Internet-Draft CDDL vCon July 2024
Petrie & McCarthy-Howe Expires 9 January 2025 [Page]
Workgroup:
Network Working Group
Internet-Draft:
draft-petrie-vcon-latest
Published:
Intended Status:
Standards Track
Expires:
Authors:
D. G. Petrie
SIPez LLC
T. McCarthy-Howe
Strolid

The CDDL format for vCon - Conversation Data Container

Abstract

A vCon is the container for data and information relating to a real-time, human conversation. It is analogous to a [vCard] which enables the definition, interchange and storage of an individual's various points of contact. The data contained in a vCon may be derived from any multimedia session, traditional phone call, video conference, SMS or MMS message exchange, webchat or email thread. The data in the container relating to the conversation may include Call Detail Records (CDR), call meta data, participant identity information (e.g. STIR PASSporT), the actual conversational data exchanged (e.g. audio, video, text), realtime or post conversational analysis and attachments of files exchanged during the conversation. A standardized conversation container enables many applications, establishes a common method of storage and interchange, and supports identity, privacy and security efforts (see [vCon-white-paper])

About This Document

This note is to be removed before publishing as an RFC.

The latest revision of this draft can be found at https://dgpetrie.github.io/draft-petrie-vcon/draft-petrie-vcon.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-petrie-vcon/.

Source for this draft and an issue tracker can be found at https://github.com/dgpetrie/draft-petrie-vcon.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 9 January 2025.

Table of Contents

1. Introduction

The generation of conversational data, contained in transcripts and multi-media files, is common in business, especially in customer facing organizations. However, the storage, analysis and sharing of the data they contain is not currently a standard. Standardizing a container for conversation data (vCon) has numerous advantages, and enables the management of the conversation's content. Very often the system providing the communications service, the consumer and/or owner of the communications data and the communications analysis services are distinct systems and in many case separate business entities. The point of a vCon is to provide a standard means of exchanging communications data between these systems and services. The use of vCons can ease service integration by using a common container and format for enterprise communications. A vCon becomes the standardized input to communication analysis tools and machine learning and categorization. For a sales lead organization, a vCon can be the container of assets sold to sales teams. For conversations of record, the vCon can be a legal instrument. For machine learning efforts, vCons can track what information was used in the training of models, so that as the result of a customer requested deletion of their data, the affected models can be identified.

1.1. What's in a vCon?

A vCon contains four major categories of data: metadata , dialog , analysis and attachments. The metadata portion allows for an expanded set of data from a typical call detail record ([CDR]), with identifications of the participants or parties to the conversation, references to related or earlier versions of the vCon. The dialog portion contains a set of multimedia and mime elements, each representing the actual, physical conversation in it's original media form: text, audio or video. The analysis portion contains data derived from the metadata and dialog portions, intended to carry items like transcripts, translations, summaries, text to speech, sentiment analysis and other semantic tagging. Finally, the attachment portion contains any other documents, such as slide deck or sales lead information, which provides context and support for the conversation itself. The vCon may also container integrity checking information such as the issuer of the vCon and tamperproof features such as signatures.

A vCon acts as the definition of the conversation, and are created by systems during and after the conversation itself. Some communication modes, like SMS texting, lack natural session boundaries and require explicit definition. vCons may have two or more parties involved, but at least one should be a human. For instance, an interaction between a bot and a human is an appropriate scope for vCons, but a conversation between two bots would not.

Due to the size and complexity of some portions of a vCon, both inline and externally referenced dialog, analysis, attachments and other vCon reference assets are supported. For instance, vCons may reference a videoconference media recording as an external URL with an accompanying signature of the contents to detect tampering. Alternatively, vCons may directly contain the media of the entire dialog internally, keeping the conversation in one place, and optionally encrypted.

vCons are designed to be a digital asset, versioned and signed. For instance, different versions of vCon may arise due to redaction (e.g. for PII or other reasons), added analysis or the addition of other content. In the metadata, vCons contain the unique ID of the parent vCon, such that they may be traversed while maintaining their data integrity and provenance.

1.2. Use Cases and Requirements

In large enterprises, different products may be served by different call centers (inhouse or out sourced). The call centers may have different communications infrastructure and even different platform vendors (e.g. IP PBX, email servers). Consequently, the CDR and meta data as well as the conversation recordings may be stored in different formats and locations. This creates artificial silos of storage and analysis. Using vCon as a standard exchange, storage, analysis input and output format, would ease integration efforts and cross enterprise analysis of products and call center metrics. This would also ease customer analysis across product lines which may currently be difficult due to separated, heterogeneous communications silos. Having conversation data in the vCon format would lower the cost and speed deployment of both inhouse and outsourced analysis tools for import into ML and AI based tools, transcription, translation and sentiment analysis. Having conversation data in a standard vCon container would ease the export of conversation data from hosted services. This would enable more analysis capabilities.

In some locations, regulations make it mandatory for enterprises to delete private information upon request of the individual. Large enterprises with siloed communications systems have difficulty locating or identifying all of the private data for an individual due to the disparate communications systems. Using the vCon as the standard container for all communications system, storing the conversation data centrally and removing it from the siloed communications systems, allows for easier management, correlation, tracking and deletion of individual's private data. Without centralizing the storage of the conversations in a standardized container, deleting an individuals private data is untenable and the enterprise cannot assert that they have fulfilled their requirement to locate and delete all of the private data.

Large call centers may have tens of thousands of call agents making hundreds of thousands of calls a day. Supervising the agents and calls in a large call center is a huge efort. Using vCons to capture all of the conversations for all of the agents, enables more automation of evaluation, training and coaching of call center agents. DEVOPS tools such as checking for conversation with too low a volume or agents with faulty headsets becomes easier and less costly using vCons. Call centers often have to provide service level proof and reports to their customers. These service level evaluations, monitoring and reporting can be more easily provided and at a lower cost via third party solutions with vCons as a standard conversation container.

Conversations can have legal and regulatory significance. Regulations may require conversation of record to be stored for compliance. A conversation can become a verbal contract, making the conversation data a legal instrument. Having a standard container for the conversation data and asserting the integrity of the data make it easier to distribute the conversation data to the parties involved.

The initial set of use cases for vCons are expected to be in the interchange between front end and back end application and lower layers of the network stack, critical for enablement of analysis of conversations. It is expected that JavaScript handling of vCons in the front end and RESTful interfaces and back end platforms will be used for operations and manipulation of vCons. Many media analysis services which will be used with vCons, such as transcription, already use JSON based interfaces. For this reason, JSON has been chosen for the initial format binding of vCons and the scope of this document. The [CDDL] schema definition for vCon is included in vCon CDDL Schema (Appendix A) to enable formatting vCOn in either [JSON] or [CBOR] formats. Other bindings may be consider for vCon in the future in other documents.

Requirements:

  • Standardize container for conversational data exchange

  • Consolidation of data and information for a conversation

  • Multiple modes of communication, changing over time

  • Snapshots of conversation during or once completed along with analysis

  • Ease of integration of services and analysis

  • Better organize conversational data so that it can be handled in a consistent, privacy safer means

  • Immutable

  • Hiding of PII or entire conversation

  • Amendable with additional information and data elements

Define a standard for exchange of conversational data in a sea of modes, platforms and service offerings for conversations.

Example conversational modes and protocols:

  • SMS

  • MMS

  • JABBER

  • SIMPLE

  • Proprietary web chat

  • SMTP

  • PSTN

  • SIP

  • WEBRTC

  • Proprietary video conferencing

The following are considered not in scope or non-requirements:

  • Real-time streaming or updating of conversational data

  • Transport mechanisms

  • Storage or databases specifications

  • Methods of redaction of text, audio or video media

  • Validation of redactions or appended data beyond the signature of the domain making the changes to the conversational data (e.g. Merkle tree like redactions)

  • Standardization of analysis data formats or file media types

2. Conventions and Definitions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

2.1. Terminology

  • analysis - analysis, transformations, summary, sentiment, or translation typically of the dialog data

  • conversation - an exchange of communication using text, audio or video medium between at least one human and one or more bots or humans

  • de-identification - removal of all information that could identify a party in a conversation. This includes PII as well as audio and video recordings. Voice recordings might be re-vocalized with a different speaker.

  • dialog - the captured conversation in its original form (e.g. text, audio or video)

  • encrypted form - encrypted JWE document with the JWS signed vCon form contained in the ciphertext

  • file - a data block either included or referenced in a vCon

  • object - JSON object containing key and value pairs

  • parameter - JSON key and value pair

  • party - an observer or participant to the conversation, either passive or active

  • payload - the contents or bytes that make up a file

  • PII - Personal Identifiable Information

  • PII masked - may include voice recordings, but PII is removed from transcripts and recordings (audio and video).

  • vCon - container for conversational information

  • vCon instance - a vCon populated with data for a specific conversation

  • vCon instance version - a single version of an instance of a conversation, which may be modified to redact or append additional information forming a subsequent vCon instance version

  • vCon syntax version - the version for the data syntax used for form a vCon

  • signed form - JWS signed document with the unsigned vCon form contained in the payload

2.2. JSON Notation

For the ease of documentation, the convention for [JSON] notation used in this document is copied from sections 1.1-1.5 of [JMAP]. It is also acceptable to format vCon using [CBOR]. It is intended that both of these formats are easily coverted to the other and that the parameters and objects are compatible with the exceptions of binary parameters which are express in [BASE64URL] in [JSON] and binary text in [CBOR]. [CCDL] provides for this dualality with type 6.21.

Date - A string that MUST have the form of an [RFC3339] date string as defined for the Date type in section 1.4 of [JMAP].

"String" - a JSON string type

"UnsignedInt" - a positive JSON integer as defined in section 1.3 of [JMAP].

"UnsignedFloat" - a positive JSON floating point number containing a decimal point as defined in section 6 of [JSON].

"Mime" - A "String" value that MUST be of the following form as defined in section 5.1 of [MIME]: type "/" subtype

"A[]" and array of values of type A.

All parameters are assumed to be mandatory unless other wise noted.

Objects or arrays with no or null values MAY be excluded from the vCon.

2.3. Inline Files

Objects that contain a file or data inline (i.e. within the vCon) MUST have the parameters: body and encoding. JSON does not support binary data values. For this reason inline files MUST be base64url (see Section 2 [JWS]) encoded to be included as a valid JSON string value if they are not already valid JSON strings.

2.3.1. body

The body parameter contains the payload of the file to be included inline. Depending upon the data in the file, it may require encoding to be used as a valid JSON string value.

  • body: "String"

2.3.2. encoding

The encoding parameter describes the type of encoding that was performed on the string value of the body parameter.

  • encoding: "String"

    This MUST be one of the following strings:

    • "base64url": The payload of the file has been base64url encoded and provided as the string value of the body parameter.

    • "json": The value of the body string is a JSON object.

    • "none": The payload of the file is a valid JSON string and can be included without modification as the string value to the body parameter.

2.4. Externally Referenced Files

Files and data stored externally from the vCon MUST be "signed" to ensure that they have not been modified. Objects that refer to a file which is externally stored from the vCon MUST have the parameters: url, alg and signature. These parameters are defined in the following subsections. The use of [SHA-512] hash for ensuring that the externally referenced data or file has not been modified, is defined in this document. Other methods of ensuring integrity may be added in the future. The following subsections define how the specific algorithm used and how that signature information is included in a vCon so that the content can be verified.

2.4.1. url

The url value contains the [HTTPS] URL where the externally referenced file is stored. HTTPS MUST be used for retrieval to protect the privacy of the contents of the file.

  • url: "String"

2.4.2. alg

The alg parameter describes the method used for signing the file payload at the given url. Only one method of signing of externally referenced files is defined in this document. So only one value is defined for the alg parameter.

  • alg: "String"

    This SHOULD be the following string:

    • "SHA-512": The algorithm used for signing the externally referenced file is defined in section 6.3 and 6.4 of [SHA-512].

2.4.3. signature

The [SHA-512] hash on the externally referenced file is included in the signature string value.

  • signature: "String"

    The string value of the signature parameter is the Base64Url Encoded value of the SHA-512 hash (as defined in section 6.3 and 6.4 [SHA-512]) of the body of the content at the given url.

3. vCon JSON Object

The JSON form of a vCon is contained in a JSON object in one of three forms:

The unsigned form of the vCon has a single top level object. This top level vCon object is also contained as described in the signed (Section 5.2) and encrypted (Section 5.3) forms of the vCon. The selection of the JSON format enables interchange between application and lower layers of the network stack, critical for enablement of analysis of conversations.

4. Unsigned Form of vCon Object

The unsigned form of the top level vCon object is necessary as in many cases, a vCon will be partially constructed and in process as conversation data is collected. This may change while the conversation is in progress or on-going. The vCon may start with only meta data and party information, then progress to contain dialog information. It may then get analysis added or it could be passed to another security domain for analysis.

A vCon may be constructed across several security domains. When a vCon is to be exported from one security domain to another, it SHOULD be signed or encyrpted by the domain that constructed it. The subsequent domain may have need to redact or append data to the vCon. Alternatively the originating domain may want to redact the vCon before providing it to an other domain. The second or subsequent domain, MAY modify the prior vCon instance version and when complete or exporting to another security domain, it SHOULD sign or encrypt the new vCon instance version. The new vCon instance version SHOULD refer to the prior vCon instance version via the redacted (Section 4.1.6) or appended (Section 4.1.7) parameters.

4.1. vCon JSON Object Keys and Values

The keys and values for the top level vCon JSON object are defined in the following subsections.

4.1.1. vcon

The the value of vcon parameter contains the syntactic version of the JSON format used in the vCon.

  • vcon: "String"

    For syntax defined in this document, the string MUST have the value: "0.0.1"

4.1.2. uuid

The [UUID] for the vCon is used to refer to it when privacy or security may not allow for inclusion or URL reference to a vCon. The UUID MUST be globally unique.

  • uuid: "String"

    The value of the string SHOULD be generated using the version 8 UUID defined in [UUID] which is generated identically to a version 7 UUID with the exception that:

    • rand_b/custom_c is generated from the high 62 bits of the SHA-1 hash of the FQHN string

    • the variant and version fields are set as described for version 8 UUID

    The DNS name string used in generating the uuid value SHOULD be the same FQHN, or a subdomain to allow for more distributed generation of UUIDs, as would used in the signing certificate as they are the same domains of uniqueness.

4.1.3. created_at

The created_at parameter provides the creation time of this vcon, which MUST be present, and should not changed once the vcon object is created.

  • created_at: "Date"

4.1.4. updated_at

The updated_at parameter provides the last modified time of this vcon, which MAY be present. For unsigned forms, the updated_at of the vcon object SHOULD be updated as it is modified. For signed forms of the vCon object, the updated_at contains the time when this vcon was last signed. Future updates MUST first set the updated_at to the new signing time as the vcon object is signed again.

  • updated_at: "Date"

4.1.5. subject

The subject or the topic of the conversation is provided in the subject parameter. This parameter is optional as not all conversations have a defined subject. Email threads and prescheduled calls and video conferences typically have a subject which can be captured here. The subject may also be derived from analysis of the dialog.

  • subject: "String" (optional)

    The string value of the subject parameter is a free formed JSON string with no constrained syntax.

4.1.6. redacted

A redacted vCon SHOULD provide a reference to the unredacted or prior, less redacted, vCon instance version of itself. The purpose of the Redacted Object is to provide the reference to the unredacted or less redacted version of the vCon from which this vCon was derived. For privacy reasons, it may be necessary to redact a vCon to construct another vCon without the PII. This allows the non-PII portion of the vCon to still be analyzed or used in a broader scope. The Redacted Object SHOULD contain the uuid parameter and MAY include the vCon inline via the body and encoding parameters or alternatively the url, alg and signature parameters (see Inline Files (Section 2.3) and Externally Referenced Files (Section 2.4)). If the unredacted vCon is included in the body, the unredacted vCon MUST be in the encrypted form. If a reference to the unredacted vCon is provided in the url parameter, the access to that URL MUST be restricted to only those who should be allowed to see the identity or PII for the redacted vCon.

The method(s) for redaction of text, audio and video can be done with existing post processing of media. The method of redaction is out of scope of this document. The assurance of the accuracy of the redaction is made by the entity that creates the redaction which SHOULD sign the redacted version of the vCon.

All data and parameters in the prior, less redacted, vCon instance version are either:

  • Removed entirely in the redacted version

  • Copied and partially redacted

  • Copied as is

Data which is to be completely removed from the redacted version, that is contained in a JSON array in the unredacted vCon, SHOULD create an empty placeholder such that object array indices do not change for the rest of the elements of the array.

  • redacted: "Redacted" (optional, mutually exclusive with appended and group parameters)

A Redacted Object contains the following parameters:

  • uuid: "String"

    The value contains the uuid string value (Section 4.1.2) of the unredacted/prior vCon instance version. The absence of a value for uuid indicates that the less redacted version of this vCon is not available or does not exist.

  • type: "String"

    The value of the redacted type parameter is used to indicate the type of redaction that was performed on this vCon relative to the less redacted version referenced by the redacted uuid parameter. This should indicate the type of information that was redacted.

As defined in Inline Files (Section 2.3) body and encoding MAY be included:

  • body: "String"

  • encoding: "String"

Alternatively, as defined in Externally Referenced Files (Section 2.4) url, alg and signature MAY be included:

  • url: "String"

  • alg: "String"

  • signature: "String"

The following diagram illustrates an example partial JSON object tree for a redacted vCon. The top level object is a JWS signed vCon which contains a vCon in the unsigned form in the payload parameter. The second level object is the redacted vcon which refers to the encrypted unredacted vCon in it's redacted parameter. Note that the redacted vCon references the JWE encrypted vCon by UUID and may reference it by URL or direct inclusion. The JWE encrypted unredacted vCon contains the signed version of the unredacted vCon in the ciphertext parameter. The signed unredacted vCon contains the unredacted vCon in the unsigned form in it's payload parameter.

                --------------
Signed          | JWS        |
redacted vCon:  |            | payload parameter
                |    payload-|-- contains unsigned
                -------------- / redacted vCon
                              /
            -------------    /
vCon which  |vCon       |<---
has been    |           | redacted parameter contains
redacted:   |  redacted-|-- or refers to JWE
            ------------- / encrypted unredacted vCon
                         /
                        /
                       /
                      /
                     /
                    / ---------------
                    ->| JWE         | cyphertext
Encrypted signed      |             | parameter
unredacted vCon:      |  cyphertext-|--- contains
                      ---------------  / JWS signed
                                      / unredacted
                  -------------      / vCon
Signed            |JWS        |<-----
unredacted vcon:  |           | payload contains
                  |   payload-|-- unsigned
                  -------------  \ unredacted vCon
                                  \   ----------
                                   -->| vCon   |
Unsigned unredacted vCon:             |        |
                                      ----------
Figure 1: redacted vCon object tree

4.1.7. appended

A signed or encrypted vCon cannot be modified without invalidating it. In these cases, to allow for adding of additional information a new vCon instance version MUST be created. The prior vCon instance version is referenced by the Appended Object. Then the appended information is added to the new vCon instance version (i.e. top level vCon object).

The prior vCon instance version SHOULD be referenced via the uuid of the prior vCon instance version, and MAY include the body and encoding parameters or alternatively the url, alg and signature parameters (see Inline Files (Section 2.3) and Externally Referenced Files (Section 2.4)).

  • appended: "Appended" (optional, mutually exclusive with redacted and group parameters)

The Appended Object contains the following parameters:

  • uuid: "String" (optional if inline or external reference provided)

    The value contains the uuid string value (Section 4.1.2) of the unredacted/original vCon instance version.

Alternatively, as defined in Inline Files (Section 2.3) body and encoding MAY be included:

  • body: "String"

  • encoding: "String"

Alternatively, as defined in Externally Referenced Files (Section 2.4) url, alg and signature MAY be included:

  • url: "String"

  • alg: "String"

  • signature: "String"

The following figure illustrates an example partial JSON object tree for an appended vCon. The top level object is the JWS signed appended vCon which contains the unsigned form of the vCon in it's payload parameter. The second level object is the appended vCon with additional conversational data (e.g. analysis data). It refers to its original parent (or prior vCon instance version) of the vCon in its appended parameter. Note: the appended parameter may include the original in the body parameter or refer to it via URL. The appended vCon in this figure refers to the JWS signed version of the vCon, which in turn contains the original vCon in unsigned form in its payload parameter.

                --------------
Signed          | JWS        |
appended vCon:  |            | payload parameter
                |    payload-|-- contains unsigned
                -------------- / appended vCon
                              /
            -------------    /
vCon with   |vCon       |<---
appended    |           | appended parameter contains
data:       |  appended-|--- or refers to JWS
            |  analysis |  / signed original vCon
            ------------- / along with additional
                         / converstational data
                        / (e.g. analysis)
                       /
                      /
                     /
                    / ------------
                    ->| JWS      | payload
Encrypted signed      |          | parameter
original vCon:        |  payload-|--- contains
                      ------------  / unsigned
                                   / original
                  -------------   / vCon
Original vCon:    |vCon       |<--
                  |           |
                  |   parties |
                  |   dialog  |
                  -------------
Figure 2: appended vCon object tree

4.1.8. group Objects Array

The scope of a conversation is defined by the observer. It may be any of the following in this non-exhaustive list:

  • a quick text exchange

  • a simple 2-way call

  • an evolving group chat

  • a class lecture and question and answer session

  • a web chat, evolving to a 2 way call, progressing to a transferred 3-way call transitioning to a video conference

  • a series of weekly status calls

In support of these constructs, it may be desirable to aggregate a group of vCons as opposed to including all of the dialog in a single vCon. The conversations may be over heterogeneous or homogeneous medium. A vCon MAY aggregated a group of vCon instances in the group array, using a Group Object for each vCon instance.

  • group: "Group[]" (optional, mutually exclusive with redacted and appended parameters)

    The group array contains a Group Object (Section 4.6) for each vCon.

4.1.9. parties Objects Array

The name, identity or contact information of all of the parties involved with the conversation are included in the parties object array. Whether the parties were observers, passive or active participants in the conversation, they each are included as a Party Object in the parties array.

TODO: Should this be a object not an array to make it easier to append parties (i.e. indices of append vCons change when appended)?

4.1.10. dialog Objects Array

The actual conversation which occurred over text, audio or video that was captured, is contained in the dialog Objects Array.

4.1.11. analysis Objects Array

Analysis, which is performed on the conversational data, is stored in the analysis Objects array.

4.1.12. attachments Objects Array

Ancillary documents, discussed, presented, referenced or related to the conversation may be stored in the attachments array.

4.2. Party Object

4.2.1. tel

If the tel URL for the party is known, it can be included in the tel parameter.

  • tel: "String" (optional)

    The value of the tel parameter SHOULD be a valid [TEL] URL. The URL scheme prefix (i.e. "tel:") is optional.

4.2.2. stir

If the STIR [PASSporT] was provided to identify the party, the PASSporT can be included in the stir parameter for the party.

  • stir: "String" (optional)

    The string value of the stir parameter contains the [PASSporT] in the JWS Compact Serialization form.

4.2.3. mailto

If the mailto URL is known for the party, it can be included in the mailto parameter.

  • mailto: "String" (optional)

    The value of the mailto parameter is a string of the format of a valid [MAILTO] URL. The URL scheme prefix (i.e. "mailto:") is optional.

4.2.4. name

If the party's name is known, it can be included in the name parameter.

  • name: "String" (optional)

    The string value of the name parameter is a free form JSON string in which part or all of the party's name can be included.

4.2.5. validation

Proof of authorization of the communication channel through STIR, login or possession of a device, is often not sufficient proof of the identity of the person at the other end of the communications channel. It is common in call centers to validate the identity of the person on the communication channel through verification of some sort of personal identification information. The methods used, often varies with the situation and is business practices specific. The purpose of the validation parameter, is to allow the validator to save a label or token which identifies the method of identity validation used to identify the person at the other end of the communication channel. For confidentially reasons, it SHOULD NOT contain the data used to validate the name. However it MAY name the data used to validate the name (e.g. "SSN", "DOB", "user ID and password"). It is up to the domain creating the vCon to define the set of tokens or values to be used for the validation parameter.

  • validation: "String" (SHOULD be provided if name parameter is provided)

    The value of the validation string MAY be "none" or enterprise or domain defined token or string values.

4.2.6. jCard

TODO: Do we want to support including a jCard for the party?

4.2.7. gmlpos

If the geolocation of the party is known, it can be added in the gmlpos parameter. The gmlpos parameter contains the latitude and longitude of the location of the party at the time of the conversation start.

  • gmlpos: "String" (optional)

    The gmlpos parameter value contains a string of the same format as the gml:pos element defined in section 3.2 of the [PIDF-LO] PIDF.

4.2.8. civicaddress

The the civicaddress parameter value contains a Civicaddress Object which is optional and contains civic address information about the location for the party.

  • civicaddress: "Civicaddress" (optional)

The Civicaddress Object MAY contain any or all of the following parameters: country, a1, a2, a3, a4, a5, a6, prd, pod, sts, hno, hns, lmk, loc, flr, nam, pc as defined in section 2.2.1 of [GEOPRIV]. The values of all of these parameters are of type String. Note that the parameter names MUST be in lower case when contained in the Civicaddress Object even though they are in upper case in [GEOPRIV].

  • country: "String" (optional)

  • a1: "String" (optional)

  • a2: "String" (optional)

  • a3: "String" (optional)

  • a4: "String" (optional)

  • a5: "String" (optional)

  • a6: "String" (optional)

  • prd: "String" (optional)

  • pod: "String" (optional)

  • sts: "String" (optional)

  • hno: "String" (optional)

  • hns: "String" (optional)

  • lmk: "String" (optional)

  • loc: "String" (optional)

  • flr: "String" (optional)

  • nam: "String" (optional)

  • pc: "String" (optional)

TODO: Do we need RFC6848 civic address extensions?

TODO: Is there a need for any temporal location? For example should location be an array, each element with a time stamp?

TODO: Do we just specify for the start of the conversation?

4.2.9. timezone

TODO: timezone for the location of the party?

4.2.10. uuid

The uuid is a unique identifier for the participant. In a contact center, this is particularly important for the call agent participant, and must be static across interactions to allow correlation with the actual agent configuration provisioned into the systems.

  • uuid: "String" (optional)

4.2.11. role

The role that the participant played in the conversation. In a call center there are roles: such as: agents, customer, supervisor and specialist. In conferences there are roles: host, cohost, speaker, panelist, participant and other roles. The role parameter provides the ability to label the role that the part played in the conversation.

  • role: "String" (optional)

The following values for the role parameter MAY be used:

  • "agent"

  • "customer"

  • "supervisor"

  • "sme" (for subjet mater expert)

  • "thirdparty"

Other values for the role parameter MAY also be used.

4.2.12. contact_list

In a contact center scenario, the conversation with this party may be part of a larger effort of contacting a group of parties, individually or perhaps in groups. It is sometimes useful to reference the list from which this party was included. The contact_list may be used as a label for foreign key reference to the contact list that this party was on.

  • contact_list "String" (optional)

4.3. Dialog Object

The Dialog object references or contains text, audio or video captured from the conversation. Currently two types of dialog objects are defined in this document. One for text media and the other for audio or video recording files.

TODO: Is there other signalling data that we want to capture other than start and duration and the media (e.g. from jabber, sms, mms, email, SIP, etc.)?

4.3.1. type

  • type: "String"

    The sting MUST have the value of either "recording", "text", "transfer" or "incomplete". A dialog of type "recording" has Dialog Content that either contains a body or refers to via url, which is a recording of the video and/or audio of a segment of the conversation. A dialog of type "text" had has Dialog Content that either contains a body or refers to via url, which contains the text from one of the parties for a segment of the conversation. A dialog of type "transfer" does not capture actual conversation exchange, but rather captures operations, parties and relations between dialog segments. A dialog of type "incomplete" or "transfer" MUST NOT have Dialog Content. In the "incomplete" case the call or conversation failed to be setup to the point of exchanging any conversation. Incomplete dialogs MUST have a disposition parameter which indicates why the call or conversations failed. In the "transfer" case, the conversation is recorded in other dialogs. The Dialog Transfer parameters, are used to show the roles and relationships between the parties and other dialogs as the transfer process occurred.

4.3.2. start

The start parameter contains the date and time for the beginning of the captured piece of dialog. For text it is the time that the party started typing or if not available, then it is the time the text was sent. For audio and video recordings, it is the time which corresponds to the beginning of the recording.

  • start: "Date"

4.3.3. duration

The duration parameter contains the duration in seconds of the referenced or included piece of dialog. For text, if known, it is the time duration from when the party started typing to when they completed typing and the text was sent. For recordings, it is the duration of the recording.

  • duration: "UnsignedInt" | "UnsignedFloat" (optional)

    The value MUST be the dialog duration in seconds.

4.3.4. parties

The party(s) which generated the text or recording for this piece of dialog are indicated in the parties parameter.

  • parties: "UnsignedInt" | "UnsignedInt[]" | ("UnsignedInt" | "UnsignedInt[]")[]

    Single channel recordings should have a parties value of the form: "UnisignedInt" or "UnsignedInt[]" where the integer value or array of integer values are the indices to the Party Object(s) in the parties array that contributed to the mix for the single channel recording. The index for the Party Object SHOULD be included even if the indicated party was silent the entire piece of dialog.

    Multi-channel recordings MUST have a parties value that is an array of the same size as the number of channels in the recording. The values in that array are either an integer or an array of integers which are the indices to the parties that contributed to the mix for the associated channel of the recording. The index for Party Objects SHOULD be included even if the party was silent the entire conversation.

    It is implied that the first party in the dialog Object parties list, is the originator of the dialog. However, in some situations, it is difficult to impose the constraint that the first channel of a recording is the originator. If ensuring that the first channel and party listed is the originator is not possible, the optional originator parameter indicates the originator party. In other cases, there may be a separate recording file for each party in a conversation, where only one party is recorded per file. In this situation, it is necessary to indicate the originator as the dialog Object parties parameter will contain only one party and may not be the originator.

TODO: For an email thread, To and Cc parties are all passive. Do we just put the sender as the party or do we want to list all of the recipients and by convention the sender is the first party? Note that each dialog/email could have a difference set of recipients.

4.3.5. originator

The originator party for this dialog. For email and text, this is the sender of the text. For audio and video, this is the caller or host of the call or conference. The originator parameter is only provided if the first party of the dialog Object parties list is NOT the originator.

  • originator: "UnsignedInt" (optional)

    The originator value is the index into the parties Objects Array, to the party that originated the dialog.

4.3.6. mimetype

The media type for the piece of dialog included or referenced is provided in the mimetype parameter. The mimetype parameter MUST be provided for inline dialog files and MUST be provided if the Content-Type header in the [HTTPS] response for the externally referenced URL is not provided.

  • mimetype: "Mime" (optional for externally referenced files)

    The media types SHOULD be one of the following strings:

    • "text/plain"

    • "audio/x-wav"

    • "audio/x-mp3"

    • "audio/x-mp4"

    • "audio/ogg"

    • "video/x-mp4"

    • "video/ogg"

    • "multipart/mixed"

    Note: multi-part will also likely include the boundary parameter

4.3.7. filename

It is sometimes useful to preserve the name of the file which originally contained this piece of dialog. This can be done in the filename parameter.

  • filename: "String" (optional)

4.3.8. Dialog Content

The Dialog Object SHOULD contain the body and encoding parameters or the url, alg and signature parameters for all dialog types other than "incomplete" and "transfer", these parameters MUST NOT be present for "incomplete" or "transfer" dialog types (see Inline Files (Section 2.3) and Externally Referenced Files (Section 2.4)).

For inline included dialog:

  • body: "String"

  • encoding: "String"

Alternatively, for externally referenced dialog:

  • url: "String"

  • alg: "String"

  • signature: "String"

4.3.9. disposition

If the dialog type is "incomplete", it must have a disposition parameter. The value of the disposition parameter provides the reason that the "call control" failed. The term: "call control" is used in a loose sense, as there in not always a call involved, to differentiate from a call disposition that an agent may assign to a call to indicate the reason, issue addressed or outcome of a conversation. This latter definition of call disposition is not dialog, but analysis of the conversation and is not included in the dialog portion.

  • disposition: "String" (required for incomplete type dialogs, SHOULD NOT be present for other dialog types)

    The value of the disposition parameter MUST be one of the following string:

    • "no-answer" - a call or connection was attempted, but no one answered or accepted the connection

    • "congestion" - a call or connection was attempted, but was unable to be completed due to system load

    • "failed" - a call or connection was attempted, but failed

    • "busy" - a call or connection was attempted, but the party was busy with another conversation

    • "hung-up" - a call or connection was made, but the party hung-up before any conversation occurred

    • "voicemail-no-message" - a call or connection was made, the voicemail system answered, but no message was left

    Note: if a message was left with the voicemail system this is no longer an "incomplete" type dialog, it is a "recording" type and the conversation SHOULD be included in the Dialog Content.

4.3.10. party_history Objects Array

Participants in a dialog may not all join and leave at the same time. To support the capturing of the information when parties join, drop, go on hold or mute and unmute, the party_history array may be added to the Dialog Object.

  • party_history: "Party_History[]" (optional)

4.3.10.1. Party_History Object

The Party_History Object contains the following parameters:

  • party: "UnsignedInt"

    The index of the party for this event.

  • event: "String"

    The string token for the event which MUST be one of the following:

    • "join" - when the party joins the dialog

    • "drop" - when the party drops out of the dialog

    • "hold" - when the party is put on hold

    • "unhold" - when the part is taken off hold

    • "mute" - when the party is muted

    • "unmute" - when the part is taken off mute

  • time: "Date"

4.3.11. Dialog Transfer

A dialog of type "transfer" documents the rolls of three parties and the relationship between 2 or three dialog segments. In a transfer operation, the roles of the three parties to a transfer are defined in [SIP-XFER] as:

* Transferee
* Transferor
* Transfer Target

There are two or three calls in which the parties are connected:

* original call
* consultative call (optional as this call may not get created)
* target call

To capture the above roles and dialog segments, the following parameters are defined and SHOULD be present in the "transfer" type dialog and MUST NOT be present in other dialog types.

* transferee: "UnsignedInt"

The value of the transferee parameter is the index into the parties Object array to the party that played the role of the Transferee.

* transferor: "UnsignedInt"

The value of the transferor parameter is the index into the parties Object array to the party that played the role of the Transferor.

* transfer-target: "UnsignedInt"

The value of the transfer-target parameter is the index into the parties Object array to the party that played the role of the Transfer Target.

* original: "UnsignedInt"

The value of the original parameter is the index into the dialogs Object array to the "recording" or "text" type dialog for the original dialog between the Transferee and the Transferor.

* consultation: "UnsignedInt" (optional)

The value of the consultation parameter is the index into the dialogs Object array to the "recording", "text" or "incomplete" type dialog for the consultative dialog between the Transferor and the Transfer Target.

* target-dialog: "UnsignedInt"

The value of the target-dialog parameter is the index into the dialogs Object array to the "recording", "text" or "incomplete" type dialog for the target dialog between the Transferee and the Transfer Target.

A "transfer" type dialog MUST NOT contain the parties, originator, mimetype, filename or Dialog Content parameters.

The "transfer" type dialog only captures the roles, operations and events of the parties and the dialog setup. It does not capture the purpose or reason for the transfer as that is analysis to be captures in the analysis section of the Vcon after the conversation has occurred.

4.3.12. campaign

In a contact center scenario, a dialog may be initiated as part of a campaign or set of dialogs initiated with a common goal or focus or to be handled or treated in a specific way. The campaign parameter is string that may be used as a label or foreign key in reference to an external specification for how the communication is to be initiated, handled or treated. In some case it may be appropriate to attached the campaign data as an Attachment Object.

  • campaign: "String" (optional)

4.3.13. interaction

In a contact center scenario, interactions with a party are often labeled. In some case the interaction is contained in a single dialog. In others there may be multiple dialogs (e.g. messages or calls) that are all part of a single interaction. There may also be many interactions for a single conversation or vCon. The interaction parameter is used as a label or foreign key in reference to the interaction ID.

  • interaction "String" (optional)

4.3.14. skill

A contact center may service multiple purposes or customers. In this scenario it is important to label the conversation segment or dialog. The agent or automita which services the dialog are required to have a specific skill. To facilitate this in a vCon dialog, the skill parameter is provided. The string values of the skill parameter are contact center specific.

  • skill "String" (optional)

4.4. Analysis Object

Analysis is a broad and in some cases developing field. This document does not attempt to suggest a SHOULD support list of types. Nor are formats for analysis data defined in this document. That is for research and specification outside the scope of this document. For this reason the Analysis Object provides multiple ways to define the media type of the analysis file. If a well known media or mime type is defined, it SHOULD be used. For analysis data or files types for which a media type is not defined, the vendor and schema parameters SHOULD be used.

4.4.1. type

The type parameter is used to label the semantic type of analysis data.

  • type: "String"

    The string value SHOULD be one of the following:

    • "summary"

    • "transcript"

    • "translation"

    • "sentiment"

    • "tts"

4.4.2. dialog

Analysis typically pertains to one or more of the Dialog Objects in the dialog array. The dialog parameter is used to indicate which Dialog Objects this analysis was based upon.

  • dialog: "UnsignedInt" | "UnsignedInt[]" (optional only if the analysis was not derived from any of the dialog)

    The value of the dialog parameter is the index to the dialog or array of indices to dialogs in the dialog array to which this analysis object corresponds.

4.4.3. mimetype

The media type for the included or referenced analysis file is provided in the mimetype parameter.

  • mimetype: "Mime" (optional for externally referenced files, if it this is provided in the [HTTPS] Content-Type header)

    The mimetype string contains the media type or [MIME] type of the analysis file.

4.4.4. filename

It is sometimes useful to preserve the name of the file which originally contained this analysis data. This can be done in the filename parameter.

  • filename: "String" (optional)

    The file name string contains an optional name for the analysis data file referenced in this Analysis Object.

4.4.5. vendor

There may not be a IANA registered media type for the file format containing the analysis data. Even if a media type is defined, it is often useful to keep a record of the vendor that produced the software that produced the analysis. Different implementations perform differently and knowing the implementation can be useful in interpreting the analysis. For this reason, the vendor or product name is provided in the vendor parameter.

  • vendor: "String"

    The vendor string value contains the vendor or product name of the software which generated this analysis.

4.4.6. product

As the vendor may have more than one product, the product parameter may be used to differentiate it from other products which may have different schemas of analysis data.

  • product: "string" (optional)

4.4.7. schema

The same vendor or software product may produce different formats or data for the same analysis. The schema parameter allows the data format, schema or configuration used to generate the analysis to be saved with the included or referenced analysis data.

  • schema: "String" (optional)

    The schema string contains a token or label for the data format or schema for the analysis data. As the vendor name may not be specific enough to identify the format of the analysis, the schema value is provide to differentiate from potentially multiple data formats for analysis provided by the same vendor or software.

4.4.8. Analysis Content

The Analysis Object SHOULD contain the body and encoding parameters or the url, alg and signature parameters (see Inline Files (Section 2.3) and Externally Referenced Files (Section 2.4)).

For inline included analysis:

  • body: "String"

  • encoding: "String"

Alternatively, for externally referenced analysis:

  • url: "String"

  • alg: "String"

  • signature: "String"

4.5. Attachment Object

Ancillary documents to the conversation are included or referenced in the Attachment Object. There is no constraint on the types files which can be included or referenced. As most modes of communication, that allow the exchange of files, do not constrain the file type, any file type may be included here.

4.5.1. type or purpose

TODO: Do we want a semantic type like: contract or presentation? Or a subject or title.

4.5.2. start

The start parameter contains the date and time that the Attachment Object was sent/exchanged.

  • start: "Date"

4.5.3. party

In most conversations, ancillary documents originate from one of the parties to the conversation. This is not necessarily the author, but the person who distributed the document. This party is identified by the party parameter in the Attachment Object.

  • party: "UnsignedInt"

    The value of the party parameter is the index into the Parties Object array to the party that contributed the attachment.

4.5.4. mimetype

The media type for the included or referenced attachment file is provided in the mimetype parameter.

  • mimetype: "Mime" (optional for externally referenced files, if it this is provided in the [HTTPS] Content-Type header)

    The mimetype string contains the media type or [MIME] type of the attached file.

4.5.5. filename

It is sometimes useful to preserve the name of the file which originally contained this attachment file. This can be done in the filename parameter.

  • filename: "String" (optional)

    The file name string contains an optional name for the attachment file referenced in this Attachment Object.

4.5.6. Attachment Content

The Attachment Object SHOULD contain the body and encoding parameters or the url, alg and signature parameters (see Inline Files (Section 2.3) and Externally Referenced Files (Section 2.4)).

For inline included attachments:

  • body: "String"

  • encoding: "String"

Alternatively, for externally referenced attachments:

  • url: "String"

  • alg: "String"

  • signature: "String"

4.6. Group Object

A conversation may have take place using different modes (e.g. web chat which evolves to email, which evolves to phone call, which evolves to video conference). A conversation could take place over several calls (e.g. multiple calls regarding a support incident or problem). Each of these examples might be considered a single conversation event though there are multiple sets of dialog in each. What is considered the boundary of a conversation is a business decision. There are situations in the above example, where it is desired to treat these as a single conversation, but each set of dialog is created in a single vCon (e.g. each dialog occurred in a separate communication silo or security domain) which gets signed. For this reason, it may be necessary to aggregate the separate vCon into a single vCon which is considered the whole of a conversation. The Group Object includes or refers to a vCon to be aggregated into the whole of a single vCon conversation.

The Group Object SHOULD contain the uuid and either the body and encoding parameters or the url, alg and signature parameters (see Inline Files (Section 2.3) and Externally Referenced Files (Section 2.4)). The vCon MAY be referenced via UUID:

The vCon MAY be included in line as the value of the body parameter. The encoding parameter MUST be included with the body parameter, if provided, to describe the encoding of the vCon body.

  • body: "vCon"

    The JSON unsigned form of the vCon, the JWS signed form of the vCon or the JWE encrypted form of the vCon.

  • encoding: "String"

    The encoding string MUST have the value: "json".

Alternatively, the vCon can be externally referenced. The url, alg and signature parameters and values are defined in Externally Referenced Files (Section 2.4).

  • url: "String"

  • alg: "String"

  • signature: "String"

5. Security Considerations

The security concerns for vCons can put into two categories: making the conversation immutable through integrity verification and protecting the confidentiality of privacy of the parties to the conversation and/or their PII. These requirements along with need to evolve a vCon (e.g. adding analysis, translations and transcriptions) conflict in some ways. To enable this, multiple versions of a vCon may be created. Versions of a vCon may add information (e.g. analysis added to a prior vCon referenced by the appended (Section 4.1.7)) and versions that remove information (e.g. redactions of privacy information removed from the vCon referenced in the redacted (Section 4.1.6)). Redactions may be at different levels for example:

Different parts and versions of a vCon may be created in different security domains over a period of time. In addition, some conversation data may be referenced externally through an HTTPS URL as opposed to completely contained within the vCon. Typically a conversation of one mode, will be hosted or observed in a single domain. This will likely fall into one of the following hosting situations:

The distinction among these has gotten clouded over recent years. The import consideration is that each is a different security domain. Information about a conversation captured in an enterprise communications system (e.g. meta data and Dialog Object(s) recorded in an IP PBX) is a different security domain from a SaaS transcription service (i.e. an Analysis Object). Before a vCon leaves a security domain, it SHOULD be signed to prevent it from being altered. If the new security domain needs to alter it, a new vCon is created with the removed or added data and the prior version is referenced (i.e. via the redacted (Section 4.1.6) or appended (Section 4.1.7)). See the redacted vCon object tree figure-1 and appended vCon object tree figure-2. If information is redacted for privacy reasons, the vCon referenced in the redacted (Section 4.1.6), if inline, SHOULD be encrypted to protect the privacy information in the unredacted version of the vCon.

The secure storage and access of externally referenced conversation data is considered out of scope from this document. Secure mechanisms for HTTPS access and storage of files are well defined. Identity and credentials for accessing externally stored data will be exchanged out of band from the vCon. The one requirement for externally referenced data from the perspective of this document, is proof of integrity of that data.

Using the above described approach for redaction and appending of data, we can reduce the security operations on a vCon to signing and encryption. Two approaches to signing are needed as we have data, in JSON format, that is contained within the vCon and may have data (typically media and file formats, often binary) not contained, inline in the vCon, that is externally referenced.

Externally referenced data will be "signed" using [SHA-512] hash which along with the URL of the externally referenced data is included in the vCon. [SHA-512] was chosen due to the relatively low cost to generate and verify the signature for what could be very large externally referenced media files. As the hash for each externally referenced file is contained in the vCon which will be signed, the chain of authentication is provided via the signature on the vCon itself.

This document specifies the JSON format for vCons. So it seemed the logical solution for signing vCons, is JOSE [JWS] JSON Serialization and likewise for encrypting vCons is JOSE [JWE] JSON Serialization. The solutions are well documents, implementations are readily available and tested.

Methods of redaction exist for text, audio and video using post processing of the media. The method of redaction used is out of the scope of this document. A redacted vCon SHOULD reference it's non-redacted version. The non-redacted version of the vCon referenced from the redacted vCon MUST be encrypted such that only those with permission to view the non-redacted content can decrypt it.

Any time a vCon is shared outside its original security domain, it SHOULD be signed and optionally encrypted. Files externally referenced by a vCon SHOULD always be signed with the verification information included in the vCon that references the external file as defined in Externally Referenced Files (Section 2.4) and Signing Externally Referenced Files (Section 5.1). Externally referenced files SHOULD only be transported over [HTTPS] and SHOULD be access controlled to those who are permitted to read the contents of that non-redacted vCon. vCons transported over non-secure channels such as email MUST be in the encrypted form.

5.1. Signing Externally Referenced Files

In some deployments, it is not practical to include all of the file contents of a vCon inline. In support of that, a file may be externally referenced. When external files are referenced, the signature on the vCon does not secure the file contents from modification. For this reason any externally referenced files SHOULD also have a signature. vCons use the [SHA-512] hash method for integrity checking of externally referenced file content and include its url, alg and signature in the vCon which are included in the integrity signature for the whole vCon.

After retrieving externally referenced files, before using its content, the payload of the HTTPS request should be verified using the signature parameter value for the hash for the url body using the procedure defined in section 6.3 and 6.4 of [SHA-512].

5.2. Signed Form of vCon Object

A signed vCon uses [JWS] and takes the General JWS JSON Serialization Syntax form as defined in section 7.2.1 of [JWS]. The vCon General JWS JSON Serialization MUST include x5c or x5u in the unprotected header.

  • payload: "String"

    The value of the payload is the Base64Url Encoded string containing the unsigned form of the JSON vCon. The general construction of the payload string value is described in section 7.2.1 of [JWK]

  • signatures "Signature[]"

    The value of signatures is an array of Signature Objects (Section 5.2.1)

5.2.1. Signature Object

The Signature Object MUST contain a header, protected and signature parameter as defined in section 7.2.1 of [JWS].

5.2.2. Header Object

The Header Object and its contents are defined in section 4 of [JWS]. The Header Object for a signed vCon MUST include the alg and either the x5c or x5u arrays. The x5c or x5u requirement makes the management and use of vCons easier, allowing the certificate chain to be found as the vCon is moved.

  • alg: "String"

    The string value of alg is defined in section 4.1.1 of [JWS]. For a signed vCon this value SHOULD be "RS256" to maximize interoperability.

  • x5c: "String[]" (MUST provide x5c or x5u)

    The array of string values for x5c are defined in section 4.1.6 of [JWS].

  • x5u: "String" (MUST provide x5c or x5u)

    The string value of x5u MUST contain an [HTTPS] URL as defined in section 4.1.5 of [JWS].

TODO: How to deal with expired signatures?

5.3. Encrypted Form of vCon Object

TODO: Check this terminology:

A vCon MUST be signed first using JWS as defined in Signed Form of vCon Object (Section 5.2), then encrypted using JWE as opposed to just encrypted with integrity protection. The rationale is that meta data and dialog will typically be collected in one security domain, then may be stored or exported to another. The signing is likely for the lifetime of the vCon, where the encryption may be shorter term or domain specific. vCons may be stored in unencrypted form, but the signed form MUST be maintained to ensure its integrity.

A encrypted vCon uses [JWE] and takes the General JWE JSON Serialization Syntax form as defined in section 7.2.1 of [JWE].

  • unprotected: "Unprotected"

  • recipients: "Recipient[]"

  • iv: "String"

    The string value of iv is the Initialization Vector as constructed as defined in section 7.2.1 of [JWE].

  • ciphertext: "String"

    The string value of ciphertext is constructed as defined in section 7.2.1 of [JWE] using the signed form of the vCon as the plaintext input for encryption.

  • tag: "String"

    The string value of tag is the the Authentication Tag as defined in section 7.2.1 of [JWE].

5.3.1. Unprotected Object

  • cty: "String"

    The string value of cty SHOULD be "application/vcon"

  • enc: "String"

    The string value of enc SHOULD be "A256CBC-HS512"

TODO: do we want to put the vCon UUID in the Unprotected Object so that we can use it as a key?

5.3.2. Recipient Object

  • header: "Header"

  • encrypted_key: "String"

    The string value of encrypted_key is defined in section 7.2.1 of [JWE].

5.3.3. Header Object

  • alg: "String"

    The string value of alg SHOULD be "RSA-OAEP".

6. IANA Considerations

IANA registration of new media subtype: vcon for media type application:

application/vcon

7. References

7.1. Normative References

[CBOR]
Bormann, C. and P. Hoffman, "Concise Binary Object Representation (CBOR)", STD 94, RFC 8949, DOI 10.17487/RFC8949, , <https://www.rfc-editor.org/rfc/rfc8949>.
[CDDL]
Birkholz, H., Vigano, C., and C. Bormann, "Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, , <https://www.rfc-editor.org/rfc/rfc8610>.
[GEOPRIV]
Peterson, J., "A Presence-based GEOPRIV Location Object Format", RFC 4119, DOI 10.17487/RFC4119, , <https://www.rfc-editor.org/rfc/rfc4119>.
[HTTPS]
Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "HTTP Semantics", STD 97, RFC 9110, DOI 10.17487/RFC9110, , <https://www.rfc-editor.org/rfc/rfc9110>.
[JSON]
Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange Format", STD 90, RFC 8259, DOI 10.17487/RFC8259, , <https://www.rfc-editor.org/rfc/rfc8259>.
[JWE]
Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", RFC 7516, DOI 10.17487/RFC7516, , <https://www.rfc-editor.org/rfc/rfc7516>.
[JWK]
Jones, M., "JSON Web Key (JWK)", RFC 7517, DOI 10.17487/RFC7517, , <https://www.rfc-editor.org/rfc/rfc7517>.
[JWS]
Jones, M., Bradley, J., and N. Sakimura, "JSON Web Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, , <https://www.rfc-editor.org/rfc/rfc7515>.
[MAILTO]
Duerst, M., Masinter, L., and J. Zawinski, "The 'mailto' URI Scheme", RFC 6068, DOI 10.17487/RFC6068, , <https://www.rfc-editor.org/rfc/rfc6068>.
[MIME]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, DOI 10.17487/RFC2045, , <https://www.rfc-editor.org/rfc/rfc2045>.
[PASSporT]
Wendt, C. and J. Peterson, "PASSporT: Personal Assertion Token", RFC 8225, DOI 10.17487/RFC8225, , <https://www.rfc-editor.org/rfc/rfc8225>.
[PIDF-LO]
Winterbottom, J., Thomson, M., and H. Tschofenig, "GEOPRIV Presence Information Data Format Location Object (PIDF-LO) Usage Clarification, Considerations, and Recommendations", RFC 5491, DOI 10.17487/RFC5491, , <https://www.rfc-editor.org/rfc/rfc5491>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC3339]
Klyne, G. and C. Newman, "Date and Time on the Internet: Timestamps", RFC 3339, DOI 10.17487/RFC3339, , <https://www.rfc-editor.org/rfc/rfc3339>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.
[TEL]
Schulzrinne, H., "The tel URI for Telephone Numbers", RFC 3966, DOI 10.17487/RFC3966, , <https://www.rfc-editor.org/rfc/rfc3966>.
[UUID]
Peabody, B. and K. R. Davis, "New UUID Formats", Work in Progress, Internet-Draft, draft-peabody-dispatch-new-uuid-format-04, , <https://datatracker.ietf.org/doc/html/draft-peabody-dispatch-new-uuid-format-04>.

7.2. Informative References

[CDR]
ITU, "Recommendation Q.825: Specification of TMN applications at the Q3 interface: Call detail recording", n.d., <https://www.itu.int/rec/T-REC-Q.825>.
[ISOBMFF]
"Information technology -- Coding of audio-visual objects -- Part 12: ISO base media file format", ISO/IEC 14496-12:2022, , <https://www.iso.org/standard/83102.html>.
[JMAP]
Jenkins, N. and C. Newman, "The JSON Meta Application Protocol (JMAP)", RFC 8620, DOI 10.17487/RFC8620, , <https://www.rfc-editor.org/rfc/rfc8620>.
[JWT]
Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token (JWT)", RFC 7519, DOI 10.17487/RFC7519, , <https://www.rfc-editor.org/rfc/rfc7519>.
[SHA-512]
Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, DOI 10.17487/RFC6234, , <https://www.rfc-editor.org/rfc/rfc6234>.
[SIP-XFER]
Sparks, R., Johnston, A., Ed., and D. Petrie, "Session Initiation Protocol (SIP) Call Control - Transfer", BCP 149, RFC 5589, DOI 10.17487/RFC5589, , <https://www.rfc-editor.org/rfc/rfc5589>.
[vCard]
Kewisch, P., "jCard: The JSON Format for vCard", RFC 7095, DOI 10.17487/RFC7095, , <https://www.rfc-editor.org/rfc/rfc7095>.
[vCon-white-paper]
Howe, T., Petrie, D., Lieberman, M., and A. Quayle, "vCon: an Open Standard for Conversation Data", n.d., <https://github.com/vcon-dev/vcon/blob/main/docs/vCons_%20an%20Open%20Standard%20for%20Conversation%20Data.pdf>.

Appendix A. vCon CDDL Schema

The following is the [CDDL] schema for vCon.

Note: this CDDL schema is not fully verified and needs some stylistic edits.

vcon = {
    vcon_version_type,
    uuid_type,
    ? subject: tstr,
    ? created_at: date_type,
    ? updated_at: date_type,
    ? redacted: redacted_reference_type / empty_object_type,
    ? ammended: vcon_reference_type / empty_object_type,
    ? group: [* vcon_reference_type],
    ? parties: [* party_object_type],
    ? dialog: [* dialog_object_type],
    ? attachments: [* attachment_object_type],
    ? analysis: [* analysis_object_type],
    extension_object_type
  }

; Object and multi-parameter types
;_________________________________


redacted_reference_type = {
    type: tstr,
    ~vcon_reference_type
  }

vcon_reference_type = {
    ~vcon_uuid_reference_type // ~vcon_inline_type // ~vcon_url_reference_type
  }

party_object_type = {
    ? tel: tstr,
    ? str: tstr,
    ? mailto: tstr,
    ? name: tstr,
    ? validataion: tstr,
    ? gmlpos: tstr,
    ? civicaddress: civicaddress_type,
    ? uuid_type,
    ? role: tstr,
    extension_object_type
  }

dialog_object_type = {
    start: date_type,
    ? party_history: [* party_event_type],
    (dialog_recording_object_type // dialog_text_object_type // dialog_transfer_object_type // dialog_incomplete_object_type),
    ? campaign: tstr,
    ? interaction: tstr,
    extension_object_type
  }

vcon_uuid_reference_type = {
    uuid_type
  }

vcon_inline_type = {
    inline_content_type
  }

vcon_url_reference_type = {
    url_referenced_content_type
  }

dialog_recording_object_type = (
    type: "recording",
    ? duration: uint,
    parties: dialog_parties_type,
    content_parameters_type,
    ? originator: party_index_type,
    inline_content_type // url_referenced_content_type
  )

dialog_text_object_type = (
    type: "text",
    ? duration: uint,
    parties: dialog_parties_type,
    content_parameters_type,
    ? originator: party_index_type,
    inline_content_type // url_referenced_content_type
  )

dialog_transfer_object_type = (
    type: "transfer",
    transferee: party_index_type,
    transferor: party_index_type,
    transfer-target: party_index_type,
    original: dialog_index_type,
    ? consulation: dialog_index_type,
    target-dialog: dialog_index_type,
  )

dialog_incomplete_object_type = (
    type: "incomplete",
    disposition: tstr
  )

attachment_object_type = {
    type: tstr,
    start: date_type,
    party: party_index_type,
    content_parameters_type,
    (inline_content_type // url_referenced_content_type),
    extension_object_type
  }

analysis_object_type = {
    type: tstr,
    dialog: dialog_index_type,
    content_parameters_type,
    ? vendor: tstr,
    ? product: tstr,
    ? schema: tstr,
    (inline_content_type // url_referenced_content_type),
    extension_object_type
  }

url_referenced_content_type = (
    url_type,
    signature_algorithm_type,
    signature_type
  )

inline_content_type = (
    ( text_body_type // binary_body_type )
  )

text_body_type = (
    encoding: "none" / "json"
    body: tstr
  )

binary_body_type = (
    encoding: "base64url"
    body: #6.21(bstr)
  )

content_parameters_type = (
    ? mime_type,
    ? filename: tstr,
  )

party_event_type = {
    party: party_index_type,
    event: "join" / "drop" / "hold" / "unhold" / "mute" / "unmute",
    time: date_type,
    extension_object_type
  }

civicaddress_type = {
    ? country: tstr,
    ? a1: tstr,
    ? a2: tstr,
    ? a3: tstr,
    ? a4: tstr,
    ? a5: tstr,
    ? a6: tstr,
    ? prd: tstr,
    ? pod: tstr,
    ? sts: tstr,
    ? hno: tstr,
    ? hns: tstr,
    ? lmk: tstr,
    ? loc: tstr,
    ? flr: tstr,
    ? nam: tstr,
    ? pc: tstr,
    extension_object_type
  }

; Basic types and single parameter types
; ______________________________________


date_type = tdate
; Ruby cddl seems to always find tdate strings invalid, even ones it generates.
;date_type = tstr

dialog_index_type = uint

dialog_parties_type =
    party_index_type / [* party_index_or_list_type]

empty_object_type = {}

extension_object_type = (
   * tstr => any
  )

mime_type = (
    mimetype: tstr
  )

party_index_or_list_type =
    party_index_type / [* party_index_type]

party_index_type = uint

signature_algorithm_type = (
    alg: tstr
  )

signature_type = (
    signature: tstr
  )

uuid_type = (
    uuid: tstr
  )

url_type = (
    url: tstr
  )

vcon_version_type = (
    "vcon": tstr
  )

Appendix B. Example vCons

This appendix contains example vCons in the unsigned, signed and encrypted form. The JSON has been indented for readability. Long text lines have been wrapped with a left hand white space indent for readability purposes.

B.1. Two Party Call vCon With Inline Recording

This example vCon is for a simple 2 party PSTN call. It has a single Dialog Object which contains a single channel wav format recording with the two parties audio mixed into the single channel.

{
  "vcon": "0.0.1",
  "parties": [
    {
      "tel": "+12345678901",
      "name": "Alice"
    },
    {
      "tel": "+19876543210",
      "name": "Bob"
    }
  ],
  "dialog": [
    {
      "type": "recording",
      "start": "2022-06-21T17:53:26.000+00:00",
      "duration": 4.72,
      "parties": [
        0,
        1
      ],
      "mimetype": "audio/x-wav",
      "filename": "ab_call.wav",
      "encoding": "base64url",
      "body": "UklGRioeAABXQVZFZm10IBQAAAAxAAEAQB8AAFkGAABBAAAAAg
        gBAAWZhY3QEAAAAgJMAAGRhdGH2HQAAoxjXHYXCRekuye4gK4Tsiv4wZe
        htuvu3RMkgyPXme4NeahQLG0yeLayx5HCIiRWK7psbQrQTFm57NwQJvIb
        1aNxk6VpMYAXSm5Bb1rgStIStvEzmCaOIabxs2gjReJ02Rk0BQtOxHkhU
        IZd4VGKoq1KuoCGhrZTx1vRZICuZEcgkGjdH2jiCU1a0NMW6BE8lVHN-O
        FPHcZspr0CSl1aeo2hOWUx3CbovpGqKsApWteunk8gMPMOdynRVFWR5o0
        2BvaQDcWugGRHrQa9NcEbG1LWQq_AWLpsXKdMQefGrZu4ZE2ZSDIRGJLT
        pIzDybqSyZishQmjuVGztMKNlcyt2vW546JsutgllyppQWroAtHbkyrrG
        x3bIiX81g1sR-oVaBbtkobA08fpJYscQSlHHcGm7hDriuWTRm8A6GKQ1F
        cn10M30DcHctnEchwaAI7dxI2knYCQ5biNHB2Djxm3bFmyU5TA3ALZt3D
        SeABIkiRJcm0AxpEkSZI7AEiSJEmSwUYZ1mQLYNu2bdumPWDbtm3b9gOA
        EmSJFkFgCRJkiQZbHRhTccDtm3btm0qAEaOJEmSPABIkiRJkjAASJIkSZ
        BRhfW9CKAJEmS49gCgCRJkiQ5P2Dbtm3bZgSAJEmSJClkcmVNLgBIkiRJ
        m8ASJIkSZIvAkiSJEmOswM2btu2bcMVmd3kIoDkyJEkySOAJEmS3AgGgC
        JkhypC2DjuG3j9mxOWQiyEUQ1DAtyvQJS9aTWWc4KuFqLO9F4CCJX4yeF
        MaSUWSLYMkYinzGa4HzyrEi6-pgHVdXe6mugKzW7VqHYOzcDDsXWnJkeV
        HFKpuLDZSrAroZOQohtASpE4dyZSRxozJQC6hJE2OLGiNYLM1ruIWzsCc
        hEW6c3AJhq6bmp9cZ0IvAy2a5xJVcUMNE8Qq3G0CEJy30SNxwrUqUy5Nc
        WkI3S7UCk4iyrBM3AzCvJqkisQPQkcekWjYDoJk4DpWiPmUzXCtKFMkuy
        g7MtWnrqLwMSqpjR8vXDipSKzk1D-bOjdLzgNQollapqqCUmjChmctA6j
        mYPOLYJtHbatocTAZCfAQ3LHs6O2zDuCC_LyStAgkklFHZesUspXsSr0S
        lCRYg-hXc2tKqMsgeqYkNzSVmLc9mk08zbhzUKO3fhkzJQsvBTCcNk2s-
        UxO5zpatkETyFn-xtrxRaTR0hZk3WDo5ELiFWOq7hmMxgKjdcY0SO4Fk7
        ijHC6EYNXEZI6oDUQz2EeJMMh1orxSOup04uUUjOtyjwVQ3HdhpuSRyJv
        WzpRTo-so7pMpdgKWUk0jlEwjiqBJAwcuw5lca39VznGdMLAg6o-EEenb
        EQxgkeS0xxEteISQcQUNPm8KxaV1xKKIq-BFEpsm_bjIFPLiJwpRoEoSZ
        uqWuBJLuu1oxZC8ksQB0Wkt_IqrwaSMq8p4mzEPrFksdx9i9KZVv36AvG
        MmyKsHI864U2eThk-iNKRsvgRsqL1vMTUHbPK2ZqVwNHW3oEIay3EaN7x
        GgV4mmK8Q1k0O4jHPCFpRzHYxBtbOEZFMQeMoOVQ2F8GTOXvh9-qARmvO
        H9MYaOpdTIFaS-ZJO4OGmZOvo3fEig5M8lQvwxinfXKhc4QrPGM0pIJth
        KkixBYjvlZJlNwXTljSW8VWFex6tshg7BUiVuU8VoDtlMwRBEkqXknPYW
        NFMRtW_FMhsVIpV4RDESZlqtFXHVI3GSmHZyNFMV24h48qsHAdLYeumkS
        hTYG1Qp0LpWhr1UitEmaJ1DxuXwgGEe62VbkIUKKbdkv2CFhIZMdnkebS
        RKzoCG7Uc32ywDkqkauEsuAzOqK1vnNoKFOtloMaa5YBWwbZI_aPtKzFM
        yqx7WNBXEqt43TasSiiaAKW8U2NSFxMuA6htzZ8ougZAbtgLVamHcwpHZ
        q6B40DSETuvriVpKyFIUpxogTQvwrBFaY5MScRRE6GFMFGqYp5L26r4Eo
        kooM941UsSSRC6NVuXVFmol1pueTN7sLdPY-uiHbuECmzJFAvywh-KivW
        RRtmK4u4p1Va666LNhrFMtF3tZKlTDvgdOFlqN-zUGbWLWajishIrY5DT
        LYovSDJJ2co6MCCwrxmmd6u0wU-CtiptRtUQohlesWT1X0I4kR-NrCEmI
        FRGelq51TpDpN2jnuxFrUWfaop44QqkpsixOkeSsFwpyiIoHV4IN-NAtF
        boRbtIqoILbeS0SJe1i2_tl8Xi4xizaGMTbVg3w4C6biZ8LrTot8bmqK5
        WIKQWqUWloIyQhHJaAMTQaq4SQWNzTeTaoc5MHEkWrWHEY8moxcmLeQkQ
        toV9lsiM7S6HlKE6nLKfAJK3GVq0WQeK8fmKNcascCXElWJJd9iwvNSi9
        NvGsRwsvvxyHsw0OqqptnxsWafZojyKIykTLXobrtrgcAoryw9tNE7TVs
        KaCBBmEJ2LMUsXJKCCBk1kWpsul1ZnZRgWoSnleyJ9njK9VrZXCrYFojg
        ofqqAam-jOFbEvQIIcLJF9f-quNDsQiS9ac_ljMEE30OjQXKrmVeCxG7i
        3UmIcLO4g0zVPFXAN5biakMaMydRuQRlJ2NuaTOEqKabgJg8hc8KNG6PL
        Dxn1fDGZAzRLOsMhnEGF6--CEZJU6ly4hJmqiXpha4Wumlis26U5hAVtM
        gmpVUIzPOoFgpsVVLLOHiSOrKysoBq0Zx4xZZTVFJOwqozvXM7WEQtpmk
        7GqF-ZKnqo2YBGysVvsSJPm0I1kDMHOdHEkN09hm8NtJWnmgA1HDhVoL2
        NW6odeXkN2SjJCmjxotduUws-l3OyDu8KtGUMMc7ICrJu6XpMSsdQkSTu
        EC3ddtk1sBUQyktmMqA8Ti6G-crYSsVVlmFXE5VLeQOtC5kuFCrCEaqTe
        JWQu662W5sr4KQGcrRVjLFlHVdK1AV8Wt23ivgJmLsuU8TcEjG_ZdREvB
        iiaHKhcz1xJMxPOah1FhvcK8lOaK1nSFjSPk8iRxghUySuliw230olEzw
        fOKfzWq1gbFMH82iPYAk3rlNhzICdTIYblWwvYSnWDliN3TRvLwcmQhMc
        lYJ2G0NuYpJD0KtVEqpSuaU1fJLgdp0aRyn1kAzM6_jW-6Ab1vxovqtwJ
        ZzmZ3YM0gTVgRVm-zNm61DvaQaqVr1A4IUsQ8LLkMJpXarHRIxlLSNK3A
        qhuGv2uQA6pcuSkrmCpllETvY4g4sgt3IZgbhUtSQ3orOouknUJ1taUPX
        IDbq5EVeuvgzEsQQ5jgvmTk10zaCg2G2Tm9ZAzCJO3ZSLwN3M9XWerUD9
        motaWDvHEm_DMyQrMou9w7OsB05t1MLNLZrvBlRCyiKjkSNicYUzuazIJ
        zclQ3ziAtZVVs5a6Azhg6GYPKYGHFPaTKYO5ULdIIuIVksabFDJrRRdw9
        AxEiUvZpcIOmrAj69TTtpaJsMpgneyUu9ZtweRYk6l2zKDS5JJsq0xhJB
        ulMtcL5kscBlAcSNHUsIK9qirs87yELpvrLnOzBCklpo5lYvGlJFUjIBT
        TkkcU2BGheP1KqrgF1TrSljrYDcpm5KK2RSYU1nAERu3LaNXQDIceRIjm
        ASHIjSZI0AkiS5EiSgUcX1gQDgCRJkiR5B2Akx5EkqQOAJEmSJJkFgOQ4
        iQZcJQhMbwENm7bxnHnBLZx3MaRbwBIkiTJcTcAOHIkSZLBNhvWxiSAJE
        S5DgFYBxJkiRpB4AkSZIkeTxg27Zt28ZoLB1FqA84qpop2DMPxB3yyHWx
        Eq-fmsS1w4YUjo9rZTHlFH0q2AdUZIptdIgy0RuGddqgdyotUKb6kDbE4
        kV4FunQyxDEpOHKgiUSHekezIka8Kys0TR3PlCFqPHrR10teOkYSnQKOl
        pQdzQALJTqbhIqAomiNxIiNQFTXZWWneXHhSPESVm4lyc1OEahpnMKFsB
        ojionS9MISIq9u9dX59iNgu2gpbd5mlatoGmpjpyqjmBt5mp0Za5gpVZz
        UR17lgp0gqgLVIIdvMIpMbktErBDJqS65hy7ApUjiOjsZjXVtnitEDxJq
        aG66ApGvxHWmugByp0ds4LmGdNmmEymntVCmzCtSY5M1qUBO8kizbWc8N
        Lsw9nW0Gs7tY1vtFaiWTVDsoGVNdfvy7EFD0zJMJMuhI8etAzstQSK9Tq
        pdEzdBMUeNm5USi3YDuxszZiSWgyyWeoovtoMyHWWq2ZV91RVoMpgpZpQ
        zgMgaS7rZxLzEDtpK2trKygm6OGJjhtTtkkxQyorhvXclcNUm6s1VLtDl
        q1joy3Qo2RpWU-ZK3zs1CNSH1RJqjWGsho6Zx2oSsgGJIcZs6ziDMOLLq
        o20XU34CDxWFAlOzAwIclQXst8MptWj3tLfCOz17dx5VMYMkhLXgCU1Tg
        GjMAbNW7bZkNg47Zt2-bugBtDMS63bTCdKbESGk7cNHK5EMBNJbmW4hLK
        q0pfkQL4lCtJpZcZ5lRYExhk0XS7spt4ROnLeTaHEJbJykFmkoBhLVwfG
        lDRkpRBIW0aM6dXgKONwlc6IpD-5YTcW9ySC6cTwpkhfWUFbUi2AfdLNo
        AyhFTuqiuqzQF43RreH1EHc2G2famXv3GQzEbaFWyWKvA54ay1HF-0WaJ
        jq906C-JtlpSGDtaOkSItYVtKktMmrGCT1qEbaSxh1DZOJObUoCBLiW2d
        TBZSboKOn4bOVnLCsim9Vyu6wioklaqLMwMRpELrXJT15RJUHWB4zRiZb
        WgFzGEW1m7GCjCpoi6w7ArGdeWR1xUdVE4AhQkiPNbtYLqG2e6JS1CkRf
        tqZwgo4U6xWhpT3lokwzIBRsy3tVIsgWTSNDUusYBTn6eN4rWCcrBCVxG
        NVEXBCm6R5sZ2KBO2buNHk98WyK7DXHWwCsQ1pNVVy-YUSnKsYVypCiTX
        kDsqC4TR61A2aJ02vjOIJ2ujquiZO-cSL4MSpGOSs3HCiZxVDdx8hbGiZ
        5qekUStXiHI5P1o5N0sqA6vpMc_utIDWYcuJI7GB2uf5jpa2A1k7O2hJ1
        50MvwjebFu4sckMmFXwNDJdC2gPGbeqYB24bSA5bg7XWI0ky2DTiDPkIu
        A4WapZRrtoJu8rhnJy4CktZkdm2QuWUj0CnjWs1anShG4kiTXnKkQFngg
        42-DhS-8spVTOYSjjIvgZtOSiQV7IC9NHYYg8yAy-Sq4mduYeU4rsSaXE
        dSdsI1MmiVVS8ErZp3kBO5wjEUZ4litUKhlYLm5QIFtPFgkxBVCWnInXN
        IVYldbH66DrRk768I6gWceUHbhsbZ1MuBLKqaPWZtUSumrm0pKsEkSW8b
        x9gzKVdvYjBkIn41UzoBFK3LyJsuA6kZz3MUuQeU0DhvnbYEcW5bdqWAN
        UQrDbibYg2RxwykcQtFxuoKIuEcw871DDhunD4tzhWRiZKuwORIrt6cHW
        atkIUN7RA5GRSnbytgA2mUh5lce5QSPAOVI1y5IjtErKQGbd1vwxM0p1F
        tcMZJIdtTLS1s6NgKxAtkKwi3lMgWQ3umtJ7EAdaSMlRayAXbdarDp5Lx
        pxAgMd4zJkKwMhp4iuTKzDKaQSkOh3w7Gkde4udP2zowSzGDUzMPuSMvA
        UlVLASPgOSocix9s4DzYFbqOmlN2Si5CDBPTUeN3AyiSASTj_gKQrGctq
        xE0QupVatDbeMTdKKQCOVhgu562BiGc8kqZSgbmtJFpWswNs2N6N8cTEd
        cAIqLKKN2nHDKayFL-VSAtmrgY5caoKppCbxnRPxkzJ4IxAzLamG0dPwe
        2jp0WzCAUF4lmuGuB5PqpZGWxi-Tdu83IkRu58bvpIpTjyo49xVau11BO
        q_Mb1I30pTKhuLbE-qCppVr1bMoG5MWofRNaO9FTtUULKkcxK1se60u4P
        CSpYeriVaxorWtSTbT3ZK-p8kPe3OUiL2Y0mSV6vGnamuo-xkacV8jGIs
        dadKA_ipsBKXQamggPJeduCoXCctcQSaILpxDhsIvSya1mXrwzUEtw0g9
        KyjCDNMmYFxWa1G6BBUWGlK_WoJooLVmiBGHikq3TOO9AEUt8yriBEt1F
        gjCrW17llgN6E7bRoi2FDau7PaxcRMsVt5Wr9go19VEzaBf2C4UUY5gmj
        1SF2MQJU7ZWVKrUDpFujiln1R4UivHsaQmzSNxgpGtiM9t9kSpn4bzbHv
        naKZmWq2AfTjebrYBCpdao7zaCoRVZr8-pgwzgwjVDtAJ0mjdKkiRBhRb
        KSrXlNKtbD-aKFDROcw1Ehiq5jtAIKHooV3bV9lCVdKsge8N14oiuIJm0
        cukraAjR32iF89grKzNdamJcSEltQ7aTZpjxc0KIillx5XHCHysPSmv5g
        4W2O7Nxf4EFLybMEchVUcy81g-kryZoEsoRzLTe5Iz2DuuJGTo4TWsS7E
        qZqZPWVzwm8cSfnTlMNZnTdRBWqLFRO0FhyCwrNsgWL4WWmlaQNfAKyp7
        _oiJiLDOWg3KsAU5ZdmQWsYhsm3Ua6JUbian3EvyU9yIn9BBIfVv4gU81
        FF9pZFK-RRuGcuho3tJyUIEIdS4jUsJZ2ElNbAWKI9ApOJ10yWFL91xwh
        ia6MmSbQUVIm9V4avEEx1c5up0g7a8M1AJlYnF9pUb4H7NrZay2vBJrc2
        2XXIB0rbxGVbEHSTPLkdHVP3SiyFkrSfMuqxxSoUywTl7IK1nkqWR3qFN
        gHFmJWfeOTZKu4OsYU5RWNWLaxG3QKsxAH0Xr5MYsgRRlrRxdeTFZKPQO
        KXeYsHHFFSVOiuy4xLmktxOiccSTLEdt06UeF2KVM1gajRx2oivgNSoT9
        o1WEamTIm9CohXLeNQMbUdBiaxp2WflvGlTgayFeymZpJEhaXJbvJbhY-
        rEiNo1q35r2NWEeGLEiFZUh7qBmzS6rAtsoEfP2qgIqN07jV62KJL5mJ8
        vQMXyuSqOmKTZmr0gILnRjZnWLNy3E6apVcqEmXur4e1Ezc0MhkFCmGVj
        ezBbFiQqsRKoZqj4hX5pCtSP8sQhnUaqW1RJSqSNgF3q6VIkts6gbI6Ov
        3h4nQmlz1ozQkau0juIS0Qiw7auE3tEEvYXRsZuaB2jJr6uOYLyWaxR4Y
        iR7T2sS6u4Z3ULmGNjN21tO7hS4nJs8rxUoT9HUi6Ds6-5mxy1BJLdNZm
        Pgc7IbpV61UCqx7FkV4FwUSi1CpI5kpRt8Agwbx1liMIIYgvVuNbBCKTs
        sSQmQeVyYQ0IV2XedKKrSAvabkyS-5gMV0WNe3twGuVgdykiZNZTb8MQk
        FX_GvDiqZ7Jqx6Qy4kc0YieoUxlCMptKYB1WRQO_AZunS7XqsYBZOkdyU
        uCy6A2gRc6A21apH0mB9Slu2wbkbbohLvQWuEnhBE2qFqZQlXpJsBRaRZ
        qzkyZ5SIjVEHMJknKsq1BI7RtG_eKABbHbKrC7kCkWIdGQ4GyoUnzCjIt
        BipvAq8yFbt7WcMKI5j6s3iDkRSmwxGV-cOlub0oNvY0poFzYBrV5kx60
        hYpm17IgtARLGrKsJfdFYkcIUJrr1mHrzCMLzKzV9xgy6Vh1Hpe0SuDYd
        25Nm9hzUw-hHjlS3JiNQJ1Ijdu2fWbj2CcZ14pk8msp48awbTU3Vhr-Tr
        vKFIcJPojF333KkjyGUaSZTV6aQ3L1U5roOuwHEeaE3BkySIiTaBS7LYs
        ZnfdoSZBqHdpK1LJ6nQXJpwFchNZ-vv8xp4cqvLqa0cGpWl9XayEpCRW4
        NE_pKXYuXQZRLUfXLKmFox06kAmxhaUUlY2rPQBndZc5KgVBZVccIYtqq
        a31CDpUHcdw6hTWRcLIlSsKUoKsXoqS1xKRsq3AEDV1YXdNQVsLcavky2
        UuV3TLK2A5BI-god9seFE9A6yU9tW2-oKUqZ0RZLgCjw5p0l25BC4kZnY
        dDW1I1grKALt9LbprSAbMalGvUuQSahbhPJagGlRHEktWixXCXhDOQRDB
        SVh0mU7LYCU0RTgM_Q7Y6EtCuUUuyS_aOldRNYTI30c12jsDe9orzdy2B
        1qyYl1X4TtVsuuqWM4YTasUyMbarHYtEbyJ3Bo12BWYivAUrq0sGlIcSa
        NGBOaV83iXSaO2orMgR1LTvvmbqIkV1bqhycBO6edpup4cqVNsBKorPfK
        -kQVj4uOb2vFDR71CiSzRK2yQu9bRk2U5GA74Bmmc-a3Duh2wt71OqKId
        YaORWTKF70pIrx4lS3SjKDFAtoq5NRBOoUKRmaXYWRJGeyNbGFNphZDhQ
        OeQyWBtYUOViaKmq4Ds5tTbOi1hVD-ObJWqoF3EMeuQZM0kSbIUxka8to
        uDEI22iqLLA1GVqU1kdkKUm7juLHMxtBJwoygoxXHHceqgNI0coPGksAk
        kX7kCphGrtuXkWBENVIzxI-MSUnUrAIukf69lHJDDYvE0teUQ1Y1V9IUo
        mzkVUz6AUtQccy8pgLSQ5BXnLIBYzmirr7WBhyUVr9WjuHE0rCwhyWueN
        w5IbfpWqrgUNnoiaXLDCiy50lvsjtdQkWKLAKNekZZirKCnaDVvVu3gHN
        VYX3MQLIoSq6KgTCdRPIO0I2jusa2CmbG5uautQ5Ipl3WT64IOLVbW9PQ
        NcZZ8-A7Dp3pswbQdQ6PYGNK6HaxUDiVs2AZRnOzRaRUJ1Z6RRI0iTHyf
        KRI4cOjrxEqgqospuKyO4VZK_1lMokw2JQ2EolrXkqIzAI9wynWjn4FHv
        qacrIC0RnZac4WPmUzNECZOpSgqWw2qbCREedIMNFu0NS7rDCQRm5iOle
        UzULLgCLLkIOJzyDaI66hO--g3DQi01zLYCJHtJ2biVHhKPYMtKkxqW7h
        Ep1K9Uh1g6aTE04qTYAYJ3fXApcCBWS5MWA3OSpIoePwJXFTVo2rGAVRl
        st8tgbmeSpDZxUJUksA6kcd4lkuUIso2UtZG9ClrW79RZ6QpmbuLiclb3
        E2k7CAqw45ki60A46rW27Yq4D2fkhOizUDkok4SxYkyWSmyCFauWgc2xg
        6dKJu7dAIqpENKQbnCDROpEfX1vfUiXK1YHY3fvRXzGD8yJUhCY0A3TJt
        4XvgNpMip1KbQ-VLPQMwoxUJ1rIDDQuKyN5qg5Ek_28smIPSHotx9XY9l
        F5MxAqi4uJffqQLS4qSZr12BVG3lb7q1gmRdtnJiNcF0kyAqGNkw5KuoO
        G3XXJbpCMxxZzuZ9A7IjBzXzRQHk4Xi66Ciak0sa9ZAk7uQJJmtIBrDQh
        ZDCCisukrYW2QWUj1CrhUGrmp9grYb-oYUuwMOGlkzJLUCMht7lzQHpub
        DSzYJ1ftv4KrIGVNW4YtUphGyv65IpeYkaXigzfwRxbJK4eULOsuofVTe
        hI0V7rVx6syVN58RFipMWLcXb7HWa0ool1tVSbRerw1U13_R970Yst2rT
        DSHiqJEkdDB3u8tLXXEZRi3iLuKOJJsq89gTZ4TTUs9wXJSZIUvXR-7sZ
        Ye8uDt1KkJhPJMc6uUfVsadMGMupEzmqFtXHdstEeH4X3qL6u60iO3kZO
        fwyo_KeppGj8RXzk2zV00dWW80n0QTMxLbTfSB8jmdFp02aKlNlK1l97X
        eSYTXkOLGwR4faduDnqHCOE2_ZLbx6rq35oJe0p26lepuXOWTt7Ie_DmL
        i4IDSZom4YzSEtD47tmVUra4GERBpUJACE0Uua5njuKvpK2ddy599W22r
        k_U2rbBguUz2dY6tWrvTZuZr9sdZE7-olvZu1lUrIGj9QIfauaCtaeXRZ
        4kfW5Hlxb0fr3U2lWqt6sOSaYEyZJEIdkWdSu89fZvqdnrVNRmum_xp2j
        nh2ISAYJiKwN0oNFtnSyD5Eiyw3dPBAY5diql0b9ecXVDBo2Rs63nWNr6
        fuyXTmu8nIabShdNojSNGobq52IxMKBgybmG60GIeX0pUNWh0AA9KxbRY
        BJnluZH2Jc4hI2iigbuXGkTgINqqeKLVUDKTR2dQt6gpWMhzXTRd4B2BU
        CDiSHXDgy8AnTuMqiROgCsJsYs4tGAjt1WcVdE2SATnCLSKbNhtyAJQci
        HaL0Eyo0bWcX0DiZu29hwFntXxIIy4KuVckrtDCD4tGYSHctAFDmNzVbP
        CvDauJGqTgafrcINDGcNGnZR7Zt3PoALxSCUqY0wbyrSHmTIZc"
    }
  ],
  "analysis": [],
  "attachments": [],
  "uuid": "018b4f72-d342-8696-b9a2-279e0d16bc46"
}

B.2. Text Chat vCon

TODO: text vCon example

B.3. Email Thread Multipart vCon

The following is an unsigned form of an vCon for a 2 message email thread between 2 parties. The email messages are multipart MIME message bodies.

{
  "vcon": "0.0.1",
  "group": [],
  "parties": [
    {
      "mailto": "b@example.com",
      "name": "Bob"
    },
    {
      "mailto": "a@example.com",
      "name": "Alice"
    }
  ],
  "dialog": [
    {
      "type": "text",
      "start": "2022-09-23T21:44:25.000+00:00",
      "duration": 0,
      "parties": [
        0,
        1
      ],
      "mimetype": "multipart/mixed; \n\tboundary=\"----=_Part_388
        8314_1108189513.1663969465698\"",
      "encoding": "none",
      "body": "------=_Part_388314_1108189513.1663969465698\r\nCo
        ontent-Type: multipart/alternative;\r\n\tboundary=\"----=
        Part_388313_805631480.1663969465697\"\r\n\r\n------=_Part
        388313_805631480.1663969465697\r\nContent-Type: text/plai
        ; charset=UTF-8\r\nContent-Transfer-Encoding: 7bit\r\n\r\
        Alice:Please find the image attached.\r\n\r\nRegards,Bob\
        \n\r\n------=_Part_388313_805631480.1663969465697\r\nCont
        nt-Type: text/html; charset=UTF-8\r\nContent-Transfer-Enc
        ding: 7bit\r\n\r\n<html><head></head><body><div class=\"y
        hoo-style-wrap\" style=\"font-family:Helvetica Neue, Helv
        tica, Arial, sans-serif;font-size:16px;\"><div dir=\"ltr\
         data-setdir=\"false\"><div><div dir=\"ltr\" style=\"font
        family: &quot;Helvetica Neue&quot;, Helvetica, Arial, san
        -serif; font-size: 16px;\">Alice:</div><div dir=\"ltr\" s
        yle=\"font-family: &quot;Helvetica Neue&quot;, Helvetica,
        Arial, sans-serif; font-size: 16px;\">Please find the ima
        e attached.<br></div><div dir=\"ltr\" style=\"font-family
         &quot;Helvetica Neue&quot;, Helvetica, Arial, sans-serif
         font-size: 16px;\"><br></div><div dir=\"ltr\" style=\"fo
        t-family: &quot;Helvetica Neue&quot;, Helvetica, Arial, s
        ns-serif; font-size: 16px;\">Regards,</div><div dir=\"ltr
        " style=\"font-family: &quot;Helvetica Neue&quot;, Helvet
        ca, Arial, sans-serif; font-size: 16px;\">Bob</div></div>
        br></div></div></body></html>\r\n------=_Part_388313_8056
        1480.1663969465697--\r\n\r\n------=_Part_388314_110818951
        .1663969465698\r\nContent-Type: image/png\r\nContent-Tran
        fer-Encoding: base64\r\nContent-Disposition: attachment;
        ilename=\"=?UTF-8?b?c2NyZWVuc2hvdC5wbmc=?=\"\r\nContent-I
        : <c4c28087-6fa1-395e-e50f-dcefd3d6bf96@yahoo.com>\r\n\r\
        iVBORw0KGgoAAAANSUhEUgAAACYAAAAeCAIAAADPdvs5AAAAA3NCSVQIC
        jb4U/gAAAAGXRFWHRT\r\nb2Z0d2FyZQBnbm9tZS1zY3JlZW5zaG907wO
        PgAAALpJREFUSInl1t0NgzAMBOC7qPvP1gW6Qjdo\r\nj4f0J4qAJI6NR
        vniE8+mwCvtzv6imTnyf1K/UclHUFWjIvaIL3CHCABSPKKtJckWfY6zw+
        j5dq\r\nISdVIzmj2klzTZG2Rme7NKgOwY6qPrMcUs+2PqchL14P+oyz+
        Hx77K5Sv8xyxAyZ0uBaxn/SpcU\r\n8NxcosAut1Y3NtjVX7UjZlmpgWT
        FyvVQPKB16tSqW53bFnKtyyZvYT3rSsAWADWAlOjseYFfwAA\r\nAABJR
        5ErkJggg==\r\n\r\n------=_Part_388314_1108189513.16639694
        5698--\r\n"
    },
    {
      "type": "text",
      "start": "2022-09-23T21:44:59.000+00:00",
      "duration": 0,
      "parties": [
        1,
        0
      ],
      "mimetype": "multipart/alternative; \n\tboundary=\"----=_Pa
        art_390234_811845464.1663969499935\"",
      "encoding": "none",
      "body": "------=_Part_390234_811845464.1663969499935\r\nCon
        ntent-Type: text/plain; charset=UTF-8\r\nContent-Transfer
        Encoding: 7bit\r\n\r\n Hi Bob:Got it. Thanks.\r\n\r\n
        n Friday, September 23, 2022, 9:44:40 PM UTC, Bob <b@exam
        le.com> wrote:  \r\n \r\n Alice:Please find the image att
        ched.\r\n\r\nRegards,Bob\r\n  \r\n------=_Part_390234_811
        45464.1663969499935\r\nContent-Type: text/html; charset=U
        F-8\r\nContent-Transfer-Encoding: 7bit\r\n\r\n<html><head
        </head><body><div class=\"ydp89e479a0yahoo-style-wrap\" s
        yle=\"font-family:Helvetica Neue, Helvetica, Arial, sans-
        erif;font-size:16px;\"><div></div>\r\n        <div><div><
        iv dir=\"ltr\" style=\"font-family: Helvetica Neue, Helve
        ica, Arial, sans-serif; font-size: 16px;\">Hi Bob:</div><
        iv dir=\"ltr\" style=\"font-family: Helvetica Neue, Helve
        ica, Arial, sans-serif; font-size: 16px;\">Got it. Thanks
        </div></div><br></div><div><br></div>\r\n        \r\n
           </div><div id=\"ydpdc5150a3yahoo_quoted_4829810715\" c
        ass=\"ydpdc5150a3yahoo_quoted\">\r\n            <div styl
        =\"font-family:'Helvetica Neue', Helvetica, Arial, sans-s
        rif;font-size:13px;color:#26282a;\">\r\n                \
        \n                <div>\r\n                    On Friday,
        September 23, 2022, 9:44:40 PM UTC, Bob &lt;b@example.com
        gt; wrote:\r\n                </div>\r\n                <
        iv><br></div>\r\n                <div><br></div>\r\n
                  <div><div id=\"ydpdc5150a3yiv4578005613\"><div>
        div style=\"font-family:Helvetica Neue, Helvetica, Arial,
        sans-serif;font-size:16px;\" class=\"ydpdc5150a3yiv457800
        613yahoo-style-wrap\"><div dir=\"ltr\"><div><div dir=\"lt
        \" style=\"font-family:Helvetica, Arial, sans-serif;font-
        ize:16px;\">Alice:</div><div dir=\"ltr\" style=\"font-fam
        ly:Helvetica, Arial, sans-serif;font-size:16px;\">Please
        ind the image attached.<br></div><div dir=\"ltr\" style=\
        font-family:Helvetica, Arial, sans-serif;font-size:16px;\
        ><br></div><div dir=\"ltr\" style=\"font-family:Helvetica
         Arial, sans-serif;font-size:16px;\">Regards,</div><div d
        r=\"ltr\" style=\"font-family:Helvetica, Arial, sans-seri
        ;font-size:16px;\">Bob</div></div><br></div></div></div><
        div></div>\r\n            </div>\r\n        </div></body>
        /html>\r\n------=_Part_390234_811845464.1663969499935--\r
        n"
    }
  ],
  "analysis": [],
  "attachments": [],
  "created_at": "2023-10-20T23:36:50.256+00:00",
  "redacted": {},
  "subject": "Account problem",
  "uuid": "018b4f72-df56-82ac-b9a2-279e0d16bc46"
}

B.4. Email Thread Text vCon

The following is an unsigned form of an vCon for a 3 message email thread between 2 parties. The email messages are plain text message bodies.

{
  "vcon": "0.0.1",
  "group": [],
  "parties": [
    {
      "mailto": "a@example.com",
      "name": "Alice"
    },
    {
      "mailto": "b@example.com",
      "name": "Bob"
    }
  ],
  "dialog": [
    {
      "type": "text",
      "start": "2022-09-23T23:24:59.000+00:00",
      "duration": 0,
      "parties": [
        0,
        1
      ],
      "mimetype": "text/plain",
      "encoding": "none",
      "body": "Hi Bob:\nI just wanted to follow up to see that yo
        our account is ok now.\n\nRegards,\nAlice\n\n"
    },
    {
      "type": "text",
      "start": "2022-09-23T23:34:32.000+00:00",
      "duration": 0,
      "parties": [
        1,
        0
      ],
      "mimetype": "text/plain; charset=UTF-8",
      "encoding": "none",
      "body": "Hi Alice:\nAll is fine. Thanks.\n\n    On Friday,
         September 23, 2022, 23:24:59 PM UTC, Alice <a@example.co
        > wrote:  \n \n  Hi Bob:\n  I just wanted to follow up to
        see that your account is ok now.\n  \n  Regards,\n  Alice
        n"
    },
    {
      "type": "text",
      "start": "2022-09-23T23:38:12.000+00:00",
      "duration": 0,
      "parties": [
        0,
        1
      ],
      "mimetype": "text/plain",
      "encoding": "none",
      "body": "Awesome!\n\n    On Friday, September 23, 2022, 23:
        :34: PM UTC, Bob <b@example.com> wrote:  \n\n  Hi Alice:\
          All is fine. Thanks.\n  \n      On Friday, September 23
         2022, 23:24:59 PM UTC, Alice <a@example.com> wrote:  \n
         \n    Hi Bob:\n    I just wanted to follow up to see tha
         your account is ok now.\n    \n    Regards,\n    Alice\n
    }
  ],
  "analysis": [],
  "attachments": [],
  "created_at": "2023-10-20T23:36:51.450+00:00",
  "redacted": {},
  "subject": "Account issue followup",
  "uuid": "018b4f72-e3fb-8770-b9a2-279e0d16bc46"
}

B.5. Two Party Call vCon With Externally Referenced Recording

This example vCon is for a simple 2 party PSTN call. It has a single Dialog Object which reference a single channel wav format recording with the two parties audio mixed into the single channel.

{
  "vcon": "0.0.1",
  "parties": [
    {
      "tel": "+12345678901",
      "name": "Alice"
    },
    {
      "tel": "+19876543210",
      "name": "Bob"
    }
  ],
  "dialog": [
    {
      "type": "recording",
      "start": "2022-06-21T17:53:26.000+00:00",
      "duration": 4.72,
      "parties": [
        0,
        1
      ],
      "url": "https://raw.githubusercontent.com/dgpetrie/draft-pe
        etrie-vcon/main/examples/ab_call.wav",
      "mimetype": "audio/x-wav",
      "filename": "ab_call.wav",
      "signature": "Re9R7UWKaD7yN9kxoYLbFFNSKU8XfH18NFbTc3AgT4_aB
        BubMtvGUEtRmP6XUxSS3Nl4LU-1mOCtezoTHQ67cVQ",
      "alg": "SHA-512"
    }
  ],
  "analysis": [],
  "attachments": [],
  "uuid": "018b4f72-d0e7-8d8e-b9a2-279e0d16bc46"
}

B.6. Two Party Call vCon with Analysis

TODO: vCon with analysis example

B.7. Signed vCon

This example vCon is the signed form of the Two Party Call vCon With Externally Referenced Recording (Appendix B.5) example. The private key used to sign this can be found at:

https://raw.githubusercontent.com/vcon-dev/vcon/main/certs/fake_grp.key

The certificate chain is included in the x5c parameter of the header Object.

{
  "payload": "eyJ2Y29uIjoiMC4wLjEiLCJwYXJ0aWVzIjpbeyJ0ZWwiOiIrMTI
    IzNDU2Nzg5MDEiLCJuYW1lIjoiQWxpY2UifSx7InRlbCI6IisxOTg3NjU0MzI
    MCIsIm5hbWUiOiJCb2IifV0sImRpYWxvZyI6W3sidHlwZSI6InJlY29yZGluZ
    IsInN0YXJ0IjoiMjAyMi0wNi0yMVQxNzo1MzoyNi4wMDArMDA6MDAiLCJkdXJ
    dGlvbiI6NC43MiwicGFydGllcyI6WzAsMV0sInVybCI6Imh0dHBzOi8vcmF3L
    dpdGh1YnVzZXJjb250ZW50LmNvbS9kZ3BldHJpZS9kcmFmdC1wZXRyaWUtdmN
    bi9tYWluL2V4YW1wbGVzL2FiX2NhbGwud2F2IiwibWltZXR5cGUiOiJhdWRpb
    94LXdhdiIsImZpbGVuYW1lIjoiYWJfY2FsbC53YXYiLCJzaWduYXR1cmUiOiJ
    ZTlSN1VXS2FEN3lOOWt4b1lMYkZGTlNLVThYZkgxOE5GYlRjM0FnVDRfYUJ1Y
    10dkdVRXRSbVA2WFV4U1MzTmw0TFUtMW1PQ3Rlem9USFE2N2NWUSIsImFsZyI
    IlNIQS01MTIifV0sImFuYWx5c2lzIjpbXSwiYXR0YWNobWVudHMiOltdLCJ1d
    lkIjoiMDE4YjRmNzItZDBlNy04ZDhlLWI5YTItMjc5ZTBkMTZiYzQ2In0",
  "signatures": [
    {
      "header": {
        "x5c": [
          "MIID0TCCArkCAQEwDQYJKoZIhvcNAQELBQAwgasxCzAJBgNVBAYTAl
            lVTMQswCQYDVQQIDAJNQTERMA8GA1UEBwwIRmFrZXRvd24xETAPBg
            VBAoMCEZha2VWY29uMREwDwYDVQQLDAhEaXZpc2lvbjEYMBYGA1UE
            wwPZGl2LmZha2V2Y29uLmlvMSEwHwYJKoZIhvcNAQkBFhJhZG1pbk
            mYWtldmNvbi5vcmcxGTAXBgNVHREMEGRpdi5mYWtldmNvbi5vcmcw
            hcNMjIwNjA0MDE0MzI1WhcNMzIwNjAxMDE0MzI1WjCBsDELMAkGA1
            EBhMCVVMxCzAJBgNVBAgMAk1BMREwDwYDVQQHDAhGYWtldG93bjER
            A8GA1UECgwIRmFrZVZjb24xDjAMBgNVBAsMBUdyb3VwMRwwGgYDVQ
            DDBNncnAuZGl2LmZha2V2Y29uLmlvMSEwHwYJKoZIhvcNAQkBFhJh
            G1pbkBmYWtldmNvbi5vcmcxHTAbBgNVHREMFGdycC5kaXYuZmFrZX
            jb24ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
            MtTCxeIROb1FmWIexe7Op95qYIVNEqn+fDghxWqoYm6T75BGsl4rB
            txFQeef3Q5SJIzeqffJDssXDsyREuwQ2iTcOrZaZxs8h1NX9NjVD6
            MAwx7tw0Cgmu8rj6+/Kjs0KI8OzCuDXZGTGf/bH6EQW85qYh9IF0P
            ijf3uq+HCke6WApusx76LpUp36IzvYEuTbWBFeoLo+dyUdWmXpj0g
            HiWZtT5zxJn9VrUhJX5KlaI0palWd0fOnr7mkdq79sFsKjEOcr1la
            ceAicCpD3/zRW+7AS8atGKAMfe2CcXEABucI7DttLMXcDIJM6EOky
            7n4due1RXGuNgnjeQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAQLj
            KomSx1OqThhcO+aK0rzX6RjKh0eM0X7O7pPC81HxZKCDLhDvnUO9+
            17U6ba0bTnznKYKKG7HnDcB4dKBbH8XP2u3EnDskyoMrKpYRsRKww
            a8+RwOS7JEg+OtXYCRbWZvPjAC/z6o6OZK+QPTyK5Grw2Px2mTr6B
            dBQv7XsYWBRwOZyvSGnKyK60jcPlYUnu6Qt0fYXiYp6qF5l956fuT
            d2UyDkM7S/Z7K+OC9+aIBNKH32B3nfXqZPuP8WuiTOxcMwnefPwjx
            qndFUkyk2Y+i6nXU8oN/DGUOTfY4xbm3s3q7Dq5QPtq5kljB9yYkv
            OULCSAmWBZl+G",
          "MIIEyTCCArECAQEwDQYJKoZIhvcNAQELBQAwgagxCzAJBgNVBAYTAl
            lVTMQswCQYDVQQIDAJNQTERMA8GA1UEBwwIRmFrZXRvd24xFTATBg
            VBAoMDEZha2VWY29uIEluYzESMBAGA1UECwwJQ29ycG9yYXRlMRQw
            gYDVQQDDAtmYWtldmNvbi5pbzEhMB8GCSqGSIb3DQEJARYSYWRtaW
            AZmFrZXZjb24ub3JnMRUwEwYDVR0RDAxmYWtldmNvbi5vcmcwHhcN
            jIwNTI5MjEzOTMxWhcNMzIwNTI2MjEzOTMxWjCBqzELMAkGA1UEBh
            CVVMxCzAJBgNVBAgMAk1BMREwDwYDVQQHDAhGYWtldG93bjERMA8G
            1UECgwIRmFrZVZjb24xETAPBgNVBAsMCERpdmlzaW9uMRgwFgYDVQ
            DDA9kaXYuZmFrZXZjb24uaW8xITAfBgkqhkiG9w0BCQEWEmFkbWlu
            GZha2V2Y29uLm9yZzEZMBcGA1UdEQwQZGl2LmZha2V2Y29uLm9yZz
            CASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM81SKie1S78
            AOBDc3LflYNSL9phecmjQs/9P+iqDXSVm3xpoqszGoLn7w21aUAxl
            +F9Z80Tc70URn2qqUcVTYcx3SmgHuYgspEmJsMRor/mn3HpHr2ajh
            26RKgDGPBrtebeH1si8mX15a/ICzHxrUaE2Y/6DZ/2wGTXrAE4bYA
            UaYft5GGSZl6yP6dXg3EJy2bK2cUTdMIZG/Y7Ny1D3N4V7MBirDd5
            U7k6pMbyr3d/xoi8VL8F1mRCf6zxfFOjaMFT0atEiTp3M0rw6iS08
            y0cDFsPJzIcPgXEitUgGPo/NLgeb8ZmL1kg9B2vMgaanbuZB6il79
            4GgDIUCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAWOJJlvSQDsDROQ
            NdX3kMkAH3HYyAlE7LHNtIYHVhyt7I7WuqS6ZGvSoxSfkT0GdAN7c
            +jchdZpAnpCXGX+yHuSvrw4oSqigdSLeSUMx2zaSv4wLAvydC/zDk
            IRObyuDEKyy/pa4Na0aunPU3E1Bg0V+JqQ3RUJIy1v6AGLrliwaEI
            P3Clzi/u640dWBHabOEjxFj9bX73+FRWhit4EzOJYKvti1EXlmRjM
            j3SmsrcbGMrpu4WipEG5S05VlMhXXSyQq9IScFho5CFtamDgI3jL4
            lyrx0+CcjDkw0nW9fXdAtB3BhSYEXdLuJAvLRQixUQFwH23doumPi
            uW8euEhHTRo1pEFWQ5U59NOTUA5Ghuupo0aM2CnDD5Re8uO3ChilC
            b0FlwgMD/7ABSd1LChU8iluhKy9CEBR2zc8uTqW43Gcv/psBaejgO
            JlxZuusGVvuV1nTHRa4hmFYxxPel7ogeZzGQqFjBlb35CE+BcGYY0
            iaHefy+fmi/fN6NrrN6pBOPjVZbpCFn+wFTUyrMU5Vq/FaPe0us7i
            paQcwIz9wyide5OztpxebY8UnXmy22X+6PkHB0jnL35Qe8xl7Z0nM
            Ndy4xkzGgaa6talRDPhKkY1lIdw+KdCXJuUc7rkLKa5po9SPdvVLh
            Pu26SHkI0I+d5hz+gMp8=",
          "MIIGMzCCBBugAwIBAgIUHk/6QbzjDZ9AONAFvwYJqB/jbvowDQYJKo
            oZIhvcNAQELBQAwgagxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQT
            RMA8GA1UEBwwIRmFrZXRvd24xFTATBgNVBAoMDEZha2VWY29uIElu
            zESMBAGA1UECwwJQ29ycG9yYXRlMRQwEgYDVQQDDAtmYWtldmNvbi
            pbzEhMB8GCSqGSIb3DQEJARYSYWRtaW5AZmFrZXZjb24ub3JnMRUw
            wYDVR0RDAxmYWtldmNvbi5vcmcwHhcNMjIwNTI5MjEzOTMxWhcNMz
            wNTI2MjEzOTMxWjCBqDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1B
            REwDwYDVQQHDAhGYWtldG93bjEVMBMGA1UECgwMRmFrZVZjb24gSW
            jMRIwEAYDVQQLDAlDb3Jwb3JhdGUxFDASBgNVBAMMC2Zha2V2Y29u
            mlvMSEwHwYJKoZIhvcNAQkBFhJhZG1pbkBmYWtldmNvbi5vcmcxFT
            TBgNVHREMDGZha2V2Y29uLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQAD
            gIPADCCAgoCggIBAMIeaqkm8pn6mwUzWBgnQiY9Jr3VyVamxBc9/d
            T8eCN9mmANGzX5zGj86KtGjlDcoAzANrtsr2Dpz4zra29HWbwbOa1
            TOOaR93QgifkS802zp+zHGGRaKlq3euDqDVzyXinhsvXOVlEwkOrA
            V6kUcTIzcxVibrFfHttzv/hXUNxjCouAE7MIG6wO8y+E2bBkg7R5y
            feU4Q9npBefwtiQ8oWf0C46mDYFQ8l31goae17VpiyS3t4h5HL+1y
            dYJSWms5Qh0vp9req5AjwuHIDBxNLpO2gY1SQmSdO03oLcZwBglGK
            pQSwYgr9J5uo2B+NV9aYKEO51bySinSF8T4D/o4cq6oyJLXBwmSsL
            jjVIQBoSdRBmWh8zE2ZzFNaaBlYO9ikIaWXwbtkbsE+4QpOaOj/kU
            HLFI9iOhOidsInaOfgYzw12FtGE1Wq5x5XszwWpPWU8NQw8gzTzFz
            ObxrfcsXrs0s6feuTCDMt5Zht2HCWFr9TmYDFAfOB05kFWTi5sE5K
            aP54iJvjAFmuTDjlif7Z8ZWVal9XB+g3sMyQ8DVEj/0dXS+nRVuJQ
            UH4ql9SUIwK63RKdedALYC6X1j2lgK9aTuL+cyNJ5SbuNA95CxNgv
            tBrcO6HxlbmIDxKrAAo5aj4hnlQcY4RRbNwppCAjK+zcASlpyvRAg
            BAAGjUzBRMB0GA1UdDgQWBBSSDtfqU6+DEyYPCar08yVnnZSFzTAf
            gNVHSMEGDAWgBSSDtfqU6+DEyYPCar08yVnnZSFzTAPBgNVHRMBAf
            EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQC8JDxTdmc86YFdKElW
            nWxoPMsPeRyDYQoVTC2wydZsdJ5dGbkAhYlPPxK+zypP18fGry5PH
            Hl9mZYz+FdGjNTwllcfN9/G0Sdoy4kU9eN9KfC9OUIkBIq8D0r7AN
            3l3XmGbnIxWJEtb0SyTcqk3dwWcNTqGguhQ03jUKW5yUpVoQjN4Tt
            HyweoYTNi+HKsCUvEXGdA9wdh4jVOqYeepmsax5eTUJsKuCKqQ3+x
            7JONw85imfVotySCXsoMe7luSRYuldn8SBIpKYUGJlpWIi6Gr0mLw
            arrYoi9bwtcKAxRNXZiGQghiUw2Zsw+jmgBrEtI4Iarg8wWqJ5Mov
            MsTVpnoZ5Xywr0GznDlgcNtyqMibOULeM8yLPQrHn/tQjSiP3eUPz
            +Zb9FqzQJCCi2UiauD4mOgzBSCCbew9PDYb2QeMZqNZmN3eVNMV4h
            7t9jTc0zqPF5jluddVmpdHxLx/T9XZuSV21p8clNprJNQxprtHpxD
            jhNMIrcV39rzi9tNikwmzRMf0r40f/JWnaV668sekDXtvIj8pZwyE
            FNuaiJwojkQxDfjqk67Qs5NUQsFcaIwMes8It74ASHm8DUKEhDT2A
            gMtUDwKWrOBefrSPqjY7+EMh2yVZnQhMwpx4s7CH0za32Yq+KC8Go
            HdI6jisDEom7aHglg=="
        ],
        "alg": "RS256"
      },
      "signature": "j1oaH9KX2VCKHun3b7VqQjo1wV12VgddOv68Z4oeY_gpW
        Wp3EfXs8LFLDpseKdLJcyn8HlhyhXvf5cAdTbv6DSCYAMOebpmo3sHXu8
        Cv0PzRQ7XjA82aPZ27l73VuLjFFZGJoVm0W6ZGSLy523zUeQbbmvU6Hqf
        d3m0oZVg2kxKDDyLQRHrWVVoSNA7JpOrVQvWO5dDlYd2kTjIml7DOm_RW
        WAboNhD4fRVcC3ujJdxdzsWjU7sw2CAZz7sUhchQvJobSmjK6t0uiXdL5
        e1anPvUG72KRrj6AxiSuqX6hGdc1UWJ7flj6Fsj2ifpbS1-jYJXA-zZc7
        kmbYcETg",
      "protected": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6W
        WyJNSUlEMFRDQ0Fya0NBUUV3RFFZSktvWklodmNOQVFFTEJRQXdnYXN4Q
        pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSURBSk5RVEVSTUE4R0ExVUV
        d3dJUm1GclpYUnZkMjR4RVRBUEJnTlZCQW9NQ0VaaGEyVldZMjl1TVJFd
        R3WURWUVFMREFoRWFYWnBjMmx2YmpFWU1CWUdBMVVFQXd3UFpHbDJMbVp
        YTJWMlkyOXVMbWx2TVNFd0h3WUpLb1pJaHZjTkFRa0JGaEpoWkcxcGJrQ
        1ZV3RsZG1OdmJpNXZjbWN4R1RBWEJnTlZIUkVNRUdScGRpNW1ZV3RsZG1
        dmJpNXZjbWN3SGhjTk1qSXdOakEwTURFME16STFXaGNOTXpJd05qQXhNR
        UwTXpJMVdqQ0JzREVMTUFrR0ExVUVCaE1DVlZNeEN6QUpCZ05WQkFnTUF
        MUJNUkV3RHdZRFZRUUhEQWhHWVd0bGRHOTNiakVSTUE4R0ExVUVDZ3dJU
        1GclpWWmpiMjR4RGpBTUJnTlZCQXNNQlVkeWIzVndNUnd3R2dZRFZRUUR
        Qk5uY25BdVpHbDJMbVpoYTJWMlkyOXVMbWx2TVNFd0h3WUpLb1pJaHZjT
        FRa0JGaEpoWkcxcGJrQm1ZV3RsZG1OdmJpNXZjbWN4SFRBYkJnTlZIUkV
        RkdkeWNDNWthWFl1Wm1GclpYWmpiMjR1YjNKbk1JSUJJakFOQmdrcWhra
        c5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdE10VEN4ZUlST2IxRm1
        SWV4ZTdPcDk1cVlJVk5FcW4rZkRnaHhXcW9ZbTZUNzVCR3NsNHJCOXR4R
        FlZWYzUTVTSkl6ZXFmZkpEc3NYRHN5UkV1d1EyaVRjT3JaYVp4czhoMU5
        OU5qVkQ2TU1Bd3g3dHcwQ2dtdThyajYrL0tqczBLSThPekN1RFhaR1RHZ
        9iSDZFUVc4NXFZaDlJRjBQdmlqZjN1cStIQ2tlNldBcHVzeDc2THBVcDM
        SXp2WUV1VGJXQkZlb0xvK2R5VWRXbVhwajBnaEhpV1p0VDV6eEpuOVZyV
        hKWDVLbGFJMHBhbFdkMGZPbnI3bWtkcTc5c0ZzS2pFT2NyMWxhbmNlQWl
        Q3BEMy96UlcrN0FTOGF0R0tBTWZlMkNjWEVBQnVjSTdEdHRMTVhjRElKT
        ZFT2t5VzduNGR1ZTFSWEd1TmduamVRSURBUUFCTUEwR0NTcUdTSWIzRFF
        QkN3VUFBNElCQVFBUUxqaEtvbVN4MU9xVGhoY08rYUswcnpYNlJqS2gwZ
        0wWDdPN3BQQzgxSHhaS0NETGhEdm5VTzkrKzE3VTZiYTBiVG56bktZS0t
        N0huRGNCNGRLQmJIOFhQMnUzRW5Ec2t5b01yS3BZUnNSS3d3SmE4K1J3T
        M3SkVnK090WFlDUmJXWnZQakFDL3o2bzZPWksrUVBUeUs1R3J3MlB4Mm1
        cjZCQWRCUXY3WHNZV0JSd09aeXZTR25LeUs2MGpjUGxZVW51NlF0MGZZW
        lZcDZxRjVsOTU2ZnVUMGQyVXlEa003Uy9aN0srT0M5K2FJQk5LSDMyQjN
        ZlhxWlB1UDhXdWlUT3hjTXduZWZQd2p4YXFuZEZVa3lrMlkraTZuWFU4b
        4vREdVT1RmWTR4Ym0zczNxN0RxNVFQdHE1a2xqQjl5WWt2Y09VTENTQW1
        QlpsK0ciLCJNSUlFeVRDQ0FyRUNBUUV3RFFZSktvWklodmNOQVFFTEJRQ
        dnYWd4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSURBSk5RVEVSTUE
        R0ExVUVCd3dJUm1GclpYUnZkMjR4RlRBVEJnTlZCQW9NREVaaGEyVldZM
        l1SUVsdVl6RVNNQkFHQTFVRUN3d0pRMjl5Y0c5eVlYUmxNUlF3RWdZRFZ
        UUREQXRtWVd0bGRtTnZiaTVwYnpFaE1COEdDU3FHU0liM0RRRUpBUllTW
        dSdGFXNUFabUZyWlhaamIyNHViM0puTVJVd0V3WURWUjBSREF4bVlXdGx
        bU52Ymk1dmNtY3dIaGNOTWpJd05USTVNakV6T1RNeFdoY05Nekl3TlRJM
        1qRXpPVE14V2pDQnF6RUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWd
        QWsxQk1SRXdEd1lEVlFRSERBaEdZV3RsZEc5M2JqRVJNQThHQTFVRUNnd
        lSbUZyWlZaamIyNHhFVEFQQmdOVkJBc01DRVJwZG1semFXOXVNUmd3Rmd
        RFZRUUREQTlrYVhZdVptRnJaWFpqYjI0dWFXOHhJVEFmQmdrcWhraUc5d
        BCQ1FFV0VtRmtiV2x1UUdaaGEyVjJZMjl1TG05eVp6RVpNQmNHQTFVZEV
        d1FaR2wyTG1aaGEyVjJZMjl1TG05eVp6Q0NBU0l3RFFZSktvWklodmNOQ
        FFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU04MVNLaWUxUzc4VkFPQkRjM0x
        bFlOU0w5cGhlY21qUXMvOVAraXFEWFNWbTN4cG9xc3pHb0xuN3cyMWFVQ
        hsKytGOVo4MFRjNzBVUm4ycXFVY1ZUWWN4M1NtZ0h1WWdzcEVtSnNNUm9
        L21uM0hwSHIyYWpoKzI2UktnREdQQnJ0ZWJlSDFzaThtWDE1YS9JQ3pIe
        JVYUUyWS82RFovMndHVFhyQUU0YllBT1VhWWZ0NUdHU1psNnlQNmRYZzN
        SnkyYksyY1VUZE1JWkcvWTdOeTFEM040VjdNQmlyRGQ1RlU3azZwTWJ5c
        NkL3hvaThWTDhGMW1SQ2Y2enhmRk9qYU1GVDBhdEVpVHAzTTBydzZpUzA
        aHkwY0RGc1BKekljUGdYRWl0VWdHUG8vTkxnZWI4Wm1MMWtnOUIydk1nY
        FuYnVaQjZpbDc5QTRHZ0RJVUNBd0VBQVRBTkJna3Foa2lHOXcwQkFRc0Z
        QU9DQWdFQVdPSkpsdlNRRHNEUk9RWk5kWDNrTWtBSDNIWXlBbEU3TEhOd
        lZSFZoeXQ3STdXdXFTNlpHdlNveFNma1QwR2RBTjdjVitqY2hkWnBBbnB
        WEdYK3lIdVN2cnc0b1NxaWdkU0xlU1VNeDJ6YVN2NHdMQXZ5ZEMvekRrS
        lST2J5dURFS3l5L3BhNE5hMGF1blBVM0UxQmcwVitKcVEzUlVKSXkxdjZ
        R0xybGl3YUVJZ1AzQ2x6aS91NjQwZFdCSGFiT0VqeEZqOWJYNzMrRlJXa
        l0NEV6T0pZS3Z0aTFFWGxtUmpNYmozU21zcmNiR01ycHU0V2lwRUc1UzA
        VmxNaFhYU3lRcTlJU2NGaG81Q0Z0YW1EZ0kzakw0OWx5cngwK0NjakRrd
        BuVzlmWGRBdEIzQmhTWUVYZEx1SkF2TFJRaXhVUUZ3SDIzZG91bVBpMXV
        OGV1RWhIVFJvMXBFRldRNVU1OU5PVFVBNUdodXVwbzBhTTJDbkRENVJlO
        VPM0NoaWxDVWIwRmx3Z01ELzdBQlNkMUxDaFU4aWx1aEt5OUNFQlIyemM
        dVRxVzQzR2N2L3BzQmFlamdPS0pseFp1dXNHVnZ1VjFuVEhSYTRobUZZe
        hQZWw3b2dlWnpHUXFGakJsYjM1Q0UrQmNHWVkwVmlhSGVmeStmbWkvZk4
        TnJyTjZwQk9QalZaYnBDRm4rd0ZUVXlyTVU1VnEvRmFQZTB1czdpM3BhU
        N3SXo5d3lpZGU1T3p0cHhlYlk4VW5YbXkyMlgrNlBrSEIwam5MMzVRZTh
        bDdaMG5NWk5keTR4a3pHZ2FhNnRhbFJEUGhLa1kxbElkdytLZENYSnVVY
        dya0xLYTVwbzlTUGR2VkxoRVB1MjZTSGtJMEkrZDVoeitnTXA4PSIsIk1
        SUdNekNDQkJ1Z0F3SUJBZ0lVSGsvNlFiempEWjlBT05BRnZ3WUpxQi9qY
        Zvd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z2FneEN6QUpCZ05WQkFZVEFsVlR
        UXN3Q1FZRFZRUUlEQUpOUVRFUk1BOEdBMVVFQnd3SVJtRnJaWFJ2ZDI0e
        ZUQVRCZ05WQkFvTURFWmhhMlZXWTI5dUlFbHVZekVTTUJBR0ExVUVDd3d
        UTI5eWNHOXlZWFJsTVJRd0VnWURWUVFEREF0bVlXdGxkbU52Ymk1cGJ6R
        hNQjhHQ1NxR1NJYjNEUUVKQVJZU1lXUnRhVzVBWm1GclpYWmpiMjR1YjN
        bk1SVXdFd1lEVlIwUkRBeG1ZV3RsZG1OdmJpNXZjbWN3SGhjTk1qSXdOV
        k1TWpFek9UTXhXaGNOTXpJd05USTJNakV6T1RNeFdqQ0JxREVMTUFrR0E
        VUVCaE1DVlZNeEN6QUpCZ05WQkFnTUFrMUJNUkV3RHdZRFZRUUhEQWhHW
        d0bGRHOTNiakVWTUJNR0ExVUVDZ3dNUm1GclpWWmpiMjRnU1c1ak1SSXd
        QVlEVlFRTERBbERiM0p3YjNKaGRHVXhGREFTQmdOVkJBTU1DMlpoYTJWM
        kyOXVMbWx2TVNFd0h3WUpLb1pJaHZjTkFRa0JGaEpoWkcxcGJrQm1ZV3R
        ZG1OdmJpNXZjbWN4RlRBVEJnTlZIUkVNREdaaGEyVjJZMjl1TG05eVp6Q
        NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1
        ZWFxa204cG42bXdVeldCZ25RaVk5SnIzVnlWYW14QmM5L2R1VDhlQ045b
        1BTkd6WDV6R2o4Nkt0R2psRGNvQXpBTnJ0c3IyRHB6NHpyYTI5SFdid2J
        YTFaVE9PYVI5M1FnaWZrUzgwMnpwK3pIR0dSYUtscTNldURxRFZ6eVhpb
        hzdlhPVmxFd2tPckF2VjZrVWNUSXpjeFZpYnJGZkh0dHp2L2hYVU54akN
        dUFFN01JRzZ3Tzh5K0UyYkJrZzdSNXlkZmVVNFE5bnBCZWZ3dGlROG9XZ
        BDNDZtRFlGUThsMzFnb2FlMTdWcGl5UzN0NGg1SEwrMXlxZFlKU1dtczV
        aDB2cDlyZXE1QWp3dUhJREJ4TkxwTzJnWTFTUW1TZE8wM29MY1p3QmdsR
        tscFFTd1lncjlKNXVvMkIrTlY5YVlLRU81MWJ5U2luU0Y4VDREL280Y3E
        b3lKTFhCd21Tc0xiampWSVFCb1NkUkJtV2g4ekUyWnpGTmFhQmxZTzlpa
        lhV1h3YnRrYnNFKzRRcE9hT2ova1VJSExGSTlpT2hPaWRzSW5hT2ZnWXp
        MTJGdEdFMVdxNXg1WHN6d1dwUFdVOE5RdzhnelR6RnpWT2J4cmZjc1hyc
        BzNmZldVRDRE10NVpodDJIQ1dGcjlUbVlERkFmT0IwNWtGV1RpNXNFNUt
        YVA1NGlKdmpBRm11VERqbGlmN1o4WldWYWw5WEIrZzNzTXlROERWRWovM
        RYUytuUlZ1SlFsVUg0cWw5U1VJd0s2M1JLZGVkQUxZQzZYMWoybGdLOWF
        dUwrY3lOSjVTYnVOQTk1Q3hOZ3ZXdEJyY082SHhsYm1JRHhLckFBbzVha
        RobmxRY1k0UlJiTndwcENBaksremNBU2xweXZSQWdNQkFBR2pVekJSTUI
        R0ExVWREZ1FXQkJTU0R0ZnFVNitERXlZUENhcjA4eVZublpTRnpUQWZCZ
        5WSFNNRUdEQVdnQlNTRHRmcVU2K0RFeVlQQ2FyMDh5Vm5uWlNGelRBUEJ
        TlZIUk1CQWY4RUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElDQ
        FDOEpEeFRkbWM4NllGZEtFbFdRbld4b1BNc1BlUnlEWVFvVlRDMnd5ZFp
        ZEo1ZEdia0FoWWxQUHhLK3p5cFAxOGZHcnk1UEhBSGw5bVpZeitGZEdqT
        R3bGxjZk45L0cwU2RveTRrVTllTjlLZkM5T1VJa0JJcThEMHI3QU5UM2w
        WG1HYm5JeFdKRXRiMFN5VGNxazNkd1djTlRxR2d1aFEwM2pVS1c1eVVwV
        9Rak40VHRtSHl3ZW9ZVE5pK0hLc0NVdkVYR2RBOXdkaDRqVk9xWWVlcG1
        YXg1ZVRVSnNLdUNLcVEzK3hCN0pPTnc4NWltZlZvdHlTQ1hzb01lN2x1U
        JZdWxkbjhTQklwS1lVR0pscFdJaTZHcjBtTHdIYXJyWW9pOWJ3dGNLQXh
        TlhaaUdRZ2hpVXcyWnN3K2ptZ0JyRXRJNElhcmc4d1dxSjVNb3Y3TXNUV
        Bub1o1WHl3cjBHem5EbGdjTnR5cU1pYk9VTGVNOHlMUFFySG4vdFFqU2l
        M2VVUHo2K1piOUZxelFKQ0NpMlVpYXVENG1PZ3pCU0NDYmV3OVBEWWIyU
        VNWnFOWm1OM2VWTk1WNGhoN3Q5alRjMHpxUEY1amx1ZGRWbXBkSHhMeC9
        OVhadVNWMjFwOGNsTnBySk5ReHBydEhweER4amhOTUlyY1YzOXJ6aTl0T
        lrd216Uk1mMHI0MGYvSlduYVY2NjhzZWtEWHR2SWo4cFp3eUU0Rk51YWl
        d29qa1F4RGZqcWs2N1FzNU5VUXNGY2FJd01lczhJdDc0QVNIbThEVUtFa
        RUMkFTZ010VUR3S1dyT0JlZnJTUHFqWTcrRU1oMnlWWm5RaE13cHg0czd
        SDB6YTMyWXErS0M4R290SGRJNmppc0RFb203YUhnbGc9PSJdfQ"
    }
  ]
}

B.8. Encrypted vCon

This example vCon is the encrypted form of the Signed vCon (Appendix B.7) example. The private key to decrypt it can be found at:

https://raw.githubusercontent.com/vcon-dev/vcon/main/certs/fake_grp.key
{
  "protected": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1M
    MTIifQ",
  "iv": "bRXfuElSzF-3ZzRWO41y0w",
  "cyphertext": "vwadXQolqlYaS0hTsl122Bo_xK_1pq4Be1YqTQj485y7uU1e
    eHtSaIJQ8zVSdxj8KYacLWlRmmv2hxS4GO5NEXBJe4Tn3OWq6-fE6dIxurqyI
    g9SngX2kM--c-dde3aw_yZhqlO00tbSPKLwuM8BcDdyLECO_1DdljzqD4N7OA
    OPQvGH9X0nSQ68gFgeTkqqgYILcEI9frRDvQLRryj5xgFbZmxXdVCLbiVf9lD
    -nmiVu2SMVtNLs12HNAGQRK0PU0pBErDIAVmKZ_QfofmIbVtckb5H_CF_mPi7
    1B4SGLVvBGhBAWySomd6FgRUMswI4gh0BDyqnQlqlWS-s_MtcTYYDgbYpSUFw
    tc3jpdf6JspOmbLmh_juqFeT-iV6dtIaPPrnTh_NS1r-0yFUIAB5ilLyf37EG
    yawJSknSRwOu5DS5k_0RcBxn11PPXDq6R2-cYcDzFlkwHHfHBHzP4AnF56HEa
    HQlbCm-ZE4-Mt18ixW5JulDkgz62CJekDaMeT525rAU-aYstWOtmRZ1EchDIu
    f0uk8eK8Uck58VhlN1Xnd3R3oetEmNeDw_gSUKfHE559Ou9iGYYo5y_aWYq5D
    3WORW6vQfVDkiTWaezHYJcWz-kdt1U4ipnwkjBYUvvGH9CHtX_youlW4twN_a
    VCktY7Z1JpNxqFisapEZ28-3T3_bMv7_BYnYSol6EYF3gIIKMJLWCfrFF2N5s
    EyKl7bmn3q8ecWgQrHW9dYbHUssX-QM7CFZ4DQ0x1hG5VhvzlSI1xniptEhIc
    PtjLwHzrWgCLreayEcJzYTyIpHa4Qd3YVbNoFF5NgJ6z_-eEA33CJ3AgHH4kd
    POgLn1HyqJNV0Tjwx8x0EjBijfZ1Vi1HVvOBRndLsa_lUB1YGQPciriVkL1GB
    2Cr9bMqcLsy3OBO2E38Pq5erY57Qoj09TbFLr3mpMZqDre_Jx26fiwIAUPeBy
    P3M0_0yDCW0vnxkyKpth-5QyQ4cbbl8cOzEqtJr5D-BD6Y6jEqf4FpAwFZ-sY
    WOovIiT9sOZ0p-K2x5aoaMj4eOh_0_msVsFQn63VVuyVoyg1cxUp4cdkGhl1F
    sg7CD6IBqvrcDNR5W846BhUmrbn1F6-jHPtnHtjtSnsqpyEFMKD71D4sCYRoa
    VQaqZpKSwEmwY_7RXsRVSgGo_GMfIZ-zHfqzz6Z-iO46rKQem9jtJhTg-g4BS
    r66bzCH-5QcYdx-xTny9jf6M85V6Bk9yMafnXHo3OKUa5z9Xb9Dqj50_9-J9Y
    5QemgmQhTypWdFKEhaXiumtnQozriByUK6bNoWMlWGaNuUwdgT06H5N6Sa00b
    SoHRtrdGROY4ozSnO4u5EG3e_Omy1xcHIXHNZdK8kquF-Yd24Jou9flFjDSh7
    _tB8nOqqoKyTtj3ZK_mQiw4ju2Ya-ZuH30GWMiYeoInOJqHeABNnPfGFgnB6v
    BJw-AxvJuUTTz2j9Rc6L1j-N4nP5t4FESTYvo4IsiU7QF9Z_iPN3eAkrzr00H
    sXF_wnvxlv-q5ZRU332hzaXLRuckzmFyDeb6a8UiGcBToB-tvpisJtqMBL98t
    UIphDdft5KVxw9DIB3QN5v3k3qep6UYuaG1TyXlhPHl-bmEsbE0nq2U5U0Ykm
    Nly0K5zRSxHInuSbUSEXy5RnTLHMItlpfkb55_TlAt-ZN8-HipS7IMkSI4VGU
    2m3GC9veGw8QolvFns0Z3d_8c5ZaqExxNXhul5WV802fYe46bWEN96KbCBbTQ
    OwY9pYqJohzDjup1LQQctJeEwGtDi5roiCUkdvT-P__BOc6Zyvi2BymOJFfTz
    8kcu5kFiLP95kK8bDZ9mBAnL7w1v1yeP-doZbvb3BLaq6pHsIwA_1HQx-wAAi
    CSEChU5FzCPZAOn2emd9X0XaZTOFmpdcYdpTP6NC5lRe-eb6enhvRVqOjtMwm
    ogFfDQCYkXqGojZsE4THvGuxjVACsSYbbBGB9PUVsQIGrxZj57pnV5iy-LYO9
    zo2Kmp5PluCHalE6-SneojSWrbiBdv6rJjpgp1FbIeiLdfFITnmaM7dTRQskp
    muoM822dN7usomGa83ozhMaLjJinKbtccQteyXtBt8CC0-V7jxjRifacNroBv
    tV2DAEJBcUtZhM4fUDOg7SlI-sc0gl9Ui7OvD9Ajf8JsbLMpZBigiG76bgwIE
    VPqMqq-QkNDtQELZAYVjER9FdNTxsvBDcFHrcL7wRGweGaQpTc9-WvTBWz4M8
    sNNXY7ZWxCl0REuR0P2pBJfHEMV40rdcegFZ59Rey-j4sRvpFE-AXDw6oOvm0
    YkEIaaHQdnKYlthJk8DB_45TEJkCMtfyCPZD0COk09ZYM92inyISbVy5yXVO4
    6D32A-bYVWmdVuXo77mNmAJ4RIUL2JRS2_5g6E2Q8ClxYHnEnD2UOwiHLBKfP
    NuKtVRTmaOXR3xmTMH0B_53FhnxZhphQWKEpN_CvrlojdfkTMGXZNjSnh9uzt
    AdzrCLtfiWQT1DuAsuDpzidk_TBu3V03vbSxm7E_ZuKhJ37nQqYD2sbDC2H0C
    CI_9b8YU4fjw-Io6PzZ4c5KoZuYzWNvQ9GqHxN22XAJTEFRXIQMl4mWMqKiAa
    AH-DxbF0i2Ed47Ihg6j2ZpxIAIijYDsQgIeL1S2kHD1fAeP61R9dOGA3B8aGo
    hYs8-2TVYn-wfcLZ2y5w8xfLtYncEFLLw3H9LuiMl49hjgGkEsa2MEpXrgTjP
    Sd-uK_pwR7bKQcG19hVkYTlJ6ptPGz2AMPiAvXgqZqviE20gWioETydtRwUQZ
    BZRSF4nlTbzOD2jHylur5pdtxLkHh2Dc_KPqfj8D1kf-hpNsVNATqWHnidAOS
    Bc7vFqUHvpHmeLW6F075kFqPynhffxwd4Qd-zMMpL5AnETH8R7qM91m3_9CNg
    JWuoIjUzJ6ZoYf4vJjzY-pP23X_5vTCrsXsMn5Ri0_PkKbF8F1nYFXIdCOg8n
    ggAsNrEI9bQ8YNIx6-bu_N_-01r0Fx09Jexzvb0H_WOF9cY3m4uFwH7IlfB5t
    jhlDjM9i8Fc1OuhdtdbtwGzHLnsXQgaWu_1_i-YPopMQi5vAg7i4EDAtPYLx2
    dg_5XeZSP4eipkpZsNjHjUUOjqqbhp_rhk7L6pp8Uxfp6jixqyaAJWWlVa9dk
    H_uYgWKn_tSm3PHmokZ2dbMDIgmhMFnJFIvP4eq-7KW4RTR3gSKcvW01ui_jr
    0F1cHsg7VeoPo_cKTfwBR7XH8B0e6-8qnTsKoYciJb6ZH2cwwUSyYco203AvX
    4PrlGf-TfhOhtNHrO6hvdijUQoFveWEfXDApAKfHFOJH_V5dPmWjkOJNl29Jy
    OgzlOOP8aS55HklAgTdmhq_3QJlqr6ALNmHdxsoF6N1Qsfp8EMqJgBPt62xJN
    WQFsTRLPvefW4Tx4cgl1ZtzTKRmNMTCaI5skAo3A6obbU0zfiCtS7ghgh-7oH
    t1dHOGzJRJxoYnknBsQ2DlURixQpZ7prc-C1PWkEtqkOqG9Q4V5g2K557mtgb
    2qgvZm9m69MQhI7U5942-IUYxx44lNT3R5bYWhHImsAt92gZHM7Y9Wk4M8DL4
    MIRFP1R7KIH0YvPxoxOOaecE2nXxWtSuzv2RT-7wkqKKpFJfwMpiwVAK7lmSH
    GizDk_wcTW9C4PyHiguR4m9qTcMDSHiqDNaNmYzqMbPyoQEGzM5J4uVPto-a7
    RDbNPKeFCG46oIXZnaB_Kcjm-oHHP_WrUpPIT6_ODZ6grlfp8QWrCt-TCuDX1
    gFwEQK9zPWXU8b47MeIPcW0hyYtrlsvRgXjZWP0x83Kpi3GpzfOvdSO_oKt-b
    9HFgRS1WmX9MfDQJ0vzuL53zJf8YKLSioTxc2F7N2NXM7eUESe8kFTJHKssXf
    IjhBCT1vonC4tkjoMKFFKTPQcVlE7Dwx-ehQwFyphC-uli_4rZNrHheodlTxR
    CgE-AD-fdNgnxMz87952IKCKrlTVQqUtt3AGi7bih7CeRMkHS70Kb2EKj3t4P
    AcCSm0k4QtmDuBzWNbtkCQYcceIp2JGCj3O6k_HDfydzSqnB9fWC9o0XAO-Co
    gtc2nFC1cwGJ2gEpJvTUra00ccfcC8jfbMnsxA7CkmsjYHwYCjPmV4LIcDuAJ
    GsT7UVCUmek-n0UczgyFe06vaz2Wa1fBE_yZYPesQ4RpRyPgoGZX8lY_g2o-p
    TVkCAk1-HUQDnoAVxsLBJCRQRUvJgjL2IqiNQy9aJ42yZrmKQNsJA_OFjEbxq
    1Cow9uQdAEWwTJ3E92TSKxjcX9JsYyDQ4-4SZVp6_5fCRNK5hfhzrsqmKpgm4
    Ov6njBzdr59QOoBGSF35v8qi2H6BwjkiSiO_cUeTP4HEgHpJ3wzuTPW0yezuQ
    9QnSVPLUoB--EJ4fAmIpSrVl-DSnceMSFIpoMaf54bwlNo2lMNBX8C59fjmuH
    vSzWSMCiDN0fX410NvvtPckRgy1C_POQf8DpKMD6AssuK1Cr1W7eJ77cBZ-UO
    BltgXgUsaN4-MX1tSxIEAvWZoRW3Rzhikl9P-LNm1yASKrw8cNCket_BiqZal
    WLWMPElu6mK5uFwJyau8yhysmSAfjxXSwak9YM0Tz6wFr7GjqfUQy57yKRx0c
    BrncZGiooNzH0RllqQGN6bz7Pkg7jjEanE-8PpQH7mNaFSVRJVm6S5tRYodiV
    cR8ca5c-7D0O0L4zZcIwVhdcY1wqkQyS9cjyeTIOBNH6gCbh1H-f2qIILOX6M
    bYgy4qrOEpcfrUD5RuZc-_y_qFCVX-6ZVlATcXMgQbnzT_o0CiG_MP7_wnGOo
    uhPsC1kqLwPgMj54Ma1wACPRkaEdOzs1zDZyBfejsLyJK6woBxTb4n9J8beIX
    OZ7MaEcJ4T18_ywjvhWIWhpUIARByctQ_bHdbxd2mGoxmeS2StF9-9icH2LV4
    2qok-86XloodUqWcqyjrrKkKWbnyVySEfQ3SE53ED8roHmAIPDqlJRKKJrgXj
    0N88wQUbphPRjx-uNXSs77H-L37xrSi0c5Xnv2MVbf9LgMAzZ2PebeGAndfvl
    Eb2jkLPYWKLHImNsR1A6Qhj7dLSMk3jbkQJi5UghBdwoKJDiN-6vDUTkVzLet
    PnpNWmph9N-TYrXoj8nkt4njGLEJG0Gm6XTrOCVwV1URSXGwk9GZiE76hgUZU
    rX3zHO8VtT5r7kadzNr6aHREoB7MejtOVOruHOxKiej6NFGOk5fyhI-x5CI84
    P7Z8sC4W8-qg3hx6lYhFHE9yVqZeCKUvFLQrN2yDArYZY-JfNHkolZfSShu49
    k6swseFBb8G3Iv9ZpnoC7uo5RVP6xOL0i3Q0aCsaTe0pPhIRN_FrSrHtA1BP_
    w-u_qF5ZN8yKlXSezrtG4edjRbMa1c236E6JG-0brayT3Uf1JNKR050ZNuEnA
    wfpqxY5bXbmbyJlI13R0Ie5sH5ZFNa-Bqs5dujKtRZLXZMFMVP7cGnudi_qjf
    79gDe6H9YtJHAdT232DpyYgkqbzL73fr9lryJcuNabof3ui486PHKAnEsMAZT
    wM-iCl_apEhU66TFV47TJXRk_pWnaRS1XKUkyr3JUz0bd4v6PDvjqBNVJi08u
    3kVOF2HdrKTpwHV74zOm_lewfbOsNVJfLcgiOKYQAb0kXvrgc_O-tMg678YWp
    ifjo7ev8JE0yFyH7G8bEzNk9YIqKhXW6UgHT1AjIaTA5J5LA2qw2O5WUOpa7H
    -aTLltx-CdS2Iu-RwMR17TL-to-H2hVVI1J10PGQPP6wEDIOv6LMVbzqCuhOX
    ncLWZFJREeO_EWZ_zNYl0m0T9Wv2g7rDjl_1Y_FO9p-wkbI4KS0yvprtqd2u3
    jOQadDN8aC3awxd2iS4iaLKYdqzq5sWtoeV1CBHUAqW1jOeoKYoSiD8p09feS
    0pBzJDV2A2nf7x7cYnI1dD2gquBmlSZ85cD2Yww08DlpJoYt1nG0SjY9sx9Fu
    kah8Y-M_3A2rFW4EGbZ93K2Pqs84VAeQ6ucUqgGZKnuf5xQ8fxkDu8Z_sn1ZE
    aLixpAUqEvAV5ddO4d-iYnaIshp2nhpW0KFL9CwXwVkPM69yfTGfCmW17BGko
    T4IBYc0JJ2RE0TOXhQpBKnJ0UDj5GdWbpXQlyKKLiGi4AZiOi6X01SFXp4WkB
    TLyIMZk8nKkeGVTqILBHQrO5NPFJVo5WsijFXb_ot3cCOrTgMM9XAwu0_j9_m
    i5LKLTSy3zJdXLFsmLSCVklBD5SRwzE3bxLIyeRtlqM_zFCLtgjUyNkeLgYS0
    yIPHndYhfwKEUlgvTY7DMQ0XXJlCmzt-bWpzvCs15rim925cs0yv2yeMOlxzv
    g6rUxeqABnt7o4xS54Q38Gp3KHLnBYfWm9WOSv9wgOi3raYWKm7pnrePiroZU
    -X5jICstMRSR4Pk8lIE27LczeV0fHsZo_QQT3A6wlaXUud0JvmMx5Rk7k_ELm
    moJ0kUZPpF3NOOMux0TklKxf9XotQkQr6joVxkrlrryyqVTNY311ZKDxOPeVm
    9PL7NM3jHFxfnIZ7aBzAEZn2jC8xRsC9T6k0SGNIObhQEzMotlwK7jdApU5vz
    w_593l7GNleXf0KYC1LqyOYdcOtt1r0O5-V6WFon8soZXXoNJVkHE8k_Odtzk
    xYols8xs6jJSPUJRHhX1Jm966mBvbphg0DWT3AnTuCkz8ahYT42YB4mWjjuxU
    VKR5fsnDlwIFWHGbdPQ_HTDqirX4kmcICRsp7N3VzDYtHkAB29DVvXvo1FWiZ
    n5dEHO4h9LXlv340VeY-clIFUBGds_E3YSuWt-ggRNo4Ky3L7wszyazDvKXc8
    3lqmJwyngywteN_0WnLCpkWcGRKkY-D5ZQhaG1k-Ru22hqWOD18fzY9Bvhs3r
    c5PavQNdby2ioY8iAPBRgi9wOW6PHCnhHc7PyPUKJVktb8zOkdlgKEJ9rvf9Z
    Q_TlhrenStDT1-p2MXmFP9GvUBg4e4GUAUHmyOLgrYd5glCl0e-Did9cOQavT
    -5boSuCyUQSugVddynt4aBIMf0pA_4JBXRiRHG-uX8wcdZdrFgfphy7CKXn04
    1n2rSuavwWe8WFE9jAHS6heDuTFwIACcFuxHqepJjHcGal5b4wlbjHxa8rzEC
    _AGfxa9lpaNkYSXUyssF2XvGkUQlpBiqDmbwIHSfvmW5619m1zrVKCTtK0lX6
    GqmoGES4RYQypN2xJ-Jo0y6dg8nQ1rAbx5qC-n3XwkkFA0mARDiZshjb_fA_G
    z5MFIR0ZqB1Pi5udnTYHBJGGWVoX4aUaAKMok5m3R8rgvwlrKfNgWK0upK3Qm
    l8zBql99xzuJ1KjJpPyCTSDexdrbtOZZOvRVhyosPC8_oDhjFDCYNggBYUSRR
    AJprcnFXZU5bLXRgbyTJgVEsl6Z55BveQom3wtVyhKxe-hX4ytNE7R3g8nubz
    3c8_Y7yrZ4hic_lY_oJdAgp9AId6YPvN9rKjBb1QPB6JeB1v-wHOEfrpbTC2x
    xlMKbT1UzHR0zKkw8nZTGirqJhQOFEqhPjraHoYaTsCrLN2OL1Lq9blY4Z6a6
    4xoxIHM5N4Rtm2tIsbHuqGMAYZ8a1t53arnJtfIb6ChhwHsM4xQNLFMwQstdu
    IHWkGFg_EiCLw3IC_I4mCxOcYsWbCM5lNNHFxu-O_0FPi9BlPuySTRgXxskl6
    dJehQ3nBnUhoBNr04vmBRDmioq6hhtrQTu1HkKSFbeIF0xs5yYj5JMuyQjOLc
    p6jt-EYrYtB3GlAhiYWgD-13ntUi1JEbf3zZVfEnqjBlyV9wH3XMuwpHcnyoH
    IE2NfGIge0lFkb-1HJBDDArH5B3alABpuFxSB7prMobc0YNyYUK3mUh3710Ta
    BFwpFnmJbypGzl5sOXVQaEohDZW6gh5kiS219biV3-lzwgIa7cFQ5AU61T101
    drwYBsy7sLI5eeCyRV1ye--KO05merFQjt97Px2HwHzJEBAOQDdR8JCv1yYYs
    eANpUH8RSbmNi4QwOHphb9IXQDNik5Du9usIk_v0wVLDXODIIbB5VbOiQApH_
    2aH0a9PfI0_An7NtYeSuJB5fO3ZtXCowEPGcqJH0dV5iwLddLyGxoRoWzidNH
    1l4Z5QCfeEar1wYwUPfqg1FRjpMsNCfq72oxwQ_9MLhOhjsCjfueJIAftWpa-
    H1FZInC1FHIVh2__pW1UdvM9ruBlRHLa3sF9h-etdXDpnMeIhl26mcEwb261f
    f6ahb4fW4KqWXYDBAq-VBOI6FuVSP0ThBTHZNHH19WonuT_grPjd7D6OwAoJ0
    Mdn1umczw8vYiyDQ8CW_IXn9HH402qau25hfcgp7fvgN4q5zfy2edDnzN-dD7
    8zRZ-M1NhJkYTO-e25kZAyRnTvDgkRZ7LB4325qLdHFY5RwhWtAtGmaSfwRa-
    ygkp3XZUcJdtVsBcpG59dtmunWYYrVT6N1o1WsN13ys5hOtjXRydnOQw6Ut4K
    bCQnq8RIicY1x9Qqc73xndQ4meOeMV9ZaT3aD_OqdXvaWeoVIb9mcfb5bgfa7
    lwVuuWwoSye2ers5F9Gm6uvfDCZ5FiZTFF3nNAGSLm1jg0BvHSOOexDi51371
    EcQstDcjsclwexj5sImO2fQTMMVknkwKMB-k5BjAA8ogYrCcY-uLw9yH8xlrs
    om5hLIq6D1l-wru9fXScHNSboInLNC3gQmfQAs-KmdcSGlgq4Ef7YxRAQbORx
    fvZjYcdvDlTxoInonBjm09UaVGf-pa7aGGMnB_vzs6gPIY4pkARr7bvZl9TJb
    smTg8C_ri8c0GTrXKXDeh-9Ew-PDPcaAjQevR0Q0qMKmm1EAgWNAGhJLDWGhZ
    igxfCzgGc1nUZYmMtYYPS9jcgBKTgfg-AT0JfPQ4DC60sliydDBbUH471xGVY
    QahXlIrPIF0uEDg-nrj5OFp77Nl2nOY-TRhi49-Mifuk2XV-TdQ3QGu2pfNGi
    O_6Svza0zGEbFLQHtwlAKQIcMkcm9Wpv7kqEe5JaoOHQfQrQDtoKOxWRIUWHF
    q8iPPHGFaM5EqlmzEp5GuJCSvLh7NSPaxiTmX46aGv7njwGOLRAxP_zTZ4csC
    _5oL77wPCR3Nzj7y9fBlgKjz8nhY6pBoFUlDJuNwDzedY8r11MnTJa24hWHTM
    nKToo8j6rA210Uc61QIj78wmY_Nk4wp1JJ5SvYwZd0CzlsK9rB67uTbAxI3WK
    GpPba1bF0x5zvG0v0MPrB2XSk-vpjWqMXWjBcZxOFef_Gy6SKtOocKlHXbBO1
    yPHJAkwN4ktI24D6f7RJbdmH57tHptiZyN7B9J50PSQWMPsu3Reh2D2KIuRa5
    qUoRW2_b6rOGJto-tnw_mJg-wukhpKcG1c9moaFdjOacSVi5yHPAwlO1WRoyw
    8cEfLK6Cl7QoGdTc3RuqtwJ8WFJkwWNtXS9Mq4Lk7QmpEa7UlXIsy0vWfySeb
    6PGeUSshWvXRU4D6-BGpl_Uzch-tnjq8BRn2lt9wBgUsFok2nj3dICabcEd3O
    BzHb9O5s5GIVx1nAZDnvIEvXn9h461A_lI_BIQ5d5KOQXtfi6AfSEMCFXPrRQ
    lz3WgkhtILPSxcoQAm_ThXzbTvjTlEsOlDNpAOvl82XpVzwNU_XL1u3WDqtgu
    dhaT3F8Wu_f8Oo3Oa8IOBayLX5-LNXwslLLUXMgYe_kjtb7MH67T49DhRaL0j
    p8VUuZ8ltDwssaSWVo0wnei4wEpAfFMVJ2dAs1x1FkmkLTG_fjFL8me45pJao
    4603_Zs4vXSvDSeoeDMJZVuNPvwwmHfOGjxImqmkIcWdNKUpOgr4kQugR9XnO
    M40hWZHHGJ0GoLolBvq5BE9e4WLwZc2OYjsL0O7DdwKdiiAzXjyfYJSeaJIhn
    sDZIy_wV14nUQiIjRg5KSOn_qpP34Rx_lXEu2ldlBtE95x0SLcNcKBpTGZ3gO
    fc0BcMFapOlUvUAL1QJd3Vw1d0-q22Ul6F6p3KTHsRZQnDtvKuswBmqbR1rwQ
    x1u4itY_jqY_JMNIQCcoG9FCK3_4uOKgpf0lnEfiYRkqwxsdJTMV4Brbp3kGP
    5X9yTAOEBY86dCasBlA5GxmtsmEKwqFYRRD7t2RwYvEbHODhTulrI41W_78kT
    26iV9pTRpJ218d5ffeq_ZVoDYQnh-9fv__-CFTU1yzQ_zblFp2BOzW1xubNQE
    B0dZIFuKv7nVFcP5n7gXIZ9SJQ7Z_jT4Z4DJ2mYFd9dQJc8qN8iHsSGS9w5rv
    Wzc7fLsQ3TEXkFEBS6xfeci-JkQNYqlGqJZBy7cugBVdJ2_jmhROyYjHVwlZ0
    g8qbhL32dfWz3PgZTa42ETLsKOmI4voeJBhjiTXGRisy-D2G51V31RMPKn-u-
    Mbd5_DTQxmCBWbMasiXNkxzvtHJXuTWH6xpD8Mu7vUF1ZpetHD-ZBi1cK5o6k
    gs9MD03hwQ-qMtRHaBzGInIq2zTfYWm9PGdmk1SSZn-hGcC3PPhgYqYqCkUtV
    8TVaiQD2nhehTE3MQOcAylc5T2E6WO8MzPdgkNdVEVc6CIVE8vTIRn6FFR4Yd
    j-DzLU9W3-rdLPejxvSX338qIP0NMvTcFz62UiLgdcsabhNdR36XoQdPCovlC
    lMZdQYU1vehYh-PJuXSJlU7lpJ8sc9AWSQIWDxtpVD7fBD6Fiy_7b8q2hBn2R
    X_6jzCqaE5qPIO6HiU5BVaqVOPuTAKXdqTo0YoDT4VKh9JPgocu_OWmNlIbFT
    O2XUaQeTTzPajRweRns4UwucTmN2fKDm6jghsZ4d0B_96Yf7lki6HZNzOezz-
    s3oNthQNi9iMUMJQNv944XtSW0JNkJkOt1BormH4F_FvR-iePRX4M3dGq1I2W
    HSJDaybJl4A88Pp5Vj120bAtwiKdMkjkSNGTbrK9e7oQHDUxJhTYULASAh4lT
    gQyyimd75CPVtmrX7NjvAhaJm-XZHkPXjTCAjCZfDgTsrjojzrH1TUf81ic1I
    GCPT4VBu0qMBwbG-aFxCnCjH7IUqMpbnwpmHFays5qJHTRJEj8JAGPQ_pJ2Do
    DjXIaKHuebJvDWqHz6HDM4uC4pE9MYwnJWtUCcmJVTl1pVpqSBOuDNTutQzUR
    AmFxxuQoCFPwAdSUmAKa_bsIWOdlVkCvgFMC1ttHVe0EqyC9myJbH4Rc9JHi0
    Y2a1FpWv_fyt03_D4L1CdfJPsqtVlStBGckgSRuLGsBC9xGqa-N5LWp4UTeD-
    BFDFZJlDohoGjJmWGC8Xgi9UpFYPFHJnFhKJp_DXd9rllUkxXLMAQo0811h5h
    tgeZIedsqPTatzbKZYpPOPqjeMJN-UbkVIfj0Qa6QQOMaeUw-jsuFLxAzDVGc
    2TZfS8KA9VlrqIZIds58TUKar64j2kA4Vhk-JP1y7wvgM2wzyffRyuSTL2X0W
    LTxBcDlls0RYBauK4bHjw64HX-OssJQ0quzbV_Yw5mU--mvCVitbmF5xSK7bA
    wPJA82_H93pdEEChc0gPdF2PYXx9xnOtFYSwjHYlw5whQ5wqqWHMC7Dg4Uiy7
    6WDaFy5W102Y5FH8FDfmkaOzRGcBgsPuI7zwvo8jnOftubp0d3x4XdYxDDzjO
    JnnO1GWzqYKj3j9zLAVERF2c09tRsBBPtl1ILvZO1ngpo6N25ELbFRFMKZLX0
    WTXwpnd9SdFaXIVjM90fL3eCseGg9RVij9VosbS-kVHc7mFPzvEdWfeFXFyeU
    F-FOfCpwbvH5CKkMZz8hZ0Lsxd-7-mb-9Jv30DXGSjxpFKviivKrSLQW8qCNR
    trh-PEepKelqsr9W6hZuGCPtq02PkhsSdeUlm0rj1uBKmv3RGcRGjZDm7JLjm
    GXN6_k9VWm_SITp2RDMtR-7aCnAnEQvkK8r1B9AmcwNVvRWW_aT6p9fJ6XpDX
    2FgMQw7DI01kt3bjvYx-DInm8JpFXQo1oOhzuMBWDQcxULGOFjaFYJHp8w3rh
    tcz-CK20dYHW-ZpPFnh3KRo3u5LcgbxhAZfrfTfSCOVQH_soC83yi1FtqHjQI
    nf7oIGr7O-64OXwH7TLpw2j_Iig1D101jvGDRDTk8EtKO6yGiR1Cfc3gE9CBm
    M_GsKzi_mmfGJ7UHdItiUkueu8zy_ig9uyuaN2fqifRXxzLR7ZQdvWp-khsZ-
    JIfDj_kSez6kBQ-u7we4EmZsS4kmlJ3qudGUNfrxsLXDV67G0V25JMm5VpLrF
    oetNep72dZldzMFnZrdrpJ-h3KwCzbfO3kg3RgRpNVUfop_jARK1eUq2N66Q9
    u-hGf743iLzRHI68rCrFJY5dcn_MHcXR33KepTHADEXxCT_PkyJLTZhwoxcA8
    c0nkK_wTN_uEVApiV6MInwHSr_HkyEchhPdJ8pxqeo8iEDeCL57oFdbnY3W6_
    8wibytapsNIJW8LMHfI7TiwB7LdSwTpAuRTcWd5Au-svxGtRxsDs4IM76v-xK
    lLMOvYkjIarTMOaeF-kKckD7lImGV3-RQM387U4SaqD9Bl1sLQo36_SDqQ6VN
    _fRKXHIw8iq4E6P-thNA_DI36IciLMmkKPNyYdzd4aYYuDKEAsSzrUmdk-wpW
    c17elXmLeBe6MpjEVsJrOiQjoERL-S-rlUr4na2t9ZA0bcVnsZ0ErskkUQr7_
    RB1ebwfdMPHaA8ZJgiAtH11W3k8JjTaQuHQpgo0dfRdL9UR4wQD97XT_dEbtw
    t_vSpHWG5OCecT5YjRoPd-1lT5M8-pNxT2g9BH5BBj9uyrXDxBsjcaS2n7fMX
    ErXycuAvnkxzY2r_QT6KE2Xsm6p6RPvrExFWYiBBs6W0VUZc18j7iybB8hgQd
    GCAiIN46KxeRjnhK3jLSzOK-vDekbjKhAPUN4AoF0iRihO6hdRg6POCmKCiKB
    e8YKhqAXFxASLoTZr5JsOfML-OdSkq21Rq5kZxfCz9Vd5cx4z6YktyLmM21Ic
    nvjbR7nmIZXd6_i6oWU999MUnsyO5qy3BAa9tlhDdI2FG5DBWLOGSb4ivdmwX
    dTJB1RtxL_zng2UPLWCTGt-WxAdqiRn8wssc5K_kt8Y7ilMnRhwmtQ8_ewN8W
    37S6F7UEvvihrQIVaE_T6OMqH-xyb1xhq1KZD80e2aoeGxPZ1zGx1JV0uKpMW
    rUrnMb-RUn9HdPAlKIZ3rXJsb1tSK4VhF3fZHr8gTZvDh555NCwJAbAFHXTbh
    rW8uN6YDgt2dLZRN0UfhuI3cRvntuFi0ES5jDUbx7plA00IhC_u_SxbW5YkJ_
    L3L7UY4_GLTv4wv-q4bD7xu6PRgC49DYwjqH8TuOPrOSAnahoNuvIF70pIwP8
    h8aSG7KFx2lb2b2SS2iq7XCfw3uW8xM82dOMCnwGYM_RGQR755LzldbYzPBIy
    GixH6ODTaQORDFbfaYHUqvEP7KiqIqxd9sjOlVxoo-sO7S_p7v9Yfczl0IeAM
    MONz2fQuz9zyolIC2L5rR1YFY2wHfaiSOU-Y6qgkyF2ZiFoEKtJ3p7BrEgFTj
    Ee5hS3fMLQBpxUKrcgFqG7BdRs8TYyAuySYe_sMHh1ligefBcYD3F0CtJdIUz
    dHEf67vCts8VF46PMuhVS4987aQoL68L6Ez_24gMp0captQwzbRryJrjO_07U
    O_zW6kcmimmHldwPtT_k25x-_TyvXLnjUrM4sr2PZ96zpkFS95ScO1hU-R41G
    XJ3e0Hi5C_27O55-XYevHJnnOeBaH408gHvU0r8SCf1PaOYZeR6_XxN3_aCU8
    aMCJtplnN5R9sZnGsNL0JbDnQuPGRsFtvjHEzx0VRCcrmXYtQyEP8ZY8HReuD
    KKRwOcpwWR1MMmkjqZADtn4Mt5lyIztMwO182_NAT5Kvn8o6d157Bt43h2Nrb
    4gIffZbGVqf0UkXy4HEcT6H6T_B4Lw4Pefah7Dqw1tssGBo3pW9Z24GrXSXJe
    jSrkAeIVKR0WCn8fm0ie7J9wErfAjO1rImn1b9KrbxMgHBivVqFy_wo7ScxW7
    rUu28IMjYwFQFo4HVEaNuLuE4N1bT5aBcUjPZagr9viWBMI88I3WCBPoYC7y7
    fOl_7a_1zplsshEi0y_fhTvWlYHOtL5SGfGAyD2iON5DRn8kJCk8DOlQ8z3s-
    FXTq0WP_VzPxPkLwikr8zw4VwArBSw-Vitn7nfeL3ma5aF3lwnfLPyBcj49To
    u4fkpdR2AK0yWYKGVY7kGDJ3ZI1cEG6yw_8qaBSB_sJOeND75forTI4yH_91C
    V4I7V_matXIqyYlrIk4SjR_mfnNnMEg8pUbTtKQ9dQF6Ev7NQ7R9x9aS2QM9l
    nQP_Piu5vYSYTmjucOOE4VBzN83fWszAOzT9QmNtT_nt57YxJMDGMw1RzZ1Hz
    Xb9v2xu6DWQMH7PUOvnjMkf0dowT4zEZqzFLs5x2MotGsxsjeIfYS0WwBJVZM
    yxYBXBsZcmJIJfgQoMKmLSEl3jGizOIVvDoiezj8l_65DnXqwaxsT-yHpmmjH
    NK67HvZOeBaXbwMHqdjw81iifewJGhUux4weffetbmxxULq922T9rIn14E7mG
    PPMJOvNop3XkUSLok6pXVRpVKJpvKhryxFef34h1yHPZv_4ZMLXMwtoCDM9eo
    Cp2uSOGti_1VSicxzm1NKXOA9jv0zHP1q0kwhbODv4kI5i3xpLTo2SsVPuCMu
    WVKYo2l59NQJqoUXvGkB4XyGb87B4ujVZA1srmLdDufeVAebqflYt2mJMhD2G
    4HTTAIYeRr27SohOGsIgpWou6DFAkm2nreUzFVRWZs4K-06YsLi-78aieb2AP
    ixVSKvaKWNqQrZR8JoIpOMpo8QgXZC0jezdOIv76ic_-sGWhnrBw9-UN0D0-j
    VgQn2dt0mH1BbZCKdViwZeh5evJRVLT7noKpZA54iYzK7C0Ry9zNzY9IAWwX7
    1uhxVIqbWmeOTwrsrheyBi1-ZZCUj7flH6fHnWmYgKmz5uLPk5FmObSvLC7BR
    SMSsIKUOZ4URD8qqSsZ_j3YOIYoJsz73eSu3r0ykks8v_-9KVXvmHTtQbnZzc
    -z6pr_0vXxCxYsKkpp_VhvXZ-V1l6EHi24v3Q4ZrDKGrW7iekxzdrpl6hRNYh
    0M35njK0Mgbt28F3gy6ZZcTSIdzMhf2HzYoxkvSP9MghpHAy9ySOViCR0ndCW
    3QL5K-i446A2INa1jejfCmPrkJbhmAIsDVQ1lMofN1afGBIi7bBNkLJwRoHHR
    7cAa2U2hbIqxgXIanaS_iK6GxAJ4xiXQNezWWilDfi-lgH4w0LjWt4W-G6oUv
    lh302IUwT1SSDhmsKu8e0I9RzyjSEZH5YGDgNBFhqG7hnRQOohtuB9JsqgqWk
    raOmmhN9-pGttRaY0z3GuhTtFPUylbO9LMm-UEP2HyC4_5nHzLgYY9gE6sRsB
    rTB1I1Uqf2GHcQI_ryApxNQ4KzRA1XhTFPOfg2v9FGebIDdu1DDNZzT3hZxhU
    j_VmYMpS2LlQEkoVNvftagNsjm11QLKfqQTMaE8jkJ3XHui3FYvAcZ3HtUzGs
    Zb66WJFsnGbcxGqX_dPPgfmkRUA-p-diTmrDLEQRAhNI4M7uI4pChDiWgj4BT
    NUMsOOiRLQHGoz5HHRInTAInFc5Al3rvKXnHhk9arC2E5wZB1fEi_Gcx75vLc
    ziO0f0pktT9854bnh6D77fjqoJjm5Bc4UsxwAdScGmkvgdcPb-hQxC5enf3ld
    c0vpKx6KYdVfauJggBS3OC7f8VCG03FUA7ai7q12sJLqK7dY9_TIl7A2sTQQg
    -e76MLF6eGvtIFt57QpTdyDQ93O7tte10gyz_8yOAVXci-Gu-gv4YmhfG0e6E
    chdKCPeqMVhOS5C_aDOPZatWn8E2kpPFdqOWgRD-tutuodpUOzd26gohi8NRO
    ofUQxLiV7qLMKQwXJL8qYaGQdK4G-VnCBzguClG1S_uV6CAynWn_68pCpzBVI
    UC04oIj-VOK3jp7vKPd0CZm9a9RSCcJQcnIRTEE7-n6UBBN7cVbhRysBsfnsX
    fVSDErQoIv4Wdew8utq_wWrJEXkl_0WjkQxsTkYlLQ45CSu4SXzlquCtm8dCn
    pmfUC8Yyy43LzzKNKEXtGzVAJQbAXIIyKGdXPdJV_TW4pidq2hX3sTI4KDKAA
    Le0-U9DAEPDgFSWrxLuFW_WHcOdn2aMddS7MwXDTYdW9tvNSDocnd_TUOkJcd
    43D1Bb72aVX_LK04kwfKrYdHaXzyxwIXebxvQYHtWTdjqJuYkkqy1yPc7vlOz
    W_6cnAV6SHZF_DRaHZ1ZINI2Y2tNb8WVIAs15FYMEUqEb1A6VoCuS6qEwg3_b
    DZVi7OAj0Ebou_DOtmLSLGFHbiFqyvpPG_hAwIKwRGTgBBnSqsfttTxSXT7am
    Y9dIhQ1pnqcWgEpXvfvNJxaaR_qt4h6GPah7Ls7glPlNdbx-XjCOh5dV0vSLa
    4U56GBQIxX1UTl8lPSixm7eYOicBgi2ck6VvvCJXx0RxvMqw-JWX-a-DD3R65
    q022wIvFNJdSvQ5HW12W-ASqZ5MnP4u56flLXRYNoZLIaiBA1qBM9U6sEr-cy
    2SPSss-WXCYN4Bs-PK50e0qvi8PO7LoaVtq6iHbCnzZt6fgx0jHbeVHWRQymn
    NAJdmBRhbRd-KMyK-wr9V2ZH3ucaF-tIXfVSdq9bG4Iae4xwJqA0RX1IuRgvi
    MzyDolLNl3530skhB7KGxlQDoVHbEt5aGuye2E3JGxIqSvYxYYotyM3DfrssP
    Y0x5BihuOZtIL-WIPUru6_ayHDg1PJwZtig0IO1Zz8DP-R5RMLpZ55J8YO8D2
    UrR4saUy47MyDAJ-mnfmB66dMIsLuCOCG6WngxY9CwwsO0pSEHDxMvGiYeNAi
    01u4rKSPSD0ITr1AwbanUHt_EvqifdFcHYYG6tCj_qHa8ZUnHrKGBQlKYsR5P
    M0KPX3yZ-d1HqpBJVgtpeCrCaaOQzT9zskSiBlNXArf4Miat13O2nnh43dgxh
    seStQ1JI5TX0sigVXIlBXASpqfvaM3I-WyMQPOdzJJ3bl9YF4OJ3p8aKTtse5
    Y3S8th9GqxYLmfWWLgnlk1WFZOBdP-6a9JnhN6P4DHjReleVxXbzumruG2oi8
    7CnLeF_RI4lcHw8fHg3J0gNq9G62R9iwFESlL3mCV-y2PmNkVaU3AF5vNmxSG
    tf3yq5mBPuuuMEBM4_6xcU6ZMcDP63gSQEKY0eE5hcug",
  "tag": "AGv6XiYay5aigC3MosZRqr3m3PsM24jIkf4N2DLpAQg",
  "recipients": [
    {
      "header": {
        "enc": "A256CBC-HS512"
      },
      "encrypted_key": "NTbM-Wy6TryKiaQxekGz1luPLhQdiRlBuSv9vZKVc
        cPow9Y0mMF6hTQ4z01tcBpx4ms5nR3nZV9wUo60VzBQnAqXQQ8ZSpdnVX
        ZKnocBMvSZWnIqspb7Qk9jNvugQ07d56gKeKx5rZSVK_CtLurym2LAjeW
        ZH2Py6g88SJ8fSBhsCuhAIPC030i_1EU2dFIw3JdPXFONO8tA3b4mMcah
        8wMqBnqYeDfIoC81GRuXmnjScYhcnEwKiTfx_3R2-F914CSUha-pPKnJM
        _u2nnZ1Qd-V84FxUcJ8g-JESOGxEXkjec90ZmZFuWhBvyTqfhmAgDII2n
        KLdPJax-Edbg"
    }
  ]
}

B.9. Redacted Signed vCon

TODO: redacted vCon example

B.10. Appended Signed vCon

TODO: appended vCon example

B.11. vCon Group

TODO: group vCon example

Acknowledgments

Authors' Addresses

Daniel G Petrie
SIPez LLC
Thomas McCarthy-Howe
Strolid