothtmlwhite ) || [], function( _, flag ) { + object[ flag ] = true; + } ); + return object; +} + +/* + * Create a callback list using the following parameters: + * + * options: an optional list of space-separated options that will change how + * the callback list behaves or a more traditional option object + * + * By default a callback list will act like an event callback list and can be + * "fired" multiple times. + * + * Possible options: + * + * once: will ensure the callback list can only be fired once (like a Deferred) + * + * memory: will keep track of previous values and will call any callback added + * after the list has been fired right away with the latest "memorized" + * values (like a Deferred) + * + * unique: will ensure a callback can only be added once (no duplicate in the list) + * + * stopOnFalse: interrupt callings when a callback returns false + * + */ +jQuery.Callbacks = function( options ) { + + // Convert options from String-formatted to Object-formatted if needed + // (we check in cache first) + options = typeof options === "string" ? + createOptions( options ) : + jQuery.extend( {}, options ); + + var // Flag to know if list is currently firing + firing, + + // Last fire value for non-forgettable lists + memory, + + // Flag to know if list was already fired + fired, + + // Flag to prevent firing + locked, + + // Actual callback list + list = [], + + // Queue of execution data for repeatable lists + queue = [], + + // Index of currently firing callback (modified by add/remove as needed) + firingIndex = -1, + + // Fire callbacks + fire = function() { + + // Enforce single-firing + locked = locked || options.once; + + // Execute callbacks for all pending executions, + // respecting firingIndex overrides and runtime changes + fired = firing = true; + for ( ; queue.length; firingIndex = -1 ) { + memory = queue.shift(); + while ( ++firingIndex < list.length ) { + + // Run callback and check for early termination + if ( list[ firingIndex ].apply( memory[ 0 ], memory[ 1 ] ) === false && + options.stopOnFalse ) { + + // Jump to end and forget the data so .add doesn't re-fire + firingIndex = list.length; + memory = false; + } + } + } + + // Forget the data if we're done with it + if ( !options.memory ) { + memory = false; + } + + firing = false; + + // Clean up if we're done firing for good + if ( locked ) { + + // Keep an empty list if we have data for future add calls + if ( memory ) { + list = []; + + // Otherwise, this object is spent + } else { + list = ""; + } + } + }, + + // Actual Callbacks object + self = { + + // Add a callback or a collection of callbacks to the list + add: function() { + if ( list ) { + + // If we have memory from a past run, we should fire after adding + if ( memory && !firing ) { + firingIndex = list.length - 1; + queue.push( memory ); + } + + ( function add( args ) { + jQuery.each( args, function( _, arg ) { + if ( isFunction( arg ) ) { + if ( !options.unique || !self.has( arg ) ) { + list.push( arg ); + } + } else if ( arg && arg.length && toType( arg ) !== "string" ) { + + // Inspect recursively + add( arg ); + } + } ); + } )( arguments ); + + if ( memory && !firing ) { + fire(); + } + } + return this; + }, + + // Remove a callback from the list + remove: function() { + jQuery.each( arguments, function( _, arg ) { + var index; + while ( ( index = jQuery.inArray( arg, list, index ) ) > -1 ) { + list.splice( index, 1 ); + + // Handle firing indexes + if ( index <= firingIndex ) { + firingIndex--; + } + } + } ); + return this; + }, + + // Check if a given callback is in the list. + // If no argument is given, return whether or not list has callbacks attached. + has: function( fn ) { + return fn ? + jQuery.inArray( fn, list ) > -1 : + list.length > 0; + }, + + // Remove all callbacks from the list + empty: function() { + if ( list ) { + list = []; + } + return this; + }, + + // Disable .fire and .add + // Abort any current/pending executions + // Clear all callbacks and values + disable: function() { + locked = queue = []; + list = memory = ""; + return this; + }, + disabled: function() { + return !list; + }, + + // Disable .fire + // Also disable .add unless we have memory (since it would have no effect) + // Abort any pending executions + lock: function() { + locked = queue = []; + if ( !memory && !firing ) { + list = memory = ""; + } + return this; + }, + locked: function() { + return !!locked; + }, + + // Call all callbacks with the given context and arguments + fireWith: function( context, args ) { + if ( !locked ) { + args = args || []; + args = [ context, args.slice ? args.slice() : args ]; + queue.push( args ); + if ( !firing ) { + fire(); + } + } + return this; + }, + + // Call all the callbacks with the given arguments + fire: function() { + self.fireWith( this, arguments ); + return this; + }, + + // To know if the callbacks have already been called at least once + fired: function() { + return !!fired; + } + }; + + return self; +}; + + +function Identity( v ) { + return v; +} +function Thrower( ex ) { + throw ex; +} + +function adoptValue( value, resolve, reject, noValue ) { + var method; + + try { + + // Check for promise aspect first to privilege synchronous behavior + if ( value && isFunction( ( method = value.promise ) ) ) { + method.call( value ).done( resolve ).fail( reject ); + + // Other thenables + } else if ( value && isFunction( ( method = value.then ) ) ) { + method.call( value, resolve, reject ); + + // Other non-thenables + } else { + + // Control `resolve` arguments by letting Array#slice cast boolean `noValue` to integer: + // * false: [ value ].slice( 0 ) => resolve( value ) + // * true: [ value ].slice( 1 ) => resolve() + resolve.apply( undefined, [ value ].slice( noValue ) ); + } + + // For Promises/A+, convert exceptions into rejections + // Since jQuery.when doesn't unwrap thenables, we can skip the extra checks appearing in + // Deferred#then to conditionally suppress rejection. + } catch ( value ) { + + // Support: Android 4.0 only + // Strict mode functions invoked without .call/.apply get global-object context + reject.apply( undefined, [ value ] ); + } +} + +jQuery.extend( { + + Deferred: function( func ) { + var tuples = [ + + // action, add listener, callbacks, + // ... .then handlers, argument index, [final state] + [ "notify", "progress", jQuery.Callbacks( "memory" ), + jQuery.Callbacks( "memory" ), 2 ], + [ "resolve", "done", jQuery.Callbacks( "once memory" ), + jQuery.Callbacks( "once memory" ), 0, "resolved" ], + [ "reject", "fail", jQuery.Callbacks( "once memory" ), + jQuery.Callbacks( "once memory" ), 1, "rejected" ] + ], + state = "pending", + promise = { + state: function() { + return state; + }, + always: function() { + deferred.done( arguments ).fail( arguments ); + return this; + }, + "catch": function( fn ) { + return promise.then( null, fn ); + }, + + // Keep pipe for back-compat + pipe: function( /* fnDone, fnFail, fnProgress */ ) { + var fns = arguments; + + return jQuery.Deferred( function( newDefer ) { + jQuery.each( tuples, function( _i, tuple ) { + + // Map tuples (progress, done, fail) to arguments (done, fail, progress) + var fn = isFunction( fns[ tuple[ 4 ] ] ) && fns[ tuple[ 4 ] ]; + + // deferred.progress(function() { bind to newDefer or newDefer.notify }) + // deferred.done(function() { bind to newDefer or newDefer.resolve }) + // deferred.fail(function() { bind to newDefer or newDefer.reject }) + deferred[ tuple[ 1 ] ]( function() { + var returned = fn && fn.apply( this, arguments ); + if ( returned && isFunction( returned.promise ) ) { + returned.promise() + .progress( newDefer.notify ) + .done( newDefer.resolve ) + .fail( newDefer.reject ); + } else { + newDefer[ tuple[ 0 ] + "With" ]( + this, + fn ? [ returned ] : arguments + ); + } + } ); + } ); + fns = null; + } ).promise(); + }, + then: function( onFulfilled, onRejected, onProgress ) { + var maxDepth = 0; + function resolve( depth, deferred, handler, special ) { + return function() { + var that = this, + args = arguments, + mightThrow = function() { + var returned, then; + + // Support: Promises/A+ section 2.3.3.3.3 + // https://promisesaplus.com/#point-59 + // Ignore double-resolution attempts + if ( depth < maxDepth ) { + return; + } + + returned = handler.apply( that, args ); + + // Support: Promises/A+ section 2.3.1 + // https://promisesaplus.com/#point-48 + if ( returned === deferred.promise() ) { + throw new TypeError( "Thenable self-resolution" ); + } + + // Support: Promises/A+ sections 2.3.3.1, 3.5 + // https://promisesaplus.com/#point-54 + // https://promisesaplus.com/#point-75 + // Retrieve `then` only once + then = returned && + + // Support: Promises/A+ section 2.3.4 + // https://promisesaplus.com/#point-64 + // Only check objects and functions for thenability + ( typeof returned === "object" || + typeof returned === "function" ) && + returned.then; + + // Handle a returned thenable + if ( isFunction( then ) ) { + + // Special processors (notify) just wait for resolution + if ( special ) { + then.call( + returned, + resolve( maxDepth, deferred, Identity, special ), + resolve( maxDepth, deferred, Thrower, special ) + ); + + // Normal processors (resolve) also hook into progress + } else { + + // ...and disregard older resolution values + maxDepth++; + + then.call( + returned, + resolve( maxDepth, deferred, Identity, special ), + resolve( maxDepth, deferred, Thrower, special ), + resolve( maxDepth, deferred, Identity, + deferred.notifyWith ) + ); + } + + // Handle all other returned values + } else { + + // Only substitute handlers pass on context + // and multiple values (non-spec behavior) + if ( handler !== Identity ) { + that = undefined; + args = [ returned ]; + } + + // Process the value(s) + // Default process is resolve + ( special || deferred.resolveWith )( that, args ); + } + }, + + // Only normal processors (resolve) catch and reject exceptions + process = special ? + mightThrow : + function() { + try { + mightThrow(); + } catch ( e ) { + + if ( jQuery.Deferred.exceptionHook ) { + jQuery.Deferred.exceptionHook( e, + process.stackTrace ); + } + + // Support: Promises/A+ section 2.3.3.3.4.1 + // https://promisesaplus.com/#point-61 + // Ignore post-resolution exceptions + if ( depth + 1 >= maxDepth ) { + + // Only substitute handlers pass on context + // and multiple values (non-spec behavior) + if ( handler !== Thrower ) { + that = undefined; + args = [ e ]; + } + + deferred.rejectWith( that, args ); + } + } + }; + + // Support: Promises/A+ section 2.3.3.3.1 + // https://promisesaplus.com/#point-57 + // Re-resolve promises immediately to dodge false rejection from + // subsequent errors + if ( depth ) { + process(); + } else { + + // Call an optional hook to record the stack, in case of exception + // since it's otherwise lost when execution goes async + if ( jQuery.Deferred.getStackHook ) { + process.stackTrace = jQuery.Deferred.getStackHook(); + } + window.setTimeout( process ); + } + }; + } + + return jQuery.Deferred( function( newDefer ) { + + // progress_handlers.add( ... ) + tuples[ 0 ][ 3 ].add( + resolve( + 0, + newDefer, + isFunction( onProgress ) ? + onProgress : + Identity, + newDefer.notifyWith + ) + ); + + // fulfilled_handlers.add( ... ) + tuples[ 1 ][ 3 ].add( + resolve( + 0, + newDefer, + isFunction( onFulfilled ) ? + onFulfilled : + Identity + ) + ); + + // rejected_handlers.add( ... ) + tuples[ 2 ][ 3 ].add( + resolve( + 0, + newDefer, + isFunction( onRejected ) ? + onRejected : + Thrower + ) + ); + } ).promise(); + }, + + // Get a promise for this deferred + // If obj is provided, the promise aspect is added to the object + promise: function( obj ) { + return obj != null ? jQuery.extend( obj, promise ) : promise; + } + }, + deferred = {}; + + // Add list-specific methods + jQuery.each( tuples, function( i, tuple ) { + var list = tuple[ 2 ], + stateString = tuple[ 5 ]; + + // promise.progress = list.add + // promise.done = list.add + // promise.fail = list.add + promise[ tuple[ 1 ] ] = list.add; + + // Handle state + if ( stateString ) { + list.add( + function() { + + // state = "resolved" (i.e., fulfilled) + // state = "rejected" + state = stateString; + }, + + // rejected_callbacks.disable + // fulfilled_callbacks.disable + tuples[ 3 - i ][ 2 ].disable, + + // rejected_handlers.disable + // fulfilled_handlers.disable + tuples[ 3 - i ][ 3 ].disable, + + // progress_callbacks.lock + tuples[ 0 ][ 2 ].lock, + + // progress_handlers.lock + tuples[ 0 ][ 3 ].lock + ); + } + + // progress_handlers.fire + // fulfilled_handlers.fire + // rejected_handlers.fire + list.add( tuple[ 3 ].fire ); + + // deferred.notify = function() { deferred.notifyWith(...) } + // deferred.resolve = function() { deferred.resolveWith(...) } + // deferred.reject = function() { deferred.rejectWith(...) } + deferred[ tuple[ 0 ] ] = function() { + deferred[ tuple[ 0 ] + "With" ]( this === deferred ? undefined : this, arguments ); + return this; + }; + + // deferred.notifyWith = list.fireWith + // deferred.resolveWith = list.fireWith + // deferred.rejectWith = list.fireWith + deferred[ tuple[ 0 ] + "With" ] = list.fireWith; + } ); + + // Make the deferred a promise + promise.promise( deferred ); + + // Call given func if any + if ( func ) { + func.call( deferred, deferred ); + } + + // All done! + return deferred; + }, + + // Deferred helper + when: function( singleValue ) { + var + + // count of uncompleted subordinates + remaining = arguments.length, + + // count of unprocessed arguments + i = remaining, + + // subordinate fulfillment data + resolveContexts = Array( i ), + resolveValues = slice.call( arguments ), + + // the primary Deferred + primary = jQuery.Deferred(), + + // subordinate callback factory + updateFunc = function( i ) { + return function( value ) { + resolveContexts[ i ] = this; + resolveValues[ i ] = arguments.length > 1 ? slice.call( arguments ) : value; + if ( !( --remaining ) ) { + primary.resolveWith( resolveContexts, resolveValues ); + } + }; + }; + + // Single- and empty arguments are adopted like Promise.resolve + if ( remaining <= 1 ) { + adoptValue( singleValue, primary.done( updateFunc( i ) ).resolve, primary.reject, + !remaining ); + + // Use .then() to unwrap secondary thenables (cf. gh-3000) + if ( primary.state() === "pending" || + isFunction( resolveValues[ i ] && resolveValues[ i ].then ) ) { + + return primary.then(); + } + } + + // Multiple arguments are aggregated like Promise.all array elements + while ( i-- ) { + adoptValue( resolveValues[ i ], updateFunc( i ), primary.reject ); + } + + return primary.promise(); + } +} ); + + +// These usually indicate a programmer mistake during development, +// warn about them ASAP rather than swallowing them by default. +var rerrorNames = /^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/; + +jQuery.Deferred.exceptionHook = function( error, stack ) { + + // Support: IE 8 - 9 only + // Console exists when dev tools are open, which can happen at any time + if ( window.console && window.console.warn && error && rerrorNames.test( error.name ) ) { + window.console.warn( "jQuery.Deferred exception: " + error.message, error.stack, stack ); + } +}; + + + + +jQuery.readyException = function( error ) { + window.setTimeout( function() { + throw error; + } ); +}; + + + + +// The deferred used on DOM ready +var readyList = jQuery.Deferred(); + +jQuery.fn.ready = function( fn ) { + + readyList + .then( fn ) + + // Wrap jQuery.readyException in a function so that the lookup + // happens at the time of error handling instead of callback + // registration. + .catch( function( error ) { + jQuery.readyException( error ); + } ); + + return this; +}; + +jQuery.extend( { + + // Is the DOM ready to be used? Set to true once it occurs. + isReady: false, + + // A counter to track how many items to wait for before + // the ready event fires. See #6781 + readyWait: 1, + + // Handle when the DOM is ready + ready: function( wait ) { + + // Abort if there are pending holds or we're already ready + if ( wait === true ? --jQuery.readyWait : jQuery.isReady ) { + return; + } + + // Remember that the DOM is ready + jQuery.isReady = true; + + // If a normal DOM Ready event fired, decrement, and wait if need be + if ( wait !== true && --jQuery.readyWait > 0 ) { + return; + } + + // If there are functions bound, to execute + readyList.resolveWith( document, [ jQuery ] ); + } +} ); + +jQuery.ready.then = readyList.then; + +// The ready event handler and self cleanup method +function completed() { + document.removeEventListener( "DOMContentLoaded", completed ); + window.removeEventListener( "load", completed ); + jQuery.ready(); +} + +// Catch cases where $(document).ready() is called +// after the browser event has already occurred. +// Support: IE <=9 - 10 only +// Older IE sometimes signals "interactive" too soon +if ( document.readyState === "complete" || + ( document.readyState !== "loading" && !document.documentElement.doScroll ) ) { + + // Handle it asynchronously to allow scripts the opportunity to delay ready + window.setTimeout( jQuery.ready ); + +} else { + + // Use the handy event callback + document.addEventListener( "DOMContentLoaded", completed ); + + // A fallback to window.onload, that will always work + window.addEventListener( "load", completed ); +} + + + + +// Multifunctional method to get and set values of a collection +// The value/s can optionally be executed if it's a function +var access = function( elems, fn, key, value, chainable, emptyGet, raw ) { + var i = 0, + len = elems.length, + bulk = key == null; + + // Sets many values + if ( toType( key ) === "object" ) { + chainable = true; + for ( i in key ) { + access( elems, fn, i, key[ i ], true, emptyGet, raw ); + } + + // Sets one value + } else if ( value !== undefined ) { + chainable = true; + + if ( !isFunction( value ) ) { + raw = true; + } + + if ( bulk ) { + + // Bulk operations run against the entire set + if ( raw ) { + fn.call( elems, value ); + fn = null; + + // ...except when executing function values + } else { + bulk = fn; + fn = function( elem, _key, value ) { + return bulk.call( jQuery( elem ), value ); + }; + } + } + + if ( fn ) { + for ( ; i < len; i++ ) { + fn( + elems[ i ], key, raw ? + value : + value.call( elems[ i ], i, fn( elems[ i ], key ) ) + ); + } + } + } + + if ( chainable ) { + return elems; + } + + // Gets + if ( bulk ) { + return fn.call( elems ); + } + + return len ? fn( elems[ 0 ], key ) : emptyGet; +}; + + +// Matches dashed string for camelizing +var rmsPrefix = /^-ms-/, + rdashAlpha = /-([a-z])/g; + +// Used by camelCase as callback to replace() +function fcamelCase( _all, letter ) { + return letter.toUpperCase(); +} + +// Convert dashed to camelCase; used by the css and data modules +// Support: IE <=9 - 11, Edge 12 - 15 +// Microsoft forgot to hump their vendor prefix (#9572) +function camelCase( string ) { + return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase ); +} +var acceptData = function( owner ) { + + // Accepts only: + // - Node + // - Node.ELEMENT_NODE + // - Node.DOCUMENT_NODE + // - Object + // - Any + return owner.nodeType === 1 || owner.nodeType === 9 || !( +owner.nodeType ); +}; + + + + +function Data() { + this.expando = jQuery.expando + Data.uid++; +} + +Data.uid = 1; + +Data.prototype = { + + cache: function( owner ) { + + // Check if the owner object already has a cache + var value = owner[ this.expando ]; + + // If not, create one + if ( !value ) { + value = {}; + + // We can accept data for non-element nodes in modern browsers, + // but we should not, see #8335. + // Always return an empty object. + if ( acceptData( owner ) ) { + + // If it is a node unlikely to be stringify-ed or looped over + // use plain assignment + if ( owner.nodeType ) { + owner[ this.expando ] = value; + + // Otherwise secure it in a non-enumerable property + // configurable must be true to allow the property to be + // deleted when data is removed + } else { + Object.defineProperty( owner, this.expando, { + value: value, + configurable: true + } ); + } + } + } + + return value; + }, + set: function( owner, data, value ) { + var prop, + cache = this.cache( owner ); + + // Handle: [ owner, key, value ] args + // Always use camelCase key (gh-2257) + if ( typeof data === "string" ) { + cache[ camelCase( data ) ] = value; + + // Handle: [ owner, { properties } ] args + } else { + + // Copy the properties one-by-one to the cache object + for ( prop in data ) { + cache[ camelCase( prop ) ] = data[ prop ]; + } + } + return cache; + }, + get: function( owner, key ) { + return key === undefined ? + this.cache( owner ) : + + // Always use camelCase key (gh-2257) + owner[ this.expando ] && owner[ this.expando ][ camelCase( key ) ]; + }, + access: function( owner, key, value ) { + + // In cases where either: + // + // 1. No key was specified + // 2. A string key was specified, but no value provided + // + // Take the "read" path and allow the get method to determine + // which value to return, respectively either: + // + // 1. The entire cache object + // 2. The data stored at the key + // + if ( key === undefined || + ( ( key && typeof key === "string" ) && value === undefined ) ) { + + return this.get( owner, key ); + } + + // When the key is not a string, or both a key and value + // are specified, set or extend (existing objects) with either: + // + // 1. An object of properties + // 2. A key and value + // + this.set( owner, key, value ); + + // Since the "set" path can have two possible entry points + // return the expected data based on which path was taken[*] + return value !== undefined ? value : key; + }, + remove: function( owner, key ) { + var i, + cache = owner[ this.expando ]; + + if ( cache === undefined ) { + return; + } + + if ( key !== undefined ) { + + // Support array or space separated string of keys + if ( Array.isArray( key ) ) { + + // If key is an array of keys... + // We always set camelCase keys, so remove that. + key = key.map( camelCase ); + } else { + key = camelCase( key ); + + // If a key with the spaces exists, use it. + // Otherwise, create an array by matching non-whitespace + key = key in cache ? + [ key ] : + ( key.match( rnothtmlwhite ) || [] ); + } + + i = key.length; + + while ( i-- ) { + delete cache[ key[ i ] ]; + } + } + + // Remove the expando if there's no more data + if ( key === undefined || jQuery.isEmptyObject( cache ) ) { + + // Support: Chrome <=35 - 45 + // Webkit & Blink performance suffers when deleting properties + // from DOM nodes, so set to undefined instead + // https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted) + if ( owner.nodeType ) { + owner[ this.expando ] = undefined; + } else { + delete owner[ this.expando ]; + } + } + }, + hasData: function( owner ) { + var cache = owner[ this.expando ]; + return cache !== undefined && !jQuery.isEmptyObject( cache ); + } +}; +var dataPriv = new Data(); + +var dataUser = new Data(); + + + +// Implementation Summary +// +// 1. Enforce API surface and semantic compatibility with 1.9.x branch +// 2. Improve the module's maintainability by reducing the storage +// paths to a single mechanism. +// 3. Use the same single mechanism to support "private" and "user" data. +// 4. _Never_ expose "private" data to user code (TODO: Drop _data, _removeData) +// 5. Avoid exposing implementation details on user objects (eg. expando properties) +// 6. Provide a clear path for implementation upgrade to WeakMap in 2014 + +var rbrace = /^(?:\{[\w\W]*\}|\[[\w\W]*\])$/, + rmultiDash = /[A-Z]/g; + +function getData( data ) { + if ( data === "true" ) { + return true; + } + + if ( data === "false" ) { + return false; + } + + if ( data === "null" ) { + return null; + } + + // Only convert to a number if it doesn't change the string + if ( data === +data + "" ) { + return +data; + } + + if ( rbrace.test( data ) ) { + return JSON.parse( data ); + } + + return data; +} + +function dataAttr( elem, key, data ) { + var name; + + // If nothing was found internally, try to fetch any + // data from the HTML5 data-* attribute + if ( data === undefined && elem.nodeType === 1 ) { + name = "data-" + key.replace( rmultiDash, "-$&" ).toLowerCase(); + data = elem.getAttribute( name ); + + if ( typeof data === "string" ) { + try { + data = getData( data ); + } catch ( e ) {} + + // Make sure we set the data so it isn't changed later + dataUser.set( elem, key, data ); + } else { + data = undefined; + } + } + return data; +} + +jQuery.extend( { + hasData: function( elem ) { + return dataUser.hasData( elem ) || dataPriv.hasData( elem ); + }, + + data: function( elem, name, data ) { + return dataUser.access( elem, name, data ); + }, + + removeData: function( elem, name ) { + dataUser.remove( elem, name ); + }, + + // TODO: Now that all calls to _data and _removeData have been replaced + // with direct calls to dataPriv methods, these can be deprecated. + _data: function( elem, name, data ) { + return dataPriv.access( elem, name, data ); + }, + + _removeData: function( elem, name ) { + dataPriv.remove( elem, name ); + } +} ); + +jQuery.fn.extend( { + data: function( key, value ) { + var i, name, data, + elem = this[ 0 ], + attrs = elem && elem.attributes; + + // Gets all values + if ( key === undefined ) { + if ( this.length ) { + data = dataUser.get( elem ); + + if ( elem.nodeType === 1 && !dataPriv.get( elem, "hasDataAttrs" ) ) { + i = attrs.length; + while ( i-- ) { + + // Support: IE 11 only + // The attrs elements can be null (#14894) + if ( attrs[ i ] ) { + name = attrs[ i ].name; + if ( name.indexOf( "data-" ) === 0 ) { + name = camelCase( name.slice( 5 ) ); + dataAttr( elem, name, data[ name ] ); + } + } + } + dataPriv.set( elem, "hasDataAttrs", true ); + } + } + + return data; + } + + // Sets multiple values + if ( typeof key === "object" ) { + return this.each( function() { + dataUser.set( this, key ); + } ); + } + + return access( this, function( value ) { + var data; + + // The calling jQuery object (element matches) is not empty + // (and therefore has an element appears at this[ 0 ]) and the + // `value` parameter was not undefined. An empty jQuery object + // will result in `undefined` for elem = this[ 0 ] which will + // throw an exception if an attempt to read a data cache is made. + if ( elem && value === undefined ) { + + // Attempt to get data from the cache + // The key will always be camelCased in Data + data = dataUser.get( elem, key ); + if ( data !== undefined ) { + return data; + } + + // Attempt to "discover" the data in + // HTML5 custom data-* attrs + data = dataAttr( elem, key ); + if ( data !== undefined ) { + return data; + } + + // We tried really hard, but the data doesn't exist. + return; + } + + // Set the data... + this.each( function() { + + // We always store the camelCased key + dataUser.set( this, key, value ); + } ); + }, null, value, arguments.length > 1, null, true ); + }, + + removeData: function( key ) { + return this.each( function() { + dataUser.remove( this, key ); + } ); + } +} ); + + +jQuery.extend( { + queue: function( elem, type, data ) { + var queue; + + if ( elem ) { + type = ( type || "fx" ) + "queue"; + queue = dataPriv.get( elem, type ); + + // Speed up dequeue by getting out quickly if this is just a lookup + if ( data ) { + if ( !queue || Array.isArray( data ) ) { + queue = dataPriv.access( elem, type, jQuery.makeArray( data ) ); + } else { + queue.push( data ); + } + } + return queue || []; + } + }, + + dequeue: function( elem, type ) { + type = type || "fx"; + + var queue = jQuery.queue( elem, type ), + startLength = queue.length, + fn = queue.shift(), + hooks = jQuery._queueHooks( elem, type ), + next = function() { + jQuery.dequeue( elem, type ); + }; + + // If the fx queue is dequeued, always remove the progress sentinel + if ( fn === "inprogress" ) { + fn = queue.shift(); + startLength--; + } + + if ( fn ) { + + // Add a progress sentinel to prevent the fx queue from being + // automatically dequeued + if ( type === "fx" ) { + queue.unshift( "inprogress" ); + } + + // Clear up the last queue stop function + delete hooks.stop; + fn.call( elem, next, hooks ); + } + + if ( !startLength && hooks ) { + hooks.empty.fire(); + } + }, + + // Not public - generate a queueHooks object, or return the current one + _queueHooks: function( elem, type ) { + var key = type + "queueHooks"; + return dataPriv.get( elem, key ) || dataPriv.access( elem, key, { + empty: jQuery.Callbacks( "once memory" ).add( function() { + dataPriv.remove( elem, [ type + "queue", key ] ); + } ) + } ); + } +} ); + +jQuery.fn.extend( { + queue: function( type, data ) { + var setter = 2; + + if ( typeof type !== "string" ) { + data = type; + type = "fx"; + setter--; + } + + if ( arguments.length < setter ) { + return jQuery.queue( this[ 0 ], type ); + } + + return data === undefined ? + this : + this.each( function() { + var queue = jQuery.queue( this, type, data ); + + // Ensure a hooks for this queue + jQuery._queueHooks( this, type ); + + if ( type === "fx" && queue[ 0 ] !== "inprogress" ) { + jQuery.dequeue( this, type ); + } + } ); + }, + dequeue: function( type ) { + return this.each( function() { + jQuery.dequeue( this, type ); + } ); + }, + clearQueue: function( type ) { + return this.queue( type || "fx", [] ); + }, + + // Get a promise resolved when queues of a certain type + // are emptied (fx is the type by default) + promise: function( type, obj ) { + var tmp, + count = 1, + defer = jQuery.Deferred(), + elements = this, + i = this.length, + resolve = function() { + if ( !( --count ) ) { + defer.resolveWith( elements, [ elements ] ); + } + }; + + if ( typeof type !== "string" ) { + obj = type; + type = undefined; + } + type = type || "fx"; + + while ( i-- ) { + tmp = dataPriv.get( elements[ i ], type + "queueHooks" ); + if ( tmp && tmp.empty ) { + count++; + tmp.empty.add( resolve ); + } + } + resolve(); + return defer.promise( obj ); + } +} ); +var pnum = ( /[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/ ).source; + +var rcssNum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" ); + + +var cssExpand = [ "Top", "Right", "Bottom", "Left" ]; + +var documentElement = document.documentElement; + + + + var isAttached = function( elem ) { + return jQuery.contains( elem.ownerDocument, elem ); + }, + composed = { composed: true }; + + // Support: IE 9 - 11+, Edge 12 - 18+, iOS 10.0 - 10.2 only + // Check attachment across shadow DOM boundaries when possible (gh-3504) + // Support: iOS 10.0-10.2 only + // Early iOS 10 versions support `attachShadow` but not `getRootNode`, + // leading to errors. We need to check for `getRootNode`. + if ( documentElement.getRootNode ) { + isAttached = function( elem ) { + return jQuery.contains( elem.ownerDocument, elem ) || + elem.getRootNode( composed ) === elem.ownerDocument; + }; + } +var isHiddenWithinTree = function( elem, el ) { + + // isHiddenWithinTree might be called from jQuery#filter function; + // in that case, element will be second argument + elem = el || elem; + + // Inline style trumps all + return elem.style.display === "none" || + elem.style.display === "" && + + // Otherwise, check computed style + // Support: Firefox <=43 - 45 + // Disconnected elements can have computed display: none, so first confirm that elem is + // in the document. + isAttached( elem ) && + + jQuery.css( elem, "display" ) === "none"; + }; + + + +function adjustCSS( elem, prop, valueParts, tween ) { + var adjusted, scale, + maxIterations = 20, + currentValue = tween ? + function() { + return tween.cur(); + } : + function() { + return jQuery.css( elem, prop, "" ); + }, + initial = currentValue(), + unit = valueParts && valueParts[ 3 ] || ( jQuery.cssNumber[ prop ] ? "" : "px" ), + + // Starting value computation is required for potential unit mismatches + initialInUnit = elem.nodeType && + ( jQuery.cssNumber[ prop ] || unit !== "px" && +initial ) && + rcssNum.exec( jQuery.css( elem, prop ) ); + + if ( initialInUnit && initialInUnit[ 3 ] !== unit ) { + + // Support: Firefox <=54 + // Halve the iteration target value to prevent interference from CSS upper bounds (gh-2144) + initial = initial / 2; + + // Trust units reported by jQuery.css + unit = unit || initialInUnit[ 3 ]; + + // Iteratively approximate from a nonzero starting point + initialInUnit = +initial || 1; + + while ( maxIterations-- ) { + + // Evaluate and update our best guess (doubling guesses that zero out). + // Finish if the scale equals or crosses 1 (making the old*new product non-positive). + jQuery.style( elem, prop, initialInUnit + unit ); + if ( ( 1 - scale ) * ( 1 - ( scale = currentValue() / initial || 0.5 ) ) <= 0 ) { + maxIterations = 0; + } + initialInUnit = initialInUnit / scale; + + } + + initialInUnit = initialInUnit * 2; + jQuery.style( elem, prop, initialInUnit + unit ); + + // Make sure we update the tween properties later on + valueParts = valueParts || []; + } + + if ( valueParts ) { + initialInUnit = +initialInUnit || +initial || 0; + + // Apply relative offset (+=/-=) if specified + adjusted = valueParts[ 1 ] ? + initialInUnit + ( valueParts[ 1 ] + 1 ) * valueParts[ 2 ] : + +valueParts[ 2 ]; + if ( tween ) { + tween.unit = unit; + tween.start = initialInUnit; + tween.end = adjusted; + } + } + return adjusted; +} + + +var defaultDisplayMap = {}; + +function getDefaultDisplay( elem ) { + var temp, + doc = elem.ownerDocument, + nodeName = elem.nodeName, + display = defaultDisplayMap[ nodeName ]; + + if ( display ) { + return display; + } + + temp = doc.body.appendChild( doc.createElement( nodeName ) ); + display = jQuery.css( temp, "display" ); + + temp.parentNode.removeChild( temp ); + + if ( display === "none" ) { + display = "block"; + } + defaultDisplayMap[ nodeName ] = display; + + return display; +} + +function showHide( elements, show ) { + var display, elem, + values = [], + index = 0, + length = elements.length; + + // Determine new display value for elements that need to change + for ( ; index < length; index++ ) { + elem = elements[ index ]; + if ( !elem.style ) { + continue; + } + + display = elem.style.display; + if ( show ) { + + // Since we force visibility upon cascade-hidden elements, an immediate (and slow) + // check is required in this first loop unless we have a nonempty display value (either + // inline or about-to-be-restored) + if ( display === "none" ) { + values[ index ] = dataPriv.get( elem, "display" ) || null; + if ( !values[ index ] ) { + elem.style.display = ""; + } + } + if ( elem.style.display === "" && isHiddenWithinTree( elem ) ) { + values[ index ] = getDefaultDisplay( elem ); + } + } else { + if ( display !== "none" ) { + values[ index ] = "none"; + + // Remember what we're overwriting + dataPriv.set( elem, "display", display ); + } + } + } + + // Set the display of the elements in a second loop to avoid constant reflow + for ( index = 0; index < length; index++ ) { + if ( values[ index ] != null ) { + elements[ index ].style.display = values[ index ]; + } + } + + return elements; +} + +jQuery.fn.extend( { + show: function() { + return showHide( this, true ); + }, + hide: function() { + return showHide( this ); + }, + toggle: function( state ) { + if ( typeof state === "boolean" ) { + return state ? this.show() : this.hide(); + } + + return this.each( function() { + if ( isHiddenWithinTree( this ) ) { + jQuery( this ).show(); + } else { + jQuery( this ).hide(); + } + } ); + } +} ); +var rcheckableType = ( /^(?:checkbox|radio)$/i ); + +var rtagName = ( /<([a-z][^\/\0>\x20\t\r\n\f]*)/i ); + +var rscriptType = ( /^$|^module$|\/(?:java|ecma)script/i ); + + + +( function() { + var fragment = document.createDocumentFragment(), + div = fragment.appendChild( document.createElement( "div" ) ), + input = document.createElement( "input" ); + + // Support: Android 4.0 - 4.3 only + // Check state lost if the name is set (#11217) + // Support: Windows Web Apps (WWA) + // `name` and `type` must use .setAttribute for WWA (#14901) + input.setAttribute( "type", "radio" ); + input.setAttribute( "checked", "checked" ); + input.setAttribute( "name", "t" ); + + div.appendChild( input ); + + // Support: Android <=4.1 only + // Older WebKit doesn't clone checked state correctly in fragments + support.checkClone = div.cloneNode( true ).cloneNode( true ).lastChild.checked; + + // Support: IE <=11 only + // Make sure textarea (and checkbox) defaultValue is properly cloned + div.innerHTML = ""; + support.noCloneChecked = !!div.cloneNode( true ).lastChild.defaultValue; + + // Support: IE <=9 only + // IE <=9 replaces "; + support.option = !!div.lastChild; +} )(); + + +// We have to close these tags to support XHTML (#13200) +var wrapMap = { + + // XHTML parsers do not magically insert elements in the + // same way that tag soup parsers do. So we cannot shorten + // this by omitting or other required elements. + thead: [ 1, "", "
" ], + col: [ 2, "", "
" ], + tr: [ 2, "", "
" ], + td: [ 3, "", "
" ], + + _default: [ 0, "", "" ] +}; + +wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead; +wrapMap.th = wrapMap.td; + +// Support: IE <=9 only +if ( !support.option ) { + wrapMap.optgroup = wrapMap.option = [ 1, "" ]; +} + + +function getAll( context, tag ) { + + // Support: IE <=9 - 11 only + // Use typeof to avoid zero-argument method invocation on host objects (#15151) + var ret; + + if ( typeof context.getElementsByTagName !== "undefined" ) { + ret = context.getElementsByTagName( tag || "*" ); + + } else if ( typeof context.querySelectorAll !== "undefined" ) { + ret = context.querySelectorAll( tag || "*" ); + + } else { + ret = []; + } + + if ( tag === undefined || tag && nodeName( context, tag ) ) { + return jQuery.merge( [ context ], ret ); + } + + return ret; +} + + +// Mark scripts as having already been evaluated +function setGlobalEval( elems, refElements ) { + var i = 0, + l = elems.length; + + for ( ; i < l; i++ ) { + dataPriv.set( + elems[ i ], + "globalEval", + !refElements || dataPriv.get( refElements[ i ], "globalEval" ) + ); + } +} + + +var rhtml = /<|&#?\w+;/; + +function buildFragment( elems, context, scripts, selection, ignored ) { + var elem, tmp, tag, wrap, attached, j, + fragment = context.createDocumentFragment(), + nodes = [], + i = 0, + l = elems.length; + + for ( ; i < l; i++ ) { + elem = elems[ i ]; + + if ( elem || elem === 0 ) { + + // Add nodes directly + if ( toType( elem ) === "object" ) { + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( nodes, elem.nodeType ? [ elem ] : elem ); + + // Convert non-html into a text node + } else if ( !rhtml.test( elem ) ) { + nodes.push( context.createTextNode( elem ) ); + + // Convert html into DOM nodes + } else { + tmp = tmp || fragment.appendChild( context.createElement( "div" ) ); + + // Deserialize a standard representation + tag = ( rtagName.exec( elem ) || [ "", "" ] )[ 1 ].toLowerCase(); + wrap = wrapMap[ tag ] || wrapMap._default; + tmp.innerHTML = wrap[ 1 ] + jQuery.htmlPrefilter( elem ) + wrap[ 2 ]; + + // Descend through wrappers to the right content + j = wrap[ 0 ]; + while ( j-- ) { + tmp = tmp.lastChild; + } + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( nodes, tmp.childNodes ); + + // Remember the top-level container + tmp = fragment.firstChild; + + // Ensure the created nodes are orphaned (#12392) + tmp.textContent = ""; + } + } + } + + // Remove wrapper from fragment + fragment.textContent = ""; + + i = 0; + while ( ( elem = nodes[ i++ ] ) ) { + + // Skip elements already in the context collection (trac-4087) + if ( selection && jQuery.inArray( elem, selection ) > -1 ) { + if ( ignored ) { + ignored.push( elem ); + } + continue; + } + + attached = isAttached( elem ); + + // Append to fragment + tmp = getAll( fragment.appendChild( elem ), "script" ); + + // Preserve script evaluation history + if ( attached ) { + setGlobalEval( tmp ); + } + + // Capture executables + if ( scripts ) { + j = 0; + while ( ( elem = tmp[ j++ ] ) ) { + if ( rscriptType.test( elem.type || "" ) ) { + scripts.push( elem ); + } + } + } + } + + return fragment; +} + + +var rtypenamespace = /^([^.]*)(?:\.(.+)|)/; + +function returnTrue() { + return true; +} + +function returnFalse() { + return false; +} + +// Support: IE <=9 - 11+ +// focus() and blur() are asynchronous, except when they are no-op. +// So expect focus to be synchronous when the element is already active, +// and blur to be synchronous when the element is not already active. +// (focus and blur are always synchronous in other supported browsers, +// this just defines when we can count on it). +function expectSync( elem, type ) { + return ( elem === safeActiveElement() ) === ( type === "focus" ); +} + +// Support: IE <=9 only +// Accessing document.activeElement can throw unexpectedly +// https://bugs.jquery.com/ticket/13393 +function safeActiveElement() { + try { + return document.activeElement; + } catch ( err ) { } +} + +function on( elem, types, selector, data, fn, one ) { + var origFn, type; + + // Types can be a map of types/handlers + if ( typeof types === "object" ) { + + // ( types-Object, selector, data ) + if ( typeof selector !== "string" ) { + + // ( types-Object, data ) + data = data || selector; + selector = undefined; + } + for ( type in types ) { + on( elem, type, selector, data, types[ type ], one ); + } + return elem; + } + + if ( data == null && fn == null ) { + + // ( types, fn ) + fn = selector; + data = selector = undefined; + } else if ( fn == null ) { + if ( typeof selector === "string" ) { + + // ( types, selector, fn ) + fn = data; + data = undefined; + } else { + + // ( types, data, fn ) + fn = data; + data = selector; + selector = undefined; + } + } + if ( fn === false ) { + fn = returnFalse; + } else if ( !fn ) { + return elem; + } + + if ( one === 1 ) { + origFn = fn; + fn = function( event ) { + + // Can use an empty set, since event contains the info + jQuery().off( event ); + return origFn.apply( this, arguments ); + }; + + // Use same guid so caller can remove using origFn + fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ ); + } + return elem.each( function() { + jQuery.event.add( this, types, fn, data, selector ); + } ); +} + +/* + * Helper functions for managing events -- not part of the public interface. + * Props to Dean Edwards' addEvent library for many of the ideas. + */ +jQuery.event = { + + global: {}, + + add: function( elem, types, handler, data, selector ) { + + var handleObjIn, eventHandle, tmp, + events, t, handleObj, + special, handlers, type, namespaces, origType, + elemData = dataPriv.get( elem ); + + // Only attach events to objects that accept data + if ( !acceptData( elem ) ) { + return; + } + + // Caller can pass in an object of custom data in lieu of the handler + if ( handler.handler ) { + handleObjIn = handler; + handler = handleObjIn.handler; + selector = handleObjIn.selector; + } + + // Ensure that invalid selectors throw exceptions at attach time + // Evaluate against documentElement in case elem is a non-element node (e.g., document) + if ( selector ) { + jQuery.find.matchesSelector( documentElement, selector ); + } + + // Make sure that the handler has a unique ID, used to find/remove it later + if ( !handler.guid ) { + handler.guid = jQuery.guid++; + } + + // Init the element's event structure and main handler, if this is the first + if ( !( events = elemData.events ) ) { + events = elemData.events = Object.create( null ); + } + if ( !( eventHandle = elemData.handle ) ) { + eventHandle = elemData.handle = function( e ) { + + // Discard the second event of a jQuery.event.trigger() and + // when an event is called after a page has unloaded + return typeof jQuery !== "undefined" && jQuery.event.triggered !== e.type ? + jQuery.event.dispatch.apply( elem, arguments ) : undefined; + }; + } + + // Handle multiple events separated by a space + types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; + t = types.length; + while ( t-- ) { + tmp = rtypenamespace.exec( types[ t ] ) || []; + type = origType = tmp[ 1 ]; + namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); + + // There *must* be a type, no attaching namespace-only handlers + if ( !type ) { + continue; + } + + // If event changes its type, use the special event handlers for the changed type + special = jQuery.event.special[ type ] || {}; + + // If selector defined, determine special event api type, otherwise given type + type = ( selector ? special.delegateType : special.bindType ) || type; + + // Update special based on newly reset type + special = jQuery.event.special[ type ] || {}; + + // handleObj is passed to all event handlers + handleObj = jQuery.extend( { + type: type, + origType: origType, + data: data, + handler: handler, + guid: handler.guid, + selector: selector, + needsContext: selector && jQuery.expr.match.needsContext.test( selector ), + namespace: namespaces.join( "." ) + }, handleObjIn ); + + // Init the event handler queue if we're the first + if ( !( handlers = events[ type ] ) ) { + handlers = events[ type ] = []; + handlers.delegateCount = 0; + + // Only use addEventListener if the special events handler returns false + if ( !special.setup || + special.setup.call( elem, data, namespaces, eventHandle ) === false ) { + + if ( elem.addEventListener ) { + elem.addEventListener( type, eventHandle ); + } + } + } + + if ( special.add ) { + special.add.call( elem, handleObj ); + + if ( !handleObj.handler.guid ) { + handleObj.handler.guid = handler.guid; + } + } + + // Add to the element's handler list, delegates in front + if ( selector ) { + handlers.splice( handlers.delegateCount++, 0, handleObj ); + } else { + handlers.push( handleObj ); + } + + // Keep track of which events have ever been used, for event optimization + jQuery.event.global[ type ] = true; + } + + }, + + // Detach an event or set of events from an element + remove: function( elem, types, handler, selector, mappedTypes ) { + + var j, origCount, tmp, + events, t, handleObj, + special, handlers, type, namespaces, origType, + elemData = dataPriv.hasData( elem ) && dataPriv.get( elem ); + + if ( !elemData || !( events = elemData.events ) ) { + return; + } + + // Once for each type.namespace in types; type may be omitted + types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; + t = types.length; + while ( t-- ) { + tmp = rtypenamespace.exec( types[ t ] ) || []; + type = origType = tmp[ 1 ]; + namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); + + // Unbind all events (on this namespace, if provided) for the element + if ( !type ) { + for ( type in events ) { + jQuery.event.remove( elem, type + types[ t ], handler, selector, true ); + } + continue; + } + + special = jQuery.event.special[ type ] || {}; + type = ( selector ? special.delegateType : special.bindType ) || type; + handlers = events[ type ] || []; + tmp = tmp[ 2 ] && + new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ); + + // Remove matching events + origCount = j = handlers.length; + while ( j-- ) { + handleObj = handlers[ j ]; + + if ( ( mappedTypes || origType === handleObj.origType ) && + ( !handler || handler.guid === handleObj.guid ) && + ( !tmp || tmp.test( handleObj.namespace ) ) && + ( !selector || selector === handleObj.selector || + selector === "**" && handleObj.selector ) ) { + handlers.splice( j, 1 ); + + if ( handleObj.selector ) { + handlers.delegateCount--; + } + if ( special.remove ) { + special.remove.call( elem, handleObj ); + } + } + } + + // Remove generic event handler if we removed something and no more handlers exist + // (avoids potential for endless recursion during removal of special event handlers) + if ( origCount && !handlers.length ) { + if ( !special.teardown || + special.teardown.call( elem, namespaces, elemData.handle ) === false ) { + + jQuery.removeEvent( elem, type, elemData.handle ); + } + + delete events[ type ]; + } + } + + // Remove data and the expando if it's no longer used + if ( jQuery.isEmptyObject( events ) ) { + dataPriv.remove( elem, "handle events" ); + } + }, + + dispatch: function( nativeEvent ) { + + var i, j, ret, matched, handleObj, handlerQueue, + args = new Array( arguments.length ), + + // Make a writable jQuery.Event from the native event object + event = jQuery.event.fix( nativeEvent ), + + handlers = ( + dataPriv.get( this, "events" ) || Object.create( null ) + )[ event.type ] || [], + special = jQuery.event.special[ event.type ] || {}; + + // Use the fix-ed jQuery.Event rather than the (read-only) native event + args[ 0 ] = event; + + for ( i = 1; i < arguments.length; i++ ) { + args[ i ] = arguments[ i ]; + } + + event.delegateTarget = this; + + // Call the preDispatch hook for the mapped type, and let it bail if desired + if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) { + return; + } + + // Determine handlers + handlerQueue = jQuery.event.handlers.call( this, event, handlers ); + + // Run delegates first; they may want to stop propagation beneath us + i = 0; + while ( ( matched = handlerQueue[ i++ ] ) && !event.isPropagationStopped() ) { + event.currentTarget = matched.elem; + + j = 0; + while ( ( handleObj = matched.handlers[ j++ ] ) && + !event.isImmediatePropagationStopped() ) { + + // If the event is namespaced, then each handler is only invoked if it is + // specially universal or its namespaces are a superset of the event's. + if ( !event.rnamespace || handleObj.namespace === false || + event.rnamespace.test( handleObj.namespace ) ) { + + event.handleObj = handleObj; + event.data = handleObj.data; + + ret = ( ( jQuery.event.special[ handleObj.origType ] || {} ).handle || + handleObj.handler ).apply( matched.elem, args ); + + if ( ret !== undefined ) { + if ( ( event.result = ret ) === false ) { + event.preventDefault(); + event.stopPropagation(); + } + } + } + } + } + + // Call the postDispatch hook for the mapped type + if ( special.postDispatch ) { + special.postDispatch.call( this, event ); + } + + return event.result; + }, + + handlers: function( event, handlers ) { + var i, handleObj, sel, matchedHandlers, matchedSelectors, + handlerQueue = [], + delegateCount = handlers.delegateCount, + cur = event.target; + + // Find delegate handlers + if ( delegateCount && + + // Support: IE <=9 + // Black-hole SVG instance trees (trac-13180) + cur.nodeType && + + // Support: Firefox <=42 + // Suppress spec-violating clicks indicating a non-primary pointer button (trac-3861) + // https://www.w3.org/TR/DOM-Level-3-Events/#event-type-click + // Support: IE 11 only + // ...but not arrow key "clicks" of radio inputs, which can have `button` -1 (gh-2343) + !( event.type === "click" && event.button >= 1 ) ) { + + for ( ; cur !== this; cur = cur.parentNode || this ) { + + // Don't check non-elements (#13208) + // Don't process clicks on disabled elements (#6911, #8165, #11382, #11764) + if ( cur.nodeType === 1 && !( event.type === "click" && cur.disabled === true ) ) { + matchedHandlers = []; + matchedSelectors = {}; + for ( i = 0; i < delegateCount; i++ ) { + handleObj = handlers[ i ]; + + // Don't conflict with Object.prototype properties (#13203) + sel = handleObj.selector + " "; + + if ( matchedSelectors[ sel ] === undefined ) { + matchedSelectors[ sel ] = handleObj.needsContext ? + jQuery( sel, this ).index( cur ) > -1 : + jQuery.find( sel, this, null, [ cur ] ).length; + } + if ( matchedSelectors[ sel ] ) { + matchedHandlers.push( handleObj ); + } + } + if ( matchedHandlers.length ) { + handlerQueue.push( { elem: cur, handlers: matchedHandlers } ); + } + } + } + } + + // Add the remaining (directly-bound) handlers + cur = this; + if ( delegateCount < handlers.length ) { + handlerQueue.push( { elem: cur, handlers: handlers.slice( delegateCount ) } ); + } + + return handlerQueue; + }, + + addProp: function( name, hook ) { + Object.defineProperty( jQuery.Event.prototype, name, { + enumerable: true, + configurable: true, + + get: isFunction( hook ) ? + function() { + if ( this.originalEvent ) { + return hook( this.originalEvent ); + } + } : + function() { + if ( this.originalEvent ) { + return this.originalEvent[ name ]; + } + }, + + set: function( value ) { + Object.defineProperty( this, name, { + enumerable: true, + configurable: true, + writable: true, + value: value + } ); + } + } ); + }, + + fix: function( originalEvent ) { + return originalEvent[ jQuery.expando ] ? + originalEvent : + new jQuery.Event( originalEvent ); + }, + + special: { + load: { + + // Prevent triggered image.load events from bubbling to window.load + noBubble: true + }, + click: { + + // Utilize native event to ensure correct state for checkable inputs + setup: function( data ) { + + // For mutual compressibility with _default, replace `this` access with a local var. + // `|| data` is dead code meant only to preserve the variable through minification. + var el = this || data; + + // Claim the first handler + if ( rcheckableType.test( el.type ) && + el.click && nodeName( el, "input" ) ) { + + // dataPriv.set( el, "click", ... ) + leverageNative( el, "click", returnTrue ); + } + + // Return false to allow normal processing in the caller + return false; + }, + trigger: function( data ) { + + // For mutual compressibility with _default, replace `this` access with a local var. + // `|| data` is dead code meant only to preserve the variable through minification. + var el = this || data; + + // Force setup before triggering a click + if ( rcheckableType.test( el.type ) && + el.click && nodeName( el, "input" ) ) { + + leverageNative( el, "click" ); + } + + // Return non-false to allow normal event-path propagation + return true; + }, + + // For cross-browser consistency, suppress native .click() on links + // Also prevent it if we're currently inside a leveraged native-event stack + _default: function( event ) { + var target = event.target; + return rcheckableType.test( target.type ) && + target.click && nodeName( target, "input" ) && + dataPriv.get( target, "click" ) || + nodeName( target, "a" ); + } + }, + + beforeunload: { + postDispatch: function( event ) { + + // Support: Firefox 20+ + // Firefox doesn't alert if the returnValue field is not set. + if ( event.result !== undefined && event.originalEvent ) { + event.originalEvent.returnValue = event.result; + } + } + } + } +}; + +// Ensure the presence of an event listener that handles manually-triggered +// synthetic events by interrupting progress until reinvoked in response to +// *native* events that it fires directly, ensuring that state changes have +// already occurred before other listeners are invoked. +function leverageNative( el, type, expectSync ) { + + // Missing expectSync indicates a trigger call, which must force setup through jQuery.event.add + if ( !expectSync ) { + if ( dataPriv.get( el, type ) === undefined ) { + jQuery.event.add( el, type, returnTrue ); + } + return; + } + + // Register the controller as a special universal handler for all event namespaces + dataPriv.set( el, type, false ); + jQuery.event.add( el, type, { + namespace: false, + handler: function( event ) { + var notAsync, result, + saved = dataPriv.get( this, type ); + + if ( ( event.isTrigger & 1 ) && this[ type ] ) { + + // Interrupt processing of the outer synthetic .trigger()ed event + // Saved data should be false in such cases, but might be a leftover capture object + // from an async native handler (gh-4350) + if ( !saved.length ) { + + // Store arguments for use when handling the inner native event + // There will always be at least one argument (an event object), so this array + // will not be confused with a leftover capture object. + saved = slice.call( arguments ); + dataPriv.set( this, type, saved ); + + // Trigger the native event and capture its result + // Support: IE <=9 - 11+ + // focus() and blur() are asynchronous + notAsync = expectSync( this, type ); + this[ type ](); + result = dataPriv.get( this, type ); + if ( saved !== result || notAsync ) { + dataPriv.set( this, type, false ); + } else { + result = {}; + } + if ( saved !== result ) { + + // Cancel the outer synthetic event + event.stopImmediatePropagation(); + event.preventDefault(); + + // Support: Chrome 86+ + // In Chrome, if an element having a focusout handler is blurred by + // clicking outside of it, it invokes the handler synchronously. If + // that handler calls `.remove()` on the element, the data is cleared, + // leaving `result` undefined. We need to guard against this. + return result && result.value; + } + + // If this is an inner synthetic event for an event with a bubbling surrogate + // (focus or blur), assume that the surrogate already propagated from triggering the + // native event and prevent that from happening again here. + // This technically gets the ordering wrong w.r.t. to `.trigger()` (in which the + // bubbling surrogate propagates *after* the non-bubbling base), but that seems + // less bad than duplication. + } else if ( ( jQuery.event.special[ type ] || {} ).delegateType ) { + event.stopPropagation(); + } + + // If this is a native event triggered above, everything is now in order + // Fire an inner synthetic event with the original arguments + } else if ( saved.length ) { + + // ...and capture the result + dataPriv.set( this, type, { + value: jQuery.event.trigger( + + // Support: IE <=9 - 11+ + // Extend with the prototype to reset the above stopImmediatePropagation() + jQuery.extend( saved[ 0 ], jQuery.Event.prototype ), + saved.slice( 1 ), + this + ) + } ); + + // Abort handling of the native event + event.stopImmediatePropagation(); + } + } + } ); +} + +jQuery.removeEvent = function( elem, type, handle ) { + + // This "if" is needed for plain objects + if ( elem.removeEventListener ) { + elem.removeEventListener( type, handle ); + } +}; + +jQuery.Event = function( src, props ) { + + // Allow instantiation without the 'new' keyword + if ( !( this instanceof jQuery.Event ) ) { + return new jQuery.Event( src, props ); + } + + // Event object + if ( src && src.type ) { + this.originalEvent = src; + this.type = src.type; + + // Events bubbling up the document may have been marked as prevented + // by a handler lower down the tree; reflect the correct value. + this.isDefaultPrevented = src.defaultPrevented || + src.defaultPrevented === undefined && + + // Support: Android <=2.3 only + src.returnValue === false ? + returnTrue : + returnFalse; + + // Create target properties + // Support: Safari <=6 - 7 only + // Target should not be a text node (#504, #13143) + this.target = ( src.target && src.target.nodeType === 3 ) ? + src.target.parentNode : + src.target; + + this.currentTarget = src.currentTarget; + this.relatedTarget = src.relatedTarget; + + // Event type + } else { + this.type = src; + } + + // Put explicitly provided properties onto the event object + if ( props ) { + jQuery.extend( this, props ); + } + + // Create a timestamp if incoming event doesn't have one + this.timeStamp = src && src.timeStamp || Date.now(); + + // Mark it as fixed + this[ jQuery.expando ] = true; +}; + +// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding +// https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html +jQuery.Event.prototype = { + constructor: jQuery.Event, + isDefaultPrevented: returnFalse, + isPropagationStopped: returnFalse, + isImmediatePropagationStopped: returnFalse, + isSimulated: false, + + preventDefault: function() { + var e = this.originalEvent; + + this.isDefaultPrevented = returnTrue; + + if ( e && !this.isSimulated ) { + e.preventDefault(); + } + }, + stopPropagation: function() { + var e = this.originalEvent; + + this.isPropagationStopped = returnTrue; + + if ( e && !this.isSimulated ) { + e.stopPropagation(); + } + }, + stopImmediatePropagation: function() { + var e = this.originalEvent; + + this.isImmediatePropagationStopped = returnTrue; + + if ( e && !this.isSimulated ) { + e.stopImmediatePropagation(); + } + + this.stopPropagation(); + } +}; + +// Includes all common event props including KeyEvent and MouseEvent specific props +jQuery.each( { + altKey: true, + bubbles: true, + cancelable: true, + changedTouches: true, + ctrlKey: true, + detail: true, + eventPhase: true, + metaKey: true, + pageX: true, + pageY: true, + shiftKey: true, + view: true, + "char": true, + code: true, + charCode: true, + key: true, + keyCode: true, + button: true, + buttons: true, + clientX: true, + clientY: true, + offsetX: true, + offsetY: true, + pointerId: true, + pointerType: true, + screenX: true, + screenY: true, + targetTouches: true, + toElement: true, + touches: true, + which: true +}, jQuery.event.addProp ); + +jQuery.each( { focus: "focusin", blur: "focusout" }, function( type, delegateType ) { + jQuery.event.special[ type ] = { + + // Utilize native event if possible so blur/focus sequence is correct + setup: function() { + + // Claim the first handler + // dataPriv.set( this, "focus", ... ) + // dataPriv.set( this, "blur", ... ) + leverageNative( this, type, expectSync ); + + // Return false to allow normal processing in the caller + return false; + }, + trigger: function() { + + // Force setup before trigger + leverageNative( this, type ); + + // Return non-false to allow normal event-path propagation + return true; + }, + + // Suppress native focus or blur as it's already being fired + // in leverageNative. + _default: function() { + return true; + }, + + delegateType: delegateType + }; +} ); + +// Create mouseenter/leave events using mouseover/out and event-time checks +// so that event delegation works in jQuery. +// Do the same for pointerenter/pointerleave and pointerover/pointerout +// +// Support: Safari 7 only +// Safari sends mouseenter too often; see: +// https://bugs.chromium.org/p/chromium/issues/detail?id=470258 +// for the description of the bug (it existed in older Chrome versions as well). +jQuery.each( { + mouseenter: "mouseover", + mouseleave: "mouseout", + pointerenter: "pointerover", + pointerleave: "pointerout" +}, function( orig, fix ) { + jQuery.event.special[ orig ] = { + delegateType: fix, + bindType: fix, + + handle: function( event ) { + var ret, + target = this, + related = event.relatedTarget, + handleObj = event.handleObj; + + // For mouseenter/leave call the handler if related is outside the target. + // NB: No relatedTarget if the mouse left/entered the browser window + if ( !related || ( related !== target && !jQuery.contains( target, related ) ) ) { + event.type = handleObj.origType; + ret = handleObj.handler.apply( this, arguments ); + event.type = fix; + } + return ret; + } + }; +} ); + +jQuery.fn.extend( { + + on: function( types, selector, data, fn ) { + return on( this, types, selector, data, fn ); + }, + one: function( types, selector, data, fn ) { + return on( this, types, selector, data, fn, 1 ); + }, + off: function( types, selector, fn ) { + var handleObj, type; + if ( types && types.preventDefault && types.handleObj ) { + + // ( event ) dispatched jQuery.Event + handleObj = types.handleObj; + jQuery( types.delegateTarget ).off( + handleObj.namespace ? + handleObj.origType + "." + handleObj.namespace : + handleObj.origType, + handleObj.selector, + handleObj.handler + ); + return this; + } + if ( typeof types === "object" ) { + + // ( types-object [, selector] ) + for ( type in types ) { + this.off( type, selector, types[ type ] ); + } + return this; + } + if ( selector === false || typeof selector === "function" ) { + + // ( types [, fn] ) + fn = selector; + selector = undefined; + } + if ( fn === false ) { + fn = returnFalse; + } + return this.each( function() { + jQuery.event.remove( this, types, fn, selector ); + } ); + } +} ); + + +var + + // Support: IE <=10 - 11, Edge 12 - 13 only + // In IE/Edge using regex groups here causes severe slowdowns. + // See https://connect.microsoft.com/IE/feedback/details/1736512/ + rnoInnerhtml = /\s*$/g; + +// Prefer a tbody over its parent table for containing new rows +function manipulationTarget( elem, content ) { + if ( nodeName( elem, "table" ) && + nodeName( content.nodeType !== 11 ? content : content.firstChild, "tr" ) ) { + + return jQuery( elem ).children( "tbody" )[ 0 ] || elem; + } + + return elem; +} + +// Replace/restore the type attribute of script elements for safe DOM manipulation +function disableScript( elem ) { + elem.type = ( elem.getAttribute( "type" ) !== null ) + "/" + elem.type; + return elem; +} +function restoreScript( elem ) { + if ( ( elem.type || "" ).slice( 0, 5 ) === "true/" ) { + elem.type = elem.type.slice( 5 ); + } else { + elem.removeAttribute( "type" ); + } + + return elem; +} + +function cloneCopyEvent( src, dest ) { + var i, l, type, pdataOld, udataOld, udataCur, events; + + if ( dest.nodeType !== 1 ) { + return; + } + + // 1. Copy private data: events, handlers, etc. + if ( dataPriv.hasData( src ) ) { + pdataOld = dataPriv.get( src ); + events = pdataOld.events; + + if ( events ) { + dataPriv.remove( dest, "handle events" ); + + for ( type in events ) { + for ( i = 0, l = events[ type ].length; i < l; i++ ) { + jQuery.event.add( dest, type, events[ type ][ i ] ); + } + } + } + } + + // 2. Copy user data + if ( dataUser.hasData( src ) ) { + udataOld = dataUser.access( src ); + udataCur = jQuery.extend( {}, udataOld ); + + dataUser.set( dest, udataCur ); + } +} + +// Fix IE bugs, see support tests +function fixInput( src, dest ) { + var nodeName = dest.nodeName.toLowerCase(); + + // Fails to persist the checked state of a cloned checkbox or radio button. + if ( nodeName === "input" && rcheckableType.test( src.type ) ) { + dest.checked = src.checked; + + // Fails to return the selected option to the default selected state when cloning options + } else if ( nodeName === "input" || nodeName === "textarea" ) { + dest.defaultValue = src.defaultValue; + } +} + +function domManip( collection, args, callback, ignored ) { + + // Flatten any nested arrays + args = flat( args ); + + var fragment, first, scripts, hasScripts, node, doc, + i = 0, + l = collection.length, + iNoClone = l - 1, + value = args[ 0 ], + valueIsFunction = isFunction( value ); + + // We can't cloneNode fragments that contain checked, in WebKit + if ( valueIsFunction || + ( l > 1 && typeof value === "string" && + !support.checkClone && rchecked.test( value ) ) ) { + return collection.each( function( index ) { + var self = collection.eq( index ); + if ( valueIsFunction ) { + args[ 0 ] = value.call( this, index, self.html() ); + } + domManip( self, args, callback, ignored ); + } ); + } + + if ( l ) { + fragment = buildFragment( args, collection[ 0 ].ownerDocument, false, collection, ignored ); + first = fragment.firstChild; + + if ( fragment.childNodes.length === 1 ) { + fragment = first; + } + + // Require either new content or an interest in ignored elements to invoke the callback + if ( first || ignored ) { + scripts = jQuery.map( getAll( fragment, "script" ), disableScript ); + hasScripts = scripts.length; + + // Use the original fragment for the last item + // instead of the first because it can end up + // being emptied incorrectly in certain situations (#8070). + for ( ; i < l; i++ ) { + node = fragment; + + if ( i !== iNoClone ) { + node = jQuery.clone( node, true, true ); + + // Keep references to cloned scripts for later restoration + if ( hasScripts ) { + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( scripts, getAll( node, "script" ) ); + } + } + + callback.call( collection[ i ], node, i ); + } + + if ( hasScripts ) { + doc = scripts[ scripts.length - 1 ].ownerDocument; + + // Reenable scripts + jQuery.map( scripts, restoreScript ); + + // Evaluate executable scripts on first document insertion + for ( i = 0; i < hasScripts; i++ ) { + node = scripts[ i ]; + if ( rscriptType.test( node.type || "" ) && + !dataPriv.access( node, "globalEval" ) && + jQuery.contains( doc, node ) ) { + + if ( node.src && ( node.type || "" ).toLowerCase() !== "module" ) { + + // Optional AJAX dependency, but won't run scripts if not present + if ( jQuery._evalUrl && !node.noModule ) { + jQuery._evalUrl( node.src, { + nonce: node.nonce || node.getAttribute( "nonce" ) + }, doc ); + } + } else { + DOMEval( node.textContent.replace( rcleanScript, "" ), node, doc ); + } + } + } + } + } + } + + return collection; +} + +function remove( elem, selector, keepData ) { + var node, + nodes = selector ? jQuery.filter( selector, elem ) : elem, + i = 0; + + for ( ; ( node = nodes[ i ] ) != null; i++ ) { + if ( !keepData && node.nodeType === 1 ) { + jQuery.cleanData( getAll( node ) ); + } + + if ( node.parentNode ) { + if ( keepData && isAttached( node ) ) { + setGlobalEval( getAll( node, "script" ) ); + } + node.parentNode.removeChild( node ); + } + } + + return elem; +} + +jQuery.extend( { + htmlPrefilter: function( html ) { + return html; + }, + + clone: function( elem, dataAndEvents, deepDataAndEvents ) { + var i, l, srcElements, destElements, + clone = elem.cloneNode( true ), + inPage = isAttached( elem ); + + // Fix IE cloning issues + if ( !support.noCloneChecked && ( elem.nodeType === 1 || elem.nodeType === 11 ) && + !jQuery.isXMLDoc( elem ) ) { + + // We eschew Sizzle here for performance reasons: https://jsperf.com/getall-vs-sizzle/2 + destElements = getAll( clone ); + srcElements = getAll( elem ); + + for ( i = 0, l = srcElements.length; i < l; i++ ) { + fixInput( srcElements[ i ], destElements[ i ] ); + } + } + + // Copy the events from the original to the clone + if ( dataAndEvents ) { + if ( deepDataAndEvents ) { + srcElements = srcElements || getAll( elem ); + destElements = destElements || getAll( clone ); + + for ( i = 0, l = srcElements.length; i < l; i++ ) { + cloneCopyEvent( srcElements[ i ], destElements[ i ] ); + } + } else { + cloneCopyEvent( elem, clone ); + } + } + + // Preserve script evaluation history + destElements = getAll( clone, "script" ); + if ( destElements.length > 0 ) { + setGlobalEval( destElements, !inPage && getAll( elem, "script" ) ); + } + + // Return the cloned set + return clone; + }, + + cleanData: function( elems ) { + var data, elem, type, + special = jQuery.event.special, + i = 0; + + for ( ; ( elem = elems[ i ] ) !== undefined; i++ ) { + if ( acceptData( elem ) ) { + if ( ( data = elem[ dataPriv.expando ] ) ) { + if ( data.events ) { + for ( type in data.events ) { + if ( special[ type ] ) { + jQuery.event.remove( elem, type ); + + // This is a shortcut to avoid jQuery.event.remove's overhead + } else { + jQuery.removeEvent( elem, type, data.handle ); + } + } + } + + // Support: Chrome <=35 - 45+ + // Assign undefined instead of using delete, see Data#remove + elem[ dataPriv.expando ] = undefined; + } + if ( elem[ dataUser.expando ] ) { + + // Support: Chrome <=35 - 45+ + // Assign undefined instead of using delete, see Data#remove + elem[ dataUser.expando ] = undefined; + } + } + } + } +} ); + +jQuery.fn.extend( { + detach: function( selector ) { + return remove( this, selector, true ); + }, + + remove: function( selector ) { + return remove( this, selector ); + }, + + text: function( value ) { + return access( this, function( value ) { + return value === undefined ? + jQuery.text( this ) : + this.empty().each( function() { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + this.textContent = value; + } + } ); + }, null, value, arguments.length ); + }, + + append: function() { + return domManip( this, arguments, function( elem ) { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + var target = manipulationTarget( this, elem ); + target.appendChild( elem ); + } + } ); + }, + + prepend: function() { + return domManip( this, arguments, function( elem ) { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + var target = manipulationTarget( this, elem ); + target.insertBefore( elem, target.firstChild ); + } + } ); + }, + + before: function() { + return domManip( this, arguments, function( elem ) { + if ( this.parentNode ) { + this.parentNode.insertBefore( elem, this ); + } + } ); + }, + + after: function() { + return domManip( this, arguments, function( elem ) { + if ( this.parentNode ) { + this.parentNode.insertBefore( elem, this.nextSibling ); + } + } ); + }, + + empty: function() { + var elem, + i = 0; + + for ( ; ( elem = this[ i ] ) != null; i++ ) { + if ( elem.nodeType === 1 ) { + + // Prevent memory leaks + jQuery.cleanData( getAll( elem, false ) ); + + // Remove any remaining nodes + elem.textContent = ""; + } + } + + return this; + }, + + clone: function( dataAndEvents, deepDataAndEvents ) { + dataAndEvents = dataAndEvents == null ? false : dataAndEvents; + deepDataAndEvents = deepDataAndEvents == null ? dataAndEvents : deepDataAndEvents; + + return this.map( function() { + return jQuery.clone( this, dataAndEvents, deepDataAndEvents ); + } ); + }, + + html: function( value ) { + return access( this, function( value ) { + var elem = this[ 0 ] || {}, + i = 0, + l = this.length; + + if ( value === undefined && elem.nodeType === 1 ) { + return elem.innerHTML; + } + + // See if we can take a shortcut and just use innerHTML + if ( typeof value === "string" && !rnoInnerhtml.test( value ) && + !wrapMap[ ( rtagName.exec( value ) || [ "", "" ] )[ 1 ].toLowerCase() ] ) { + + value = jQuery.htmlPrefilter( value ); + + try { + for ( ; i < l; i++ ) { + elem = this[ i ] || {}; + + // Remove element nodes and prevent memory leaks + if ( elem.nodeType === 1 ) { + jQuery.cleanData( getAll( elem, false ) ); + elem.innerHTML = value; + } + } + + elem = 0; + + // If using innerHTML throws an exception, use the fallback method + } catch ( e ) {} + } + + if ( elem ) { + this.empty().append( value ); + } + }, null, value, arguments.length ); + }, + + replaceWith: function() { + var ignored = []; + + // Make the changes, replacing each non-ignored context element with the new content + return domManip( this, arguments, function( elem ) { + var parent = this.parentNode; + + if ( jQuery.inArray( this, ignored ) < 0 ) { + jQuery.cleanData( getAll( this ) ); + if ( parent ) { + parent.replaceChild( elem, this ); + } + } + + // Force callback invocation + }, ignored ); + } +} ); + +jQuery.each( { + appendTo: "append", + prependTo: "prepend", + insertBefore: "before", + insertAfter: "after", + replaceAll: "replaceWith" +}, function( name, original ) { + jQuery.fn[ name ] = function( selector ) { + var elems, + ret = [], + insert = jQuery( selector ), + last = insert.length - 1, + i = 0; + + for ( ; i <= last; i++ ) { + elems = i === last ? this : this.clone( true ); + jQuery( insert[ i ] )[ original ]( elems ); + + // Support: Android <=4.0 only, PhantomJS 1 only + // .get() because push.apply(_, arraylike) throws on ancient WebKit + push.apply( ret, elems.get() ); + } + + return this.pushStack( ret ); + }; +} ); +var rnumnonpx = new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" ); + +var getStyles = function( elem ) { + + // Support: IE <=11 only, Firefox <=30 (#15098, #14150) + // IE throws on elements created in popups + // FF meanwhile throws on frame elements through "defaultView.getComputedStyle" + var view = elem.ownerDocument.defaultView; + + if ( !view || !view.opener ) { + view = window; + } + + return view.getComputedStyle( elem ); + }; + +var swap = function( elem, options, callback ) { + var ret, name, + old = {}; + + // Remember the old values, and insert the new ones + for ( name in options ) { + old[ name ] = elem.style[ name ]; + elem.style[ name ] = options[ name ]; + } + + ret = callback.call( elem ); + + // Revert the old values + for ( name in options ) { + elem.style[ name ] = old[ name ]; + } + + return ret; +}; + + +var rboxStyle = new RegExp( cssExpand.join( "|" ), "i" ); + + + +( function() { + + // Executing both pixelPosition & boxSizingReliable tests require only one layout + // so they're executed at the same time to save the second computation. + function computeStyleTests() { + + // This is a singleton, we need to execute it only once + if ( !div ) { + return; + } + + container.style.cssText = "position:absolute;left:-11111px;width:60px;" + + "margin-top:1px;padding:0;border:0"; + div.style.cssText = + "position:relative;display:block;box-sizing:border-box;overflow:scroll;" + + "margin:auto;border:1px;padding:1px;" + + "width:60%;top:1%"; + documentElement.appendChild( container ).appendChild( div ); + + var divStyle = window.getComputedStyle( div ); + pixelPositionVal = divStyle.top !== "1%"; + + // Support: Android 4.0 - 4.3 only, Firefox <=3 - 44 + reliableMarginLeftVal = roundPixelMeasures( divStyle.marginLeft ) === 12; + + // Support: Android 4.0 - 4.3 only, Safari <=9.1 - 10.1, iOS <=7.0 - 9.3 + // Some styles come back with percentage values, even though they shouldn't + div.style.right = "60%"; + pixelBoxStylesVal = roundPixelMeasures( divStyle.right ) === 36; + + // Support: IE 9 - 11 only + // Detect misreporting of content dimensions for box-sizing:border-box elements + boxSizingReliableVal = roundPixelMeasures( divStyle.width ) === 36; + + // Support: IE 9 only + // Detect overflow:scroll screwiness (gh-3699) + // Support: Chrome <=64 + // Don't get tricked when zoom affects offsetWidth (gh-4029) + div.style.position = "absolute"; + scrollboxSizeVal = roundPixelMeasures( div.offsetWidth / 3 ) === 12; + + documentElement.removeChild( container ); + + // Nullify the div so it wouldn't be stored in the memory and + // it will also be a sign that checks already performed + div = null; + } + + function roundPixelMeasures( measure ) { + return Math.round( parseFloat( measure ) ); + } + + var pixelPositionVal, boxSizingReliableVal, scrollboxSizeVal, pixelBoxStylesVal, + reliableTrDimensionsVal, reliableMarginLeftVal, + container = document.createElement( "div" ), + div = document.createElement( "div" ); + + // Finish early in limited (non-browser) environments + if ( !div.style ) { + return; + } + + // Support: IE <=9 - 11 only + // Style of cloned element affects source element cloned (#8908) + div.style.backgroundClip = "content-box"; + div.cloneNode( true ).style.backgroundClip = ""; + support.clearCloneStyle = div.style.backgroundClip === "content-box"; + + jQuery.extend( support, { + boxSizingReliable: function() { + computeStyleTests(); + return boxSizingReliableVal; + }, + pixelBoxStyles: function() { + computeStyleTests(); + return pixelBoxStylesVal; + }, + pixelPosition: function() { + computeStyleTests(); + return pixelPositionVal; + }, + reliableMarginLeft: function() { + computeStyleTests(); + return reliableMarginLeftVal; + }, + scrollboxSize: function() { + computeStyleTests(); + return scrollboxSizeVal; + }, + + // Support: IE 9 - 11+, Edge 15 - 18+ + // IE/Edge misreport `getComputedStyle` of table rows with width/height + // set in CSS while `offset*` properties report correct values. + // Behavior in IE 9 is more subtle than in newer versions & it passes + // some versions of this test; make sure not to make it pass there! + // + // Support: Firefox 70+ + // Only Firefox includes border widths + // in computed dimensions. (gh-4529) + reliableTrDimensions: function() { + var table, tr, trChild, trStyle; + if ( reliableTrDimensionsVal == null ) { + table = document.createElement( "table" ); + tr = document.createElement( "tr" ); + trChild = document.createElement( "div" ); + + table.style.cssText = "position:absolute;left:-11111px;border-collapse:separate"; + tr.style.cssText = "border:1px solid"; + + // Support: Chrome 86+ + // Height set through cssText does not get applied. + // Computed height then comes back as 0. + tr.style.height = "1px"; + trChild.style.height = "9px"; + + // Support: Android 8 Chrome 86+ + // In our bodyBackground.html iframe, + // display for all div elements is set to "inline", + // which causes a problem only in Android 8 Chrome 86. + // Ensuring the div is display: block + // gets around this issue. + trChild.style.display = "block"; + + documentElement + .appendChild( table ) + .appendChild( tr ) + .appendChild( trChild ); + + trStyle = window.getComputedStyle( tr ); + reliableTrDimensionsVal = ( parseInt( trStyle.height, 10 ) + + parseInt( trStyle.borderTopWidth, 10 ) + + parseInt( trStyle.borderBottomWidth, 10 ) ) === tr.offsetHeight; + + documentElement.removeChild( table ); + } + return reliableTrDimensionsVal; + } + } ); +} )(); + + +function curCSS( elem, name, computed ) { + var width, minWidth, maxWidth, ret, + + // Support: Firefox 51+ + // Retrieving style before computed somehow + // fixes an issue with getting wrong values + // on detached elements + style = elem.style; + + computed = computed || getStyles( elem ); + + // getPropertyValue is needed for: + // .css('filter') (IE 9 only, #12537) + // .css('--customProperty) (#3144) + if ( computed ) { + ret = computed.getPropertyValue( name ) || computed[ name ]; + + if ( ret === "" && !isAttached( elem ) ) { + ret = jQuery.style( elem, name ); + } + + // A tribute to the "awesome hack by Dean Edwards" + // Android Browser returns percentage for some values, + // but width seems to be reliably pixels. + // This is against the CSSOM draft spec: + // https://drafts.csswg.org/cssom/#resolved-values + if ( !support.pixelBoxStyles() && rnumnonpx.test( ret ) && rboxStyle.test( name ) ) { + + // Remember the original values + width = style.width; + minWidth = style.minWidth; + maxWidth = style.maxWidth; + + // Put in the new values to get a computed value out + style.minWidth = style.maxWidth = style.width = ret; + ret = computed.width; + + // Revert the changed values + style.width = width; + style.minWidth = minWidth; + style.maxWidth = maxWidth; + } + } + + return ret !== undefined ? + + // Support: IE <=9 - 11 only + // IE returns zIndex value as an integer. + ret + "" : + ret; +} + + +function addGetHookIf( conditionFn, hookFn ) { + + // Define the hook, we'll check on the first run if it's really needed. + return { + get: function() { + if ( conditionFn() ) { + + // Hook not needed (or it's not possible to use it due + // to missing dependency), remove it. + delete this.get; + return; + } + + // Hook needed; redefine it so that the support test is not executed again. + return ( this.get = hookFn ).apply( this, arguments ); + } + }; +} + + +var cssPrefixes = [ "Webkit", "Moz", "ms" ], + emptyStyle = document.createElement( "div" ).style, + vendorProps = {}; + +// Return a vendor-prefixed property or undefined +function vendorPropName( name ) { + + // Check for vendor prefixed names + var capName = name[ 0 ].toUpperCase() + name.slice( 1 ), + i = cssPrefixes.length; + + while ( i-- ) { + name = cssPrefixes[ i ] + capName; + if ( name in emptyStyle ) { + return name; + } + } +} + +// Return a potentially-mapped jQuery.cssProps or vendor prefixed property +function finalPropName( name ) { + var final = jQuery.cssProps[ name ] || vendorProps[ name ]; + + if ( final ) { + return final; + } + if ( name in emptyStyle ) { + return name; + } + return vendorProps[ name ] = vendorPropName( name ) || name; +} + + +var + + // Swappable if display is none or starts with table + // except "table", "table-cell", or "table-caption" + // See here for display values: https://developer.mozilla.org/en-US/docs/CSS/display + rdisplayswap = /^(none|table(?!-c[ea]).+)/, + rcustomProp = /^--/, + cssShow = { position: "absolute", visibility: "hidden", display: "block" }, + cssNormalTransform = { + letterSpacing: "0", + fontWeight: "400" + }; + +function setPositiveNumber( _elem, value, subtract ) { + + // Any relative (+/-) values have already been + // normalized at this point + var matches = rcssNum.exec( value ); + return matches ? + + // Guard against undefined "subtract", e.g., when used as in cssHooks + Math.max( 0, matches[ 2 ] - ( subtract || 0 ) ) + ( matches[ 3 ] || "px" ) : + value; +} + +function boxModelAdjustment( elem, dimension, box, isBorderBox, styles, computedVal ) { + var i = dimension === "width" ? 1 : 0, + extra = 0, + delta = 0; + + // Adjustment may not be necessary + if ( box === ( isBorderBox ? "border" : "content" ) ) { + return 0; + } + + for ( ; i < 4; i += 2 ) { + + // Both box models exclude margin + if ( box === "margin" ) { + delta += jQuery.css( elem, box + cssExpand[ i ], true, styles ); + } + + // If we get here with a content-box, we're seeking "padding" or "border" or "margin" + if ( !isBorderBox ) { + + // Add padding + delta += jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); + + // For "border" or "margin", add border + if ( box !== "padding" ) { + delta += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + + // But still keep track of it otherwise + } else { + extra += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + } + + // If we get here with a border-box (content + padding + border), we're seeking "content" or + // "padding" or "margin" + } else { + + // For "content", subtract padding + if ( box === "content" ) { + delta -= jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); + } + + // For "content" or "padding", subtract border + if ( box !== "margin" ) { + delta -= jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + } + } + } + + // Account for positive content-box scroll gutter when requested by providing computedVal + if ( !isBorderBox && computedVal >= 0 ) { + + // offsetWidth/offsetHeight is a rounded sum of content, padding, scroll gutter, and border + // Assuming integer scroll gutter, subtract the rest and round down + delta += Math.max( 0, Math.ceil( + elem[ "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ) ] - + computedVal - + delta - + extra - + 0.5 + + // If offsetWidth/offsetHeight is unknown, then we can't determine content-box scroll gutter + // Use an explicit zero to avoid NaN (gh-3964) + ) ) || 0; + } + + return delta; +} + +function getWidthOrHeight( elem, dimension, extra ) { + + // Start with computed style + var styles = getStyles( elem ), + + // To avoid forcing a reflow, only fetch boxSizing if we need it (gh-4322). + // Fake content-box until we know it's needed to know the true value. + boxSizingNeeded = !support.boxSizingReliable() || extra, + isBorderBox = boxSizingNeeded && + jQuery.css( elem, "boxSizing", false, styles ) === "border-box", + valueIsBorderBox = isBorderBox, + + val = curCSS( elem, dimension, styles ), + offsetProp = "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ); + + // Support: Firefox <=54 + // Return a confounding non-pixel value or feign ignorance, as appropriate. + if ( rnumnonpx.test( val ) ) { + if ( !extra ) { + return val; + } + val = "auto"; + } + + + // Support: IE 9 - 11 only + // Use offsetWidth/offsetHeight for when box sizing is unreliable. + // In those cases, the computed value can be trusted to be border-box. + if ( ( !support.boxSizingReliable() && isBorderBox || + + // Support: IE 10 - 11+, Edge 15 - 18+ + // IE/Edge misreport `getComputedStyle` of table rows with width/height + // set in CSS while `offset*` properties report correct values. + // Interestingly, in some cases IE 9 doesn't suffer from this issue. + !support.reliableTrDimensions() && nodeName( elem, "tr" ) || + + // Fall back to offsetWidth/offsetHeight when value is "auto" + // This happens for inline elements with no explicit setting (gh-3571) + val === "auto" || + + // Support: Android <=4.1 - 4.3 only + // Also use offsetWidth/offsetHeight for misreported inline dimensions (gh-3602) + !parseFloat( val ) && jQuery.css( elem, "display", false, styles ) === "inline" ) && + + // Make sure the element is visible & connected + elem.getClientRects().length ) { + + isBorderBox = jQuery.css( elem, "boxSizing", false, styles ) === "border-box"; + + // Where available, offsetWidth/offsetHeight approximate border box dimensions. + // Where not available (e.g., SVG), assume unreliable box-sizing and interpret the + // retrieved value as a content box dimension. + valueIsBorderBox = offsetProp in elem; + if ( valueIsBorderBox ) { + val = elem[ offsetProp ]; + } + } + + // Normalize "" and auto + val = parseFloat( val ) || 0; + + // Adjust for the element's box model + return ( val + + boxModelAdjustment( + elem, + dimension, + extra || ( isBorderBox ? "border" : "content" ), + valueIsBorderBox, + styles, + + // Provide the current computed size to request scroll gutter calculation (gh-3589) + val + ) + ) + "px"; +} + +jQuery.extend( { + + // Add in style property hooks for overriding the default + // behavior of getting and setting a style property + cssHooks: { + opacity: { + get: function( elem, computed ) { + if ( computed ) { + + // We should always get a number back from opacity + var ret = curCSS( elem, "opacity" ); + return ret === "" ? "1" : ret; + } + } + } + }, + + // Don't automatically add "px" to these possibly-unitless properties + cssNumber: { + "animationIterationCount": true, + "columnCount": true, + "fillOpacity": true, + "flexGrow": true, + "flexShrink": true, + "fontWeight": true, + "gridArea": true, + "gridColumn": true, + "gridColumnEnd": true, + "gridColumnStart": true, + "gridRow": true, + "gridRowEnd": true, + "gridRowStart": true, + "lineHeight": true, + "opacity": true, + "order": true, + "orphans": true, + "widows": true, + "zIndex": true, + "zoom": true + }, + + // Add in properties whose names you wish to fix before + // setting or getting the value + cssProps: {}, + + // Get and set the style property on a DOM Node + style: function( elem, name, value, extra ) { + + // Don't set styles on text and comment nodes + if ( !elem || elem.nodeType === 3 || elem.nodeType === 8 || !elem.style ) { + return; + } + + // Make sure that we're working with the right name + var ret, type, hooks, + origName = camelCase( name ), + isCustomProp = rcustomProp.test( name ), + style = elem.style; + + // Make sure that we're working with the right name. We don't + // want to query the value if it is a CSS custom property + // since they are user-defined. + if ( !isCustomProp ) { + name = finalPropName( origName ); + } + + // Gets hook for the prefixed version, then unprefixed version + hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; + + // Check if we're setting a value + if ( value !== undefined ) { + type = typeof value; + + // Convert "+=" or "-=" to relative numbers (#7345) + if ( type === "string" && ( ret = rcssNum.exec( value ) ) && ret[ 1 ] ) { + value = adjustCSS( elem, name, ret ); + + // Fixes bug #9237 + type = "number"; + } + + // Make sure that null and NaN values aren't set (#7116) + if ( value == null || value !== value ) { + return; + } + + // If a number was passed in, add the unit (except for certain CSS properties) + // The isCustomProp check can be removed in jQuery 4.0 when we only auto-append + // "px" to a few hardcoded values. + if ( type === "number" && !isCustomProp ) { + value += ret && ret[ 3 ] || ( jQuery.cssNumber[ origName ] ? "" : "px" ); + } + + // background-* props affect original clone's values + if ( !support.clearCloneStyle && value === "" && name.indexOf( "background" ) === 0 ) { + style[ name ] = "inherit"; + } + + // If a hook was provided, use that value, otherwise just set the specified value + if ( !hooks || !( "set" in hooks ) || + ( value = hooks.set( elem, value, extra ) ) !== undefined ) { + + if ( isCustomProp ) { + style.setProperty( name, value ); + } else { + style[ name ] = value; + } + } + + } else { + + // If a hook was provided get the non-computed value from there + if ( hooks && "get" in hooks && + ( ret = hooks.get( elem, false, extra ) ) !== undefined ) { + + return ret; + } + + // Otherwise just get the value from the style object + return style[ name ]; + } + }, + + css: function( elem, name, extra, styles ) { + var val, num, hooks, + origName = camelCase( name ), + isCustomProp = rcustomProp.test( name ); + + // Make sure that we're working with the right name. We don't + // want to modify the value if it is a CSS custom property + // since they are user-defined. + if ( !isCustomProp ) { + name = finalPropName( origName ); + } + + // Try prefixed name followed by the unprefixed name + hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; + + // If a hook was provided get the computed value from there + if ( hooks && "get" in hooks ) { + val = hooks.get( elem, true, extra ); + } + + // Otherwise, if a way to get the computed value exists, use that + if ( val === undefined ) { + val = curCSS( elem, name, styles ); + } + + // Convert "normal" to computed value + if ( val === "normal" && name in cssNormalTransform ) { + val = cssNormalTransform[ name ]; + } + + // Make numeric if forced or a qualifier was provided and val looks numeric + if ( extra === "" || extra ) { + num = parseFloat( val ); + return extra === true || isFinite( num ) ? num || 0 : val; + } + + return val; + } +} ); + +jQuery.each( [ "height", "width" ], function( _i, dimension ) { + jQuery.cssHooks[ dimension ] = { + get: function( elem, computed, extra ) { + if ( computed ) { + + // Certain elements can have dimension info if we invisibly show them + // but it must have a current display style that would benefit + return rdisplayswap.test( jQuery.css( elem, "display" ) ) && + + // Support: Safari 8+ + // Table columns in Safari have non-zero offsetWidth & zero + // getBoundingClientRect().width unless display is changed. + // Support: IE <=11 only + // Running getBoundingClientRect on a disconnected node + // in IE throws an error. + ( !elem.getClientRects().length || !elem.getBoundingClientRect().width ) ? + swap( elem, cssShow, function() { + return getWidthOrHeight( elem, dimension, extra ); + } ) : + getWidthOrHeight( elem, dimension, extra ); + } + }, + + set: function( elem, value, extra ) { + var matches, + styles = getStyles( elem ), + + // Only read styles.position if the test has a chance to fail + // to avoid forcing a reflow. + scrollboxSizeBuggy = !support.scrollboxSize() && + styles.position === "absolute", + + // To avoid forcing a reflow, only fetch boxSizing if we need it (gh-3991) + boxSizingNeeded = scrollboxSizeBuggy || extra, + isBorderBox = boxSizingNeeded && + jQuery.css( elem, "boxSizing", false, styles ) === "border-box", + subtract = extra ? + boxModelAdjustment( + elem, + dimension, + extra, + isBorderBox, + styles + ) : + 0; + + // Account for unreliable border-box dimensions by comparing offset* to computed and + // faking a content-box to get border and padding (gh-3699) + if ( isBorderBox && scrollboxSizeBuggy ) { + subtract -= Math.ceil( + elem[ "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ) ] - + parseFloat( styles[ dimension ] ) - + boxModelAdjustment( elem, dimension, "border", false, styles ) - + 0.5 + ); + } + + // Convert to pixels if value adjustment is needed + if ( subtract && ( matches = rcssNum.exec( value ) ) && + ( matches[ 3 ] || "px" ) !== "px" ) { + + elem.style[ dimension ] = value; + value = jQuery.css( elem, dimension ); + } + + return setPositiveNumber( elem, value, subtract ); + } + }; +} ); + +jQuery.cssHooks.marginLeft = addGetHookIf( support.reliableMarginLeft, + function( elem, computed ) { + if ( computed ) { + return ( parseFloat( curCSS( elem, "marginLeft" ) ) || + elem.getBoundingClientRect().left - + swap( elem, { marginLeft: 0 }, function() { + return elem.getBoundingClientRect().left; + } ) + ) + "px"; + } + } +); + +// These hooks are used by animate to expand properties +jQuery.each( { + margin: "", + padding: "", + border: "Width" +}, function( prefix, suffix ) { + jQuery.cssHooks[ prefix + suffix ] = { + expand: function( value ) { + var i = 0, + expanded = {}, + + // Assumes a single number if not a string + parts = typeof value === "string" ? value.split( " " ) : [ value ]; + + for ( ; i < 4; i++ ) { + expanded[ prefix + cssExpand[ i ] + suffix ] = + parts[ i ] || parts[ i - 2 ] || parts[ 0 ]; + } + + return expanded; + } + }; + + if ( prefix !== "margin" ) { + jQuery.cssHooks[ prefix + suffix ].set = setPositiveNumber; + } +} ); + +jQuery.fn.extend( { + css: function( name, value ) { + return access( this, function( elem, name, value ) { + var styles, len, + map = {}, + i = 0; + + if ( Array.isArray( name ) ) { + styles = getStyles( elem ); + len = name.length; + + for ( ; i < len; i++ ) { + map[ name[ i ] ] = jQuery.css( elem, name[ i ], false, styles ); + } + + return map; + } + + return value !== undefined ? + jQuery.style( elem, name, value ) : + jQuery.css( elem, name ); + }, name, value, arguments.length > 1 ); + } +} ); + + +function Tween( elem, options, prop, end, easing ) { + return new Tween.prototype.init( elem, options, prop, end, easing ); +} +jQuery.Tween = Tween; + +Tween.prototype = { + constructor: Tween, + init: function( elem, options, prop, end, easing, unit ) { + this.elem = elem; + this.prop = prop; + this.easing = easing || jQuery.easing._default; + this.options = options; + this.start = this.now = this.cur(); + this.end = end; + this.unit = unit || ( jQuery.cssNumber[ prop ] ? "" : "px" ); + }, + cur: function() { + var hooks = Tween.propHooks[ this.prop ]; + + return hooks && hooks.get ? + hooks.get( this ) : + Tween.propHooks._default.get( this ); + }, + run: function( percent ) { + var eased, + hooks = Tween.propHooks[ this.prop ]; + + if ( this.options.duration ) { + this.pos = eased = jQuery.easing[ this.easing ]( + percent, this.options.duration * percent, 0, 1, this.options.duration + ); + } else { + this.pos = eased = percent; + } + this.now = ( this.end - this.start ) * eased + this.start; + + if ( this.options.step ) { + this.options.step.call( this.elem, this.now, this ); + } + + if ( hooks && hooks.set ) { + hooks.set( this ); + } else { + Tween.propHooks._default.set( this ); + } + return this; + } +}; + +Tween.prototype.init.prototype = Tween.prototype; + +Tween.propHooks = { + _default: { + get: function( tween ) { + var result; + + // Use a property on the element directly when it is not a DOM element, + // or when there is no matching style property that exists. + if ( tween.elem.nodeType !== 1 || + tween.elem[ tween.prop ] != null && tween.elem.style[ tween.prop ] == null ) { + return tween.elem[ tween.prop ]; + } + + // Passing an empty string as a 3rd parameter to .css will automatically + // attempt a parseFloat and fallback to a string if the parse fails. + // Simple values such as "10px" are parsed to Float; + // complex values such as "rotate(1rad)" are returned as-is. + result = jQuery.css( tween.elem, tween.prop, "" ); + + // Empty strings, null, undefined and "auto" are converted to 0. + return !result || result === "auto" ? 0 : result; + }, + set: function( tween ) { + + // Use step hook for back compat. + // Use cssHook if its there. + // Use .style if available and use plain properties where available. + if ( jQuery.fx.step[ tween.prop ] ) { + jQuery.fx.step[ tween.prop ]( tween ); + } else if ( tween.elem.nodeType === 1 && ( + jQuery.cssHooks[ tween.prop ] || + tween.elem.style[ finalPropName( tween.prop ) ] != null ) ) { + jQuery.style( tween.elem, tween.prop, tween.now + tween.unit ); + } else { + tween.elem[ tween.prop ] = tween.now; + } + } + } +}; + +// Support: IE <=9 only +// Panic based approach to setting things on disconnected nodes +Tween.propHooks.scrollTop = Tween.propHooks.scrollLeft = { + set: function( tween ) { + if ( tween.elem.nodeType && tween.elem.parentNode ) { + tween.elem[ tween.prop ] = tween.now; + } + } +}; + +jQuery.easing = { + linear: function( p ) { + return p; + }, + swing: function( p ) { + return 0.5 - Math.cos( p * Math.PI ) / 2; + }, + _default: "swing" +}; + +jQuery.fx = Tween.prototype.init; + +// Back compat <1.8 extension point +jQuery.fx.step = {}; + + + + +var + fxNow, inProgress, + rfxtypes = /^(?:toggle|show|hide)$/, + rrun = /queueHooks$/; + +function schedule() { + if ( inProgress ) { + if ( document.hidden === false && window.requestAnimationFrame ) { + window.requestAnimationFrame( schedule ); + } else { + window.setTimeout( schedule, jQuery.fx.interval ); + } + + jQuery.fx.tick(); + } +} + +// Animations created synchronously will run synchronously +function createFxNow() { + window.setTimeout( function() { + fxNow = undefined; + } ); + return ( fxNow = Date.now() ); +} + +// Generate parameters to create a standard animation +function genFx( type, includeWidth ) { + var which, + i = 0, + attrs = { height: type }; + + // If we include width, step value is 1 to do all cssExpand values, + // otherwise step value is 2 to skip over Left and Right + includeWidth = includeWidth ? 1 : 0; + for ( ; i < 4; i += 2 - includeWidth ) { + which = cssExpand[ i ]; + attrs[ "margin" + which ] = attrs[ "padding" + which ] = type; + } + + if ( includeWidth ) { + attrs.opacity = attrs.width = type; + } + + return attrs; +} + +function createTween( value, prop, animation ) { + var tween, + collection = ( Animation.tweeners[ prop ] || [] ).concat( Animation.tweeners[ "*" ] ), + index = 0, + length = collection.length; + for ( ; index < length; index++ ) { + if ( ( tween = collection[ index ].call( animation, prop, value ) ) ) { + + // We're done with this property + return tween; + } + } +} + +function defaultPrefilter( elem, props, opts ) { + var prop, value, toggle, hooks, oldfire, propTween, restoreDisplay, display, + isBox = "width" in props || "height" in props, + anim = this, + orig = {}, + style = elem.style, + hidden = elem.nodeType && isHiddenWithinTree( elem ), + dataShow = dataPriv.get( elem, "fxshow" ); + + // Queue-skipping animations hijack the fx hooks + if ( !opts.queue ) { + hooks = jQuery._queueHooks( elem, "fx" ); + if ( hooks.unqueued == null ) { + hooks.unqueued = 0; + oldfire = hooks.empty.fire; + hooks.empty.fire = function() { + if ( !hooks.unqueued ) { + oldfire(); + } + }; + } + hooks.unqueued++; + + anim.always( function() { + + // Ensure the complete handler is called before this completes + anim.always( function() { + hooks.unqueued--; + if ( !jQuery.queue( elem, "fx" ).length ) { + hooks.empty.fire(); + } + } ); + } ); + } + + // Detect show/hide animations + for ( prop in props ) { + value = props[ prop ]; + if ( rfxtypes.test( value ) ) { + delete props[ prop ]; + toggle = toggle || value === "toggle"; + if ( value === ( hidden ? "hide" : "show" ) ) { + + // Pretend to be hidden if this is a "show" and + // there is still data from a stopped show/hide + if ( value === "show" && dataShow && dataShow[ prop ] !== undefined ) { + hidden = true; + + // Ignore all other no-op show/hide data + } else { + continue; + } + } + orig[ prop ] = dataShow && dataShow[ prop ] || jQuery.style( elem, prop ); + } + } + + // Bail out if this is a no-op like .hide().hide() + propTween = !jQuery.isEmptyObject( props ); + if ( !propTween && jQuery.isEmptyObject( orig ) ) { + return; + } + + // Restrict "overflow" and "display" styles during box animations + if ( isBox && elem.nodeType === 1 ) { + + // Support: IE <=9 - 11, Edge 12 - 15 + // Record all 3 overflow attributes because IE does not infer the shorthand + // from identically-valued overflowX and overflowY and Edge just mirrors + // the overflowX value there. + opts.overflow = [ style.overflow, style.overflowX, style.overflowY ]; + + // Identify a display type, preferring old show/hide data over the CSS cascade + restoreDisplay = dataShow && dataShow.display; + if ( restoreDisplay == null ) { + restoreDisplay = dataPriv.get( elem, "display" ); + } + display = jQuery.css( elem, "display" ); + if ( display === "none" ) { + if ( restoreDisplay ) { + display = restoreDisplay; + } else { + + // Get nonempty value(s) by temporarily forcing visibility + showHide( [ elem ], true ); + restoreDisplay = elem.style.display || restoreDisplay; + display = jQuery.css( elem, "display" ); + showHide( [ elem ] ); + } + } + + // Animate inline elements as inline-block + if ( display === "inline" || display === "inline-block" && restoreDisplay != null ) { + if ( jQuery.css( elem, "float" ) === "none" ) { + + // Restore the original display value at the end of pure show/hide animations + if ( !propTween ) { + anim.done( function() { + style.display = restoreDisplay; + } ); + if ( restoreDisplay == null ) { + display = style.display; + restoreDisplay = display === "none" ? "" : display; + } + } + style.display = "inline-block"; + } + } + } + + if ( opts.overflow ) { + style.overflow = "hidden"; + anim.always( function() { + style.overflow = opts.overflow[ 0 ]; + style.overflowX = opts.overflow[ 1 ]; + style.overflowY = opts.overflow[ 2 ]; + } ); + } + + // Implement show/hide animations + propTween = false; + for ( prop in orig ) { + + // General show/hide setup for this element animation + if ( !propTween ) { + if ( dataShow ) { + if ( "hidden" in dataShow ) { + hidden = dataShow.hidden; + } + } else { + dataShow = dataPriv.access( elem, "fxshow", { display: restoreDisplay } ); + } + + // Store hidden/visible for toggle so `.stop().toggle()` "reverses" + if ( toggle ) { + dataShow.hidden = !hidden; + } + + // Show elements before animating them + if ( hidden ) { + showHide( [ elem ], true ); + } + + /* eslint-disable no-loop-func */ + + anim.done( function() { + + /* eslint-enable no-loop-func */ + + // The final step of a "hide" animation is actually hiding the element + if ( !hidden ) { + showHide( [ elem ] ); + } + dataPriv.remove( elem, "fxshow" ); + for ( prop in orig ) { + jQuery.style( elem, prop, orig[ prop ] ); + } + } ); + } + + // Per-property setup + propTween = createTween( hidden ? dataShow[ prop ] : 0, prop, anim ); + if ( !( prop in dataShow ) ) { + dataShow[ prop ] = propTween.start; + if ( hidden ) { + propTween.end = propTween.start; + propTween.start = 0; + } + } + } +} + +function propFilter( props, specialEasing ) { + var index, name, easing, value, hooks; + + // camelCase, specialEasing and expand cssHook pass + for ( index in props ) { + name = camelCase( index ); + easing = specialEasing[ name ]; + value = props[ index ]; + if ( Array.isArray( value ) ) { + easing = value[ 1 ]; + value = props[ index ] = value[ 0 ]; + } + + if ( index !== name ) { + props[ name ] = value; + delete props[ index ]; + } + + hooks = jQuery.cssHooks[ name ]; + if ( hooks && "expand" in hooks ) { + value = hooks.expand( value ); + delete props[ name ]; + + // Not quite $.extend, this won't overwrite existing keys. + // Reusing 'index' because we have the correct "name" + for ( index in value ) { + if ( !( index in props ) ) { + props[ index ] = value[ index ]; + specialEasing[ index ] = easing; + } + } + } else { + specialEasing[ name ] = easing; + } + } +} + +function Animation( elem, properties, options ) { + var result, + stopped, + index = 0, + length = Animation.prefilters.length, + deferred = jQuery.Deferred().always( function() { + + // Don't match elem in the :animated selector + delete tick.elem; + } ), + tick = function() { + if ( stopped ) { + return false; + } + var currentTime = fxNow || createFxNow(), + remaining = Math.max( 0, animation.startTime + animation.duration - currentTime ), + + // Support: Android 2.3 only + // Archaic crash bug won't allow us to use `1 - ( 0.5 || 0 )` (#12497) + temp = remaining / animation.duration || 0, + percent = 1 - temp, + index = 0, + length = animation.tweens.length; + + for ( ; index < length; index++ ) { + animation.tweens[ index ].run( percent ); + } + + deferred.notifyWith( elem, [ animation, percent, remaining ] ); + + // If there's more to do, yield + if ( percent < 1 && length ) { + return remaining; + } + + // If this was an empty animation, synthesize a final progress notification + if ( !length ) { + deferred.notifyWith( elem, [ animation, 1, 0 ] ); + } + + // Resolve the animation and report its conclusion + deferred.resolveWith( elem, [ animation ] ); + return false; + }, + animation = deferred.promise( { + elem: elem, + props: jQuery.extend( {}, properties ), + opts: jQuery.extend( true, { + specialEasing: {}, + easing: jQuery.easing._default + }, options ), + originalProperties: properties, + originalOptions: options, + startTime: fxNow || createFxNow(), + duration: options.duration, + tweens: [], + createTween: function( prop, end ) { + var tween = jQuery.Tween( elem, animation.opts, prop, end, + animation.opts.specialEasing[ prop ] || animation.opts.easing ); + animation.tweens.push( tween ); + return tween; + }, + stop: function( gotoEnd ) { + var index = 0, + + // If we are going to the end, we want to run all the tweens + // otherwise we skip this part + length = gotoEnd ? animation.tweens.length : 0; + if ( stopped ) { + return this; + } + stopped = true; + for ( ; index < length; index++ ) { + animation.tweens[ index ].run( 1 ); + } + + // Resolve when we played the last frame; otherwise, reject + if ( gotoEnd ) { + deferred.notifyWith( elem, [ animation, 1, 0 ] ); + deferred.resolveWith( elem, [ animation, gotoEnd ] ); + } else { + deferred.rejectWith( elem, [ animation, gotoEnd ] ); + } + return this; + } + } ), + props = animation.props; + + propFilter( props, animation.opts.specialEasing ); + + for ( ; index < length; index++ ) { + result = Animation.prefilters[ index ].call( animation, elem, props, animation.opts ); + if ( result ) { + if ( isFunction( result.stop ) ) { + jQuery._queueHooks( animation.elem, animation.opts.queue ).stop = + result.stop.bind( result ); + } + return result; + } + } + + jQuery.map( props, createTween, animation ); + + if ( isFunction( animation.opts.start ) ) { + animation.opts.start.call( elem, animation ); + } + + // Attach callbacks from options + animation + .progress( animation.opts.progress ) + .done( animation.opts.done, animation.opts.complete ) + .fail( animation.opts.fail ) + .always( animation.opts.always ); + + jQuery.fx.timer( + jQuery.extend( tick, { + elem: elem, + anim: animation, + queue: animation.opts.queue + } ) + ); + + return animation; +} + +jQuery.Animation = jQuery.extend( Animation, { + + tweeners: { + "*": [ function( prop, value ) { + var tween = this.createTween( prop, value ); + adjustCSS( tween.elem, prop, rcssNum.exec( value ), tween ); + return tween; + } ] + }, + + tweener: function( props, callback ) { + if ( isFunction( props ) ) { + callback = props; + props = [ "*" ]; + } else { + props = props.match( rnothtmlwhite ); + } + + var prop, + index = 0, + length = props.length; + + for ( ; index < length; index++ ) { + prop = props[ index ]; + Animation.tweeners[ prop ] = Animation.tweeners[ prop ] || []; + Animation.tweeners[ prop ].unshift( callback ); + } + }, + + prefilters: [ defaultPrefilter ], + + prefilter: function( callback, prepend ) { + if ( prepend ) { + Animation.prefilters.unshift( callback ); + } else { + Animation.prefilters.push( callback ); + } + } +} ); + +jQuery.speed = function( speed, easing, fn ) { + var opt = speed && typeof speed === "object" ? jQuery.extend( {}, speed ) : { + complete: fn || !fn && easing || + isFunction( speed ) && speed, + duration: speed, + easing: fn && easing || easing && !isFunction( easing ) && easing + }; + + // Go to the end state if fx are off + if ( jQuery.fx.off ) { + opt.duration = 0; + + } else { + if ( typeof opt.duration !== "number" ) { + if ( opt.duration in jQuery.fx.speeds ) { + opt.duration = jQuery.fx.speeds[ opt.duration ]; + + } else { + opt.duration = jQuery.fx.speeds._default; + } + } + } + + // Normalize opt.queue - true/undefined/null -> "fx" + if ( opt.queue == null || opt.queue === true ) { + opt.queue = "fx"; + } + + // Queueing + opt.old = opt.complete; + + opt.complete = function() { + if ( isFunction( opt.old ) ) { + opt.old.call( this ); + } + + if ( opt.queue ) { + jQuery.dequeue( this, opt.queue ); + } + }; + + return opt; +}; + +jQuery.fn.extend( { + fadeTo: function( speed, to, easing, callback ) { + + // Show any hidden elements after setting opacity to 0 + return this.filter( isHiddenWithinTree ).css( "opacity", 0 ).show() + + // Animate to the value specified + .end().animate( { opacity: to }, speed, easing, callback ); + }, + animate: function( prop, speed, easing, callback ) { + var empty = jQuery.isEmptyObject( prop ), + optall = jQuery.speed( speed, easing, callback ), + doAnimation = function() { + + // Operate on a copy of prop so per-property easing won't be lost + var anim = Animation( this, jQuery.extend( {}, prop ), optall ); + + // Empty animations, or finishing resolves immediately + if ( empty || dataPriv.get( this, "finish" ) ) { + anim.stop( true ); + } + }; + + doAnimation.finish = doAnimation; + + return empty || optall.queue === false ? + this.each( doAnimation ) : + this.queue( optall.queue, doAnimation ); + }, + stop: function( type, clearQueue, gotoEnd ) { + var stopQueue = function( hooks ) { + var stop = hooks.stop; + delete hooks.stop; + stop( gotoEnd ); + }; + + if ( typeof type !== "string" ) { + gotoEnd = clearQueue; + clearQueue = type; + type = undefined; + } + if ( clearQueue ) { + this.queue( type || "fx", [] ); + } + + return this.each( function() { + var dequeue = true, + index = type != null && type + "queueHooks", + timers = jQuery.timers, + data = dataPriv.get( this ); + + if ( index ) { + if ( data[ index ] && data[ index ].stop ) { + stopQueue( data[ index ] ); + } + } else { + for ( index in data ) { + if ( data[ index ] && data[ index ].stop && rrun.test( index ) ) { + stopQueue( data[ index ] ); + } + } + } + + for ( index = timers.length; index--; ) { + if ( timers[ index ].elem === this && + ( type == null || timers[ index ].queue === type ) ) { + + timers[ index ].anim.stop( gotoEnd ); + dequeue = false; + timers.splice( index, 1 ); + } + } + + // Start the next in the queue if the last step wasn't forced. + // Timers currently will call their complete callbacks, which + // will dequeue but only if they were gotoEnd. + if ( dequeue || !gotoEnd ) { + jQuery.dequeue( this, type ); + } + } ); + }, + finish: function( type ) { + if ( type !== false ) { + type = type || "fx"; + } + return this.each( function() { + var index, + data = dataPriv.get( this ), + queue = data[ type + "queue" ], + hooks = data[ type + "queueHooks" ], + timers = jQuery.timers, + length = queue ? queue.length : 0; + + // Enable finishing flag on private data + data.finish = true; + + // Empty the queue first + jQuery.queue( this, type, [] ); + + if ( hooks && hooks.stop ) { + hooks.stop.call( this, true ); + } + + // Look for any active animations, and finish them + for ( index = timers.length; index--; ) { + if ( timers[ index ].elem === this && timers[ index ].queue === type ) { + timers[ index ].anim.stop( true ); + timers.splice( index, 1 ); + } + } + + // Look for any animations in the old queue and finish them + for ( index = 0; index < length; index++ ) { + if ( queue[ index ] && queue[ index ].finish ) { + queue[ index ].finish.call( this ); + } + } + + // Turn off finishing flag + delete data.finish; + } ); + } +} ); + +jQuery.each( [ "toggle", "show", "hide" ], function( _i, name ) { + var cssFn = jQuery.fn[ name ]; + jQuery.fn[ name ] = function( speed, easing, callback ) { + return speed == null || typeof speed === "boolean" ? + cssFn.apply( this, arguments ) : + this.animate( genFx( name, true ), speed, easing, callback ); + }; +} ); + +// Generate shortcuts for custom animations +jQuery.each( { + slideDown: genFx( "show" ), + slideUp: genFx( "hide" ), + slideToggle: genFx( "toggle" ), + fadeIn: { opacity: "show" }, + fadeOut: { opacity: "hide" }, + fadeToggle: { opacity: "toggle" } +}, function( name, props ) { + jQuery.fn[ name ] = function( speed, easing, callback ) { + return this.animate( props, speed, easing, callback ); + }; +} ); + +jQuery.timers = []; +jQuery.fx.tick = function() { + var timer, + i = 0, + timers = jQuery.timers; + + fxNow = Date.now(); + + for ( ; i < timers.length; i++ ) { + timer = timers[ i ]; + + // Run the timer and safely remove it when done (allowing for external removal) + if ( !timer() && timers[ i ] === timer ) { + timers.splice( i--, 1 ); + } + } + + if ( !timers.length ) { + jQuery.fx.stop(); + } + fxNow = undefined; +}; + +jQuery.fx.timer = function( timer ) { + jQuery.timers.push( timer ); + jQuery.fx.start(); +}; + +jQuery.fx.interval = 13; +jQuery.fx.start = function() { + if ( inProgress ) { + return; + } + + inProgress = true; + schedule(); +}; + +jQuery.fx.stop = function() { + inProgress = null; +}; + +jQuery.fx.speeds = { + slow: 600, + fast: 200, + + // Default speed + _default: 400 +}; + + +// Based off of the plugin by Clint Helfers, with permission. +// https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/ +jQuery.fn.delay = function( time, type ) { + time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; + type = type || "fx"; + + return this.queue( type, function( next, hooks ) { + var timeout = window.setTimeout( next, time ); + hooks.stop = function() { + window.clearTimeout( timeout ); + }; + } ); +}; + + +( function() { + var input = document.createElement( "input" ), + select = document.createElement( "select" ), + opt = select.appendChild( document.createElement( "option" ) ); + + input.type = "checkbox"; + + // Support: Android <=4.3 only + // Default value for a checkbox should be "on" + support.checkOn = input.value !== ""; + + // Support: IE <=11 only + // Must access selectedIndex to make default options select + support.optSelected = opt.selected; + + // Support: IE <=11 only + // An input loses its value after becoming a radio + input = document.createElement( "input" ); + input.value = "t"; + input.type = "radio"; + support.radioValue = input.value === "t"; +} )(); + + +var boolHook, + attrHandle = jQuery.expr.attrHandle; + +jQuery.fn.extend( { + attr: function( name, value ) { + return access( this, jQuery.attr, name, value, arguments.length > 1 ); + }, + + removeAttr: function( name ) { + return this.each( function() { + jQuery.removeAttr( this, name ); + } ); + } +} ); + +jQuery.extend( { + attr: function( elem, name, value ) { + var ret, hooks, + nType = elem.nodeType; + + // Don't get/set attributes on text, comment and attribute nodes + if ( nType === 3 || nType === 8 || nType === 2 ) { + return; + } + + // Fallback to prop when attributes are not supported + if ( typeof elem.getAttribute === "undefined" ) { + return jQuery.prop( elem, name, value ); + } + + // Attribute hooks are determined by the lowercase version + // Grab necessary hook if one is defined + if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { + hooks = jQuery.attrHooks[ name.toLowerCase() ] || + ( jQuery.expr.match.bool.test( name ) ? boolHook : undefined ); + } + + if ( value !== undefined ) { + if ( value === null ) { + jQuery.removeAttr( elem, name ); + return; + } + + if ( hooks && "set" in hooks && + ( ret = hooks.set( elem, value, name ) ) !== undefined ) { + return ret; + } + + elem.setAttribute( name, value + "" ); + return value; + } + + if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { + return ret; + } + + ret = jQuery.find.attr( elem, name ); + + // Non-existent attributes return null, we normalize to undefined + return ret == null ? undefined : ret; + }, + + attrHooks: { + type: { + set: function( elem, value ) { + if ( !support.radioValue && value === "radio" && + nodeName( elem, "input" ) ) { + var val = elem.value; + elem.setAttribute( "type", value ); + if ( val ) { + elem.value = val; + } + return value; + } + } + } + }, + + removeAttr: function( elem, value ) { + var name, + i = 0, + + // Attribute names can contain non-HTML whitespace characters + // https://html.spec.whatwg.org/multipage/syntax.html#attributes-2 + attrNames = value && value.match( rnothtmlwhite ); + + if ( attrNames && elem.nodeType === 1 ) { + while ( ( name = attrNames[ i++ ] ) ) { + elem.removeAttribute( name ); + } + } + } +} ); + +// Hooks for boolean attributes +boolHook = { + set: function( elem, value, name ) { + if ( value === false ) { + + // Remove boolean attributes when set to false + jQuery.removeAttr( elem, name ); + } else { + elem.setAttribute( name, name ); + } + return name; + } +}; + +jQuery.each( jQuery.expr.match.bool.source.match( /\w+/g ), function( _i, name ) { + var getter = attrHandle[ name ] || jQuery.find.attr; + + attrHandle[ name ] = function( elem, name, isXML ) { + var ret, handle, + lowercaseName = name.toLowerCase(); + + if ( !isXML ) { + + // Avoid an infinite loop by temporarily removing this function from the getter + handle = attrHandle[ lowercaseName ]; + attrHandle[ lowercaseName ] = ret; + ret = getter( elem, name, isXML ) != null ? + lowercaseName : + null; + attrHandle[ lowercaseName ] = handle; + } + return ret; + }; +} ); + + + + +var rfocusable = /^(?:input|select|textarea|button)$/i, + rclickable = /^(?:a|area)$/i; + +jQuery.fn.extend( { + prop: function( name, value ) { + return access( this, jQuery.prop, name, value, arguments.length > 1 ); + }, + + removeProp: function( name ) { + return this.each( function() { + delete this[ jQuery.propFix[ name ] || name ]; + } ); + } +} ); + +jQuery.extend( { + prop: function( elem, name, value ) { + var ret, hooks, + nType = elem.nodeType; + + // Don't get/set properties on text, comment and attribute nodes + if ( nType === 3 || nType === 8 || nType === 2 ) { + return; + } + + if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { + + // Fix name and attach hooks + name = jQuery.propFix[ name ] || name; + hooks = jQuery.propHooks[ name ]; + } + + if ( value !== undefined ) { + if ( hooks && "set" in hooks && + ( ret = hooks.set( elem, value, name ) ) !== undefined ) { + return ret; + } + + return ( elem[ name ] = value ); + } + + if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { + return ret; + } + + return elem[ name ]; + }, + + propHooks: { + tabIndex: { + get: function( elem ) { + + // Support: IE <=9 - 11 only + // elem.tabIndex doesn't always return the + // correct value when it hasn't been explicitly set + // https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ + // Use proper attribute retrieval(#12072) + var tabindex = jQuery.find.attr( elem, "tabindex" ); + + if ( tabindex ) { + return parseInt( tabindex, 10 ); + } + + if ( + rfocusable.test( elem.nodeName ) || + rclickable.test( elem.nodeName ) && + elem.href + ) { + return 0; + } + + return -1; + } + } + }, + + propFix: { + "for": "htmlFor", + "class": "className" + } +} ); + +// Support: IE <=11 only +// Accessing the selectedIndex property +// forces the browser to respect setting selected +// on the option +// The getter ensures a default option is selected +// when in an optgroup +// eslint rule "no-unused-expressions" is disabled for this code +// since it considers such accessions noop +if ( !support.optSelected ) { + jQuery.propHooks.selected = { + get: function( elem ) { + + /* eslint no-unused-expressions: "off" */ + + var parent = elem.parentNode; + if ( parent && parent.parentNode ) { + parent.parentNode.selectedIndex; + } + return null; + }, + set: function( elem ) { + + /* eslint no-unused-expressions: "off" */ + + var parent = elem.parentNode; + if ( parent ) { + parent.selectedIndex; + + if ( parent.parentNode ) { + parent.parentNode.selectedIndex; + } + } + } + }; +} + +jQuery.each( [ + "tabIndex", + "readOnly", + "maxLength", + "cellSpacing", + "cellPadding", + "rowSpan", + "colSpan", + "useMap", + "frameBorder", + "contentEditable" +], function() { + jQuery.propFix[ this.toLowerCase() ] = this; +} ); + + + + + // Strip and collapse whitespace according to HTML spec + // https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace + function stripAndCollapse( value ) { + var tokens = value.match( rnothtmlwhite ) || []; + return tokens.join( " " ); + } + + +function getClass( elem ) { + return elem.getAttribute && elem.getAttribute( "class" ) || ""; +} + +function classesToArray( value ) { + if ( Array.isArray( value ) ) { + return value; + } + if ( typeof value === "string" ) { + return value.match( rnothtmlwhite ) || []; + } + return []; +} + +jQuery.fn.extend( { + addClass: function( value ) { + var classes, elem, cur, curValue, clazz, j, finalValue, + i = 0; + + if ( isFunction( value ) ) { + return this.each( function( j ) { + jQuery( this ).addClass( value.call( this, j, getClass( this ) ) ); + } ); + } + + classes = classesToArray( value ); + + if ( classes.length ) { + while ( ( elem = this[ i++ ] ) ) { + curValue = getClass( elem ); + cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); + + if ( cur ) { + j = 0; + while ( ( clazz = classes[ j++ ] ) ) { + if ( cur.indexOf( " " + clazz + " " ) < 0 ) { + cur += clazz + " "; + } + } + + // Only assign if different to avoid unneeded rendering. + finalValue = stripAndCollapse( cur ); + if ( curValue !== finalValue ) { + elem.setAttribute( "class", finalValue ); + } + } + } + } + + return this; + }, + + removeClass: function( value ) { + var classes, elem, cur, curValue, clazz, j, finalValue, + i = 0; + + if ( isFunction( value ) ) { + return this.each( function( j ) { + jQuery( this ).removeClass( value.call( this, j, getClass( this ) ) ); + } ); + } + + if ( !arguments.length ) { + return this.attr( "class", "" ); + } + + classes = classesToArray( value ); + + if ( classes.length ) { + while ( ( elem = this[ i++ ] ) ) { + curValue = getClass( elem ); + + // This expression is here for better compressibility (see addClass) + cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); + + if ( cur ) { + j = 0; + while ( ( clazz = classes[ j++ ] ) ) { + + // Remove *all* instances + while ( cur.indexOf( " " + clazz + " " ) > -1 ) { + cur = cur.replace( " " + clazz + " ", " " ); + } + } + + // Only assign if different to avoid unneeded rendering. + finalValue = stripAndCollapse( cur ); + if ( curValue !== finalValue ) { + elem.setAttribute( "class", finalValue ); + } + } + } + } + + return this; + }, + + toggleClass: function( value, stateVal ) { + var type = typeof value, + isValidValue = type === "string" || Array.isArray( value ); + + if ( typeof stateVal === "boolean" && isValidValue ) { + return stateVal ? this.addClass( value ) : this.removeClass( value ); + } + + if ( isFunction( value ) ) { + return this.each( function( i ) { + jQuery( this ).toggleClass( + value.call( this, i, getClass( this ), stateVal ), + stateVal + ); + } ); + } + + return this.each( function() { + var className, i, self, classNames; + + if ( isValidValue ) { + + // Toggle individual class names + i = 0; + self = jQuery( this ); + classNames = classesToArray( value ); + + while ( ( className = classNames[ i++ ] ) ) { + + // Check each className given, space separated list + if ( self.hasClass( className ) ) { + self.removeClass( className ); + } else { + self.addClass( className ); + } + } + + // Toggle whole class name + } else if ( value === undefined || type === "boolean" ) { + className = getClass( this ); + if ( className ) { + + // Store className if set + dataPriv.set( this, "__className__", className ); + } + + // If the element has a class name or if we're passed `false`, + // then remove the whole classname (if there was one, the above saved it). + // Otherwise bring back whatever was previously saved (if anything), + // falling back to the empty string if nothing was stored. + if ( this.setAttribute ) { + this.setAttribute( "class", + className || value === false ? + "" : + dataPriv.get( this, "__className__" ) || "" + ); + } + } + } ); + }, + + hasClass: function( selector ) { + var className, elem, + i = 0; + + className = " " + selector + " "; + while ( ( elem = this[ i++ ] ) ) { + if ( elem.nodeType === 1 && + ( " " + stripAndCollapse( getClass( elem ) ) + " " ).indexOf( className ) > -1 ) { + return true; + } + } + + return false; + } +} ); + + + + +var rreturn = /\r/g; + +jQuery.fn.extend( { + val: function( value ) { + var hooks, ret, valueIsFunction, + elem = this[ 0 ]; + + if ( !arguments.length ) { + if ( elem ) { + hooks = jQuery.valHooks[ elem.type ] || + jQuery.valHooks[ elem.nodeName.toLowerCase() ]; + + if ( hooks && + "get" in hooks && + ( ret = hooks.get( elem, "value" ) ) !== undefined + ) { + return ret; + } + + ret = elem.value; + + // Handle most common string cases + if ( typeof ret === "string" ) { + return ret.replace( rreturn, "" ); + } + + // Handle cases where value is null/undef or number + return ret == null ? "" : ret; + } + + return; + } + + valueIsFunction = isFunction( value ); + + return this.each( function( i ) { + var val; + + if ( this.nodeType !== 1 ) { + return; + } + + if ( valueIsFunction ) { + val = value.call( this, i, jQuery( this ).val() ); + } else { + val = value; + } + + // Treat null/undefined as ""; convert numbers to string + if ( val == null ) { + val = ""; + + } else if ( typeof val === "number" ) { + val += ""; + + } else if ( Array.isArray( val ) ) { + val = jQuery.map( val, function( value ) { + return value == null ? "" : value + ""; + } ); + } + + hooks = jQuery.valHooks[ this.type ] || jQuery.valHooks[ this.nodeName.toLowerCase() ]; + + // If set returns undefined, fall back to normal setting + if ( !hooks || !( "set" in hooks ) || hooks.set( this, val, "value" ) === undefined ) { + this.value = val; + } + } ); + } +} ); + +jQuery.extend( { + valHooks: { + option: { + get: function( elem ) { + + var val = jQuery.find.attr( elem, "value" ); + return val != null ? + val : + + // Support: IE <=10 - 11 only + // option.text throws exceptions (#14686, #14858) + // Strip and collapse whitespace + // https://html.spec.whatwg.org/#strip-and-collapse-whitespace + stripAndCollapse( jQuery.text( elem ) ); + } + }, + select: { + get: function( elem ) { + var value, option, i, + options = elem.options, + index = elem.selectedIndex, + one = elem.type === "select-one", + values = one ? null : [], + max = one ? index + 1 : options.length; + + if ( index < 0 ) { + i = max; + + } else { + i = one ? index : 0; + } + + // Loop through all the selected options + for ( ; i < max; i++ ) { + option = options[ i ]; + + // Support: IE <=9 only + // IE8-9 doesn't update selected after form reset (#2551) + if ( ( option.selected || i === index ) && + + // Don't return options that are disabled or in a disabled optgroup + !option.disabled && + ( !option.parentNode.disabled || + !nodeName( option.parentNode, "optgroup" ) ) ) { + + // Get the specific value for the option + value = jQuery( option ).val(); + + // We don't need an array for one selects + if ( one ) { + return value; + } + + // Multi-Selects return an array + values.push( value ); + } + } + + return values; + }, + + set: function( elem, value ) { + var optionSet, option, + options = elem.options, + values = jQuery.makeArray( value ), + i = options.length; + + while ( i-- ) { + option = options[ i ]; + + /* eslint-disable no-cond-assign */ + + if ( option.selected = + jQuery.inArray( jQuery.valHooks.option.get( option ), values ) > -1 + ) { + optionSet = true; + } + + /* eslint-enable no-cond-assign */ + } + + // Force browsers to behave consistently when non-matching value is set + if ( !optionSet ) { + elem.selectedIndex = -1; + } + return values; + } + } + } +} ); + +// Radios and checkboxes getter/setter +jQuery.each( [ "radio", "checkbox" ], function() { + jQuery.valHooks[ this ] = { + set: function( elem, value ) { + if ( Array.isArray( value ) ) { + return ( elem.checked = jQuery.inArray( jQuery( elem ).val(), value ) > -1 ); + } + } + }; + if ( !support.checkOn ) { + jQuery.valHooks[ this ].get = function( elem ) { + return elem.getAttribute( "value" ) === null ? "on" : elem.value; + }; + } +} ); + + + + +// Return jQuery for attributes-only inclusion + + +support.focusin = "onfocusin" in window; + + +var rfocusMorph = /^(?:focusinfocus|focusoutblur)$/, + stopPropagationCallback = function( e ) { + e.stopPropagation(); + }; + +jQuery.extend( jQuery.event, { + + trigger: function( event, data, elem, onlyHandlers ) { + + var i, cur, tmp, bubbleType, ontype, handle, special, lastElement, + eventPath = [ elem || document ], + type = hasOwn.call( event, "type" ) ? event.type : event, + namespaces = hasOwn.call( event, "namespace" ) ? event.namespace.split( "." ) : []; + + cur = lastElement = tmp = elem = elem || document; + + // Don't do events on text and comment nodes + if ( elem.nodeType === 3 || elem.nodeType === 8 ) { + return; + } + + // focus/blur morphs to focusin/out; ensure we're not firing them right now + if ( rfocusMorph.test( type + jQuery.event.triggered ) ) { + return; + } + + if ( type.indexOf( "." ) > -1 ) { + + // Namespaced trigger; create a regexp to match event type in handle() + namespaces = type.split( "." ); + type = namespaces.shift(); + namespaces.sort(); + } + ontype = type.indexOf( ":" ) < 0 && "on" + type; + + // Caller can pass in a jQuery.Event object, Object, or just an event type string + event = event[ jQuery.expando ] ? + event : + new jQuery.Event( type, typeof event === "object" && event ); + + // Trigger bitmask: & 1 for native handlers; & 2 for jQuery (always true) + event.isTrigger = onlyHandlers ? 2 : 3; + event.namespace = namespaces.join( "." ); + event.rnamespace = event.namespace ? + new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ) : + null; + + // Clean up the event in case it is being reused + event.result = undefined; + if ( !event.target ) { + event.target = elem; + } + + // Clone any incoming data and prepend the event, creating the handler arg list + data = data == null ? + [ event ] : + jQuery.makeArray( data, [ event ] ); + + // Allow special events to draw outside the lines + special = jQuery.event.special[ type ] || {}; + if ( !onlyHandlers && special.trigger && special.trigger.apply( elem, data ) === false ) { + return; + } + + // Determine event propagation path in advance, per W3C events spec (#9951) + // Bubble up to document, then to window; watch for a global ownerDocument var (#9724) + if ( !onlyHandlers && !special.noBubble && !isWindow( elem ) ) { + + bubbleType = special.delegateType || type; + if ( !rfocusMorph.test( bubbleType + type ) ) { + cur = cur.parentNode; + } + for ( ; cur; cur = cur.parentNode ) { + eventPath.push( cur ); + tmp = cur; + } + + // Only add window if we got to document (e.g., not plain obj or detached DOM) + if ( tmp === ( elem.ownerDocument || document ) ) { + eventPath.push( tmp.defaultView || tmp.parentWindow || window ); + } + } + + // Fire handlers on the event path + i = 0; + while ( ( cur = eventPath[ i++ ] ) && !event.isPropagationStopped() ) { + lastElement = cur; + event.type = i > 1 ? + bubbleType : + special.bindType || type; + + // jQuery handler + handle = ( dataPriv.get( cur, "events" ) || Object.create( null ) )[ event.type ] && + dataPriv.get( cur, "handle" ); + if ( handle ) { + handle.apply( cur, data ); + } + + // Native handler + handle = ontype && cur[ ontype ]; + if ( handle && handle.apply && acceptData( cur ) ) { + event.result = handle.apply( cur, data ); + if ( event.result === false ) { + event.preventDefault(); + } + } + } + event.type = type; + + // If nobody prevented the default action, do it now + if ( !onlyHandlers && !event.isDefaultPrevented() ) { + + if ( ( !special._default || + special._default.apply( eventPath.pop(), data ) === false ) && + acceptData( elem ) ) { + + // Call a native DOM method on the target with the same name as the event. + // Don't do default actions on window, that's where global variables be (#6170) + if ( ontype && isFunction( elem[ type ] ) && !isWindow( elem ) ) { + + // Don't re-trigger an onFOO event when we call its FOO() method + tmp = elem[ ontype ]; + + if ( tmp ) { + elem[ ontype ] = null; + } + + // Prevent re-triggering of the same event, since we already bubbled it above + jQuery.event.triggered = type; + + if ( event.isPropagationStopped() ) { + lastElement.addEventListener( type, stopPropagationCallback ); + } + + elem[ type ](); + + if ( event.isPropagationStopped() ) { + lastElement.removeEventListener( type, stopPropagationCallback ); + } + + jQuery.event.triggered = undefined; + + if ( tmp ) { + elem[ ontype ] = tmp; + } + } + } + } + + return event.result; + }, + + // Piggyback on a donor event to simulate a different one + // Used only for `focus(in | out)` events + simulate: function( type, elem, event ) { + var e = jQuery.extend( + new jQuery.Event(), + event, + { + type: type, + isSimulated: true + } + ); + + jQuery.event.trigger( e, null, elem ); + } + +} ); + +jQuery.fn.extend( { + + trigger: function( type, data ) { + return this.each( function() { + jQuery.event.trigger( type, data, this ); + } ); + }, + triggerHandler: function( type, data ) { + var elem = this[ 0 ]; + if ( elem ) { + return jQuery.event.trigger( type, data, elem, true ); + } + } +} ); + + +// Support: Firefox <=44 +// Firefox doesn't have focus(in | out) events +// Related ticket - https://bugzilla.mozilla.org/show_bug.cgi?id=687787 +// +// Support: Chrome <=48 - 49, Safari <=9.0 - 9.1 +// focus(in | out) events fire after focus & blur events, +// which is spec violation - http://www.w3.org/TR/DOM-Level-3-Events/#events-focusevent-event-order +// Related ticket - https://bugs.chromium.org/p/chromium/issues/detail?id=449857 +if ( !support.focusin ) { + jQuery.each( { focus: "focusin", blur: "focusout" }, function( orig, fix ) { + + // Attach a single capturing handler on the document while someone wants focusin/focusout + var handler = function( event ) { + jQuery.event.simulate( fix, event.target, jQuery.event.fix( event ) ); + }; + + jQuery.event.special[ fix ] = { + setup: function() { + + // Handle: regular nodes (via `this.ownerDocument`), window + // (via `this.document`) & document (via `this`). + var doc = this.ownerDocument || this.document || this, + attaches = dataPriv.access( doc, fix ); + + if ( !attaches ) { + doc.addEventListener( orig, handler, true ); + } + dataPriv.access( doc, fix, ( attaches || 0 ) + 1 ); + }, + teardown: function() { + var doc = this.ownerDocument || this.document || this, + attaches = dataPriv.access( doc, fix ) - 1; + + if ( !attaches ) { + doc.removeEventListener( orig, handler, true ); + dataPriv.remove( doc, fix ); + + } else { + dataPriv.access( doc, fix, attaches ); + } + } + }; + } ); +} +var location = window.location; + +var nonce = { guid: Date.now() }; + +var rquery = ( /\?/ ); + + + +// Cross-browser xml parsing +jQuery.parseXML = function( data ) { + var xml, parserErrorElem; + if ( !data || typeof data !== "string" ) { + return null; + } + + // Support: IE 9 - 11 only + // IE throws on parseFromString with invalid input. + try { + xml = ( new window.DOMParser() ).parseFromString( data, "text/xml" ); + } catch ( e ) {} + + parserErrorElem = xml && xml.getElementsByTagName( "parsererror" )[ 0 ]; + if ( !xml || parserErrorElem ) { + jQuery.error( "Invalid XML: " + ( + parserErrorElem ? + jQuery.map( parserErrorElem.childNodes, function( el ) { + return el.textContent; + } ).join( "\n" ) : + data + ) ); + } + return xml; +}; + + +var + rbracket = /\[\]$/, + rCRLF = /\r?\n/g, + rsubmitterTypes = /^(?:submit|button|image|reset|file)$/i, + rsubmittable = /^(?:input|select|textarea|keygen)/i; + +function buildParams( prefix, obj, traditional, add ) { + var name; + + if ( Array.isArray( obj ) ) { + + // Serialize array item. + jQuery.each( obj, function( i, v ) { + if ( traditional || rbracket.test( prefix ) ) { + + // Treat each array item as a scalar. + add( prefix, v ); + + } else { + + // Item is non-scalar (array or object), encode its numeric index. + buildParams( + prefix + "[" + ( typeof v === "object" && v != null ? i : "" ) + "]", + v, + traditional, + add + ); + } + } ); + + } else if ( !traditional && toType( obj ) === "object" ) { + + // Serialize object item. + for ( name in obj ) { + buildParams( prefix + "[" + name + "]", obj[ name ], traditional, add ); + } + + } else { + + // Serialize scalar item. + add( prefix, obj ); + } +} + +// Serialize an array of form elements or a set of +// key/values into a query string +jQuery.param = function( a, traditional ) { + var prefix, + s = [], + add = function( key, valueOrFunction ) { + + // If value is a function, invoke it and use its return value + var value = isFunction( valueOrFunction ) ? + valueOrFunction() : + valueOrFunction; + + s[ s.length ] = encodeURIComponent( key ) + "=" + + encodeURIComponent( value == null ? "" : value ); + }; + + if ( a == null ) { + return ""; + } + + // If an array was passed in, assume that it is an array of form elements. + if ( Array.isArray( a ) || ( a.jquery && !jQuery.isPlainObject( a ) ) ) { + + // Serialize the form elements + jQuery.each( a, function() { + add( this.name, this.value ); + } ); + + } else { + + // If traditional, encode the "old" way (the way 1.3.2 or older + // did it), otherwise encode params recursively. + for ( prefix in a ) { + buildParams( prefix, a[ prefix ], traditional, add ); + } + } + + // Return the resulting serialization + return s.join( "&" ); +}; + +jQuery.fn.extend( { + serialize: function() { + return jQuery.param( this.serializeArray() ); + }, + serializeArray: function() { + return this.map( function() { + + // Can add propHook for "elements" to filter or add form elements + var elements = jQuery.prop( this, "elements" ); + return elements ? jQuery.makeArray( elements ) : this; + } ).filter( function() { + var type = this.type; + + // Use .is( ":disabled" ) so that fieldset[disabled] works + return this.name && !jQuery( this ).is( ":disabled" ) && + rsubmittable.test( this.nodeName ) && !rsubmitterTypes.test( type ) && + ( this.checked || !rcheckableType.test( type ) ); + } ).map( function( _i, elem ) { + var val = jQuery( this ).val(); + + if ( val == null ) { + return null; + } + + if ( Array.isArray( val ) ) { + return jQuery.map( val, function( val ) { + return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; + } ); + } + + return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; + } ).get(); + } +} ); + + +var + r20 = /%20/g, + rhash = /#.*$/, + rantiCache = /([?&])_=[^&]*/, + rheaders = /^(.*?):[ \t]*([^\r\n]*)$/mg, + + // #7653, #8125, #8152: local protocol detection + rlocalProtocol = /^(?:about|app|app-storage|.+-extension|file|res|widget):$/, + rnoContent = /^(?:GET|HEAD)$/, + rprotocol = /^\/\//, + + /* Prefilters + * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example) + * 2) These are called: + * - BEFORE asking for a transport + * - AFTER param serialization (s.data is a string if s.processData is true) + * 3) key is the dataType + * 4) the catchall symbol "*" can be used + * 5) execution will start with transport dataType and THEN continue down to "*" if needed + */ + prefilters = {}, + + /* Transports bindings + * 1) key is the dataType + * 2) the catchall symbol "*" can be used + * 3) selection will start with transport dataType and THEN go to "*" if needed + */ + transports = {}, + + // Avoid comment-prolog char sequence (#10098); must appease lint and evade compression + allTypes = "*/".concat( "*" ), + + // Anchor tag for parsing the document origin + originAnchor = document.createElement( "a" ); + +originAnchor.href = location.href; + +// Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport +function addToPrefiltersOrTransports( structure ) { + + // dataTypeExpression is optional and defaults to "*" + return function( dataTypeExpression, func ) { + + if ( typeof dataTypeExpression !== "string" ) { + func = dataTypeExpression; + dataTypeExpression = "*"; + } + + var dataType, + i = 0, + dataTypes = dataTypeExpression.toLowerCase().match( rnothtmlwhite ) || []; + + if ( isFunction( func ) ) { + + // For each dataType in the dataTypeExpression + while ( ( dataType = dataTypes[ i++ ] ) ) { + + // Prepend if requested + if ( dataType[ 0 ] === "+" ) { + dataType = dataType.slice( 1 ) || "*"; + ( structure[ dataType ] = structure[ dataType ] || [] ).unshift( func ); + + // Otherwise append + } else { + ( structure[ dataType ] = structure[ dataType ] || [] ).push( func ); + } + } + } + }; +} + +// Base inspection function for prefilters and transports +function inspectPrefiltersOrTransports( structure, options, originalOptions, jqXHR ) { + + var inspected = {}, + seekingTransport = ( structure === transports ); + + function inspect( dataType ) { + var selected; + inspected[ dataType ] = true; + jQuery.each( structure[ dataType ] || [], function( _, prefilterOrFactory ) { + var dataTypeOrTransport = prefilterOrFactory( options, originalOptions, jqXHR ); + if ( typeof dataTypeOrTransport === "string" && + !seekingTransport && !inspected[ dataTypeOrTransport ] ) { + + options.dataTypes.unshift( dataTypeOrTransport ); + inspect( dataTypeOrTransport ); + return false; + } else if ( seekingTransport ) { + return !( selected = dataTypeOrTransport ); + } + } ); + return selected; + } + + return inspect( options.dataTypes[ 0 ] ) || !inspected[ "*" ] && inspect( "*" ); +} + +// A special extend for ajax options +// that takes "flat" options (not to be deep extended) +// Fixes #9887 +function ajaxExtend( target, src ) { + var key, deep, + flatOptions = jQuery.ajaxSettings.flatOptions || {}; + + for ( key in src ) { + if ( src[ key ] !== undefined ) { + ( flatOptions[ key ] ? target : ( deep || ( deep = {} ) ) )[ key ] = src[ key ]; + } + } + if ( deep ) { + jQuery.extend( true, target, deep ); + } + + return target; +} + +/* Handles responses to an ajax request: + * - finds the right dataType (mediates between content-type and expected dataType) + * - returns the corresponding response + */ +function ajaxHandleResponses( s, jqXHR, responses ) { + + var ct, type, finalDataType, firstDataType, + contents = s.contents, + dataTypes = s.dataTypes; + + // Remove auto dataType and get content-type in the process + while ( dataTypes[ 0 ] === "*" ) { + dataTypes.shift(); + if ( ct === undefined ) { + ct = s.mimeType || jqXHR.getResponseHeader( "Content-Type" ); + } + } + + // Check if we're dealing with a known content-type + if ( ct ) { + for ( type in contents ) { + if ( contents[ type ] && contents[ type ].test( ct ) ) { + dataTypes.unshift( type ); + break; + } + } + } + + // Check to see if we have a response for the expected dataType + if ( dataTypes[ 0 ] in responses ) { + finalDataType = dataTypes[ 0 ]; + } else { + + // Try convertible dataTypes + for ( type in responses ) { + if ( !dataTypes[ 0 ] || s.converters[ type + " " + dataTypes[ 0 ] ] ) { + finalDataType = type; + break; + } + if ( !firstDataType ) { + firstDataType = type; + } + } + + // Or just use first one + finalDataType = finalDataType || firstDataType; + } + + // If we found a dataType + // We add the dataType to the list if needed + // and return the corresponding response + if ( finalDataType ) { + if ( finalDataType !== dataTypes[ 0 ] ) { + dataTypes.unshift( finalDataType ); + } + return responses[ finalDataType ]; + } +} + +/* Chain conversions given the request and the original response + * Also sets the responseXXX fields on the jqXHR instance + */ +function ajaxConvert( s, response, jqXHR, isSuccess ) { + var conv2, current, conv, tmp, prev, + converters = {}, + + // Work with a copy of dataTypes in case we need to modify it for conversion + dataTypes = s.dataTypes.slice(); + + // Create converters map with lowercased keys + if ( dataTypes[ 1 ] ) { + for ( conv in s.converters ) { + converters[ conv.toLowerCase() ] = s.converters[ conv ]; + } + } + + current = dataTypes.shift(); + + // Convert to each sequential dataType + while ( current ) { + + if ( s.responseFields[ current ] ) { + jqXHR[ s.responseFields[ current ] ] = response; + } + + // Apply the dataFilter if provided + if ( !prev && isSuccess && s.dataFilter ) { + response = s.dataFilter( response, s.dataType ); + } + + prev = current; + current = dataTypes.shift(); + + if ( current ) { + + // There's only work to do if current dataType is non-auto + if ( current === "*" ) { + + current = prev; + + // Convert response if prev dataType is non-auto and differs from current + } else if ( prev !== "*" && prev !== current ) { + + // Seek a direct converter + conv = converters[ prev + " " + current ] || converters[ "* " + current ]; + + // If none found, seek a pair + if ( !conv ) { + for ( conv2 in converters ) { + + // If conv2 outputs current + tmp = conv2.split( " " ); + if ( tmp[ 1 ] === current ) { + + // If prev can be converted to accepted input + conv = converters[ prev + " " + tmp[ 0 ] ] || + converters[ "* " + tmp[ 0 ] ]; + if ( conv ) { + + // Condense equivalence converters + if ( conv === true ) { + conv = converters[ conv2 ]; + + // Otherwise, insert the intermediate dataType + } else if ( converters[ conv2 ] !== true ) { + current = tmp[ 0 ]; + dataTypes.unshift( tmp[ 1 ] ); + } + break; + } + } + } + } + + // Apply converter (if not an equivalence) + if ( conv !== true ) { + + // Unless errors are allowed to bubble, catch and return them + if ( conv && s.throws ) { + response = conv( response ); + } else { + try { + response = conv( response ); + } catch ( e ) { + return { + state: "parsererror", + error: conv ? e : "No conversion from " + prev + " to " + current + }; + } + } + } + } + } + } + + return { state: "success", data: response }; +} + +jQuery.extend( { + + // Counter for holding the number of active queries + active: 0, + + // Last-Modified header cache for next request + lastModified: {}, + etag: {}, + + ajaxSettings: { + url: location.href, + type: "GET", + isLocal: rlocalProtocol.test( location.protocol ), + global: true, + processData: true, + async: true, + contentType: "application/x-www-form-urlencoded; charset=UTF-8", + + /* + timeout: 0, + data: null, + dataType: null, + username: null, + password: null, + cache: null, + throws: false, + traditional: false, + headers: {}, + */ + + accepts: { + "*": allTypes, + text: "text/plain", + html: "text/html", + xml: "application/xml, text/xml", + json: "application/json, text/javascript" + }, + + contents: { + xml: /\bxml\b/, + html: /\bhtml/, + json: /\bjson\b/ + }, + + responseFields: { + xml: "responseXML", + text: "responseText", + json: "responseJSON" + }, + + // Data converters + // Keys separate source (or catchall "*") and destination types with a single space + converters: { + + // Convert anything to text + "* text": String, + + // Text to html (true = no transformation) + "text html": true, + + // Evaluate text as a json expression + "text json": JSON.parse, + + // Parse text as xml + "text xml": jQuery.parseXML + }, + + // For options that shouldn't be deep extended: + // you can add your own custom options here if + // and when you create one that shouldn't be + // deep extended (see ajaxExtend) + flatOptions: { + url: true, + context: true + } + }, + + // Creates a full fledged settings object into target + // with both ajaxSettings and settings fields. + // If target is omitted, writes into ajaxSettings. + ajaxSetup: function( target, settings ) { + return settings ? + + // Building a settings object + ajaxExtend( ajaxExtend( target, jQuery.ajaxSettings ), settings ) : + + // Extending ajaxSettings + ajaxExtend( jQuery.ajaxSettings, target ); + }, + + ajaxPrefilter: addToPrefiltersOrTransports( prefilters ), + ajaxTransport: addToPrefiltersOrTransports( transports ), + + // Main method + ajax: function( url, options ) { + + // If url is an object, simulate pre-1.5 signature + if ( typeof url === "object" ) { + options = url; + url = undefined; + } + + // Force options to be an object + options = options || {}; + + var transport, + + // URL without anti-cache param + cacheURL, + + // Response headers + responseHeadersString, + responseHeaders, + + // timeout handle + timeoutTimer, + + // Url cleanup var + urlAnchor, + + // Request state (becomes false upon send and true upon completion) + completed, + + // To know if global events are to be dispatched + fireGlobals, + + // Loop variable + i, + + // uncached part of the url + uncached, + + // Create the final options object + s = jQuery.ajaxSetup( {}, options ), + + // Callbacks context + callbackContext = s.context || s, + + // Context for global events is callbackContext if it is a DOM node or jQuery collection + globalEventContext = s.context && + ( callbackContext.nodeType || callbackContext.jquery ) ? + jQuery( callbackContext ) : + jQuery.event, + + // Deferreds + deferred = jQuery.Deferred(), + completeDeferred = jQuery.Callbacks( "once memory" ), + + // Status-dependent callbacks + statusCode = s.statusCode || {}, + + // Headers (they are sent all at once) + requestHeaders = {}, + requestHeadersNames = {}, + + // Default abort message + strAbort = "canceled", + + // Fake xhr + jqXHR = { + readyState: 0, + + // Builds headers hashtable if needed + getResponseHeader: function( key ) { + var match; + if ( completed ) { + if ( !responseHeaders ) { + responseHeaders = {}; + while ( ( match = rheaders.exec( responseHeadersString ) ) ) { + responseHeaders[ match[ 1 ].toLowerCase() + " " ] = + ( responseHeaders[ match[ 1 ].toLowerCase() + " " ] || [] ) + .concat( match[ 2 ] ); + } + } + match = responseHeaders[ key.toLowerCase() + " " ]; + } + return match == null ? null : match.join( ", " ); + }, + + // Raw string + getAllResponseHeaders: function() { + return completed ? responseHeadersString : null; + }, + + // Caches the header + setRequestHeader: function( name, value ) { + if ( completed == null ) { + name = requestHeadersNames[ name.toLowerCase() ] = + requestHeadersNames[ name.toLowerCase() ] || name; + requestHeaders[ name ] = value; + } + return this; + }, + + // Overrides response content-type header + overrideMimeType: function( type ) { + if ( completed == null ) { + s.mimeType = type; + } + return this; + }, + + // Status-dependent callbacks + statusCode: function( map ) { + var code; + if ( map ) { + if ( completed ) { + + // Execute the appropriate callbacks + jqXHR.always( map[ jqXHR.status ] ); + } else { + + // Lazy-add the new callbacks in a way that preserves old ones + for ( code in map ) { + statusCode[ code ] = [ statusCode[ code ], map[ code ] ]; + } + } + } + return this; + }, + + // Cancel the request + abort: function( statusText ) { + var finalText = statusText || strAbort; + if ( transport ) { + transport.abort( finalText ); + } + done( 0, finalText ); + return this; + } + }; + + // Attach deferreds + deferred.promise( jqXHR ); + + // Add protocol if not provided (prefilters might expect it) + // Handle falsy url in the settings object (#10093: consistency with old signature) + // We also use the url parameter if available + s.url = ( ( url || s.url || location.href ) + "" ) + .replace( rprotocol, location.protocol + "//" ); + + // Alias method option to type as per ticket #12004 + s.type = options.method || options.type || s.method || s.type; + + // Extract dataTypes list + s.dataTypes = ( s.dataType || "*" ).toLowerCase().match( rnothtmlwhite ) || [ "" ]; + + // A cross-domain request is in order when the origin doesn't match the current origin. + if ( s.crossDomain == null ) { + urlAnchor = document.createElement( "a" ); + + // Support: IE <=8 - 11, Edge 12 - 15 + // IE throws exception on accessing the href property if url is malformed, + // e.g. http://example.com:80x/ + try { + urlAnchor.href = s.url; + + // Support: IE <=8 - 11 only + // Anchor's host property isn't correctly set when s.url is relative + urlAnchor.href = urlAnchor.href; + s.crossDomain = originAnchor.protocol + "//" + originAnchor.host !== + urlAnchor.protocol + "//" + urlAnchor.host; + } catch ( e ) { + + // If there is an error parsing the URL, assume it is crossDomain, + // it can be rejected by the transport if it is invalid + s.crossDomain = true; + } + } + + // Convert data if not already a string + if ( s.data && s.processData && typeof s.data !== "string" ) { + s.data = jQuery.param( s.data, s.traditional ); + } + + // Apply prefilters + inspectPrefiltersOrTransports( prefilters, s, options, jqXHR ); + + // If request was aborted inside a prefilter, stop there + if ( completed ) { + return jqXHR; + } + + // We can fire global events as of now if asked to + // Don't fire events if jQuery.event is undefined in an AMD-usage scenario (#15118) + fireGlobals = jQuery.event && s.global; + + // Watch for a new set of requests + if ( fireGlobals && jQuery.active++ === 0 ) { + jQuery.event.trigger( "ajaxStart" ); + } + + // Uppercase the type + s.type = s.type.toUpperCase(); + + // Determine if request has content + s.hasContent = !rnoContent.test( s.type ); + + // Save the URL in case we're toying with the If-Modified-Since + // and/or If-None-Match header later on + // Remove hash to simplify url manipulation + cacheURL = s.url.replace( rhash, "" ); + + // More options handling for requests with no content + if ( !s.hasContent ) { + + // Remember the hash so we can put it back + uncached = s.url.slice( cacheURL.length ); + + // If data is available and should be processed, append data to url + if ( s.data && ( s.processData || typeof s.data === "string" ) ) { + cacheURL += ( rquery.test( cacheURL ) ? "&" : "?" ) + s.data; + + // #9682: remove data so that it's not used in an eventual retry + delete s.data; + } + + // Add or update anti-cache param if needed + if ( s.cache === false ) { + cacheURL = cacheURL.replace( rantiCache, "$1" ); + uncached = ( rquery.test( cacheURL ) ? "&" : "?" ) + "_=" + ( nonce.guid++ ) + + uncached; + } + + // Put hash and anti-cache on the URL that will be requested (gh-1732) + s.url = cacheURL + uncached; + + // Change '%20' to '+' if this is encoded form body content (gh-2658) + } else if ( s.data && s.processData && + ( s.contentType || "" ).indexOf( "application/x-www-form-urlencoded" ) === 0 ) { + s.data = s.data.replace( r20, "+" ); + } + + // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. + if ( s.ifModified ) { + if ( jQuery.lastModified[ cacheURL ] ) { + jqXHR.setRequestHeader( "If-Modified-Since", jQuery.lastModified[ cacheURL ] ); + } + if ( jQuery.etag[ cacheURL ] ) { + jqXHR.setRequestHeader( "If-None-Match", jQuery.etag[ cacheURL ] ); + } + } + + // Set the correct header, if data is being sent + if ( s.data && s.hasContent && s.contentType !== false || options.contentType ) { + jqXHR.setRequestHeader( "Content-Type", s.contentType ); + } + + // Set the Accepts header for the server, depending on the dataType + jqXHR.setRequestHeader( + "Accept", + s.dataTypes[ 0 ] && s.accepts[ s.dataTypes[ 0 ] ] ? + s.accepts[ s.dataTypes[ 0 ] ] + + ( s.dataTypes[ 0 ] !== "*" ? ", " + allTypes + "; q=0.01" : "" ) : + s.accepts[ "*" ] + ); + + // Check for headers option + for ( i in s.headers ) { + jqXHR.setRequestHeader( i, s.headers[ i ] ); + } + + // Allow custom headers/mimetypes and early abort + if ( s.beforeSend && + ( s.beforeSend.call( callbackContext, jqXHR, s ) === false || completed ) ) { + + // Abort if not done already and return + return jqXHR.abort(); + } + + // Aborting is no longer a cancellation + strAbort = "abort"; + + // Install callbacks on deferreds + completeDeferred.add( s.complete ); + jqXHR.done( s.success ); + jqXHR.fail( s.error ); + + // Get transport + transport = inspectPrefiltersOrTransports( transports, s, options, jqXHR ); + + // If no transport, we auto-abort + if ( !transport ) { + done( -1, "No Transport" ); + } else { + jqXHR.readyState = 1; + + // Send global event + if ( fireGlobals ) { + globalEventContext.trigger( "ajaxSend", [ jqXHR, s ] ); + } + + // If request was aborted inside ajaxSend, stop there + if ( completed ) { + return jqXHR; + } + + // Timeout + if ( s.async && s.timeout > 0 ) { + timeoutTimer = window.setTimeout( function() { + jqXHR.abort( "timeout" ); + }, s.timeout ); + } + + try { + completed = false; + transport.send( requestHeaders, done ); + } catch ( e ) { + + // Rethrow post-completion exceptions + if ( completed ) { + throw e; + } + + // Propagate others as results + done( -1, e ); + } + } + + // Callback for when everything is done + function done( status, nativeStatusText, responses, headers ) { + var isSuccess, success, error, response, modified, + statusText = nativeStatusText; + + // Ignore repeat invocations + if ( completed ) { + return; + } + + completed = true; + + // Clear timeout if it exists + if ( timeoutTimer ) { + window.clearTimeout( timeoutTimer ); + } + + // Dereference transport for early garbage collection + // (no matter how long the jqXHR object will be used) + transport = undefined; + + // Cache response headers + responseHeadersString = headers || ""; + + // Set readyState + jqXHR.readyState = status > 0 ? 4 : 0; + + // Determine if successful + isSuccess = status >= 200 && status < 300 || status === 304; + + // Get response data + if ( responses ) { + response = ajaxHandleResponses( s, jqXHR, responses ); + } + + // Use a noop converter for missing script but not if jsonp + if ( !isSuccess && + jQuery.inArray( "script", s.dataTypes ) > -1 && + jQuery.inArray( "json", s.dataTypes ) < 0 ) { + s.converters[ "text script" ] = function() {}; + } + + // Convert no matter what (that way responseXXX fields are always set) + response = ajaxConvert( s, response, jqXHR, isSuccess ); + + // If successful, handle type chaining + if ( isSuccess ) { + + // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. + if ( s.ifModified ) { + modified = jqXHR.getResponseHeader( "Last-Modified" ); + if ( modified ) { + jQuery.lastModified[ cacheURL ] = modified; + } + modified = jqXHR.getResponseHeader( "etag" ); + if ( modified ) { + jQuery.etag[ cacheURL ] = modified; + } + } + + // if no content + if ( status === 204 || s.type === "HEAD" ) { + statusText = "nocontent"; + + // if not modified + } else if ( status === 304 ) { + statusText = "notmodified"; + + // If we have data, let's convert it + } else { + statusText = response.state; + success = response.data; + error = response.error; + isSuccess = !error; + } + } else { + + // Extract error from statusText and normalize for non-aborts + error = statusText; + if ( status || !statusText ) { + statusText = "error"; + if ( status < 0 ) { + status = 0; + } + } + } + + // Set data for the fake xhr object + jqXHR.status = status; + jqXHR.statusText = ( nativeStatusText || statusText ) + ""; + + // Success/Error + if ( isSuccess ) { + deferred.resolveWith( callbackContext, [ success, statusText, jqXHR ] ); + } else { + deferred.rejectWith( callbackContext, [ jqXHR, statusText, error ] ); + } + + // Status-dependent callbacks + jqXHR.statusCode( statusCode ); + statusCode = undefined; + + if ( fireGlobals ) { + globalEventContext.trigger( isSuccess ? "ajaxSuccess" : "ajaxError", + [ jqXHR, s, isSuccess ? success : error ] ); + } + + // Complete + completeDeferred.fireWith( callbackContext, [ jqXHR, statusText ] ); + + if ( fireGlobals ) { + globalEventContext.trigger( "ajaxComplete", [ jqXHR, s ] ); + + // Handle the global AJAX counter + if ( !( --jQuery.active ) ) { + jQuery.event.trigger( "ajaxStop" ); + } + } + } + + return jqXHR; + }, + + getJSON: function( url, data, callback ) { + return jQuery.get( url, data, callback, "json" ); + }, + + getScript: function( url, callback ) { + return jQuery.get( url, undefined, callback, "script" ); + } +} ); + +jQuery.each( [ "get", "post" ], function( _i, method ) { + jQuery[ method ] = function( url, data, callback, type ) { + + // Shift arguments if data argument was omitted + if ( isFunction( data ) ) { + type = type || callback; + callback = data; + data = undefined; + } + + // The url can be an options object (which then must have .url) + return jQuery.ajax( jQuery.extend( { + url: url, + type: method, + dataType: type, + data: data, + success: callback + }, jQuery.isPlainObject( url ) && url ) ); + }; +} ); + +jQuery.ajaxPrefilter( function( s ) { + var i; + for ( i in s.headers ) { + if ( i.toLowerCase() === "content-type" ) { + s.contentType = s.headers[ i ] || ""; + } + } +} ); + + +jQuery._evalUrl = function( url, options, doc ) { + return jQuery.ajax( { + url: url, + + // Make this explicit, since user can override this through ajaxSetup (#11264) + type: "GET", + dataType: "script", + cache: true, + async: false, + global: false, + + // Only evaluate the response if it is successful (gh-4126) + // dataFilter is not invoked for failure responses, so using it instead + // of the default converter is kludgy but it works. + converters: { + "text script": function() {} + }, + dataFilter: function( response ) { + jQuery.globalEval( response, options, doc ); + } + } ); +}; + + +jQuery.fn.extend( { + wrapAll: function( html ) { + var wrap; + + if ( this[ 0 ] ) { + if ( isFunction( html ) ) { + html = html.call( this[ 0 ] ); + } + + // The elements to wrap the target around + wrap = jQuery( html, this[ 0 ].ownerDocument ).eq( 0 ).clone( true ); + + if ( this[ 0 ].parentNode ) { + wrap.insertBefore( this[ 0 ] ); + } + + wrap.map( function() { + var elem = this; + + while ( elem.firstElementChild ) { + elem = elem.firstElementChild; + } + + return elem; + } ).append( this ); + } + + return this; + }, + + wrapInner: function( html ) { + if ( isFunction( html ) ) { + return this.each( function( i ) { + jQuery( this ).wrapInner( html.call( this, i ) ); + } ); + } + + return this.each( function() { + var self = jQuery( this ), + contents = self.contents(); + + if ( contents.length ) { + contents.wrapAll( html ); + + } else { + self.append( html ); + } + } ); + }, + + wrap: function( html ) { + var htmlIsFunction = isFunction( html ); + + return this.each( function( i ) { + jQuery( this ).wrapAll( htmlIsFunction ? html.call( this, i ) : html ); + } ); + }, + + unwrap: function( selector ) { + this.parent( selector ).not( "body" ).each( function() { + jQuery( this ).replaceWith( this.childNodes ); + } ); + return this; + } +} ); + + +jQuery.expr.pseudos.hidden = function( elem ) { + return !jQuery.expr.pseudos.visible( elem ); +}; +jQuery.expr.pseudos.visible = function( elem ) { + return !!( elem.offsetWidth || elem.offsetHeight || elem.getClientRects().length ); +}; + + + + +jQuery.ajaxSettings.xhr = function() { + try { + return new window.XMLHttpRequest(); + } catch ( e ) {} +}; + +var xhrSuccessStatus = { + + // File protocol always yields status code 0, assume 200 + 0: 200, + + // Support: IE <=9 only + // #1450: sometimes IE returns 1223 when it should be 204 + 1223: 204 + }, + xhrSupported = jQuery.ajaxSettings.xhr(); + +support.cors = !!xhrSupported && ( "withCredentials" in xhrSupported ); +support.ajax = xhrSupported = !!xhrSupported; + +jQuery.ajaxTransport( function( options ) { + var callback, errorCallback; + + // Cross domain only allowed if supported through XMLHttpRequest + if ( support.cors || xhrSupported && !options.crossDomain ) { + return { + send: function( headers, complete ) { + var i, + xhr = options.xhr(); + + xhr.open( + options.type, + options.url, + options.async, + options.username, + options.password + ); + + // Apply custom fields if provided + if ( options.xhrFields ) { + for ( i in options.xhrFields ) { + xhr[ i ] = options.xhrFields[ i ]; + } + } + + // Override mime type if needed + if ( options.mimeType && xhr.overrideMimeType ) { + xhr.overrideMimeType( options.mimeType ); + } + + // X-Requested-With header + // For cross-domain requests, seeing as conditions for a preflight are + // akin to a jigsaw puzzle, we simply never set it to be sure. + // (it can always be set on a per-request basis or even using ajaxSetup) + // For same-domain requests, won't change header if already provided. + if ( !options.crossDomain && !headers[ "X-Requested-With" ] ) { + headers[ "X-Requested-With" ] = "XMLHttpRequest"; + } + + // Set headers + for ( i in headers ) { + xhr.setRequestHeader( i, headers[ i ] ); + } + + // Callback + callback = function( type ) { + return function() { + if ( callback ) { + callback = errorCallback = xhr.onload = + xhr.onerror = xhr.onabort = xhr.ontimeout = + xhr.onreadystatechange = null; + + if ( type === "abort" ) { + xhr.abort(); + } else if ( type === "error" ) { + + // Support: IE <=9 only + // On a manual native abort, IE9 throws + // errors on any property access that is not readyState + if ( typeof xhr.status !== "number" ) { + complete( 0, "error" ); + } else { + complete( + + // File: protocol always yields status 0; see #8605, #14207 + xhr.status, + xhr.statusText + ); + } + } else { + complete( + xhrSuccessStatus[ xhr.status ] || xhr.status, + xhr.statusText, + + // Support: IE <=9 only + // IE9 has no XHR2 but throws on binary (trac-11426) + // For XHR2 non-text, let the caller handle it (gh-2498) + ( xhr.responseType || "text" ) !== "text" || + typeof xhr.responseText !== "string" ? + { binary: xhr.response } : + { text: xhr.responseText }, + xhr.getAllResponseHeaders() + ); + } + } + }; + }; + + // Listen to events + xhr.onload = callback(); + errorCallback = xhr.onerror = xhr.ontimeout = callback( "error" ); + + // Support: IE 9 only + // Use onreadystatechange to replace onabort + // to handle uncaught aborts + if ( xhr.onabort !== undefined ) { + xhr.onabort = errorCallback; + } else { + xhr.onreadystatechange = function() { + + // Check readyState before timeout as it changes + if ( xhr.readyState === 4 ) { + + // Allow onerror to be called first, + // but that will not handle a native abort + // Also, save errorCallback to a variable + // as xhr.onerror cannot be accessed + window.setTimeout( function() { + if ( callback ) { + errorCallback(); + } + } ); + } + }; + } + + // Create the abort callback + callback = callback( "abort" ); + + try { + + // Do send the request (this may raise an exception) + xhr.send( options.hasContent && options.data || null ); + } catch ( e ) { + + // #14683: Only rethrow if this hasn't been notified as an error yet + if ( callback ) { + throw e; + } + } + }, + + abort: function() { + if ( callback ) { + callback(); + } + } + }; + } +} ); + + + + +// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432) +jQuery.ajaxPrefilter( function( s ) { + if ( s.crossDomain ) { + s.contents.script = false; + } +} ); + +// Install script dataType +jQuery.ajaxSetup( { + accepts: { + script: "text/javascript, application/javascript, " + + "application/ecmascript, application/x-ecmascript" + }, + contents: { + script: /\b(?:java|ecma)script\b/ + }, + converters: { + "text script": function( text ) { + jQuery.globalEval( text ); + return text; + } + } +} ); + +// Handle cache's special case and crossDomain +jQuery.ajaxPrefilter( "script", function( s ) { + if ( s.cache === undefined ) { + s.cache = false; + } + if ( s.crossDomain ) { + s.type = "GET"; + } +} ); + +// Bind script tag hack transport +jQuery.ajaxTransport( "script", function( s ) { + + // This transport only deals with cross domain or forced-by-attrs requests + if ( s.crossDomain || s.scriptAttrs ) { + var script, callback; + return { + send: function( _, complete ) { + script = jQuery( " +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

backup-restore.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/contribute.html b/refs/pull/201/merge/it/contribute.html new file mode 100644 index 000000000..3496b8b15 --- /dev/null +++ b/refs/pull/201/merge/it/contribute.html @@ -0,0 +1,1261 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | contribute.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

contribute.rst

+

Instruction to join in the development here.

+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/defined-terms.html b/refs/pull/201/merge/it/defined-terms.html new file mode 100644 index 000000000..d4c248749 --- /dev/null +++ b/refs/pull/201/merge/it/defined-terms.html @@ -0,0 +1,1359 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | defined-terms.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

defined-terms.rst

+

Di seguito le descrizioni di acronimi e definizioni, correlati al presente documento utili ad approfondimenti su tematiche che completano l' it-wallet e i componenti con i quali interagisce.

+
+

Acronimi

+ ++++ + + + + + + + + + + + + + + + + + + + + + + +

Acronimo

Descrizione

OID4VP

OpenID for Verifiable Presentation

PID

Person Identification Data

VC

Verifiable Credential

VP

Verifiable Presentation

API

Application Programming Interface. Insieme componenti previsti per semplificare gli scenari di integrazione di uno specifico Sistema.

+
+
+

Definizioni

+ ++++ + + + + + + + + + + + + + +

Definizione

Descrizione

Wallet Instance

Mobile App che gestisce, memorizza e protegge le Verifiable Credentials di un holder e ne consente la presentazione ad una Relying Party

Relying Party

Entità che riceve da una Wallet Instance una o più VP e processa le stesse

+
+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/genindex.html b/refs/pull/201/merge/it/genindex.html new file mode 100644 index 000000000..9a2e2af14 --- /dev/null +++ b/refs/pull/201/merge/it/genindex.html @@ -0,0 +1,1253 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | Index + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + +

Index

+ +
+ +
+ + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/index.html b/refs/pull/201/merge/it/index.html new file mode 100644 index 000000000..78b5183b6 --- /dev/null +++ b/refs/pull/201/merge/it/index.html @@ -0,0 +1,1397 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | The Italian EUDI Wallet implementation profile + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + +
+

The Italian EUDI Wallet implementation profile

+

[TODO INTRO]

+

Introduzione

+

cos'è eIDAS

+

cos’è IT-Wallet

+

scopo delle regole tecniche

+

In this documentation you can find the technical specification +for implementing the following components:

+
+
    +

  • Entities of the ecosystem according to EIDAS-ARF.

    • +

  • Infrastructure of trust attesting realiability and eligibility of the participants.

    • +

  • PID and EAAs data schemes and attribute sets.

    • +

  • PID/EAA in MDL CBOR format.

    • +

  • PID/EAA in SD-JWT format.

    • +

  • Wallet Solution general architecture.

    • +

  • Wallet Instance Attestation data model in JWS format.

    • +

  • Issuance of PID/EAA according to OpenID4VCI.

    • +

  • Presentation of PID/EAA according to OpenID4VP.

    • +

  • Presentation of pseudonyms according to SIOPv2.

    • +

  • PID/EAA backup and restore mechanisms.

    • +

  • PID/EAA revocation lists.

    • +
+
+
+

Index of content

+
+ +
+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/issuance.html b/refs/pull/201/merge/it/issuance.html new file mode 100644 index 000000000..dac374446 --- /dev/null +++ b/refs/pull/201/merge/it/issuance.html @@ -0,0 +1,1308 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | issuance.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

issuance.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/objects.inv b/refs/pull/201/merge/it/objects.inv new file mode 100644 index 000000000..adbbdf735 Binary files /dev/null and b/refs/pull/201/merge/it/objects.inv differ diff --git a/refs/pull/201/merge/it/pid-eaa-data.html b/refs/pull/201/merge/it/pid-eaa-data.html new file mode 100644 index 000000000..e9c800021 --- /dev/null +++ b/refs/pull/201/merge/it/pid-eaa-data.html @@ -0,0 +1,1308 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | pid-eaa-data.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

pid-eaa-data.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/pid-eaa-mdoc-cbor.html b/refs/pull/201/merge/it/pid-eaa-mdoc-cbor.html new file mode 100644 index 000000000..45229946c --- /dev/null +++ b/refs/pull/201/merge/it/pid-eaa-mdoc-cbor.html @@ -0,0 +1,1308 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | pid-eaa-mdoc-cbor.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

pid-eaa-mdoc-cbor.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/pid-eaa-sd-jwt.html b/refs/pull/201/merge/it/pid-eaa-sd-jwt.html new file mode 100644 index 000000000..00f6a2381 --- /dev/null +++ b/refs/pull/201/merge/it/pid-eaa-sd-jwt.html @@ -0,0 +1,1308 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | pid-eaa-sd-jwt.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

pid-eaa-sd-jwt.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/pseudonyms.html b/refs/pull/201/merge/it/pseudonyms.html new file mode 100644 index 000000000..0d610c1be --- /dev/null +++ b/refs/pull/201/merge/it/pseudonyms.html @@ -0,0 +1,1308 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | pseudonyms.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

pseudonyms.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/revocation-lists.html b/refs/pull/201/merge/it/revocation-lists.html new file mode 100644 index 000000000..5cdf58d7c --- /dev/null +++ b/refs/pull/201/merge/it/revocation-lists.html @@ -0,0 +1,1308 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | revocation-lists.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

revocation-lists.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/search.html b/refs/pull/201/merge/it/search.html new file mode 100644 index 000000000..054dcf081 --- /dev/null +++ b/refs/pull/201/merge/it/search.html @@ -0,0 +1,1267 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | Search + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + + +
+ +
+ + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/searchindex.js b/refs/pull/201/merge/it/searchindex.js new file mode 100644 index 000000000..d9eae94c9 --- /dev/null +++ b/refs/pull/201/merge/it/searchindex.js @@ -0,0 +1 @@ +Search.setIndex({"docnames": ["backup-restore", "contribute", "defined-terms", "index", "issuance", "pid-eaa-data", "pid-eaa-mdoc-cbor", "pid-eaa-sd-jwt", "pseudonyms", "revocation-lists", "ssi-introduction", "standards", "trust", "wallet-instance-attestation", "wallet-solution"], "filenames": ["backup-restore.rst", "contribute.rst", "defined-terms.rst", "index.rst", "issuance.rst", "pid-eaa-data.rst", "pid-eaa-mdoc-cbor.rst", "pid-eaa-sd-jwt.rst", "pseudonyms.rst", "revocation-lists.rst", "ssi-introduction.rst", "standards.rst", "trust.rst", "wallet-instance-attestation.rst", "wallet-solution.rst"], "titles": ["backup-restore.rst", "contribute.rst", "defined-terms.rst", "The Italian EUDI Wallet implementation profile", "issuance.rst", "pid-eaa-data.rst", "pid-eaa-mdoc-cbor.rst", "pid-eaa-sd-jwt.rst", "pseudonyms.rst", "revocation-lists.rst", "ssi-introduction.rst", "Standards", "trust.rst", "wallet-instance-attestation.rst", "wallet-solution.rst"], "terms": {"tutti": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "gli": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "esempi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "contenuti": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "questa": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "documentazion": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "sono": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "da": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "intendersi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "come": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "non": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "normativi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "all": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "exampl": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "contain": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "thi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "document": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "ar": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "meant": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "norm": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "what": [0, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "useful": [0, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "todo": [0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "req": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "1": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "2": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "tabl": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "paramet": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "claim": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "descript": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "kei": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "valu": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "instruct": 1, "join": 1, "develop": 1, "here": 1, "di": 2, "seguito": 2, "le": 2, "descrizioni": 2, "e": 2, "correlati": 2, "al": 2, "present": [2, 3], "documento": 2, "utili": 2, "ad": 2, "approfondimenti": 2, "su": 2, "tematich": 2, "che": 2, "completano": 2, "l": 2, "wallet": 2, "i": 2, "componenti": 2, "con": 2, "quali": 2, "interagisc": 2, "acronimo": 2, "descrizion": 2, "oid4vp": 2, "openid": 2, "verifi": 2, "pid": [2, 3], "person": 2, "identif": 2, "data": [2, 3], "vc": 2, "credenti": 2, "vp": 2, "api": 2, "applic": 2, "program": 2, "interfac": 2, "insiem": 2, "previsti": 2, "per": 2, "semplificar": 2, "scenari": 2, "integrazion": 2, "uno": 2, "specifico": 2, "sistema": 2, "definizion": 2, "instanc": [2, 3], "mobil": 2, "app": 2, "gestisc": 2, "memorizza": 2, "protegg": 2, "un": 2, "holder": 2, "ne": 2, "consent": 2, "la": 2, "presentazion": 2, "una": 2, "reli": 2, "parti": 2, "entit\u00e0": 2, "ricev": 2, "o": 2, "pi\u00f9": 2, "processa": 2, "stess": 2, "intro": 3, "introduzion": 3, "co": 3, "\u00e8": 3, "eida": 3, "IT": 3, "scopo": 3, "dell": 3, "regol": 3, "tecnich": 3, "In": 3, "you": 3, "can": 3, "find": 3, "technic": 3, "specif": 3, "follow": 3, "compon": 3, "entiti": 3, "ecosystem": 3, "accord": 3, "arf": 3, "infrastructur": 3, "trust": 3, "attest": 3, "realiabl": 3, "elig": 3, "particip": 3, "eaa": 3, "scheme": 3, "attribut": 3, "set": 3, "mdl": 3, "cbor": 3, "format": 3, "sd": 3, "jwt": 3, "solut": 3, "gener": 3, "architectur": 3, "model": 3, "jw": 3, "issuanc": 3, "openid4vci": 3, "openid4vp": 3, "pseudonym": 3, "siopv2": 3, "backup": 3, "restor": 3, "mechan": 3, "revoc": 3, "list": 3, "ssi": 3, "introduct": 3, "rst": 3, "properti": 3, "requir": 3, "consider": 3, "librari": 3, "code": 3, "snippet": 3, "extern": 3, "refer": 3, "defin": 3, "term": 3, "acronimi": 3, "definizioni": 3, "mdoc": 3, "contribut": 3, "standard": 3}, "objects": {}, "objtypes": {}, "objnames": {}, "titleterms": {"backup": 0, "restor": 0, "rst": [0, 1, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "gener": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "properti": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "requir": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "attribut": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "implement": [0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "consider": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "librari": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "code": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "snippet": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "extern": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "refer": [0, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14], "contribut": 1, "defin": 2, "term": 2, "acronimi": 2, "definizioni": 2, "The": 3, "italian": 3, "eudi": 3, "wallet": [3, 13, 14], "profil": 3, "index": 3, "content": 3, "issuanc": 4, "pid": [5, 6, 7], "eaa": [5, 6, 7], "data": 5, "mdoc": 6, "cbor": 6, "sd": 7, "jwt": 7, "pseudonym": 8, "revoc": 9, "list": 9, "ssi": 10, "introduct": 10, "standard": 11, "trust": 12, "instanc": 13, "attest": 13, "solut": 14}, "envversion": {"sphinx.domains.c": 2, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 6, "sphinx.domains.index": 1, "sphinx.domains.javascript": 2, "sphinx.domains.math": 2, "sphinx.domains.python": 3, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1, "sphinx.ext.todo": 2, "sphinx": 56}}) \ No newline at end of file diff --git a/refs/pull/201/merge/it/ssi-introduction.html b/refs/pull/201/merge/it/ssi-introduction.html new file mode 100644 index 000000000..17f026a2b --- /dev/null +++ b/refs/pull/201/merge/it/ssi-introduction.html @@ -0,0 +1,1308 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | ssi-introduction.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

ssi-introduction.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/standards.html b/refs/pull/201/merge/it/standards.html new file mode 100644 index 000000000..e70988b8e --- /dev/null +++ b/refs/pull/201/merge/it/standards.html @@ -0,0 +1,1256 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | Standards + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

Standards

+

TODO

+
+ + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/trust.html b/refs/pull/201/merge/it/trust.html new file mode 100644 index 000000000..c9d3677e2 --- /dev/null +++ b/refs/pull/201/merge/it/trust.html @@ -0,0 +1,1308 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | trust.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

trust.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/wallet-instance-attestation.html b/refs/pull/201/merge/it/wallet-instance-attestation.html new file mode 100644 index 000000000..17afb37e4 --- /dev/null +++ b/refs/pull/201/merge/it/wallet-instance-attestation.html @@ -0,0 +1,1308 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | wallet-instance-attestation.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

wallet-instance-attestation.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/refs/pull/201/merge/it/wallet-solution.html b/refs/pull/201/merge/it/wallet-solution.html new file mode 100644 index 000000000..89ae6834a --- /dev/null +++ b/refs/pull/201/merge/it/wallet-solution.html @@ -0,0 +1,1308 @@ + + + + + + + + The Italian EUDI Wallet implementation profile version: latest documentation | wallet-solution.rst + + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+
+ +
+
+

+ + Docs Italia + + beta + + +

+

Public documents, made digital.

+
+
+
+
+ + + The Italian EUDI Wallet implementation profile version: latest documentation + +
+
+ +
+ + Project: + + Progetto demo + +
+ + +
+ + Administration: + + Organizzazione demo + +
+ +
+
+
+
+
+
+
+ +
+
+ + +
+
+ + + + About this document + + +
+
+
+ +
+
+
+
+
+ +
+
+
    + +
+
+
+
+ + + +
+ + + Source + +
+
+
+ +
+ + + Actions + +
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+

wallet-solution.rst

+

[What is it]

+

[What it is usefull for]

+

[Example]

+
+

General Properties

+

[TODO]

+
+
+

Requirements

+
+
    +

  • req 1

    • +

  • req 2

    • +
+
+
+
+

Attributes

+

[Table with parameters/attributes]

+ ++++ + + + + + + + + + + +

Claim

Description

key

value

+
+
+

Implementation considerations

+

TODO

+
+
+

Libraries and code snippets

+

TODO

+
+
+

External references

+

TODO

+
+
+ + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file