From ba08c9fe36c4c7c7a9f657cfcb3636482e775457 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Wed, 27 Jan 2021 16:47:49 +0000
Subject: [PATCH] notes on  and alternatives

---
 .../2858-Multiple-SSO-Identity-Providers.md   |  29 +++++++++++++++---
 proposals/images/2858-login.png               | Bin 0 -> 12618 bytes
 2 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 proposals/images/2858-login.png

diff --git a/proposals/2858-Multiple-SSO-Identity-Providers.md b/proposals/2858-Multiple-SSO-Identity-Providers.md
index 981eb4bf..65877c00 100644
--- a/proposals/2858-Multiple-SSO-Identity-Providers.md
+++ b/proposals/2858-Multiple-SSO-Identity-Providers.md
@@ -94,6 +94,8 @@ of an object with the following fields:
    any of the above, but are expected to apply a sensible unbranded fallback
    for any brand they do not recognise/support.
 
+   Where `icon` and `brand` are both present, it is recommended that clients
+   which support the `brand` give precedence to `brand` over `icon`.
 
 ### Extend the `/login/sso/redirect` endpoint
 
@@ -115,10 +117,6 @@ SSO flow option without any `identity_providers` as there is no method for
 a client to choose an IdP within that flow at this time nor is it as
 essential.
 
-## Potential issues
-
-None discovered at this time
-
 
 ## Alternatives
 
@@ -131,6 +129,29 @@ for the server to deterministically always pick one, maybe the first option and
 old clients only auth via that one but that means potentially locking users out of their
 accounts.
 
+### Styling information as an alternative to `brand`
+
+The `brand` field is intended to allow clients to style "login" buttons according
+to the identity provider in question. For example, a mobile application might
+show:
+
+![login buttons](images/2858-login.png)
+
+Some identity providers have very specific rules about how such buttons should
+be presented, so a fine level of control is important.
+
+An alternative way to achieve this would be for the server to give full details
+about the styling: icon, font colour, border colour, background colour,
+etc. However, this soon becomes unscalable. For example, it might be desirable
+to offer each logo at a range of resolutions to suit different screen sizes.
+Likewise, some brands need different styling depending on the background
+colour, so a complete second set of colours must be specified to account for
+dark or light themes.
+
+## Potential issues
+
+ * New Identity Providers added by server administators will be unbranded until
+   clients adopt support for the new brand.
 
 ## Security considerations
 
diff --git a/proposals/images/2858-login.png b/proposals/images/2858-login.png
new file mode 100644
index 0000000000000000000000000000000000000000..0d0a06f618c9416219ecdad9857462b33b6dfe8a
GIT binary patch
literal 12618
zcma*O1yq&M*Y1mg2vVB{$xSLLt#petQqtYsAt|*fN$CzLVbk4>bW2N@GzduD#s9nK
zj`N){?l+EOFa-9ydDmKVuKCP&J-;2QDE}Vg#mg562nZM-q{KfWAUweaUl=IJ;5V=Q
zlx)F&NKT?3R8YV_FBD@K0s<w%2XPS<_q2nh&(71+>6a&$4SJ4_IF3*#>WBVkVw6zI
zXX5d%Fe6{h6qCUZUg@mo*OYST$n%x;xt2DXURNvd9h{kO@2*Ek_wg#@Gk+}cr%HVB
zB2Y$(k|sJ3;@FmvmbQPim?32NRib}5PE6|5yL3}C<7}aAWsW`&>+{jd{XyxAAW>)_
zWDV`3g3Gf&$Yg3D3_?YPLnR7>Nx@K{R8&x^Kp5=*{+F&)L43TtS9eFgqfJMxB&Gjk
z(FnqW^78VE%7P(E*o1`dEi7K==jV6#^+jpuaxLd0{5@J3^}XNrtu!5edH>h$fuL%R
z)WM{HF{DdGL19!yT?|%OK4(qJ?;id2E9TFiKR>m2UKDQj;ZucRQJCKRJy>*KkF@?(
zZZN^X7+BBi!B75kaImPPWPMQYo}HGKmO6pVNw#~{er#q&($%#V2?nVO95>IauEq=K
zXzvJke&Ws#F5wWjw6rw0wl+SPuZh$A0PUV;78K0*^5toSBsF)cO}C>_u#}!2MOcoa
zqT-t(d^}O@yN}As6?4{8Gc#X5N!p&gfJ)*~PzY_2y+p-^ii>~e6xY<!x*pUM%&Dny
zVJLwH!rJ2lVL7jwAMT$oeqIT<JtEZ2tApDy6hi}(kd$$#=oO}q7iN9lYklVHk&t=C
z!jKYXi2|kTh!2!<Q|Ga<IaqY)JMcP7O)bcIAqxAzo^58<iXx#@XlMTWcZZleKlzIn
zFZu^ZH+>)W2st@9k0)dvM7+F6XZ6~GRT<SKn|L`ga$Y&RxL~6r4-5^Z#aodJ`J^2l
z+S=ByBFoZE){j&y9GqWV7}RKvTh?%LagASE)J^NZiB3-b;OY4<Z%RS7v@jSpxof<?
zaCAJGdC&Uq-%Zz1>ab}9a#zpM-M<INhr7#Dp^WQohliXn8C5m4QxJjJA3vCU&T}c`
zesak7MNw@3?g-e}*oaO{<T-S5Jz5?f=2?lDw%p`tyT;faNv9SN5FmZSv+PbCCHSu}
zaDbC=`f%t_;4>>K1R-(IW#F@C3wf1NCp8X;gQ{xJ;Zl=@wKb{3m+0C3o&#5ft6$<j
zJz8|Fxk+s6NZ_;K@&)TNT6UX#LicQKS3Rs(hi+|y6-Iqmo2<UXw%M@V*OtsNWo0b#
zDylj-1c|wmyY-t17yS3#MiVbWh2Ot_&Yc<w_r2TC`~JPs_rWKDRS&a$rc`UL$_y(s
zG?etMJwn0c0GZoj$9j~Iysxj&=H_Oaz~=<8rj}M#V2wA53Nj3r8eIszCEeV3?Aq?Q
z7wYW#Ositj(}#_s1YAEfjB*g6gRK#ro{k~x>dNge?B}-Po!AwErL3k#@GUbG)>>F2
z{?CS6Q>&Nf!N}H;owlckhK@$Ogtw~m*h&6!(FyD1<U~bPb=9%KFPkk)r^$8o#NGX*
zhw!=s%cmX8)%|)i@x-%5MO}SzWo5Lk^@3T~`$AP(TH1X(-K`J~Z`<Mcd$90cLgJYM
z{|Qpt^{`$4$cX9wOsSrEnSy}<^lWRmX@jHt9H$0y^19W5EBuMGCmCH;wJ_DH{abTO
zOVN_)kJ{R@A|g*5931|vv<YdO&Q+Q$I*kf2X;#A`NqE4nPC51~n6}KXuTR<>OjHI}
zg9;#+83m>pGHPdGvHGjRsJpux<U|O_gcPf?4%<3C6<ey_1#cX6c%h4#p`oD^k=Y>F
zNRh>RmgF1v=Bj4BR<^cVAel%(65ILSEP%`%A0HQSbaZq_eO@yC@}7f@2p!az^|R}p
z{e84H@<Vw#diuDeB-p}%Wd6q|V!o@-k&)jz??3_q0#+|^aBzC>%<g8Jby>3&r5ej8
zweiHd`49D&GDrJjsNY{_c|EU7@P4PMnliq(zkhP=#eegsYBit4?Pyuf#Kfe&gw0DG
zDfs@Wo2%=ZGcQ}RY+^NvrlzL3g@wU*j>KvW4LUNSWNwUViQ38eq(aCb=JPRe_ZHo+
z<O0$P3RocMZsIFCV1otqFE%*6X3_=~iqu6U&Y(bk`uI%mmJzb1Mr@q=SOANQi=|{`
zjn{i4R~H&JOA|&$M(ovdzkd&QTlRQfswM-{76SuA+il4uub^OZX-Q616<<R`!`Q^6
z!tF?xi2x16)~N3*8G^B~ak<yE<NbMokdls$97wpMwg<uV^mOax=HwhDQ}WL(x+56^
zgUc<SL1j=;QL#VYQJR74jY=m|aF$BAWb}95dP&bNNnL+UUuO`CVTrzq=vr;J=C1O*
z*bCnZGB!1>bU#_MN2BK9AuLrJY`Yz7`+a%SaQ|=rH6x>#5?*Xv99YQs#Kg&kg~8kF
zv$<*uTvSw48W5(qxPSp;!>(YAS7DtA%v#4ccaP)ux%(%x74@l9t+KLGN=mBTu;Pu`
z2&sIgpq#QYE^>f>ef?W<pDP2~hE0Oq5m~2kjF_Nn>qU3Q5G?fwkCItyZl{A&6LzZ$
zwEm$XW02T87ykxZ;jdmS)Y?$LdzajF*vLpa)n!D(#l_V=*1j)>B@no9&}x2b4EFGk
zPZd=Brl;+QSmh4ul8d&Nv_`MHz|bT?<|79@snHycQxNn}a@&Q&S-;nTLa7Tca9)b!
zKW@KkzS{RCsYsJAFk0``@;Du^dtb%Nk)R82qY)0)U`hzr)heAi){Yz{$rwEGP%FVN
zndUWZ7}Xope-o$|rK&5dr{wEudbrrYe|pRVi>y&}*myO|qSq^zpI<m_iAj2uB!-XA
zq^sS3ce%uPCZ4mC@%eBSl)aWe2<Eo7EGrN9m*cz6%8DFpOA-R&2osZ&*UN5gP6IbR
zJrevU-A3v;FRGTewQzlH_?gk5l2n7#FQ8QHrZBKN8Z8Uy5JP99U|5e~$I)d}qj59D
z(6n;SnkZ5dsNZ`g4pSHivtf-Ut0%G;3L75~!?hE4$>!YW>nJf(Qz~KM;TCpwiImue
z1jNfzpWO+YV<PqshmNZ^>Q;PGzkjC#a^5*=h5|KB0I6MTvmj|>!wmLQuI&~^7HCYe
zPjs7GTQiuoY891~{MAY@;Hqp3pO^?xmDs2~_%n{ln@iM6bMo?xr_@kn--vfZ{<ofi
zc=T^_7mauz1UqKH^#8A$k#&FVr>}?AsyvOPsU=MO`Cy88z+9A!ry?jcD2au$=xl6@
zMcgEmO#Rv+L~2aX?{wUDQR^YRJ?KoY{);HABuPH%Cr-HSI8KCKE7{V-rcv-f{Z=T_
z0iyduHO96T>*(@K2&5{4*M$6g(@|gjYOPX$v9=La>rd+X<$vjqy@*tK71`0(%j5L7
z+?EY&Vl-o(Px9ArMgRJLC`p4DdLHwnb-1m)g7*D}ne?K^=&L{XuX2ggWP^5}WAB*L
zkBtkioq%_3T;iTe^GL$x7&b_0HX^cUsRALnF%WD~@r|%Qe27^YsbN0Dyyqn|S;Iqg
z8)w*m4#kW3znms6v0sYAEEx8nIVo|llNq>v<4voKsfQ&y`#AFr&i9*p%%d_#ZTP)j
z0~$>?C+_rN1TQn<8FdtH)%A%|L1>AbY4!DN)-Wr~)Flw21gS}Y{WR|^HzoTXsrQ5u
z+~=(u!BMNg)o2FYhI7`y07VLh8T<M@ocZc2d6=3@_qUws?AmV3rD>;M1&!QmFJPLm
zorKbM_t_SNz(tnk8`sr;2W_~24$%`&W~a0MtOWctZ`|=_d&g-(Ow{Vd_wSn(B~iD!
z3+d6a&^o*%bl$9ZeOtdiKO%Y|XnUzt>4wzd0wxVBG%PiDBFstVtF}sLt3@8IEltD-
z8_P-`%eoEcnyYTOPHOdJ-9fMSxqN|ynE6%68*wzVc9qZZjb&yjyOwZC`20oBG%W)(
zCnFB#=|k}5{5a#tnD+kPXzi-X@CRYHVX7$yCzj7XSr<=R<LGmgYBWSlII|fwk=ZKh
zb+7A=(^((pcxByIqI`NRZ&mwHp9Po`Zsh2EME9rk59YWU<q2wn?&UR@qlGK>^<bN~
z_&vxj<@XJ3W$%}$h`B9#3e~-6RpU7)o@IL4MxnQ4@pO9+zB4K&uI{W!rN)>NpRFck
zJ|>@4vYxY^a(<n3c*Ex`!_xNp>m@72nw@PdAD3RVr!B+Yl*iS+ypHoe|F6lQvl`#`
z`7<~ln|IXVJ?{HtNH%v!ODxWVYQKe4gUoIg3b)M+n)A_BWznIT6kU<~C+WqVEf;M{
zJ(_H{!;;k+b4UvdiUp(ZwLZyawPIds!9#=;Ot_6+E%_bJe|vn5mM&Y%#d}IibnR!O
z;hA{%x7<oikpk*5emqKsDq<UXK`>GTq<Kx0zZaNyJ$5!77kXMK9*acxrqqo+GUF^P
zlIrC|s$NgaX72;^)#)2!@ponyVTUp$N<}K>Ti<{CoVi`?TaFns3&*h^#d;RTeN?0`
z_+7#uX4dz)P?k<sujQyJA$qMPM~D!cObIn6dPzR33UMhm`y^(yBF3Pj43mG;x7+Q9
z;SNR|>QWBvYQl&9g9J4x8ZSY`BBh=ljFy>Qr5^e$`Q#8!UEaMR>)Qf_?6A-d-@jEX
z(pg1M<kYxRZlAtMMy=MR{58Yw{Nv&&R6-;*U8aBii=w%?3tzD4fNvSOi&v+_v|>Si
z?!bUpdNj;qWQ=Y2i?%4@U7?{7>V-6H2nmes_iu!bvTPBR8ZJzm4nxkfs!q9mFz4k{
zq2NI)$FuP~6LhjFEXb|)<$GCK5a~iV;Wq>Go37}|(4!61TQe)R#ak23<heq0WKltr
zTP*c|c=nh$r=BR+cZ6ggcbyB*g9p>r5#b@xgCgZlJFmy|&G`He<wbRAbB<n>kt-!z
z6YL#zfhu#qMTbx=lVI4q@1rtPFY~k5&}bZ9k9k*9f`F1H6mkR`A`BJJf+uDfLAvHs
z$8?%r+zN`;3aUs_r^Ks#(Mi7|89`vEo@-b|7#os#Z&R@bFQR*^FUG<1%w=sXqie6)
zdFpi$(t)ceHwl9b)BKmtY@;*wF{b{eJaQ2&A^!~9+wIijKkitgA$-R?Gq{etCYS^0
zI5lk8zDuv;mp08Qd`N2sA}l6#b`pJ2M@KFd88AiPz{>R5{?+hg>#^ZcLhHhXm8tL1
z<i?9<{`_{x^=ihdnGV}+wae10A^74`{q7p+bK}Y3HHZIqNiY0N{l#-t!}}9rFo&t4
zv*Yw1oxWR~NVhwu1cuikW+<+1IT@)qg7h1g+49o8w{B55joUs?O9}mC)aTHv>mYka
zJ=MD`&fy8@>7c3!loJ|<rVtwqajAU^Q?S2ZX!FT_z5yx~*pSG*k#1i#xHrzSK@B_0
zCp2E0qfr|EAYNCGBIonOQW^c8gX`)m1@zZ~fQoR5SR5OLjsbR(;W1AJ?HhhcP$WV9
z=C*?}Sdn&=$v?#~6Xct<mW*S^`Zg}!zbfo|hCH=Jl=g74Hil3pE%95s%dE~_s3r0b
zTp*~e2-{fEWqyoV=j%0zZ<OtBO`-t#bQ6bvEkWAD{Zs$5?Kc9){jkx|2+mwpak{CM
z@Je6SKP#WFpZZXMMS3b1nJ7SD-Q+jnx*97sFCp{hM?;M8XOh-E>8Z1cu}|yA>7|I7
zM{E1n-dCeDYeHI|2VA;`AQxKA*&QN_b`Ly1=_w5AuLsS;WfbY@awp7Do!!>>e2_M&
zHD2iRo@CmI$Hj#DOuuv<ETi3UT`%GNdUO?2RF;zTRNXp5Dy#I_?2&HkM+*9!fz8gQ
z?a^2G&qEGRU%h}9h&8^dikIca)f*~s^Xgr!mKt)e<j(;o7ob`BX)bE>&D$&}spdR5
z`$6)JDXg&6p-}l_9|K)rQa0!7GnO0csqzXj8fL`1u<68f8-~E7Ik4@<nOg{4MAv}O
z9**od@2J6hZtJjuGJ7DRLte#1X#e)@#Os`|cQ$)dDtMW8TnEDbhz{ZG#d{F7dGQ5f
z)MbB=BdPgQFJ}Cy9R7Tz$nvQT^BbAES@Z@SoIFF*iT!cVN;H`dj2U4h{9;o`wg;yx
z-Fk5z|MN);dv-p8rwxnXZJz(-<@ET3MPJEPpP&UYJ8^Y)U&{B!m!h(~E%IWzYE=91
zK@*Ktex|J$ie?h-Lk}ud7qZ*76^ieB5!Tz3-LhtE`x>hJnecDS1`a+y3r+f_ao#PB
z^&|+9#vx!ECfL{G3G&V(F^uikY?w(LBV;VB=T_FHhwUW{{K$o@F%(=qCFOPS7gHrv
z^rFVni6Exh*1Rbyv`wG-i3<JxJVYit_j9z!c0V7%S7NFFOxARPfd6V!99oAZoxlmo
zx?{LH3O4qCPDgSoO#%n9Xz7hGlXsoyyvjx?vKnmsIOGJB3X>s*l@he#r<Jkpe_FpW
zwQPkmA2(krQVaQ-2qAu*YuJf_Oolp}fwnHWlI(bqoPvVPX06Wmt-MoH<T)NAmMw$9
zq}(%QRa$5_;TsdEWBK0GhwT~#BBFSfK|%v|^W;Qh=!oYD2Y(AU;qXCR)4kQaHshJ{
zy7?|?R?Vc(w4S=Q1~`pz4GB3by+cR$?3a$({yQNNkC(^JI>3%Uot#iPv28ya-1CXK
z*B;U&Aow-SI{6mzp`y}q*GrUMG>(Kysj;lS@;i;V*F7b<9fDuHINI#DA$mr++PyTC
zbhUsrwBwWUGeUvb-=|ld5Af;2aZ45V_;!;K^<1^0<9|;Ro9(8ol)U_9zDBx|`^^=K
zl_(jxdD1&)BrTVj!>(?hkg~7}aMP2U>?AH7oJ=kYz~=I(XMXgVkLe6B$XWULMhiBD
z{~aBEMQ*#KQ$>mD7gmhcd}Dy&S|F<C$*<SoflV7eq3HDllhkHy3Cqg<^Bohb?0W6Q
zQ}&PRJBLo?XYCq-yq@HKL{%9VvzryWTN2$G5os2CTX)_roVq*o9`fjQ-*mh7Vr50M
zAqPtV%}qC)^zwB^+<Wz9#)2d>EHv++!87uFn>VA{r%VZRg+_NS4aWJS*XNDi>RTbN
zs9Yt)x(|;})viD2J{Xx?wd`?_@!wTp^$*H!#5BP-d-3PgE2Sq>)Jo_&EKPMM#+E4s
zeGzJ2oO0mqQrMrs;a=jFj!gNCg!WyD1oq9}(<^Jxo?K-<*s&IUsIb;{!+05)(lyQe
zLn~QK*-D7jPC!)GluCx+JNu3bN-(A1jFi<jf?c9|?o8oay)BevR;O!!fl<R(2UBC$
z=_-ncai^}S!9arBD#3JOo~?cD7H_6>$Y3-ZSw8Jhf4EY120qfW`tOfMM3Mqx-W%4S
zrROB(yYT|v-{W4Be7fV0Q+luc!+P=^_UllBFoN&)gBKnM)z0Y09eR6j?f>wz(Fynq
zN7sL%wyX);c*nM3M$gUz4NiYP;<)9-YBqA|*jRzqqALUTvyZP|@jNCTtuPpFP{RP;
z*2t!@H=%r;XjhQnNZQdeeIHBGS(Xn4<^~L4!h4OFU(;TCDo$q2I-c#3N~>={D6H~I
zMh6bXB40`SDadoi#p{26L!VqV>@CKe#^r&|i|<Nd{aajz@25$l-rAlE2#O_}ec$ji
zrk`@AN2`*q-iz%yX~u{1<$=vVkk~)|P_N{j)HQ<#L@}gv>L6wc`3Vsj_ry9&t8eCv
z7oITq#BL{9?7!SQeY^C+wa?6mVCjwpVTNgNL#F2}w1!AYkgV=as&jRQC1Shj<=E0T
zdgiRqPRHionABvc=4tnFbfbdz9S0Xiq2sw~CH8MyR`ts<JddA!p&1TcwRWNyKs5#V
z`F3F{U=2&kPgYEwQ`}h-!@{YQ=v-5t#~Be~#a8}`M*~@{&2KO=bi;(U(%OMnj@kRq
zzk2_`x40%em@WoswiNfmuup?#GRw51Y`8`<>sUxdWmel!pDlNHor0qHmR_Ja#g6ZC
z5}jw>HFhUCn{zSndLpwCRTDX9lBK5VL#cbD<&1dti11NQOwT<r!f+^i3#swYCnkmP
zq-@dyNXsmtBZeC?;gfG?7sI{d`$l@E-<$pzc_ZlSCrlYg+v`UwIocfmX+k+f)7>T=
zG4PAXOzEfg&L84xtm&iFZg71M174R%0i>tUR+V^vT{x6cAVY4Su)=wqA7P8GyS(^q
zKu*x>AG*AmHM6Gcf3J#)jyg@<oDO0+!AeuP`8=f!-!gD=|K(Kfk7k27RFU#ZCt1wk
zP}`P~S>I<b?O2E^j8%9&NKlY>LfkU;8+=JKkV{g?L`aCuL47z0mP7=?+Ew)XPW!B_
zq_1PnX=$;|;&t6}^ytatLE4Xfux%%1xcWn$lQg&)VL$vEvOx-f3jT5nZX<p7UZD-G
zMSghpNV^xYjy1o<D!P<U-f_*D4{eKH(XH%xoNkv}n-7^2F7qED$Bcu|@{{uxX8L0R
zD-^%^uu4t8PIq_wL~A|~!56q=!6fC28qeCymXrA)56dpf&wTi&jQ_3XfQdONq>JmE
z%<^R;jBWqZW&SfJo%r7O?^C{SJ!hn|9tujqO0RE!@HkjUmD6X?Oyb=`bZ_BSzhW8w
zxrW|)bHPREVz%*wA6iBZ)~VvU%t}Ko$#rghA{{&^(=aS0f1mNWziGiG74W#O(O4p<
zDA?nBVt!D4HZl^|?cEp^4s_~JJE~eVFo`Y)hblmx_4(KI?e>Z@qXe7Bt1_)}lrW&(
z_>@b;zykQs*#j|$xFIw0M?r6Ha6WSLX$YB#jrwSS&lE<}n>-*Jo;oG{sGcqIU2Dw^
zF*do$vBs-gsttI|q~6MU(C#7SN^|l-!SovbSck|^urar?`J_K3rE|W<#{~|=X(djB
zlQ%T{?7f|E#5<!4c)Gw!*U^JYPc|+ydz2WAn1O4c6N9m`;iA_{@}L(zRS||xqMQB4
zaqtk_l@;_2KQy9rdG22u>%9U8C5A~uxL_f~MaBP@PXE{O$>TACai`3a`a2O#GQoLL
zpXMhG71Z6bIkSaH6eZMMIbv|7$o({j5ZD66hI?X2-6*<!@#TaKP7s76K)y8R?Oeb5
zSt%YpaUXh|!!WMHO~4;p*V6^%yI<da=c%fpI9#L{P1zrDIaq5$_$;F%tYkOD6GK*J
z=V*ijlO+BLJXy9P-B{<IE!+erAS{WQ>pHfLI_y0<u(|IhWAAM;2}A5Qkh|+e^OouO
zVo}+&TpDkkdGDynDLBOW?;(g2k=TYajtnAcG1ZTg<orLpEh!b(cEqvb_AJ$Pv|vRR
z4uR!Dr3$*?p}S`%d79N}2bUjxMnp2{{WPC_Tgn*BpbxBX6lWG^FZHz5g2=%8MrW%2
zhCdZ4`LaJb%&(ayoF;-OY>*SvDNen8@ZyLI6UR(_a54Thftg~iYRQhvU}gZ3#*`>h
z@b}^6H!HFc^1~!9h^xf#0aIp)554w&w>6(ykmDqu(tHfZ#fWFFcb;U^qwJ2s<e{jG
z5=0xfRCF5ce2WwLQn&2TOc+&vtnlQS=&KHhCf6rt%Uco2bQq0kD>y~Y!pRyu=qu)N
zy6k*gCc{xxFgI|*!lPO9qU3%8;mO<S_3UPgH=5HaT>to=6gLW(tCmwu2P&1A9zCO%
zrW8+|<k`A*wTpHeogcSQIrn_}Lyjj-s89I1L1aGN=X4EyG09*nLeAjm**5-_<eDWu
zFb9xC)9M(t%WsnGrejRUPxKA=u?Tvjd@_V+Mt5YtxE5r(79i$IO2mE$*C^N;-6k`i
zj<y|-v6&t>z6{bU`5imk0U@ek5H)`-%NdPbvObT8OC~RLX5=zdw>M^?;@otbcA!31
zY_Lj-h_-ePZk6`uBnL^1CYiIFn6uE|gH4lH+h^o_kZC8G$`WcgUesXv)&E*;seTls
z8+t!Cp3){(XDki%E&;Qa{Ct1t<e8!YKbbrQtLlZ5+?Nb43pN#(&r+e|v4%61`^|_Y
zx&a!X{U|h0M8(Nf#?4jc=*xnt!RZEmtkyoOz@vHjb`oChTo$8xcH6AMBP{a8zv;9T
zNz~p}IJ-?klZE5MlxW`4?zU7x>i)z~BH2xS8pvDEYeI%S<mM;rOqvr+nrji3qJhWH
z#PT$PHJO(6qg@N4;*+xVqJp0U1st%PZWCRdc|1Rm7kcJ|o>apy@(T~Mwn-z^R<iU9
z;n#}^<4dJzeSL3JbjFWzZ@oo4m!ACP<m)31$DUMBd9H?4+n@*}M2SdYIW5KwpJL|l
z*r`~-btb&lH6(NB6IrsFfLhDTR3521K4I6i45IXxqGCF!u?^oH^f(4MIX@ku`Qe}&
z%oO*-rpJ#kexE<9@IX9wm-K<jfYWFU>{891W+LV@qrSt5>UUmV6Nj-)?CQdGeNmGX
zG(5Tr`&m&@S~?(_j%(-Vp0|2e31zG(cgw<8wsJacogPi1y>IVtd(QEvAG799>u(wq
zFB=0=r{Tnhw{=4OeKstvobPfp$WC52@xT@c4ILVvz=isgeOQSrcpcZziMSX9Ez_@(
zdi;2VLk8cs49mDg5mu>5GzRwlfJ{T45UG5*Z5Z&MrC7`Eyps81?7rK>vyYsk^X>KO
z{!#a&wpc$8myrMqK53JFZ=sUGLy1;J-~L6narYR1mZD3?2e$|U<rHEC%I;7CdQ95>
z0W><6o#|h!Z;MK1a~0TejMR_MJuRk+DriWQiiBqmR@*-u=OvXFLtFb~q$3hksuK3d
zu_9k``M)JAT_XRJ`$Gm>E+y$Lx<!NedThbQnOP;+o}>Z6pj>EYn$iiVxy_*vC+Z>~
zKrS9x05z%9u0Bu_IBK7*{os?m{Oj8_>un&tKkk`)$?G2_blG_7WFknE&);6ermJVe
zG-yj_v7Wm_BSohQQf`IhH#n{oq3u7#qke{p9HGf&s~1hz6xDUW^3}P~>^v>HUH>8e
zIqWI|UPqR{o)*|o6K?7DeT76{FFek>%30Tsg$=`K28VxJLEc3bDN8}ND>{W^dOFD=
zN05#^HJJb}#_>pK)gl&>Y?)GT9I<<CK9ne^Ktn|h#WDGp=Y0NQS6K%Gnj=X-ivu)c
z2r^zALIA-L9g^pbe38!kh3t5Xh|Bns@kBJFO0`%+#&W2in!+f!U%M*di+ESP8w#Q5
z5Ge?ASZw4F+t*vjK@!w(qPT&LI{5QxDGrV35EXAt82)Rz1Ui!U%sgdH9H^2Qb=#Ux
zSTtBwQP|G9ccvC=DHGsZTJLRw5DG=J$LeuA2+_ycch=n#Q@KMZ;DMnKjxgO)Dtg_~
zFg#^<f#eF=N99{PGtT&*u?Jc6*9ak99c4OA?spfnySuxgYUzOx<yVZ1;Wvj(Q4<p%
zBYMZpN;;9YLREnCy;lN{jgD@oj^Y<JH8t)2hA*n^osyCQNCh6iGAw>RYKf1JkI?kd
zh5{d@i|?peOkN%n3%Eu9rHAviHYDG^eOvU{PR~UiNHU@d%NhIi3pQ=}4Lqt75Fd{G
zS!yDTGTTUh-G?6Y^QW|Y2LHf(jTL>(qbH%|<;7p34yWVd!cQIMHUy>upda+PQ#D$>
zuJhCsf!xZ-$(iWu`_0eKV-H4@@U1%z$RCOhNlNBo2Xwr#Bu=LP|Bw%L>lI=!ZD1t-
zs<9#@WI?xKPEJi71g5u$t}eN0)wQ&$1PWVd4mlWMIq(;O_w)|%9KHi5+Zms~f>p`z
z{;Sb|2)qNlX^0YD5HKl2C~kj0=j7pu`eX_m|9Wkf4BvYXR2=B{<icPn507_3R~=Ym
z`xpGz8*zYEsBqercjhGnMyD`kdl)`r|G<C&U_NfogdVDpKH&X2aNXP6+u7ZPa&W|@
zrIE_g;Ua*SbBl|^fCKiexw$!f#LC?K_fRs&#`d<JqxFx`lEOmalIcp@rN$3;ENgqX
zH4qD1ThrMx9WbUUi%Gf+pMSg9nRRn5pLr;JZ`nW?tQTtKM2&F{R@yR;d>?MAYirqk
z@4a~W_+GQHY$cmz7;OIh2F%<q9h7u&p~1n(#U&*J!^8Q7g)r~~fKkAaH7;fhme4IE
zcl;HU9Zme;P}bX9;5jBKf-rnGir3z<;**rLbmywQ{nk)2c9Wo?Atr_35UcOC%p;ru
z9N(*rIE5=fQ;32^XKgvhDJ?Ap#Ebut_tEG7a(RbCap}!%Y|{6N!!2lvnPY&%8<Udq
z6D%0`!!IkW!TV<Qd<FR24mUc3&`9}QWixQTM(4aDedmY-AcjYPK~(f90x>Z$|JCpR
znCh*qg7WFS5+)|JfOTj-=_LUUu>KpOtC_mip1tW3z!WrJ%xK+C3f<w}-Q58r5tsk|
zYCTQJH$&+DBnl57|705OgYT!V>k*WYK)`LcjE*i)e|@zcRpou-TGp`jGQ)H4HMjLI
z$f0y-GIZ}uJXni3m$)RKif#mCYu&=Yz(7MDW2N;RJ9w|Gk`lISQ#u$E;4k_Vd`@v6
z-(71x*BRw=PObk61yDMCu77^_5bEVMHl_&Ou3~|JAR{B&H!ZF1W9nI5J(QG`Xw+EZ
zgXAz8PT{his|*7CfnEc}mwGCYz3a)`tjhcJnK`en?(V}oJ%CBR=sYR+_{D!dCI(FE
zD35fL!GsEsAX~$!eJNa4{UF4xtv*9%z}k0Pba)=ce~NN_ef{X3=gTC1)X^auzr<0`
z1pESk3xMN{j#a)4_A|As5(6Wn$K{fn|4EH@_pftLfe!uX+FI^KTON=;(<SP0@$uqv
zav1pd_yB6ip55>BmJ8_c(=6>>wT~$IqX!Q&c|)X#N4xkDo8$eICRK8BGLv3wT5~hM
zmmozdkKNWcbzM}f6oxQS;H3&ZT#tJE+bwwK`iID~B_k(?s)3IK6%6PV6H~WoRZtTI
zggibWAvQ7by`v*LsB3Y5J#^uhIc1RmsR0+PR4p95O_wLeO7_nopz`qWcw7?m8qL_)
z*f+_t&9|q6AeqpKUc_83e`Y16L;%3mW7Qfjp7>GaxG4=B^4@(opfA2Wf*K$ho)t`f
zP*NJF-F9|!oBZ|5U5Qd#9^5!v5vE)qzv|lb&i$AYL=uJK(zC_u_N4F6Vnf`>h`iwK
zv6!c)=cfk8%?+OqY@0bV=@p-t9zz2P$lpJ6T|&2ALW%$_@$&MzatA04NZRwif5Ei+
zRvzwFstme<%~dUC9-*9$=M)<SLU*qj)ywkQ+A`12om&C*a=Mcn1uC{*hd!mCAbH$?
zIIzya$~GT&qMe_gmxF3?Twwsrc|cfzSAa#$58xZ7Pvw4mhxGwmRx^Q3Z-Rn?%sF2^
z;x&hD4?cj#a{oJLX0qHbi}$kYIfWO*^Zt6fkAXX9d3ky4Y*dJXJ#{#{#%eZL@ZV1E
zaYfy-Cu4k45)lIv6M73^B=oL0x_|MLEA($V%DHfLb2<S6V5|h*`f|R?Y!qgabB~}4
zcI?Ad)I)!7B#DKkWuv)07b|O&-rb&h{I_od`j+vLHRTZyy(xT+7of~MayJeRClW`A
zKzJHRTOezDbm2It{|)d1j2rly1mO}HKky9+_I7sK_b-AAOtnXnps^__Ve$n{e<p%O
zVacVnwFChjkU8#@$K=y(P6A4DJoFJfuc~Wkg!ZjxXJzS6Ij%SMG=UV*W+Aj|y`}>!
z70B(u+#As$Me?W+n}u2+DwwUO-{9qd7f~845zSUKZzhEQ_^}a0s9SG5kpxf!pq1yB
zm&zYMc6MP2@t1jM<GzS72+Ps0nlr|LKuw8q$ECcyZY2iaMr@)5!62gO|HE;*th+$W
zs?Hw3cQy&&5RM4I0A^+RefjdmVP%W#l3DlvRrmeUx^m4@P`?I#sDe90^@)L<Y+IKK
zG&*i#VuG#9SR1-#|MnM9XjN6!N0nmNQiTzh6%~c9-2bfuG}rNQ7gp3un)R2sb8WtD
z|MB=iLO$+~N4N&SCR3GQp`DyK0PMEtILM4c3Hq96&z=Fq1t3iR!=@w^i@-&=KHZGd
z6agS2JTEWs>dGCo50a0-#amKLe)1^mUCM4I&gL8qab|32AW`K10che}Ku&77*B2`=
zjs{`~JzUkj0`J-$1m;!2qrAuzpbVyiZ`O5QnJMV}bq81jy!NG?9PNGCUvu^M5uN)N
zYpzWNjV}#TLM>r|UV>hPBddbtB%99o(9!(1tkzmne)_0YJAtT=-kd4Z$roQKght$2
z&&XzeXaHn~<Z5ozM-u28!lT+8HXUt&s*KcbTQ@m7`&?K?25pr83|;7YKtZzQek7gm
zdik>TJ*X?rZLs=c*{j#fp(y7r>vpzC?JLt?Kl;AxiVdePebzV+j3$3Y$VyPJxtf{U
zXV8OPUyu5Z6swjz?y}v30~1iP0p)hKPVtcBvOiPdy!#RK4L~#!bv;oN2YY}}<QA1R
z*8h~?693Y25U6Q6mMT_wGqQeX{2b|absZXotGD^y{O(Q+u4RRKUYq+Njd0j<m>0lQ
zfb{dLtYim$%JuOL80ury1B!4KY3CIHY7^&63`9i4M<uOW7zPbu5}3EdEU246F%<z>
zB`JwKtK&unYAYex1IUftot-QY(*JZTllV8SYd^zuVMut@Q#gt4NREE`gok%+`8UI}
zL_W5k%w8DCVHyq~qYHa7GR%I6h9s*1Iti2+0M4*@`d;i!;}H<7UEWv#&<sc$4J~a<
zY^*3?5dmNK_phs=kx|z+=#g~YSD!8WK6tB@X%B!>)ShbBI#4w#h=%@bCR;3|e{{6Z
zobz<v3Vu=p_l~slIZIVP=L=_~w}j%Hp8K7V(jdGTL$$O)DP;>BEqyASi;>OYqZw}8
zzKH2vU~s=8UZPp`5fF}Gu>%7GkN10fdygqCB_$>6e@t7N-2J-%IO=c5hO2+GZSpcQ
zGFSDp`<t~3w(F}Q6m$Xt=_x5MfiRMRuBj_Za?$&8iU00=63DmD-M-%00DY#SnwqPU
zmBbLK(!og9xc?kVDEYD9%yZ94MOdMVSjaSQ`wN<<A{0m)hr-o0)z!yMD|cV1-+vuj
zTpXHh{mVt}eLn7xo|={xF}rUvnjruNGd4E%h<Cnw_YPrWYwM$m3escU7ZS>xpVtJ#
zpcOYQEDVA%&|we=AqT$;EcU?=!Loc-jj329Y=v%69Y~3pgf%oQQL}+Mg~lyWB3-2h
zBn;u=;sTV73ed5D<qoo+1zmT<jpifts^0bwA7F-yJ~sz>`T0s(T6~5c0Uea<P!4Ss
zyOUz{lR`p)FOBE3(JiE^r;6_87|^MgW8H`Yy!|&MQ#`G&p5V{|aiO833w|yWLIyx+
zpp`L+iEab$sE3Iy%*_D_cicsBA3dDPQ)R!}8U7P2L!ceWe*t{q!=`a+{pbWshv<Hq
zA(qRUQ*39bJuP7~Z5RPvVp3@Hw;qMI^;oL+ErsY#IlABG7<hORAJZMQ@{cIpV+#s8
z3sCIv@bEw^dfVHD>u>G%SMM%Yw(}Ep4R<H<SB*fs2D<f=s?56xK>Py!6*T*g;x_6H
zsNi=1vkc3zKU{oA{`pUZJ>mNyextGqO<i4i&|W?^Yt;AU(X*1r=a^nccF;T?{rby=
zLKDbE*kf9QhXk;%L32NZ!L#`I2mtzy$L3*vUi!Z}7Vv{IkR9oKDj<IVz6HIYgoH$O
zb#=MjiXdQt!wHzFpiuvf4P)R}>FDTy?qwwH9j@+>CFt9g@1}bQr>3U50p>U`GV;B;
z`n=Kv*lg%%9%+Gi&uUaPDMYo0dvU48k4ChEe-Z`!B;vrQU=B<&uEg{EZ=n2tkU7t4
z&C)+jjNMEdC+><xDlrFsi9k5#thatu#HiEZiVn%j$;kzZLMyAP{x^CKJZscdOM<gb
zesU}_GP3_g*YTLb0PFS`10X!VDow(XLLpUt!=~$xv^2PmdIXD@d&{`W0DS-0p?jSU
z&_Cwbs>KKp=`PbMhvVNO%ifnd2`oB4l@$cIEE$pLAXEqdp4QSD1eL0DUk;#mn7QNq
z6ZtX#$|P|i-GIye-#rljUwt@0(<4m}1sk<=*fe#I7X|vAZFl6qf281n!tEo+1Iz34
SWANb!gbxz(;$@=xU;ZCi^u5sl

literal 0
HcmV?d00001