Electronic Submission of Medical Documentation / esMD HIH ...€¦ · 6. All cryptographic modules used by HIH eHealth Exchange instances (typically CONNECT) must adhere to Federal

Centers for Medicare & Medicaid Services CMS eXpedited Life Cycle (XLC)

Electronic Submission of Medical Documentation / esMD

HIH Onboarding Manual

Version 1.0

9/17/2013

CMS XLC Table of Contents

HIH Onboarding Manual Version 1.0 ii Electronic Submission of Medical Documentation / esMD

Table of Contents

1. Introduction .............................................................................................................. 4

2. Overview ................................................................................................................... 4

2.1 Cautions & Warnings ...................................................................................... 4

3. Getting Started ......................................................................................................... 4

3.1 Health Level 7 (HL7) Object Identifiers (OIDs) ................................................ 4 3.1.1 HL7 OID Registration ......................................................................... 4

3.2 Internet Protocol (IP) Addresses ..................................................................... 5 3.3 Transport Layer Security (TLS) Certificates .................................................... 5

3.3.1 Generating a Certificate Signing Request (CSR) ............................... 7 3.4 Set-up Considerations ..................................................................................... 7 3.5 Windows 64-bit Environment Issues and Resolution ...................................... 7

3.5.1 Issue A ............................................................................................... 7 3.5.2 Issue B ............................................................................................... 8

3.6 Gateway Software ........................................................................................... 8 3.6.1 CONNECT Specific Installation ......................................................... 9 3.6.2 Federal Information Processing Standards (FIPS) Mode

Configuration ..................................................................................... 9 3.7 HIH Applications ............................................................................................ 11 3.8 VAL Testing Preparations ............................................................................. 11

3.8.1 esMD Specific Configurations for Connectivity Validation Testing ... 11 3.8.2 Domain.xml ...................................................................................... 12 3.8.3 HIH Gateway internalConnectionInfo.xml Changes ......................... 12 3.8.4 SOAP UI Tool .................................................................................. 13

4. Validation Integration Testing ............................................................................... 13

4.1 Telnet testing in Validation ............................................................................ 13 4.2 Connectivity Testing in Validation ................................................................. 14

4.2.1 Testing with SOAP UI Tool for Connectivity Testing ........................ 14 4.3 Functionality Testing ..................................................................................... 14 4.4 Validation End-to-End Testing ....................................................................... 15 4.5 Status and Notification Messages ................................................................. 16

5. HIH Gateway Configuration .................................................................................. 17

6. Production Testing ................................................................................................ 17

6.1 Telnet Testing in Production .......................................................................... 17 6.2 Connectivity Testing in Production ................................................................ 17

6.2.1 esMD Specific Configurations for Connectivity Production Testing . 17 6.3 Production End-to-End Testing ..................................................................... 18 6.4 Special Considerations ................................................................................. 18 6.5 Support.......................................................................................................... 18

CMS XLC List of Figures

HIH Onboarding Manual Version 1.0 iii Electronic Submission of Medical Documentation / esMD

Acronyms ..................................................................................................................... 20

Referenced Documents .............................................................................................. 22

Record of Changes ..................................................................................................... 23

Approvals ..................................................................................................................... 24

List of Figures

Figure 1: Status and Notification Messages .................................................................. 16

List of Tables

Table 1: Test Claim and Case IDs for Validation Testing .............................................. 15

Table 2: Test Claim and Case IDs for Production Testing ............................................. 18

Table 3: Support Points of Contact ............................................................................... 18

Table 4: Acronyms ........................................................................................................ 20

Table 5: Referenced Documents ................................................................................... 22

CMS XLC Introduction

HIH Onboarding Manual Version 1.0 4 Electronic Submission of Medical Documentation / esMD

1. Introduction

This Onboarding Manual provides the information necessary for Health Information Handlers (HIHs) to effectively construct a gateway in order to submit medical documentation to review contractors via the use of the Centers for Medicare & Medicaid Services’ (CMS) Electronic Submission of Medical Documentation (esMD) system.

2. Overview

This guide outlines the testing phases and additional instructions HIHs will follow in order to onboard to esMD.

2.1 Cautions & Warnings

Please be advised that QSSI will provide limited support to HIHs. It is the HIH’s responsibility to provide the necessary resources in order to complete tasks. Some details in this guide are geared toward users of CONNECT 3.1, which Quality Software Services, Inc. (QSSI) has successfully tested against the CMS esMD Gateway. HIHs may use a CONNECT –compatible software or other versions of CONNECT.

3. Getting Started

In order to begin the HIHs must return a completed HIH Onboarding Request Form. Upon receipt of the completed form, QSSI will process the information and confirm acceptance to the onboarding process.

The following subsections provide helpful information to HIHs at the pre-onboarding stage and assist them in completing the HIH Onboarding Request Form.

3.1 Health Level 7 (HL7) Object Identifiers (OIDs)

CMS esMD requires HIHs to use Health Level 7 (HL7) registered Object Identifiers (OIDs). HIHs only need to obtain one OID. The same HIH OID will be used for validation and production environments by adding .2 (for validation) or .1 (for production) as a suffix to the original OID. This helps esMD to identify from which HIH gateway environment the request is submitted to the CMS esMD Gateway.

3.1.1 HL7 OID Registration

To obtain and register for an HL7 OID, follow these steps:

1. Visit http://www.hl7.org/oid/index.cfm?ref=common; 2. Click the “Obtain/Register an OID” link located on the right-hand side of the

screen;

http://www.hl7.org/oid/index.cfm?ref=common

CMS XLC Getting Started


3. As a submitter, complete the following fields: first name, last name, email address;

4. To enter contact information, use the same information for the following fields: name (first, last), phone number, email address;

5. To enter information for the responsible body, use your company information to complete the required fields:

a. Name (company name); b. Phone (company or submitter phone number) c. Email (company email address) d. Address (company address) e. Type (choose “vendor”) f. Uniform Resource Locator (URL) - (not required/can use company URL) g. If your organization already has an OID, enter the OID in the responsible

body OID field. 6. For internal/external OIDs:

a. Choose the internal OID option if you are registering a new OID b. If you already have an OID that you need to register, you will choose

“external” and enter the OID in the field provided. 7. OID information:

a. OID Type is 3-Root to be a Registration Authority; b. Desired symbolic name: enter your company’s name or acronym as

lowercase with no spaces; c. Full name of object: enter your company’s official name; d. Description of object: describe for what purpose your company will use

this OID. 8. Click the “continue” button. Your OID will be issued and a confirmation email will

be sent to the submitter’s email address.

3.2 Internet Protocol (IP) Addresses

A public-facing Internet Protocol (IP) address is the address that identifies the HIH network and allows the CMS esMD Gateway to connect to the HIH network from the internet. The HIH will hide their internal private esMD Gateway (or server) IP address with Network Address Translation (NAT) to the public-facing IP address. The HIH technical team will contact their network team to assign or assign a public-facing IP address to their internal private IP. If an HIH is using multiple esMD servers, then the HIH will only submit one IP address for both inbound and outbound. QSSI suggests the HIH use load balancing and NAT to convert/submit the request from multiple servers to one IP address.

3.3 Transport Layer Security (TLS) Certificates

HIHs acquire a Transport Layer Security (TLS) server certificate from a certificate authority (CA) which conforms to the esMD security standards for the on-boarding process. Currently, CMS mutual authentication security hardware has successfully tested only with Entrust and Thawte CA Certificates. It is up to the HIH to take the risk in procuring the certificate from a well-established and perfectly tested CA Certificate.



CMS does not enforce the procurement of any particular CA Certificate and only suggests based on testing results.

TLS certificates that have been tested successfully with the CMS esMD Gateway are as follows:

1. Entrust

a. Suggested Type: Entrust Advantage SSL Certificate

b. URL: http://www.entrust.net/ssl-certificates/advantage.htm

c. $239/yr. as of 9/17/2013

2. Thawte

a. Suggested Type: SSL Web Server Certificates

b. URL: http://www.thawte.com/ssl/index.html

c. $199/yr. as of 9/17/2013

All CAs used to generate certificates for use in the esMD must adhere to the following guidelines:

1. Level 2 Identity Proofing as described in section 7 of this National Institute of Standards and Technology (NIST) publication:

http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf.

(Specifically, see Table 1 on pages 22 through 24.)

2. 2048 bit RSA (algorithm) keys

3. Advance Encryption Standard (AES) 128 bit encryption

4. Secure Hash Algorithm-1 (SHA-1) certificate signing algorithm

5. Server Level and server-to-server communication certificate. (Note: No wild card (*…) or domain level certificate are accepted).

6. All cryptographic modules used by HIH eHealth Exchange instances (typically CONNECT) must adhere to Federal Information Processing Standards (FIPS) 140-2 Compliance criteria and utilize TLS.

a. CMS security policies require HIHs to procure certificate renewals on a yearly basis. HIHs should only procure a certificate that expires after one year.

b. HIHs should note the expiration date of their certificates and plan accordingly to renew and submit certificate renewals to the CMS esMD Help Desk ([email protected]) three weeks in advance of the expiration date.

For reference, use the following links:

http://www.cms.gov/informationsecurity/downloads/ARS_App_B_CMSR_Moderate.pdf (See section Appendix B, SC13-1)

http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

http://www.entrust.net/ssl-certificates/advantage.htmhttp://www.thawte.com/ssl/index.htmlhttp://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdfmailto:[email protected]://www.cms.gov/informationsecurity/downloads/ARS_App_B_CMSR_Moderate.pdfhttp://www.cms.gov/informationsecurity/downloads/ARS_App_B_CMSR_Moderate.pdfhttp://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf



3.3.1 Generating a Certificate Signing Request (CSR)

Generate the Certificate Signing Request (CSR) and submit it to the CA Certificate authority (e.g., Entrust or Thawte) in order to procure the signed TLS certificate.

The Certificate Authority will process your submitted TLS Certificate Signing Request and will send an email to you (the HIH) with the download links. Download the server, intermediate, and root certificates and load the certificates from the CA website. Submit the server, intermediate, and root certificates to the esMD Coordinator using the HIH Onboarding Request Form.

Use the following commands to generate CSR using the java keytool:

1. Generate java keystore (JKS) file: keytool -genkey -keyalg RSA -keysize 2048 –keystore -keypass -storepass -validity 365 -alias -dname "cn=, OU=, O=, L=, S=, C="

2. List the JKS details: keytool -list -keystore -storepass –v

3. Export the certificate from the keystore we just created: keytool -export -rfc -alias < alias name> -file -keystore -keypass -storepass

4. List the certificate created and verify the certificate: keytool -printcert -file -v

5. Create a CSR: keytool -certreq -alias < alias name> -file -keystore -storepass

3.4 Set-up Considerations

HIHs are able to use any server platform. The following platforms are successfully tested against esMD by certified HIHs:

1. Windows 2008, 64bit

2. Linux, 64bit

3. Ubuntu 8.04, 64bit

3.5 Windows 64-bit Environment Issues and Resolution

3.5.1 Issue A

eHealth Exchange CONNECT Gateway Binary installation / Source installation doesn’t work on Windows 64-bit using 64-bit version of Java.



3.5.1.1 Solution

1. Go to the path C:\Java\jdk1.6.0_16\jre\lib\ext;

2. Take a backup of file: sunpkcs11.jar;

3. Uninstall 32-bit version of Java;

4. Download and install 64-bit version of Java specific to the CONNECT 3.1 (i.e., 1.6.0_16);

5. Install 64-bit version of Java;

6. Copy sunpkcs11.jar file from backup folder to new version of java in the same path C:\Java\jdk1.6.0_16\jre\lib\ext;

7. Create a folder in your Windows machine C:\Projects\NHINC\3.1;

8. Check out CONNECT 3.1 source code from svn: https://github.com/CONNECT-Solution/CONNECT/tree/3.1 to 3.1 folder created;

9. Follow the steps from : https://developer.connectopensource.org/display/NHINR31/Source+Code+Install+%28Windows%29;

10. Do a source installation;

11. Run validation tests; and

12. You should see all green.

3.5.2 Issue B

eHealth Exchange CONNECT Gateway Binary FIPS installation / Source FIPS installation doesn’t work on Windows 64-bit using 64-bit version of Java.

3.5.2.1 Solution

1. This is a known issue to all major vendors’ communities using FIPS. The reason is the Mozilla development team has not focused much on Windows 64-bit version of binaries.

2. There is a bug available, and the CONNECT team claims it is now fixed: https://bugzilla.mozilla.org/show_bug.cgi?id=227049.

3. However, the binaries are not available yet for the public.

4. The best solution is to setup a build environment for Mozilla FIPS development and perform a build to generate libraries. Required software licenses are applicable: https://developer.mozilla.org/en/Windows_Build_Prerequisites

3.6 Gateway Software

HIHs may use CONNECT or a CONNECT- compatible software. The CMS esMD Gateway uses CONNECT version 3.1. QSSI has not yet tested an HIH gateway using CONNECT – compatible software against the CMS esMD Gateway. HIHs should use and run any self-tests associated with the software they choose to use to ensure

https://github.com/CONNECT-Solution/CONNECT/tree/3.1https://github.com/CONNECT-Solution/CONNECT/tree/3.1https://developer.connectopensource.org/display/NHINR31/Source+Code+Install+(Windows)https://developer.connectopensource.org/display/NHINR31/Source+Code+Install+(Windows)https://developer.connectopensource.org/display/NHINR31/Source+Code+Install+(Windows)https://bugzilla.mozilla.org/show_bug.cgi?id=227049https://developer.mozilla.org/en/Windows_Build_Prerequisites



installation is successful. It is the responsibility of the HIH to ensure proper software installation and perform any associated troubleshooting. The CMS esMD Onboarding Process does not include CONNECT or CONNECT- compatible software installation or troubleshooting support.

3.6.1 CONNECT Specific Installation

This section provides installation information for HIHs using CONNECT 3.1 software. If using CONNECT-compatible software, please check its associated installation instructions and minimum hardware requirements

HIHs can locate the CONNECT software version 3.1 download at this link: https://developer.connectopensource.org/display/NHINR31/Release+3.1+Home;jsessionid=BDF2C623193D85D78EBCC346D45F2BFE

The following is a list of suggested environments for installation:

1. Workstation environment – Source Code Install

2. Development environment – Binary Install

3. Validation environment – Binary Install

4. Production environment – Binary Install

The following are minimum hardware requirements for CONNECT Installation are the following (Please, refer to the environment specific CONNECT Installation instructions):

1. Processor: Minimum dual 2GHz

2. RAM: Minimum of 4GB

3. Hard Disk Size: The application is dependent on the deployment configuration. For sizing purposes, assume 100K per record, 1K per audit log record (The testing environment allocated = 20GB)

4. Hard Disk Speed: Minimum of 7200 RPM and 10K RPM preferred.

5. Network Interface: 100MB Ethernet acceptable. 1GB Ethernet desirable.

3.6.2 Federal Information Processing Standards (FIPS) Mode Configuration

The HIH turns on the Federal Information Processing Standards (FIPS) 140-2 (for cryptographic modules). The FIPS 140-2 is a government standard that provides a benchmark for how to implement cryptographic software (http://technet.microsoft.com/en-us/library/cc180745.aspx). For the CONNECT Solution, this standard is being met to ensure that the CONNECT/CONNECT -

https://developer.connectopensource.org/display/NHINR31/Release+3.1+Home;jsessionid=BDF2C623193D85D78EBCC346D45F2BFEhttps://developer.connectopensource.org/display/NHINR31/Release+3.1+Home;jsessionid=BDF2C623193D85D78EBCC346D45F2BFEhttps://developer.connectopensource.org/display/NHINR31/Release+3.1+Home;jsessionid=BDF2C623193D85D78EBCC346D45F2BFEhttp://technet.microsoft.com/en-us/library/cc180745.aspx



compatible gateway is FIPS 140-2 compliant. Any HIH that needs to communicate with the esMD Gateway needs to have the FIPS mode enabled. The esMD Onboarding Process does not include support for FIPS mode configuration. The following CONNECT instructions may be used as a reference on how to configure CONNECT to be FIPS 140-2 compliant:

https://developer.connectopensource.org/display/CONNECTWIKI/Instructions+to+set+up+CONNECT+in+FIPS+mode+on+Windows+Glassfish+environment

3.6.2.1 FIPS Configuration Instructions

This section provides the steps to FIPS configuration if the HIH is using CONNECT software:

1. Load the certificates into the FIPS Database. You can find the FIPS NSS Database (DB) files in the application server under the following path:

a. If using Linux or Solaris - \\opt\SUNWappserver\domains\nssdomain\config

b. If using Windows - C:\Sun\AppServer\domains\domain1\config\nhin

FIPS - NSS Database (DB) Files:

a. key3.db

b. Cert8.db

c. secmod.db

2. Extract the private key from the JKS keystore and append into the CA Signed Certificate Privacy Enhanced Email (PEM) file:

a. java -cp keyexport.jar com.sun.xml.wss.tools.KeyExport -outform PEM -storepass -keypass -keyfile -alias < alias name> -keystore

b. Download the CA signed certificate from CA website in the java application format:

c. Assume the file name downloaded as CAfilename1.cer

d. Append the private key PEM FilenameG3_key.PEM to certificate PEM file CAfilename1.cer.

3. Covert the PEM to Public Key Cryptography Standards (PKCS) #12 and upload to NSS DB:

a. openssl pkcs12 -export -in < CAfilename1.cer > -out < CAfilename.cer2.p12> -name < “alias name”>

b. /nhin/nss-3.12.4/bin/pk12util -i < CAfilename.cer2.p12> -n < alias name> -d $AS_HOME/domains/nssdomain/config

4. List the NSS DB certificate nickname and trust attribute values:

https://developer.connectopensource.org/display/CONNECTWIKI/Instructions+to+set+up+CONNECT+in+FIPS+mode+on+Windows+Glassfish+environmenthttps://developer.connectopensource.org/display/CONNECTWIKI/Instructions+to+set+up+CONNECT+in+FIPS+mode+on+Windows+Glassfish+environmenthttps://developer.connectopensource.org/display/CONNECTWIKI/Instructions+to+set+up+CONNECT+in+FIPS+mode+on+Windows+Glassfish+environmentfile://opt/SUNWappserver/domains/nssdomain/configfile://opt/SUNWappserver/domains/nssdomain/configfile://opt/SUNWappserver/domains/nssdomain/config



certutil -d $AS_HOME/domains/nssdomain/config –L

certutil –d $AS_HOME/domains/nssdomain/config –K

5. Remove the gateway certificate added to the NSS DB and reload the same with the preferred attributes:

certutil -d $AS_HOME/domains/nssdomain/config –D –n

certutil -d $AS_HOME/domains/nssdomain/config -A -t "T,c,c" –i < CAfilename1.cer> -n

6. List the certificate nickname and trust attribute values:

Confirm attributes comply to “Tu,cu,cu”.

7. Load the other gateway certificates using the following command:

certutil -d $AS_HOME/domains/nssdomain/config -A -t "T,c,c" –i -n

3.7 HIH Applications

HIHs should build an HIH application interface as a mechanism to move PDFs to their gateway for transport via esMD. The CMS esMD Onboarding Process does not include HIH application support. HIHs may use the SOAP UI tool or their application to perform testing; however, any HIH application issues must be resolved by the HIH or their IT vendor.

3.8 VAL Testing Preparations

Before HIHs can begin esMD onboarding, they need to complete the tasks covered in this section in preparation for validation integration testing.

3.8.1 esMD Specific Configurations for Connectivity Validation Testing

The specifications mentioned below only apply to those that have opted to use CONNECT 3.1. If another version of CONNECT or CONNECT - compatible software is used, the HIH will need to make adjustments accordingly.

1. Stop the GlassFish server

2. Change the following in HIH gateway.properties and adapter.properties files:

A. gateway.properties: a. Enable the External Data Representation (XDR) request/response:

i. serviceDocumentSubmissionDeferredReq=true

ii. serviceDocumentSubmissionDeferredResp=true

b. Enable the pass-through SOAP UI:

i. documentSubmissionDeferredRespPassthrough=true

ii. documentSubmissionDeferredReqPassthrough=true

iii. documentSubmissionPassthrough=true



c. Update the HIH OID (use your HL7 OID). HIHs will need to add .2 suffix

to their OID (i.e., 2.16.840.1.113883.XX.XX.XXXX.2)

i. localHomeCommunityId= HIH OID

ii. localDeviceId= HIH OID

B. adapter.properties: a. Update HIH OID (use your HL7 OID). HIHs need to add .2 suffix to their

OID (i.e., 2.16.840.1.113883.XX.XX.XXXX.2)

i. assigningAuthorityId= HIH OID

ii. XDSbHomeCommunityId=HIH OID

b. Start the GlassFish server

3.8.2 Domain.xml

The domain.xml (under SUNWappserver/domains/nssdomain/config/domain.xml) should contain the following HTTP Listener and JVM settings to allow the receipt of the esMD notifications from the CMS esMD Gateway at port 8191 and the TLS cipher exchange for authentication between the CMS esMD Gateway and the HIH gateway.

1. Http Listener for 8191 port in domain.xml:

2. JVM Cipher suite configuration in domain.xml:

-Dhttps.cipherSuites=TLS_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA

3.8.3 HIH Gateway internalConnectionInfo.xml Changes

This section covers the changes HIHs need to make to the internalConectionInfo.xml.

3.8.3.1 CMS esMD Gateway Request End-Point

The CMS esMD Gateway - XDR Document Submission Deferred Request Endpoint is required to submit the request to the CMS esMD Gateway: These configuration details are provided in the esMD Validation Configuration Document. QSSI issues this document is issued to HIHs following configuration of HIH IP addresses, OID, and TLS certificates at the CMS esMD Gateway.

CMS XLC Validation Integration Testing


3.8.3.2 HIH esMD Gateway Response End-Point

The XDR Deferred Document Submission Response Endpoint is required for HIHs to receive Notifications from the CMS esMD Gateway to the HIH esMD Gateway Response End-Point. This Endpoint Configuration should be added to the CONNECT InternalConfigurationInfo.xml under the HIH Production OID.

3.8.3.3 HIH Gateway Configuration

After the HIH validation configuration (e.g., IP address, SSL/TLS certificates, OID) is configured at the CMS esMD Gateway, QSSI will send the HIH the esMD Validation Configuration Document. The HIH will have one week to complete the necessary configurations on their end before validation integration testing begins.

3.8.4 SOAP UI Tool

The SOAP UI tool is used by HIHs during validation (and sometimes production) integration testing. HIHs should download and install a SOAP UI tool prior to beginning validation integration testing.

3.8.4.1 Sample SOAP UI Message

The HIH needs to run the sample SOAP message prior to testing.

The following attachments include the sample SOAP message and a sample SOAP UI setup.

4. Validation Integration Testing

This section outlines the steps to validation integration testing. HIHs have 8 weeks to complete validation integration testing. HIHs that require additional time for troubleshooting are placed back into the prospective HIH pool and have 6 months to re-enter the onboarding process. Any expired certificates must be replaced and configured before testing can resume.

4.1 Telnet testing in Validation

HIH will need to telnet (inbound to CMS) or ping to the CMS IP address (example: XX.XXX.XXX.X @ 443) as noted in the Validation Configuration Document and forward a screenshot to QSSI ([email protected]) for verification.

After confirmation of a successful inbound telnet from QSSI, HIHs need to ensure their port is open at port 8191, and QSSI will have CMS telnet (outbound) to the HIH IP address.

Upon successful inbound and outbound telnet tests, the HIH may proceed on to
mailto:[email protected]
file:/C:/Projects/NHINC/Current/Product/Production/Common/Interfaces/src/wsdl/EntityXDRRequest.wsdl

IHE XDR Document Repository Provide and Register Document Set Request - Request Provide And Register Document Set Request - Response

http://schemas.xmlsoap.org/wsdl/ file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\nhin\xdr.xsd

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\ebRS\rs.xsd

The schema for OASIS ebXML Registry Services Base type for all ebXML Registry requests The RegistryErrorList is derived from the ErrorList element from the ebXML Message Service Specification Base type for all ebXML Registry responses

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\ebRS\rim.xsd

The schema for OASIS ebXML Registry Information Model referenceURI is used by reference attributes within RIM. Each attribute of type referenceURI references a RegistryObject with specified URI as id. Common base type for all types that have unique identity. If id is provided and is not in proper URN syntax then it is used for linkage within document and is ignored by the registry. In this case the registry generates a UUID URN for id attribute. id must not be null when object is retrieved from the registry. Use to reference an Object by its id. Specifies the id attribute of the object as its id attribute. id attribute in ObjectAttributes is exactly the same syntax and semantics as id attribute in RegistryObject. Association is the mapping of the same named interface in ebRIM. It extends RegistryObject. An Association specifies references to two previously submitted registry entrys. The sourceObject is id of the sourceObject in association The targetObject is id of the targetObject in association An Event that forms an audit trail in ebXML Registry. Classification is the mapping of the same named interface in ebRIM. It extends RegistryObject. A Classification specifies references to two registry entrys. The classifiedObject is id of the Object being classified. The classificationNode is id of the ClassificationNode classying the object ClassificationNode is the mapping of the same named interface in ebRIM. It extends RegistryObject. ClassificationNode is used to submit a Classification tree to the Registry. The parent attribute is the id to the parent node. code is an optional code value for a ClassificationNode often defined by an external taxonomy (e.g. NAICS) ClassificationScheme is the mapping of the same named interface in ebRIM. It extends RegistryObject. ExternalIdentifier is the mapping of the same named interface in ebRIM. It extends RegistryObject. ExternalLink is the mapping of the same named interface in ebRIM. It extends RegistryObject. ExtrinsicObject is the mapping of the same named interface in ebRIM. It extends RegistryObject. Mapping of the same named interface in ebRIM. Mapping of the same named interface in ebRIM. Mapping of the same named interface in ebRIM. Mapping of the same named interface in ebRIM. RegistryPackage is the mapping of the same named interface in ebRIM. It extends RegistryObject. A RegistryPackage is a named collection of objects. TelephoneNumber is the mapping of the same named interface in ebRIM. Mapping of the same named interface in ebRIM. Mapping of the same named interface in ebRIM. Mapping of the same named interface in ebRIM. Mapping of the same named interface in ebRIM. A registry query. A QueryExpression child element is not required when invoking a stored query. Notification of registry events. A Subscription for specified Events in an ebXML V3+ registry. Abstract Base type for all types of Actions. Abstract Base type for all types of Notify Actions

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\www.w3.org\2001\xml.xsd See http://www.w3.org/XML/1998/namespace.html and http://www.w3.org/TR/REC-xml for information about this namespace.

This schema document describes the XML namespace, in a form suitable for import by other schema documents.

Note that local names in this namespace are intended to be defined only by the World Wide Web Consortium or its subgroups. The following names are currently defined in this namespace and should not be used with conflicting semantics by any Working Group, specification, or document instance:

base (as an attribute name): denotes an attribute whose value provides a URI to be used as the base for interpreting any relative URIs in the scope of the element on which it appears; its value is inherited. This name is reserved by virtue of its definition in the XML Base specification.

id (as an attribute name): denotes an attribute whose value should be interpreted as if declared to be of type ID. This name is reserved by virtue of its definition in the xml:id specification.

lang (as an attribute name): denotes an attribute whose value is a language code for the natural language of the content of any element; its value is inherited. This name is reserved by virtue of its definition in the XML specification. space (as an attribute name): denotes an attribute whose value is a keyword indicating what whitespace processing discipline is intended for the content of the element; its value is inherited. This name is reserved by virtue of its definition in the XML specification.

Father (in any context at all): denotes Jon Bosak, the chair of the original XML Working Group. This name is reserved by the following decision of the W3C XML Plenary and XML Coordination groups:

In appreciation for his vision, leadership and dedication the W3C XML Plenary on this 10th day of February, 2000 reserves for Jon Bosak in perpetuity the XML name xml:Father This schema defines attributes and an attribute group suitable for use by schemas wishing to allow xml:base, xml:lang, xml:space or xml:id attributes on elements they define.

To enable this, such a schema must import this schema for the XML namespace, e.g. as follows: . . .

Subsequently, qualified reference to any of the attributes or the group defined below will have the desired effect, e.g.

. . . will define a type which will schema-validate an instance element with any of those attributes In keeping with the XML Schema WG's standard versioning policy, this schema document will persist at http://www.w3.org/2007/08/xml.xsd. At the date of issue it can also be found at http://www.w3.org/2001/xml.xsd. The schema document at that URI may however change in the future, in order to remain compatible with the latest version of XML Schema itself, or with the XML namespace itself. In other words, if the XML Schema or XML namespaces change, the version of this document at http://www.w3.org/2001/xml.xsd will change accordingly; the version at http://www.w3.org/2007/08/xml.xsd will not change. Attempting to install the relevant ISO 2- and 3-letter codes as the enumerated possible values is probably never going to be a realistic possibility. See RFC 3066 at http://www.ietf.org/rfc/rfc3066.txt and the IANA registry at http://www.iana.org/assignments/lang-tag-apps.htm for further information.

The union allows for the 'un-declaration' of xml:lang with the empty string. See http://www.w3.org/TR/xmlbase/ for information about this attribute. See http://www.w3.org/TR/xml-id/ for information about this attribute.

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\ihe\XDS.b_DocumentRepository.xsd This corresponds to the home attribute of the Identifiable class in regrep RIM (regrep-rim-3.0-os.pdf, page 20) This is the XDSDocumentEntry.repositoryUniqueId attribute in the XDS metadata This is the XDSDocumentEntry.uniqueId attribute in the XDS metadata This corresponds to the home attribute of the Identifiable class in regrep RIM (regrep-rim-3.0-os.pdf, page 20) This is the XDSDocumentEntry.repositoryUniqueId attribute in the XDS metadata This is the XDSDocumentEntry.uniqueId attribute in the XDS metadata This corresponds to the ExtrinsicObject id in the eb RIM metadata a provides a linkage between the actual document data and its metadata

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\ebRS\lcm.xsd

The schema for OASIS ebXML Registry Services The SubmitObjectsRequest allows one to submit a list of RegistryObject elements. Each RegistryEntry element provides metadata for a single submitted object. Note that the repository item being submitted is in a separate document that is not in this DTD. The ebXML Messaging Services Specfication defines packaging, for submission, of the metadata of a repository item with the repository item itself. The value of the id attribute of the ExtrinsicObject element must be the same as the xlink:href attribute within the Reference element within the Manifest element of the MessageHeader. The UpdateObjectsRequest allows one to update a list of RegistryObject elements. Each RegistryEntry element provides metadata for a single submitted object. Note that the repository item being submitted is in a separate document that is not in this DTD. The ebXML Messaging Services Specfication defines packaging, for submission, of the metadata of a repository item with the repository item itself. The value of the id attribute of the ExtrinsicObject element must be the same as the xlink:href attribute within the Reference element within the Manifest element of the MessageHeader. The ObjectRefList and AdhocQuery identify the list of objects being approved. The ObjectRefList and AdhocQuery identify the list of objects being deprecated. The ObjectRefList is the list of refs to the registry entrys being un-deprecated. The ObjectRefList is the list of refs to the registry entrys being removed

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\ebRS\query.xsd

An Ad hoc query request specifies an ad hoc query. The response includes a RegistryObjectList which has zero or more RegistryObjects that match the query specified in AdhocQueryRequest.

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\nhinc\common\NhincCommonEntity.xsd

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\nhinc\common\NhincCommon.xsd

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\xmlsoap.org\addressing.xsd

If "Policy" elements from namespace "http://schemas.xmlsoap.org/ws/2002/12/policy#policy" are used, they must appear first (before any extensibility elements).

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\ihe\auditmessage.xsd

Create Read Update Delete Execute Success Minor failure Serious failure Major failure; action made unavailable Machine Name, including DNS name IP Address Telephone Number Person System object Organization Other Patient Location Report Resource Master file User List Doctor Subscriber Guarantor Security User Entity Security User Group Security Resource Security Granualarity Definition Provider Report Destination Report Library Schedule Customer Job Job Stream Table Routing Criteria Query Origination / Creation Import / Copy from original Amendment Verification Translation Access / Use De-identification Aggregation, summarization, derivation Report Export / Copy to target Disclosure Receipt of disclosure Archiving Logical deletion Permanent erasure / Physical destruction

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\docs.oasis-open.org\wsn\b-2.xsd

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\www.w3.org\2005\08\addressing\ws-addr.xsd

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\docs.oasis-open.org\wsrf\bf-2.xsd

Get access to the xml: attribute groups for xml:lang as declared on 'schema' and 'documentation' below

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\docs.oasis-open.org\wsn\t-1.xsd

TopicPathExpression ::= TopicPath ( '|' TopicPath )* TopicPath ::= RootTopic ChildTopicExpression* RootTopic ::= NamespacePrefix? ('//')? (NCName | '*') NamespacePrefix ::= NCName ':' ChildTopicExpression ::= '/' '/'? (QName | NCName | '*'| '.') The pattern allows strings matching the following EBNF: ConcreteTopicPath ::= RootTopic ChildTopic* RootTopic ::= QName ChildTopic ::= '/' (QName | NCName) The pattern allows strings matching the following EBNF: RootTopic ::= QName

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\nhinc\common\Subscription.xsd

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\nhinc\common\Cdc.xsd

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\nhinc\common\SubscriptionB2OverrideForCdc.xsd

http://www.w3.org/2001/XMLSchema file:\C:\Projects\NHINC\Current\Product\Production\Common\Interfaces\src\schemas\nhinc\common\SubscriptionB2OverrideForDocuments.xsd

http://www.w3.org/2001/XMLSchema http://localhost:${HttpDefaultPort}/EntityService/EntityXDRRequest http://localhost:8080/CONNECTAdapter/EntityProxyService/EntityXDRRequest ${#Project#Endpoint-EntityXDRRequest} http://localhost:${HttpDefaultPort}/EntityService/EntityXDRAsyncRequest UTF-8 http://localhost:${HttpDefaultPort}/EntityService/EntityXDRAsyncRequest ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? cid:1117772152912 cid:809743159745 cid:1075347534973 ? ? ? ? ? ? ? ? cid:717234951881 ? ?

30000 false SEQUENTIAL EntityXDRDeferredDocSubmissionRequest_Binding ProvideAndRegisterDocumentSet-bAsyncRequest UTF-8 ${#Project#Endpoint-EntityXDRRequest}

${#Project#LocalHCDescription} ${#Project#LocalHCID} ${#Project#LocalHCDescription} urn:oid:2.16.840.1.113883.13.34.110.1.110.9 610 ${#Project#LocalHCDescription} ${#Project#LocalHCID} ${#Project#LocalHCDescription} Description of Broker Organization between Provider and the submitting HIH CONNECT or CONNECT Compatable Gateway urn:oid:1.3.6.1.4.1.101420.6.1 Name of Broker Organization between Provider and the submitting HIH CONNECT or CONNECT Compatable Gateway PAYMENT 2.16.840.1.113883.3.18.7.1 esMD CMS Purpose 1.0 Medical Claim Documentation Review Medical Claim Documentation Review 2011-01-05T16:50:01.011Z 987 urn:oasis:names:tc:SAML:2.0:ac:classes:X509 158.147.185.168 cms.hhs.gov Permit https://158.147.185.168:8181/esMD/DocumentSubmission TestSaml 40df7c0a-ff3e-4b26-baeb-f2910f6d05a9esmd_hihname_012202012 2011-01-05T16:50:01.011Z 2.0 urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName CN=HIH SAML User,OU=QSSI,O=QSSI,L=Baltimore,ST=MD,C=US 2011-01-05T16:50:01.011Z 2011-01-05T16:53:01.011Z Claim-Ref-1234 NA for esMD Claim-Instance-1 NA for esMD ${#Project#RemoteHCDescription} ${#Project#RemoteHCID} ${#Project#RemoteHCDescription} 603111 603 1 V 20110101165910 1 1 ad18814418693512b767676006a21d8ec7291e84 1 en-us NA 1 20110101165910 20110101165910 1024000 1 TESTCLAIMID11242011QSSI TESTCASEID11242011QSSI 2.16.840.1.113883.13.34.110.2.100.1 897654 808 1 20110101165910 Original PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxDbGluaWNhbERvY3VtZW50IG1vb2RDb2RlPSJFVk4iIHhtbG5zPSJ1cm46aGw3LW9yZzp2MyINCiAgICB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj4NCiAgICA8cmVhbG1Db2RlIGNvZGU9IlVTIi8+DQogICAgPHR5cGVJZCBleHRlbnNpb249IlBPQ0RfSEQwMDAwNDAiIHJvb3Q9IjIuMTYuODQwLjEuMTEzODgzLjEuMyIvPg0KICAgIDx0ZW1wbGF0ZUlkIHJvb3Q9IjIuMTYuODQwLjEuMTEzODgzLjEwLjIwLjMiLz4NCiAgICA8dGVtcGxhdGVJZCByb290PSIyLjE2Ljg0MC4xLjExMzg4My4zLjg4LjExLjMyLjEiLz4NCiAgICA8aWQgcm9vdD0iRTg5MTk0QjgtQTY3Ni00RTY4LUFEN0UtNkFFRjMwOEVCMjc2Ii8+DQogICAgPGNvZGUgY29kZT0iMzQxMzMtOSIgY29kZVN5c3RlbT0iMi4xNi44NDAuMS4xMTM4ODMuNi4xIiBjb2RlU3lzdGVtTmFtZT0iTE9JTkMiDQogICAgICAgIGRpc3BsYXlOYW1lPSJTVU1NQVJJWkFUSU9OIE9GIEVQSVNPREUgTk9URSIvPg0KICAgIDx0aXRsZT5SZWdlbnN0cmllZiBDQ0Q8L3RpdGxlPg0KICAgIDxlZmZlY3RpdmVUaW1lIHZhbHVlPSIyMDEwMDMxOTA4MzgzOC0wNTAwIi8+DQogICAgPGNvbmZpZGVudGlhbGl0eUNvZGUgY29kZT0iTiIgY29kZVN5c3RlbT0iMi4xNi44NDAuMS4xMTM4ODMuNS4yNSINCiAgICAgICAgY29kZVN5c3RlbU5hbWU9IkNvbmZpZGVudGlhbGl0eSIgZGlzcGxheU5hbWU9Ik5vcm1hbCIvPg0KICAgIDxsYW5ndWFnZUNvZGUgY29kZT0iZW4tVVMiLz4NCgkNCiAgICA8cmVjb3JkVGFyZ2V0IGNvbnRleHRDb250cm9sQ29kZT0iT1AiIHR5cGVDb2RlPSJSQ1QiPg0KICAgICAgICA8cGF0aWVudFJvbGUgY2xhc3NDb2RlPSJQQVQiPg0KIAkJCTxpZCByb290PSIxLjMuNi4xLjQuMS4xMjAwOS4xLjEuMSIgZXh0ZW5zaW9uPSI5OTkzIiBhc3NpZ25pbmdBdXRob3JpdHlOYW1lPSJXaXNoYXJkIE1lbW9yaWFsIEhvc3BpdGFsIE1lZGljYWwgUmVjb3JkIE51bWJlcnMiLz4NCiAgICAgICAgICAgIDxhZGRyPg0KICAgICAgICAgICAgICAgIDxzdHJlZXRBZGRyZXNzTGluZSBudWxsRmxhdm9yPSJNU0siLz4NCiAgICAgICAgICAgICAgICA8Y2l0eSBudWxsRmxhdm9yPSJNU0siLz4NCiAgICAgICAgICAgICAgICA8c3RhdGU+SU48L3N0YXRlPg0KICAgICAgICAgICAgICAgIDxwb3N0YWxDb2RlIG51bGxGbGF2b3I9Ik1TSyIvPg0KICAgICAgICAgICAgICAgIDxjb3VudHJ5PlVTPC9jb3VudHJ5Pg0KICAgICAgICAgICAgPC9hZGRyPg0KICAgICAgICAgICAgPHRlbGVjb20gbnVsbEZsYXZvcj0iTVNLIi8+DQogICAgICAgICAgICA8cGF0aWVudCBjbGFzc0NvZGU9IlBTTiIgZGV0ZXJtaW5lckNvZGU9IklOU1RBTkNFIj4NCiAgICAgICAgICAgICAgICA8bmFtZSBudWxsRmxhdm9yPSJNU0siLz4NCiAgICAgICAgICAgICAgICA8YWRtaW5pc3RyYXRpdmVHZW5kZXJDb2RlIGNvZGU9IkYiIGNvZGVTeXN0ZW09IjIuMTYuODQwLjEuMTEzODgzLjUuMSINCiAgICAgICAgICAgICAgICAgICAgY29kZVN5c3RlbU5hbWU9IkFkbWluaXN0cmF0aXZlIEdlbmRlciBDb2RlIiBkaXNwbGF5TmFtZT0iRmVtYWxlIi8+DQogICAgICAgICAgICAgICAgPGJpcnRoVGltZSB2YWx1ZT0iMDEwMSIvPg0KICAgICAgICAgICAgICAgIDxtYXJpdGFsU3RhdHVzQ29kZSBjb2RlPSJMIiBjb2RlU3lzdGVtPSIyLjE2Ljg0MC4xLjExMzg4My41LjIiDQogICAgICAgICAgICAgICAgICAgIGNvZGVTeXN0ZW1OYW1lPSJNYXJpdGFsIFN0YXR1cyBWYWx1ZSBTZXQiIGRpc3BsYXlOYW1lPSJMZWdhbGx5IFNlcGFyYXRlZCIvPg0KICAgICAgICAgICAgICAgIDxyYWNlQ29kZSBjb2RlPSIyMTA2LTMiIGNvZGVTeXN0ZW09IjIuMTYuODQwLjEuMTEzODgzLjYuMjM4Ig0KICAgICAgICAgICAgICAgICAgICBjb2RlU3lzdGVtTmFtZT0iQ0RDIFJhY2UgQ29kZSBWYWx1ZSBTZXQiIGRpc3BsYXlOYW1lPSJXaGl0ZSIvPg0KICAgICAgICAgICAgICAgIDxsYW5ndWFnZUNvbW11bmljYXRpb24+DQogICAgICAgICAgICAgICAgICAgIDx0ZW1wbGF0ZUlkIHJvb3Q9IjIuMTYuODQwLjEuMTEzODgzLjMuODguMTEuMzIuMiIvPg0KICAgICAgICAgICAgICAgICAgICA8bGFuZ3VhZ2VDb2RlIGNvZGU9ImVuIi8+DQogICAgICAgICAgICAgICAgPC9sYW5ndWFnZUNvbW11bmljYXRpb24+DQogICAgICAgICAgICA8L3BhdGllbnQ+DQogICAgICAgICAgICA8cHJvdmlkZXJPcmdhbml6YXRpb24gY2xhc3NDb2RlPSJPUkciIGRldGVybWluZXJDb2RlPSJJTlNUQU5DRSI+DQogICAgICAgICAgICAgICAgPG5hbWU+V2lzaGFyZCBNZW1vcmlhbCBIb3NwaXRhbDwvbmFtZT4NCiAgICAgICAgICAgICAgICA8dGVsZWNvbSB1c2U9IldQIiB2YWx1ZT0iKDU1NSk1NTUtMTAwMCIvPg0KICAgICAgICAgICAgICAgIDxhZGRyPg0KICAgICAgICAgICAgICAgICAgICA8c3RyZWV0QWRkcmVzc0xpbmUvPg0KICAgICAgICAgICAgICAgICAgICA8Y2l0eT5JbmRpYW5hcG9saXM8L2NpdHk+DQogICAgICAgICAgICAgICAgICAgIDxzdGF0ZT5JTjwvc3RhdGU+DQogICAgICAgICAgICAgICAgICAgIDxwb3N0YWxDb2RlPjAwMDAwPC9wb3N0YWxDb2RlPg0KICAgICAgICAgICAgICAgICAgICA8Y291bnRyeT5VUzwvY291bnRyeT4NCiAgICAgICAgICAgICAgICA8L2FkZHI+DQogICAgICAgICAgICA8L3Byb3ZpZGVyT3JnYW5pemF0aW9uPgkJCQkJDQogICAgICAgIDwvcGF0aWVudFJvbGU+DQogICAgPC9yZWNvcmRUYXJnZXQ+DQoJDQogICAgPGF1dGhvciBjb250ZXh0Q29udHJvbENvZGU9Ik9QIiB0eXBlQ29kZT0iQVVUIj4NCiAgICAgICAgPHRpbWUgdmFsdWU9IjIwMTAwMzE5MDgzODM4LTA1MDAiLz4NCiAgICAgICAgPGFzc2lnbmVkQXV0aG9yIGNsYXNzQ29kZT0iQVNTSUdORUQiPg0KICAgICAgICAgICAgPGlkIHJvb3Q9ImF1dGhvcjEiLz4NCiAgICAgICAgICAgIDxhZGRyPg0KICAgICAgICAgICAgICAgIDxzdHJlZXRBZGRyZXNzTGluZS8+DQogICAgICAgICAgICAgICAgPGNpdHk+SW5kaWFuYXBvbGlzPC9jaXR5Pg0KICAgICAgICAgICAgICAgIDxzdGF0ZT5JTjwvc3RhdGU+DQogICAgICAgICAgICAgICAgPHBvc3RhbENvZGU+MDAwMDA8L3Bvc3RhbENvZGU+DQogICAgICAgICAgICAgICAgPGNvdW50cnkvPg0KICAgICAgICAgICAgPC9hZGRyPg0KICAgICAgICAgICAgPHRlbGVjb20gdXNlPSJXUCIgdmFsdWU9Iig1NTUpNTU1LTczMjMiLz4NCiAgICAgICAgICAgIDxhc3NpZ25lZFBlcnNvbiBjbGFzc0NvZGU9IlBTTiIgZGV0ZXJtaW5lckNvZGU9IklOU1RBTkNFIj4NCiAgICAgICAgICAgICAgICA8bmFtZT4NCiAgICAgICAgICAgICAgICAgICAgPHByZWZpeC8+DQogICAgICAgICAgICAgICAgICAgIDxnaXZlbj5Hb21lejwvZ2l2ZW4+DQogICAgICAgICAgICAgICAgICAgIDxmYW1pbHk+QWRhbXM8L2ZhbWlseT4NCiAgICAgICAgICAgICAgICAgICAgPHN1ZmZpeC8+DQogICAgICAgICAgICAgICAgPC9uYW1lPg0KICAgICAgICAgICAgPC9hc3NpZ25lZFBlcnNvbj4NCiAgICAgICAgICAgIDxyZXByZXNlbnRlZE9yZ2FuaXphdGlvbiBjbGFzc0NvZGU9Ik9SRyIgZGV0ZXJtaW5lckNvZGU9IklOU1RBTkNFIj4NCiAgICAgICAgICAgICAgICA8bmFtZT5SRUdFTlNUUklFRiBJTlNUSVRVVEUsIElOQy48L25hbWU+DQogICAgICAgICAgICAgICAgPHRlbGVjb20gdXNlPSJXUCIgdmFsdWU9Iig1NTUpNTU1LTU1MDAiLz4NCiAgICAgICAgICAgICAgICA8YWRkcj4NCiAgICAgICAgICAgICAgICAgICAgPHN0cmVldEFkZHJlc3NMaW5lLz4NCiAgICAgICAgICAgICAgICAgICAgPGNpdHk+SW5kaWFuYXBvbGlzPC9jaXR5Pg0KICAgICAgICAgICAgICAgICAgICA8c3RhdGU+SU48L3N0YXRlPg0KICAgICAgICAgICAgICAgICAgICA8cG9zdGFsQ29kZT4wMDAwMDwvcG9zdGFsQ29kZT4NCiAgICAgICAgICAgICAgICAgICAgPGNvdW50cnkvPg0KICAgICAgICAgICAgICAgIDwvYWRkcj4NCiAgICAgICAgICAgIDwvcmVwcmVzZW50ZWRPcmdhbml6YXRpb24+DQogICAgICAgIDwvYXNzaWduZWRBdXRob3I+DQogICAgPC9hdXRob3I+DQoJDQogICAgPGN1c3RvZGlhbiB0eXBlQ29kZT0iQ1NUIj4NCiAgICAgICAgPGFzc2lnbmVkQ3VzdG9kaWFuIGNsYXNzQ29kZT0iQVNTSUdORUQiPg0KICAgICAgICAgICAgPHJlcHJlc2VudGVkQ3VzdG9kaWFuT3JnYW5pemF0aW9uIGNsYXNzQ29kZT0iT1JHIiBkZXRlcm1pbmVyQ29kZT0iSU5TVEFOQ0UiPg0KICAgICAgICAgICAgICAgIDxpZCByb290PSIxLjMwMDAxMSIvPg0KICAgICAgICAgICAgICAgIDxuYW1lPlJFR0VOU1RSSUVGIElOU1RJVFVURSwgSU5DLjwvbmFtZT4NCiAgICAgICAgICAgICAgICA8dGVsZWNvbSB1c2U9IldQIiB2YWx1ZT0iKDU1NSk1NTUtNTUwMCIvPg0KICAgICAgICAgICAgICAgIDxhZGRyPg0KICAgICAgICAgICAgICAgICAgICA8c3RyZWV0QWRkcmVzc0xpbmU+NDEwIFdlc3QgMTB0aCBTdHJlZXQ8L3N0cmVldEFkZHJlc3NMaW5lPg0KICAgICAgICAgICAgICAgICAgICA8Y2l0eT5JbmRpYW5hcG9saXM8L2NpdHk+DQogICAgICAgICAgICAgICAgICAgIDxzdGF0ZT5JTjwvc3RhdGU+DQogICAgICAgICAgICAgICAgICAgIDxwb3N0YWxDb2RlPjAwMDAwPC9wb3N0YWxDb2RlPg0KICAgICAgICAgICAgICAgICAgICA8Y291bnRyeS8+DQogICAgICAgICAgICAgICAgPC9hZGRyPg0KICAgICAgICAgICAgPC9yZXByZXNlbnRlZEN1c3RvZGlhbk9yZ2FuaXphdGlvbj4NCiAgICAgICAgPC9hc3NpZ25lZEN1c3RvZGlhbj4NCiAgICA8L2N1c3RvZGlhbj4NCgkNCiAgICA8ZG9jdW1lbnRhdGlvbk9mIHR5cGVDb2RlPSJET0MiPg0KICAgICAgICA8c2VydmljZUV2ZW50IGNsYXNzQ29kZT0iUENQUiIgbW9vZENvZGU9IkVWTiI+DQogICAgICAgICAgICA8ZWZmZWN0aXZlVGltZT4NCiAgICAgICAgICAgICAgICA8bG93IHZhbHVlPSIyMDA5Ii8+DQogICAgICAgICAgICAgICAgPGhpZ2ggdmFsdWU9IjIwMTAiLz4NCiAgICAgICAgICAgIDwvZWZmZWN0aXZlVGltZT4NCiAgICAgICAgICAgIDxwZXJmb3JtZXIgdHlwZUNvZGU9IlBSRiI+DQogICAgICAgICAgICAgICAgPCEtLSBISVRTUCBDODMgSGVhbHRoY2FyZSBQcm92aWRlciBNb2R1bGUgLS0+DQogICAgICAgICAgICAgICAgPHRlbXBsYXRlSWQgcm9vdD0iMi4xNi44NDAuMS4xMTM4ODMuMy44OC4xMS44My40Ii8+DQogICAgICAgICAgICAgICAgPHRlbXBsYXRlSWQgcm9vdD0iMS4zLjYuMS40LjEuMTkzNzYuMS41LjMuMS4yLjMiLz4NCiAgICAgICAgICAgICAgICA8ZnVuY3Rpb25Db2RlIGNvZGU9IlBDUCIgY29kZVN5c3RlbT0iMi4xNi44NDAuMS4xMTM4ODMuNS44OCIvPg0KICAgICAgICAgICAgICAgIDx0aW1lPg0KICAgICAgICAgICAgICAgICAgICA8bG93IHZhbHVlPSIyMDA5Ii8+DQogICAgICAgICAgICAgICAgICAgIDxoaWdoIHZhbHVlPSIyMDEwIi8+DQogICAgICAgICAgICAgICAgPC90aW1lPg0KICAgICAgICAgICAgICAgIDxhc3NpZ25lZEVudGl0eSBjbGFzc0NvZGU9IkFTU0lHTkVEIj4NCiAgICAgICAgICAgICAgICAgICAgPCEtLSB0aGlzIGlzIGdvaW5nIHRvIGJlIHByb3ZpZGVyIE5QSSBudW1iZXIgcHJvdmlkZWQgYnkgSElPIC0tPg0KICAgIAkJCQk8aWQgcm9vdD0iMi4xNi44NDAuMS4xMTM4ODMuNC42IiBleHRlbnNpb249IjE1Njg0MDczMTAiIGFzc2lnbmluZ0F1dGhvcml0eU5hbWU9Ik5hdGlvbmFsIFByb3ZpZGVyIElkZW50aWZpZXIiLz4NCg0KCQkJCTwhLS0gbWpoIC0gIHdoYXQgaXMgYWxsIG9mIHRoaXMgcm9vdCBzdHVmZiA/ICANCiAgICAgICAgICAgICAgICAgICAgPGlkIHJvb3Q9IjIuMTYuODQwLjEuMTEzODgzLjMuOTMzIiBleHRlbnNpb249IjE4LTcwNzUiLz4NCiAgICAgIAkJCQk8aWQgcm9vdD0iMzQ3RjhCRjQtNjc1Ni0xMURGLUE1NUUtMTVFM0RFRDcyMDg1Ii8+DQogICAgICAJCQkJPGlkIHJvb3Q9IjIuMTYuODQwLjEuMTEzODgzLjQuOCIgZXh0ZW5zaW9uPSJ1cGluLTM0NTQ2MzY3NiIvPg0KICAgICAgCQkJCTxpZCByb290PSIyLjE2Ljg0MC4xLjExMzg4My40LjkiIGV4dGVuc2lvbj0iIi8+DQogICAgICAJCQkJPGlkIHJvb3Q9IiIgZXh0ZW5zaW9uPSJ1cGluLTM0NTQ2MzY3NyIvPiANCiAgICAgICAgICAgICAgICAgICAgLS0+DQoJCQkJCQ0KCQkJCQk8YWRkcj4NCgkJCQkJCTxzdHJlZXRBZGRyZXNzTGluZT5SRyBSMjIwMCwgV0lTSEFSRCBIRUFMVEggU0VSVklDRVM8L3N0cmVldEFkZHJlc3NMaW5lPg0KCQkJCQkJPGNpdHk+SU5ESUFOQVBPTElTPC9jaXR5Pg0KCQkJCQkJPHN0YXRlPklOPC9zdGF0ZT4NCgkJCQkJCTxwb3N0YWxDb2RlPjQ2MjAyPC9wb3N0YWxDb2RlPg0KCQkJCQk8L2FkZHI+DQogICAgICAgICAgICAgICAgICAgIDx0ZWxlY29tIHVzZT0iV1AiIHZhbHVlPSIoNTU1KTU1NS03MzIyIi8+DQogICAgICAgICAgICAgICAgICAgIDxhc3NpZ25lZFBlcnNvbiBjbGFzc0NvZGU9IlBTTiIgZGV0ZXJtaW5lckNvZGU9IklOU1RBTkNFIj4NCiAgICAgICAgICAgICAgICAgICAgICAgIDxuYW1lPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwcmVmaXgvPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxnaXZlbj5Hb21lejwvZ2l2ZW4+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGZhbWlseT5BZGFtczwvZmFtaWx5Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxzdWZmaXgvPg0KICAgICAgICAgICAgICAgICAgICAgICAgPC9uYW1lPg0KICAgICAgICAgICAgICAgICAgICA8L2Fzc2lnbmVkUGVyc29uPg0KICAgICAgICAgICAgICAgIDwvYXNzaWduZWRFbnRpdHk+DQogICAgICAgICAgICA8L3BlcmZvcm1lcj4NCiAgICAgICAgPC9zZXJ2aWNlRXZlbnQ+DQogICAgPC9kb2N1bWVudGF0aW9uT2Y+DQoJDQogICAgPGNvbXBvbmVudE9mPg0KICAgICAgICA8ZW5jb21wYXNzaW5nRW5jb3VudGVyIGNsYXNzQ29kZT0iRU5DIiBtb29kQ29kZT0iRVZOIj4NCiAgICAgICAgICAgIDxjb2RlIGNvZGU9IkFNQiIgY29kZVN5c3RlbT0iMi4xNi44NDAuMS4xMTM4ODMuMTIuNCIgY29kZVN5c3RlbU5hbWU9IlBhdGllbnQgQ2xhc3MiDQogICAgICAgICAgICAgICAgZGlzcGxheU5hbWU9IkFtYnVsYXRvcnkiLz4NCiAgICAgICAgICAgIDxlZmZlY3RpdmVUaW1lIG51bGxGbGF2b3I9IlVOSyIvPg0KICAgICAgICA8L2VuY29tcGFzc2luZ0VuY291bnRlcj4NCiAgICA8L2NvbXBvbmVudE9mPg0KICAgIDxjb21wb25lbnQ+DQogCTxub25YTUxCb2R5Pg0KICAgICAJCTx0ZXh0IG1lZGlhVHlwZT0iYXBwbGljYXRpb24vcGRmIiByZXByZXNlbnRhdGlvbj0iQjY0Ij5KVkJFUmkweExqVU5DaVcxdGJXMURRb3hJREFnYjJKcURRbzhQQzlVZVhCbEwwTmhkR0ZzYjJjdlVHRm5aWE1nTWlBd0lGSXZUR0Z1WnlobGJpMVZVeWtnTDFOMGNuVmpkRlJ5WldWU2IyOTBJREV5TUNBd0lGSXZUV0Z5YTBsdVptODhQQzlOWVhKclpXUWdkSEoxWlQ0K1BqNE5DbVZ1Wkc5aWFnMEtNaUF3SUc5aWFnMEtQRHd2Vkhsd1pTOVFZV2RsY3k5RGIzVnVkQ0F4TDB0cFpITmJJRE1nTUNCU1hTQStQZzBLWlc1a2IySnFEUW96SURBZ2IySnFEUW84UEM5VWVYQmxMMUJoWjJVdlVHRnlaVzUwSURJZ01DQlNMMUpsYzI5MWNtTmxjenc4TDFoUFltcGxZM1E4UEM5SmJXRm5aVFVnTlNBd0lGSXZTVzFoWjJVMklEWWdNQ0JTTDBsdFlXZGxOeUEzSURBZ1VpOUpiV0ZuWlRFMUlERTFJREFnVWk5SmJXRm5aVEU1SURFNUlEQWdVaTlKYldGblpUSXhJREl4SURBZ1VpOUpiV0ZuWlRJeklESXpJREFnVWk5SmJXRm5aVEkxSURJMUlEQWdVaTlKYldGblpUSTNJREkzSURBZ1VpOUpiV0ZuWlRJNUlESTVJREFnVWk5SmJXRm5aVE14SURNeElEQWdVaTlKYldGblpUTXpJRE16SURBZ1VpOUpiV0ZuWlRRd0lEUXdJREFnVWk5SmJXRm5aVFF4SURReElEQWdVaTlKYldGblpUUXlJRFF5SURBZ1VpOUpiV0ZuWlRRMElEUTBJREFnVWk5SmJXRm5aVFEySURRMklEQWdVaTlKYldGblpUUTRJRFE0SURBZ1VpOUpiV0ZuWlRVd0lEVXdJREFnVWk5SmJXRm5aVFUwSURVMElEQWdVaTlKYldGblpUVTJJRFUySURBZ1VpOUpiV0ZuWlRVNElEVTRJREFnVWk5SmJXRm5aVFl3SURZd0lEQWdVaTlKYldGblpUWXlJRFl5SURBZ1VpOUpiV0ZuWlRZMElEWTBJREFnVWk5SmJXRm5aVFkySURZMklEQWdVaTlKYldGblpUWTRJRFk0SURBZ1VpOUpiV0ZuWlRjd0lEY3dJREFnVWk5SmJXRm5aVGN5SURjeUlEQWdVaTlKYldGblpUYzBJRGMwSURBZ1VpOU5aWFJoTnpZZ056WWdNQ0JTTDBsdFlXZGxOemtnTnprZ01DQlNMMGx0WVdkbE9ERWdPREVnTUNCU0wwbHRZV2RsT0RNZ09ETWdNQ0JTTDBsdFlXZGxPRFFnT0RRZ01DQlNMMGx0WVdkbE9EVWdPRFVnTUNCU0wwbHRZV2RsT0RjZ09EY2dNQ0JTTDBsdFlXZGxPRGtnT0RrZ01DQlNMMGx0WVdkbE9URWdPVEVnTUNCU0wwbHRZV2RsT1RNZ09UTWdNQ0JTTDBsdFlXZGxPVFFnT1RRZ01DQlNMMGx0WVdkbE9UWWdPVFlnTUNCU0wwbHRZV2RsT1RnZ09UZ2dNQ0JTTDBsdFlXZGxNVEF3SURFd01DQXdJRkl2U1cxaFoyVXhNRElnTVRBeUlEQWdVaTlKYldGblpURXdOQ0F4TURRZ01DQlNMMGx0WVdkbE1UQTFJREV3TlNBd0lGSXZTVzFoWjJVeE1EY2dNVEEzSURBZ1VpOUpiV0ZuWlRFd09TQXhNRGtnTUNCU0wwbHRZV2RsTVRFeElERXhNU0F3SUZJdlNXMWhaMlV4TVRNZ01URXpJREFnVWk5SmJXRm5aVEV4TlNBeE1UVWdNQ0JTUGo0dlJtOXVkRHc4TDBZeElEa2dNQ0JTTDBZeUlERXhJREFnVWk5R015QXhNeUF3SUZJdlJqUWdNVGNnTUNCU0wwWTFJRE0xSURBZ1VpOUdOaUExTWlBd0lGSXZSamNnTVRFM0lEQWdVajQrTDBWNGRFZFRkR0YwWlR3OEwwZFROemNnTnpjZ01DQlNMMGRUTnpnZ056Z2dNQ0JTUGo0dlVISnZZMU5sZEZzdlVFUkdMMVJsZUhRdlNXMWhaMlZDTDBsdFlXZGxReTlKYldGblpVbGRJRDQrTDAxbFpHbGhRbTk0V3lBd0lEQWdOekl3SURVME1GMGdMME52Ym5SbGJuUnpJRFFnTUNCU0wwZHliM1Z3UER3dlZIbHdaUzlIY205MWNDOVRMMVJ5WVc1emNHRnlaVzVqZVM5RFV5OUVaWFpwWTJWU1IwSStQaTlVWVdKekwxTXZVM1J5ZFdOMFVHRnlaVzUwY3lBd1BqNE5DbVZ1Wkc5aWFnMEtOQ0F3SUc5aWFnMEtQRHd2Um1sc2RHVnlMMFpzWVhSbFJHVmpiMlJsTDB4bGJtZDBhQ0F4TmpFeE16NCtEUXB6ZEhKbFlXME5DbmljeEgxYnJ5VEhjZWI3QVB3UC9XU2NZK3cwODM0QkJBR2thTXRhaUxJc2NpMUQwajZNam9ZY3JtZEltak0wcFgrLzhjVWxLNnU3cXZxY2tVelowUEJrZEdWa1pPUXRJaklpOHZUaHIwOC8rY21Ibi83c0Y1K2MzRTkvZXZyNGs1K2QvdXVEWis3a3pzNDUzNkwzcHhyY0tTZDMrdTdsQjg5Kys0K25yejk0QmdqK0gxRDkxTG5pWFRvOXZQbmcyWWUvZVBQaXk1ZjU5TWszcDMvNzRObnBuejc5MmVrME5lT1hacDVyVlJlYlAyN1I5M1BtSmtNOXhVNGZuRXVmV3l0N3JZWHIxbndPUlZzTHdkV3Qxa0k5NThMdEVUbm5IRTRoOUhOS0o2cHc5bVZxdCs2MUc3WGRqeituVC8vWm45cVp1UFA1RjRTYjBmcFR5UEhjOGltNmhLWStmd09tZjRsL2Z2N0JzOS9mL2V5KzNYM3o5ZjN6ZU1mL3ZMeXZkdy8zNWU3ZC9mTnlkL3I1ZmJwN0FUQVg4ZHNQOTgremdQNXkvMzlQbi8vdkQ1NzlFN1dMdHEyNUdNTTU5N201MzkrZExyNzk4Si9EQnAzRm5WTStoWjdPM1NyKzRZNW8rZmxySmlQZHZYMzd4ZjN6ZHZmVmZiNTcrNHIrT1lHWWdIL085Sm5ISDVjdERhcDhPOWMrSXo5aGxGSThmZjd3Kzd1dnZ0NmhzRnlRV1AwNUVJa3RuMk1TTEk0UmZQWU5XUEthcUhoQi8vdnUvbmtpS3N