Update aad starter sequence diagram (Azure#14364)

* update authorization sequence diagram * update index num * update description and add dwawio files
ping9802 · Aug 24, 2020 · 9cdd2d0 · 9cdd2d0
1 parent 822baf6
commit 9cdd2d0
Show file tree

Hide file tree

Showing 9 changed files with 21 additions and 3 deletions.
diff --git a/sdk/spring/azure-spring-boot-starter-active-directory/README.md b/sdk/spring/azure-spring-boot-starter-active-directory/README.md
@@ -28,14 +28,29 @@ With Spring Starter for Azure Active Directory, now you can get started quickly
 
 ## Key concepts
 This package provides 2 ways to integrate with Spring Security and authenticate with Azure Active Directory.
-* Authenticate in backend, auto configuration for common Azure Active Directory OAuth2 properties and `OAuth2UserService` to map authorities are provided.
-* Authenticate in frontend, sends bearer authorization code to backend, in backend a Spring Security filter validates the Jwt token from Azure AD and save authentication. The Jwt token is also used to acquire a On-Behalf-Of token for Azure AD Graph API so that authenticated user's membership information is available for authorization of access of API resources. Below is a diagram that shows the layers and typical flow for Single Page Application with Spring Boot web API backend that uses the filter for Authentication and Authorization.
-![Single Page Application + Spring Boot Web API + Azure AD](resource/spring-aad.png)
 
 The authorization flow is composed of 3 phrases:
 * Login with credentials and validate id_token from Azure AD 
 * Get On-Behalf-Of token and membership info from Azure AD Graph API
 * Evaluate the permission based on membership info to grant or deny access
+
+### Authenticate in frontend
+Sends bearer authorization code to backend, in backend a Spring Security filter `AADAuthenticationFilter` validates the Jwt token from Azure AD and save authentication. The Jwt token is also used to acquire a On-Behalf-Of token for Azure AD Graph API so that authenticated user's membership information is available for authorization of access of API resources. 
+Below is a diagram that shows the layers and typical flow for Single Page Application with Spring Boot web API backend that uses the filter for Authentication and Authorization.
+![Single Page Application + Spring Boot Web API + Azure AD](resource/auth-in-frontend-with-aad-filter.png)
+
+
+### Authenticate in backend
+Auto configuration for common Azure Active Directory OAuth2 properties and `OAuth2UserService` to map authorities are provided.
+
+#### Authorization Code mode usage
+![Single Page Application + Spring Boot Web API + Azure AD](resource/auth-in-backend-code-mode.png)
+
+#### ID Token mode usage(Stateless implicit)
+
+![Single Page Application + Spring Boot Web API + Azure AD](resource/auth-in-backend-id-token-mode.png)
+When the session is stateless, use `AADAppRoleStatelessAuthenticationFilter` as a Spring Security filter to validate the Jwt token from Azure AD and save authentication
+
 ## Examples
 
 Refer to different samples for different authentication ways. 

diff --git a/...ure-spring-boot-starter-active-directory/resource/auth-in-backend-code-mode.png b/...ure-spring-boot-starter-active-directory/resource/auth-in-backend-code-mode.png
diff --git a/...spring-boot-starter-active-directory/resource/auth-in-backend-id-token-mode.png b/...spring-boot-starter-active-directory/resource/auth-in-backend-id-token-mode.png
diff --git a/...ing-boot-starter-active-directory/resource/auth-in-frontend-with-aad-filter.png b/...ing-boot-starter-active-directory/resource/auth-in-frontend-with-aad-filter.png
diff --git a/...pring-boot-starter-active-directory/resource/source-file/auth-in-backend-code-mode.drawio b/...pring-boot-starter-active-directory/resource/source-file/auth-in-backend-code-mode.drawio
@@ -0,0 +1 @@
+<mxfile host="Electron" modified="2020-08-24T03:36:24.618Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/13.6.2 Chrome/83.0.4103.122 Electron/9.2.0 Safari/537.36" etag="i6Y0Ty_vcM05NBMMl2Nk" version="13.6.2" type="device"><diagram id="kgpKYQtTHZ0yAKxKKP6v" name="Page-1">7VvbcuI4EP0aqnYfcFm++xEDycxuZpKCue5LSmAB3hiLEWIC+/Ur2fJVJsHgkGQyPCRWW5ZF9+mj7pbo6P3l9pLA1eID9lHY0VR/29EHHU2zXZ395YJdIjAskAjmJPATUUEwDv5DQqgK6Sbw0brUkWIc0mBVFk5xFKEpLckgIfi+3G2Gw/JbV3COJMF4CkNZ+jXw6SKROqaay9+hYL5I3wxUcWcJ085CsF5AH98XRPqwo/cJxjS5Wm77KOS6S/WSPHex5242MYIiesgDerTxLrbEne6u1FV0/fWTBi+7YpSfMNyIL+xxnSEi5kx3qSLY9Ff8crMMr4IZCoOItbwVIsESUdZfH4RCfJPLPGYWCpmM3wdxOwzhah1M4mFVJiFouiHr4CcaoXVi/ViKN5GPfPFUpjp+a00JvsuMwW/PgjDs4xCTeKb6xYXneVwuayj9uohQtC2IhMYuEWYTJzvWJb2ru8kjAr6OMOZ9joXM4osCDozU6lDgb54NnZuIXQgrNbCYJllMMtUKBxGN32t6HXNQMRMmdIHnOIJh0VC5wtXHFS4r9kFwHaxtwywp26pTtqxr3XgqXZuSrsc3o/cfL5nMu77+1NEsBjfAdfR1yJSijoejL+/7w1fsO3176PT67fiOnvrAi/Ed6/X4jtlU28/oO9ikn39+/Hv73YkWpv5hN/g4Rl1gSLpFPltaRTPX5DCXVjSZ97nCeCX09y+idCfiBLihmIkWdBmKu0ypZPet2PjOB1MM200Fg60YPmntiq2CVWNhM2Px7/egqQgKIWXuWo5SajQvHr3hYMxNbJZNrAFNAZqaf6zygBSSOaJijGJg8PCwwHHK46zxhkyRNE6PELgrdBOes3f2ma9X3rNvWtX+7OtWQJnMIIdopukTUGtLFPEFhoEPKYofvaXMnaMC8Y8Rn/IardcBjuI4FN8FqNPXOr007is7wBWcsAhZ99io84iJpwxaMYtwVw9Y4NkTN5aB7ydOwckd5qwvU9SMrRTCJUA9xzzoohLJZOG0eGunGLHWkU9XVSxXF/g7EeW2XYZJZQA8m60R7VTpqZnta71YNv0I0Q2JYvuyhZbxEstjIIXsH1svcwzA6ZTZP84uyIRZjQOkYvmqcSeYUryMacfv8TSFU+KKPah7PlwvstWb3RaGdXhrG9BvKV+x64TbXPOYVQech7OAa5TMadhswsXPcZylW2aTYfdQWFvIcSTk9FJI3BBMmSPF2OndvO9oMiscgo1JiKd3xfVNLa1vrwgAwDjMNo+aHBjOEUhqa6GQ07DeP59HQ27lQZ2RX08K4GkDa3jRTgpgqs+YAtTaTZfsJpnqGVKAByH2alMAQ9J1L3aOy1Hv5l3sJNkSyqmxPmZ6m45jOS/NceRayIt1nH1h7atxHDkSZa4SUq6TFYxKSrd+bHgB2ZvA6d08VmZ3mkCyx9fu+eSPOL9jM2VTUTUeo4trYLl/5s+zqzn/D9I3sYknL0vkkrHLhrtfBBSNV3DK794TuCqn5SFPerxsigWnMXqOdXFRV8Qd9ntuhoL0ToRj92/Bw4BZSS/VGqs7stWB80RGl4PIKzwPooQW7wM2J5aWsSSEfeUAhutTI8lHXC1LNRTXckvphuoYop1XUnhjV2g8Xkc5NPoU1lIVIy1TnByP6ixXLVRNKlGlpSumtb+ocmi0ahpWZVzjoPg0H6jVhLc+/5d3f0boxwat+euvo66HFjCcda9nHb7pFtc9imu2wGRWFKlfv9vEZJr8dBkKmX5LFT4zFzSp8FVLJ4zzpkE0v0Izms4jkXhi3kXZSNACcNrBOABp8eNEkOt2GdW6rh4L48pAWtOE/Qwwlsv6WeHm2rvOwfskNZlDMcvrE0YZspZ2VFE6pWbuBapd4mYL2I25uYLlrtEOlhmxGi1hucykumkrohTcvNRtGIqr5+QOKiNbit2U78+AbzkyyGl6iZYTRNaLYMWHiWZYJuhTfaApO8e2LyPddoz2yRm452VnExjgadjZMRqCLi2Va6aimjmctcqwLJRp6ihngLO7n65r0PzcpF0JM2xTf3mcXR+4nAz5Lse8WebItjzAUIpBdroTlVbzVVdxzZM3CZh7lIcFTaOgp/eGmizuV9gmP9PmQpVJDbaCF7fEwXHAkYbVNUUtfg4LEprukBuVAzPstQ9OU+pvWhWIPsEOuSYnjUN+neyQrxBZBuleeCEUmcB1vAWGqyyf9RDpo0giM/ElgfFX7ti8ZjVAUaxQsbtW4zjn2F6vsK8qsS+wGlT5hQ3f3iZ8vTo0CV5nq31qb6X2mVWus/KA0Ppz1T41eavobFbX34rVgVVdXsDZrE7/urEmY9czF9/Gt6F/ezH8YNXsoed5bXamZn/hkYU1C0wYd9P06JWPJKP92ocrWBxdMin7lM9E2A0D3j1lv+q4zmFHDY9YFGqBIm/aZxljayA4PWl8+rJcKS91SyBVgJ3F8ucJ3fOowzBdrZWoI96bcQo4qxwdckwFGAch71FEs7EaukarsU8tzOVFcIT8gPCfNXEejPWbtG83JJRC5ZgWY+FvZpSOnWmgqb33HDvTgHGeY2e1EJFPYeRMWFkxn7tw9nu347gVvbzboZlA0Y892P/gbodmHnNkth0+ZM38h49J9/zXo/rwfw==</diagram></mxfile>
diff --git a/...g-boot-starter-active-directory/resource/source-file/auth-in-backend-id-token-mode.drawio b/...g-boot-starter-active-directory/resource/source-file/auth-in-backend-id-token-mode.drawio
@@ -0,0 +1 @@
+<mxfile host="Electron" modified="2020-08-24T03:44:53.243Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/13.6.2 Chrome/83.0.4103.122 Electron/9.2.0 Safari/537.36" etag="O9Y-hbXNiqbA0OUA0VUT" version="13.6.2" type="device"><diagram id="kgpKYQtTHZ0yAKxKKP6v" name="Page-1">3Vpbc9o4GP01nmkfkvEd/Ii5ZDNLkwy0TbsvHWELo42wvLJoYH/9SrZ8FYFAoFnKQ2IfXSx/53wXCTSrv1zfUJAsPpEQYs3Uw7VmDTTT9ByT/xXAJgccx8qBiKIwh4wKmKJ/oQR1ia5QCNNGR0YIZihpggGJYxiwBgYoJc/NbnOCm09NQAQVYBoArKKPKGSLHO06eoX/AVG0KJ5s6LJlCYrOEkgXICTPNcgaalafEsLyq+W6D7GwXWGXfNzohdZyYRTG7DUDrHjlj9bUCzZjPYnvHz+b4OZKzvIT4JV84T5GYsJ8yWxT2IGvPhGXqyUeoznEKOZ3fgIpWkIGKW/BEn6oMJ+zwgDHRLuR3WMMkhTNsml1jlAYrGiKfsIJTHPyM5Ss4hCGclRpOdGUMkqeSi5E8xxh3CeY0Gyl1mjk+77AVQMVbwspg+saJA12AwlfON3wLkWr5eVDpHq7ksvnSgol4YuaDOxCvkDKLyqnrhjiF5KkAwgzFcIUqhKCYpY91/E1Z9CiiVC2IBGJAa4TVRlc329w1bA7tfVqa9tOw9juNmOrtrbMc9naUWw9fZjc3t1wzL+//6yZLpebIWz0OORG0afDydfb/vCCfaffGXZ7/dP4TsnL/8Z33MvxHedQa7+j7xCHffl59+f6ezdeONanzeBuCq8MW7EtDHlmlbeVJYcV2rJk1WdMSCLt9zdkbCPLBLBihEMLtsSylRuVbr7Vb76Lya7tjlcAg7WcPr/b1O9qrGbgYWSJ99tJFYUYMO6uzSJli+Xl0Achxopip0mxaZvXhqlXH7c5IQM0gkzOUa8L9kxrdJvzpGRFA6jM06MUbGrdpOe8uPrS11vPeWlZSn/bbIkyX0El0dLSb1BtRwkRXwFGIWAwG/qDcXeOtb6p9YqqrqnvMZjx+tfy+aAo5nDAlZMFCeHJiJeVPdmwRGGYa17EblAFdTUCzXkikIo3toeQnR6oxJCyWJZP1er16LbYcqVfu54l5fVGEXc6DVaN1gRkPk8h09rR5zBqtzqpyuwEshWNBYcij/Kww3cpgAH+j6fDKreDIIBpmu0d6IyzxvlvM98md0YYI8ssqoQ9sQkRES/hAy0/BOmiTM68WRLbFXdrxL4V4Yhf56HLc45JKsavCUmGZzfotA372qt/jgtJluscMu0LEepUyukqyukVknighHFHyrTTe7jVTDUqvEYbM0yCp3r60hvp64IEYDj6q7jZS7lhe0co6VR5QN1l9f76MhkKlgfbSL6cCt83B+5wdJoK39HfscLfypul8KZQ9Q4V/k6JXWyFryZUnjQxEzZJQNwwuvvPSpxy+TMQPEWZMa+CXJI9EYKi2YesCuUr5UvRTVFqyGvD9T5W4/lVJP4bxZP4wvOH5bhCdpO45wVicJqAQLQ+U5A0Nw9Y1G5+ucSa09i9rjsabTtqGvZ7XqmCoiUmmfufwMMMt+lhhtNVWe+qrLdr+JORrubCMYmQrIifEV8Try55LcVfGQGcvjUhni3tSfvynaFXJJ5TZ8KufVwmdGx390R7q6iTFtNbZeApMpDFdKaDcp9UFdEfZK4TiljC5QzSdIGSj0eJY38lfW7Z8A2RYzids+hGiLJe9xQbpoO39a18oSxtrx7PL6MiYTV0FCIqvsgR3/Nk1s3vf6wozqJJKSkZbfZsyn/38rtFcsc5LuhYrtua6JiN3MnK7+2HK5d+ePiLRGF1mqKwunbjoNB4FZf7p3X1a11/+fzxROeGdutrBMvVdy5T6S/T51nPDcvKrgpkQ3GdnxvyDcYSpSkicTOCzUCanRxkeJUVaz1kUJOhrYRvKMheWeuIGnkA48yg8lDinU4leR0eoDiayCJUr6AxnAvEcA/YHBWJ4Xc/u+S31S8A8u7Vzyis4X8=</diagram></mxfile>
diff --git a/...oot-starter-active-directory/resource/source-file/auth-in-frontend-with-aad-filter.drawio b/...oot-starter-active-directory/resource/source-file/auth-in-frontend-with-aad-filter.drawio
@@ -0,0 +1 @@
+<mxfile host="Electron" modified="2020-08-24T03:37:14.900Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/13.6.2 Chrome/83.0.4103.122 Electron/9.2.0 Safari/537.36" etag="E3WhuuquNDP7JQPz8yjO" version="13.6.2" type="device"><diagram id="kgpKYQtTHZ0yAKxKKP6v" name="Page-1">5VvbcuI4EP0aqnYfoCzb8uURE5KZ2swkRea6L1MCC/DGWB5ZTGC+fiVbvspJgBiSTHhIrJbdFt2nj7ol0TNGq80FRfHyA/Fx2NM1f9Mzznq67kKd/xWCbSaA0MgECxr4mQiUgpvgN5ZCTUrXgY+T2o2MkJAFcV04I1GEZ6wmQ5SSu/ptcxLW3xqjBVYENzMUqtKvgc+WmdSBWil/h4PFMn8z0GTPCuU3S0GyRD65q4iMcc8YUUJYdrXajHAobJfbJXvu/J7eYmAUR2yXB4xo7Z1vqDvbXmpxdPX1k44u+lLLLxSu5RcehYFQmA2ZbXM78NHH4nK9Ci+DOQ6DiLe8GNNghRmmvCeU4utS5nGvMMRloh+k7TBEcRJMU7Ual1A8W9Mk+IUnOMmcn0rJOvKxL58qLCe6EkbJbeEL0T0PwnBEQkLTkRrn557nCblqoPzbYsrwpiKSBrvAhA+cbvktea/hZo9I9DrSl3clFAqHLyswMHP4Igm/RaG69BC/kE7aw2G64jDFVTEJIpa+F3o9eNZwE6FsSRYkQmHVUaXBtccNrhr2QWztbG0T1oxttRlbtbWhH8vWULH1zfXk/ccLLvOurj71dIvDDQgbfR1zo2g348mX96PxK46dkT12hqNuYqfwy4uJHev1xA7c19rPGDsEss+/Pv6z+e5ES2h82J59vMF9YCq2xT6fWWWztOS4lDYsWd5zSUgs7fcfZmwr0wS0ZoSLlmwVyl5uVLr9Vm18F8oGpu3mgrONVJ+1ttVWxaupcD9nie/3oKsoDhHj4VpPUlosLx+9FmAsXQzrLgaOPQC6Vn6sukKG6AIzqaOaFzyi1jLqehKypjOs6BlSiraV22Tk3Dv6ItYb77lvWMr9jt0AZTaCEqKFpZ+AWluhiC8oDHzEcProD8bDOaoQ/w0WQ05wkgQkStNQchvg3kjvDfO0rx4Al2jKE2TD41oXERfPOLRSFhGhHvC8cyg7VoHvZ0EhyB2VrK9S1JzPFDIkQDvHPBiiCskU2bR8a6+asLaRT18bWK4h8fdElNt23e0NBWQ+TzDrNelpP9+3RrHq+glmaxql/uUTLeclXsYghvg/Pl+WGECzGfd/WlzQKfeaAEjD803nTgljZJXSjj8UVYqgxJg/aHg+SpbF7M27pWMd0doE7FvOV/w64zYXHjLrgNNwFnDNmjtNEw7c6ucwzjIsuI/aeyisK+Q4CnKGOSSuKWE8kFLsDK/f93SVFXbBxjQks9vq/KbV5rdXBAAAtZ1886jLgekegKSuJgq1DBv++3kyFl4+a3Py6ykBPP3MGp93UwJA7RlLgFa/GYrfFFc9QwnwIMRebQlgKrYepsFxMRlev0uDpJhCBTW250xvM3As56UFjroW8mID57609tUEjpqJ8lAJmbBJjKKa0a2fa7F+7E3R7HaRGrM/yyA5FHP3YvpXWt/xkfKhaLrI0eU1sNy/y+f51UL8B/mb+MCzl2Vyxdl1x90tA4ZvYjQTvXcUxfWyPBRFj1cMsRI05tCxzs/bFnHHo6FboCDviUga/h1EGLAa5WVeBle97qhez2WdO11NIi/JIogyWrwL+Jh4WcaLEP6VAxQmT80kj5YvSvtqA9PNM7auU0i7sdKxawoJTethRY+WH51Woa0wcBUYyCo0xUG5AnGUAvPYoOhrAwigfRRUcHar1QP5OsLey2GN2UDXdlsPOyVI8umohhI/oGIDVOyPptbN2j/WNKznWpJLCii1511/elXacLJxIKUYltVQdMj6Rme4ULdzJ/jnGidixFdR38NLFM77V/MUJSmPHBcZj/i/AA4nBo2Tc23NHpaCfdbsm4uhPIuZBdHiEs9ZPo5M4slxV2UTOdEDp5s5EAC7G7Yz7DpgDQ0eOgc2FZkvbg4E6kZdsRR75V2V4H2OSbAkOx7oZh2yln7QNlO+riuiQLNri7sWyNulQtHYVhpNdQ0s981usKxp0OwIy3XONAx9APRDZ2tz4BrlHhhoaAaDvZPFE+BbzfVLml7h1RTTZBnEQk00JypBPzUG9mXn1Pd1pNuO2T05A/e07AyBCY7DznC3DQh180uHAw2WcNYbap0B3DdQTgDne2uWVjQ/N2k30gwbGi+Ps9sTlydDPqu/6hzZVQSYA6tyFiHfW86R63Cahk/e9uPh0VC7bxZ0/GhoWZf5Ew6+nKgwazKpyWfw6iEXcBhwFLWaPdCqn92ShH3PvJiNI3D8tQ8OU7nfAA2IHuHMi64WjWNxnZ15iTFdBfnplkoqMkVJuqlNmixf3CHLR1lEFuILitKv3LPFKvQZjlKDyv3ylsA5xYGZBvtqCvsCa499u3xx5s0dq2k3h67A62S7Gfpb2c0wzDpxGJJonm03Q1c3f0/mdeOteL25h2Xm01j3XufN8pcqGTWUP/cxxv8D</diagram></mxfile>
diff --git a/sdk/spring/azure-spring-boot-starter-active-directory/resource/spa-oauth2.png b/sdk/spring/azure-spring-boot-starter-active-directory/resource/spa-oauth2.png
diff --git a/sdk/spring/azure-spring-boot-starter-active-directory/resource/spring-aad.png b/sdk/spring/azure-spring-boot-starter-active-directory/resource/spring-aad.png
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		<mxfile host="Electron" modified="2020-08-24T03:36:24.618Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/13.6.2 Chrome/83.0.4103.122 Electron/9.2.0 Safari/537.36" etag="i6Y0Ty_vcM05NBMMl2Nk" version="13.6.2" type="device"><diagram id="kgpKYQtTHZ0yAKxKKP6v" name="Page-1">7VvbcuI4EP0aqnYfcFm++xEDycxuZpKCue5LSmAB3hiLEWIC+/Ur2fJVJsHgkGQyPCRWW5ZF9+mj7pbo6P3l9pLA1eID9lHY0VR/29EHHU2zXZ395YJdIjAskAjmJPATUUEwDv5DQqgK6Sbw0brUkWIc0mBVFk5xFKEpLckgIfi+3G2Gw/JbV3COJMF4CkNZ+jXw6SKROqaay9+hYL5I3wxUcWcJ085CsF5AH98XRPqwo/cJxjS5Wm77KOS6S/WSPHex5242MYIiesgDerTxLrbEne6u1FV0/fWTBi+7YpSfMNyIL+xxnSEi5kx3qSLY9Ff8crMMr4IZCoOItbwVIsESUdZfH4RCfJPLPGYWCpmM3wdxOwzhah1M4mFVJiFouiHr4CcaoXVi/ViKN5GPfPFUpjp+a00JvsuMwW/PgjDs4xCTeKb6xYXneVwuayj9uohQtC2IhMYuEWYTJzvWJb2ru8kjAr6OMOZ9joXM4osCDozU6lDgb54NnZuIXQgrNbCYJllMMtUKBxGN32t6HXNQMRMmdIHnOIJh0VC5wtXHFS4r9kFwHaxtwywp26pTtqxr3XgqXZuSrsc3o/cfL5nMu77+1NEsBjfAdfR1yJSijoejL+/7w1fsO3176PT67fiOnvrAi/Ed6/X4jtlU28/oO9ikn39+/Hv73YkWpv5hN/g4Rl1gSLpFPltaRTPX5DCXVjSZ97nCeCX09y+idCfiBLihmIkWdBmKu0ypZPet2PjOB1MM200Fg60YPmntiq2CVWNhM2Px7/egqQgKIWXuWo5SajQvHr3hYMxNbJZNrAFNAZqaf6zygBSSOaJijGJg8PCwwHHK46zxhkyRNE6PELgrdBOes3f2ma9X3rNvWtX+7OtWQJnMIIdopukTUGtLFPEFhoEPKYofvaXMnaMC8Y8Rn/IardcBjuI4FN8FqNPXOr007is7wBWcsAhZ99io84iJpwxaMYtwVw9Y4NkTN5aB7ydOwckd5qwvU9SMrRTCJUA9xzzoohLJZOG0eGunGLHWkU9XVSxXF/g7EeW2XYZJZQA8m60R7VTpqZnta71YNv0I0Q2JYvuyhZbxEstjIIXsH1svcwzA6ZTZP84uyIRZjQOkYvmqcSeYUryMacfv8TSFU+KKPah7PlwvstWb3RaGdXhrG9BvKV+x64TbXPOYVQech7OAa5TMadhswsXPcZylW2aTYfdQWFvIcSTk9FJI3BBMmSPF2OndvO9oMiscgo1JiKd3xfVNLa1vrwgAwDjMNo+aHBjOEUhqa6GQ07DeP59HQ27lQZ2RX08K4GkDa3jRTgpgqs+YAtTaTZfsJpnqGVKAByH2alMAQ9J1L3aOy1Hv5l3sJNkSyqmxPmZ6m45jOS/NceRayIt1nH1h7atxHDkSZa4SUq6TFYxKSrd+bHgB2ZvA6d08VmZ3mkCyx9fu+eSPOL9jM2VTUTUeo4trYLl/5s+zqzn/D9I3sYknL0vkkrHLhrtfBBSNV3DK794TuCqn5SFPerxsigWnMXqOdXFRV8Qd9ntuhoL0ToRj92/Bw4BZSS/VGqs7stWB80RGl4PIKzwPooQW7wM2J5aWsSSEfeUAhutTI8lHXC1LNRTXckvphuoYop1XUnhjV2g8Xkc5NPoU1lIVIy1TnByP6ixXLVRNKlGlpSumtb+ocmi0ahpWZVzjoPg0H6jVhLc+/5d3f0boxwat+euvo66HFjCcda9nHb7pFtc9imu2wGRWFKlfv9vEZJr8dBkKmX5LFT4zFzSp8FVLJ4zzpkE0v0Izms4jkXhi3kXZSNACcNrBOABp8eNEkOt2GdW6rh4L48pAWtOE/Qwwlsv6WeHm2rvOwfskNZlDMcvrE0YZspZ2VFE6pWbuBapd4mYL2I25uYLlrtEOlhmxGi1hucykumkrohTcvNRtGIqr5+QOKiNbit2U78+AbzkyyGl6iZYTRNaLYMWHiWZYJuhTfaApO8e2LyPddoz2yRm452VnExjgadjZMRqCLi2Va6aimjmctcqwLJRp6ihngLO7n65r0PzcpF0JM2xTf3mcXR+4nAz5Lse8WebItjzAUIpBdroTlVbzVVdxzZM3CZh7lIcFTaOgp/eGmizuV9gmP9PmQpVJDbaCF7fEwXHAkYbVNUUtfg4LEprukBuVAzPstQ9OU+pvWhWIPsEOuSYnjUN+neyQrxBZBuleeCEUmcB1vAWGqyyf9RDpo0giM/ElgfFX7ti8ZjVAUaxQsbtW4zjn2F6vsK8qsS+wGlT5hQ3f3iZ8vTo0CV5nq31qb6X2mVWus/KA0Ppz1T41eavobFbX34rVgVVdXsDZrE7/urEmY9czF9/Gt6F/ezH8YNXsoed5bXamZn/hkYU1C0wYd9P06JWPJKP92ocrWBxdMin7lM9E2A0D3j1lv+q4zmFHDY9YFGqBIm/aZxljayA4PWl8+rJcKS91SyBVgJ3F8ucJ3fOowzBdrZWoI96bcQo4qxwdckwFGAch71FEs7EaukarsU8tzOVFcIT8gPCfNXEejPWbtG83JJRC5ZgWY+FvZpSOnWmgqb33HDvTgHGeY2e1EJFPYeRMWFkxn7tw9nu347gVvbzboZlA0Y892P/gbodmHnNkth0+ZM38h49J9/zXo/rwfw==</diagram></mxfile>