From d0c8c6769169afdbe55d8e59ca97182a8cac6870 Mon Sep 17 00:00:00 2001
From: Theresa O'Connor <hober@apple.com>
Date: Fri, 10 Apr 2020 17:06:56 -0700
Subject: [PATCH 1/8] Initial, extremely rough, and incomplete attempt at a
 spec.

---
 storage-access.bs | 96 ++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 90 insertions(+), 6 deletions(-)

diff --git a/storage-access.bs b/storage-access.bs
index 44f3539..ab721b8 100644
--- a/storage-access.bs
+++ b/storage-access.bs
@@ -4,27 +4,111 @@ Shortname: storage-access
 Repository: privacycg/storage-access
 URL: https://privacycg.github.io/storage-access/
 Editor: John Wilander, w3cid 89478, Apple Inc. https://apple.com/, wilander@apple.com
-Abstract: TODO
-Status Text: This specification is intended to be merged into the HTML Living Standard. It is neither a WHATWG Living Standard nor a W3C standard.
+Abstract: The Storage Access API enables content in iframes to request access to cookies.
+Status Text: This specification is intended to be merged into the HTML Living Standard. It is neither a WHATWG Living Standard nor is it on the standards track at W3C.
 Text Macro: LICENSE <a href=https://creativecommons.org/licenses/by/4.0/>Creative Commons Attribution 4.0 International License</a>
 Group: privacycg
 Status: CG-DRAFT
 Level: None
+Markup Shorthands: markdown yes, css no
+Complain About: accidental-2119 true
 </pre>
 
+<pre class=link-defaults>
+spec:webidl; type:dfn; text:resolve
+</pre>
+
+<style>
+.XXX {
+    color: #E50000;
+    background: white;
+    border: solid red;
+}
+.XXX {
+    margin: 1.5em 0;
+    padding: 0.5em 1em;
+}
+</style>
+
 <section class="non-normative">
 <h2 id="intro">Introduction</h2>
 
 <em>This section is non-normative.</em>
 
-TODO
+ISSUE: Write this section.
 </section>
 
 <h2 id="infra">Infrastructure</h2>
 
-This specification depends on the Infra standard. [[!INFRA]]
+This specification defines several additions to the HTML standard, and depends on the Infra standard. [[!INFRA]] [[!HTML]]
+
+<h2 id="the-storage-access-api">The Storage Access API</h2>
+
+Each {{Document}} has an associated <dfn export for=Document id=storage-access-flag>has storage access flag</dfn>, initially unset.
+
+<pre class="idl">
+partial interface Document {
+  Promise&lt;boolean> hasStorageAccess();
+  Promise&lt;void> requestStorageAccess();
+};
+</pre>
+
+When invoked, |document|.<dfn export method for=Document><code>hasStorageAccess()</code></dfn> must run these steps:
+
+1. Let |p| be [=a new promise=].
+1. If |document|'s [=has storage access flag=] is set, [=resolve=] |p| with true and abort these steps.
+1. If the |document|'s [=active sandboxing flag set=] has its [=sandboxed origin browsing context flag=] set, [=resolve=] |p| with false and abort these steps.
+1. If |document|'s <a for=Document>browsing context</a> is a [=top-level browsing context=], [=resolve=] |p| with true and abort these steps.
+1. If |document|'s <a for=Document>browsing context</a> is [=same origin=] with its [=top-level browsing context=], [=resolve=] |p| with true and abort these steps.
+1. <span class=XXX>Finish this algorithm.</span>
+1. [=If aborted=], return |p|.
+
+<div class=issue>
+<p>Complete this algorithm.
+<p>See its <a href="https://developer.mozilla.org/en-US/docs/Web/API/Document/hasStorageAccess">MDN page</a>, <a href="https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/dom/DocumentStorageAccess.cpp#L80">WebKit implementation</a>, and <a href="https://hg.mozilla.org/mozilla-central/file/tip/dom/base/Document.cpp#l15558">Gecko implementation</a>.
+</ul>
+</div>
+
+When invoked, |document|.<dfn export method for=Document><code>requestStorageAccess()</code></dfn> must run these steps:
+
+1. Let |p| be [=a new promise=].
+1. If |document|'s [=has storage access flag=] is set, [=resolve=] |p| and abort these steps.
+1. If the |document|'s [=active sandboxing flag set=] has its [=sandboxed origin browsing context flag=] set, [=reject=] |p| and abort these steps.
+1. If |document|'s [=has storage access flag=] is unset, [=reject=] |p| and abort these steps.
+1. If |document|'s <a for=Document>browsing context</a> is a [=top-level browsing context=], [=resolve=] |p| and abort these steps.
+1. If |document|'s <a for=Document>browsing context</a> is [=same origin=] with its [=top-level browsing context=], [=resolve=] |p| and abort these steps.
+1. If the |document|'s {{Window}} object has [=transient activation=] and the |document|'s [=active sandboxing flag set=] has its [=sandbox storage access by user activation flag=] set, [=reject=] |p| and abort these steps.
+1. If |document|'s <a for=Document>browsing context</a>'s [=opener browsing context=] is not its [=top-level browsing context=], [=reject=] |p| and abort these steps.
+1. If the algorithm is invoked when the |document|'s {{Window}} object does not have [=transient activation=], [=reject=] |p| and abort these steps.
+1. <span class=XXX>Finish this algorithm.</span>
+1. [=If aborted=], return |p|.
+
+<div class=issue>
+<p>Complete this algorithm.
+<p>See its <a href="https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess">MDN page</a>, <a href="https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/dom/DocumentStorageAccess.cpp#L123">WebKit implementation</a>, and <a href="https://hg.mozilla.org/mozilla-central/file/tip/dom/base/Document.cpp#l15629">Gecko implementation</a>.
+</ul>
+</div>
+
+<h3 id="cookies">Changes to {{Document/cookie}}</h3>
+
+ISSUE: Write this section.
+
+ISSUE(4): Should this API affect client-side storage other than cookies?
+
+<h3 id="sandboxing-storage-access">Sandboxing storage access</h3>
+
+A [=sandboxing flag set=] has a <dfn export>sandbox storage access by user activation flag</dfn>. This flag prevents content from requesting storage access.
+
+To the [=parse a sandboxing directive=] algorithm, add the following under step 3:
+
+<ul>
+<li>The [=sandbox storage access by user activation flag=], unless <var ignore>tokens</var> contains the <dfn export attr-value for=iframe/sandbox>allow-storage-access-by-user-activation</dfn> keyword.
+</ul>
+
+ISSUE(10): Provide mechanism for nested iframes to request storage access
+
+ISSUE(12): What about Feature Policy?
 
 <h2 id="acknowledgements" class="no-num">Acknowledgements</h2>
 
-Many thanks to
-for their feedback on this proposal.
+ISSUE: Write this section.

From d62d30c3b812fd94ebc8e2a544cce50cb3705681 Mon Sep 17 00:00:00 2001
From: Theresa O'Connor <hober@apple.com>
Date: Mon, 13 Apr 2020 15:29:27 -0700
Subject: [PATCH 2/8] Start a section on navigation changes.

---
 storage-access.bs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/storage-access.bs b/storage-access.bs
index ab721b8..58b36e7 100644
--- a/storage-access.bs
+++ b/storage-access.bs
@@ -16,6 +16,9 @@ Complain About: accidental-2119 true
 
 <pre class=link-defaults>
 spec:webidl; type:dfn; text:resolve
+spec:html; type:dfn; for:/; text:browsing context
+spec:html; type:dfn; text:session history; url:https://html.spec.whatwg.org/multipage/history.html#session-history
+spec:html; type:dfn; text:current entry; url:https://html.spec.whatwg.org/multipage/history.html#current-entry
 </pre>
 
 <style>
@@ -89,6 +92,10 @@ When invoked, |document|.<dfn export method for=Document><code>requestStorageAcc
 </ul>
 </div>
 
+<h3 id="navigation">Changes to navigation</h3>
+
+When the [=current entry=] of a [=browsing context=]'s [=session history=] changes, the [=has storage access flag=] of the {{Document}} of the old [=current entry=] is unset.
+
 <h3 id="cookies">Changes to {{Document/cookie}}</h3>
 
 ISSUE: Write this section.

From 4ccd69349b7bd959efe28a48908a9eed55623e51 Mon Sep 17 00:00:00 2001
From: Theresa O'Connor <hober@apple.com>
Date: Mon, 13 Apr 2020 15:32:36 -0700
Subject: [PATCH 3/8] Update Abstract based on a comment from @johnwilander.

---
 storage-access.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage-access.bs b/storage-access.bs
index 58b36e7..9beb926 100644
--- a/storage-access.bs
+++ b/storage-access.bs
@@ -4,7 +4,7 @@ Shortname: storage-access
 Repository: privacycg/storage-access
 URL: https://privacycg.github.io/storage-access/
 Editor: John Wilander, w3cid 89478, Apple Inc. https://apple.com/, wilander@apple.com
-Abstract: The Storage Access API enables content in iframes to request access to cookies.
+Abstract: The Storage Access API enables content in iframes to request access to website data (such as cookies).
 Status Text: This specification is intended to be merged into the HTML Living Standard. It is neither a WHATWG Living Standard nor is it on the standards track at W3C.
 Text Macro: LICENSE <a href=https://creativecommons.org/licenses/by/4.0/>Creative Commons Attribution 4.0 International License</a>
 Group: privacycg

From a764b9415f740d225686048c0ba13535d6a7f24f Mon Sep 17 00:00:00 2001
From: Theresa O'Connor <hober@apple.com>
Date: Mon, 13 Apr 2020 17:23:59 -0700
Subject: [PATCH 4/8] Write Introduction and Acknowledgements.

---
 images/storage-access-prompt.png | Bin 0 -> 49430 bytes
 storage-access.bs                |  88 ++++++++++++++++++++++++++-----
 2 files changed, 76 insertions(+), 12 deletions(-)
 create mode 100644 images/storage-access-prompt.png

diff --git a/images/storage-access-prompt.png b/images/storage-access-prompt.png
new file mode 100644
index 0000000000000000000000000000000000000000..8ad7fc1e9a7c89aed605b6362c47c2a6634ddcb3
GIT binary patch
literal 49430
zcmeFYWqTYwv#2{}j%mz}nVFfH852XsF*7s6IA&&wnb|QjJC2!|*)cP2KhOKFb@usm
z{=k{5XRaQ#R4u90>Z;PMFcl?f6hwSP004j@D<h!>06@tA01$}qupcQjhb~C~0Aibk
zxVVa}xHyT5qn)XRwFv+q6PA<$r;#v%J#_Hgc_SwO!#{B{gCq-}CWfldw+JswlG`7P
zCUN>ZFVIR<0(urpA4atXvJSgHFhsKU9;L3N<iw~4oPJLlQ}ev;ah~Nik+!<glGbuR
zo|)$KMhr-d(F>!1n+K3+XEH~jT$)i87qDH%Kwy_Zac)A&=w&PPMu&v~N}`^-R-V5C
z@NXCXN;$ngzrW9MJVN530%&0OoI4{^BCgP#Y1}a^ga9%y_}p13%y@fTiAQP;qKR$N
zyiSo=`I$n4=baN_F(?3lIKW?I%ds#GpmJ!QsoOm&ajl}K;)-@HX_WX#^L!DkH>>WN
zD?rKZc1B|;xkUHM?7{Y)%&wo5Fgm7jxoFTyK&nEKuxo$to-=gW#mFr!WY7os8JNq#
z;o3mtY3f#Y04~?bB*GFLCwtRT&SyvrrHW)%#*XD1_qP4kY-yvU(a&S{BapXD;4$;T
z0ed)bdr+5;TT7E(9KV~$tjamBN`PM!3kQ*>>_xKop}>I&jZ!MAo`Ijq+epcujwxxV
z><Q<G_zU$hZ24U_{qv}=B;nk$H^{rh@_aSy4aVqBLP@u-jJuPB#oS0K(6W<a!%$N`
z9y33kc^E-;zy!vj?APOANTv=!K3^Y$t<E1FDD)rDdflTq!2K95Vis*SL%QF<efFip
zatsz;qwH5;Q9=+olK&JppDWBdTW6Qx4+jgf#w#*F=dE1f)uIH0F);vc15!jQ<A<&z
zgo?P`APj^u6C-W}NXoCqKe*GEZxROF4b*|)--KTE$GLzKB|(-5a*u^Hg(5-=)FXkp
z?iQ;-PV{H1A+m;?`^LYBaNOf-58n{Dv&q4O$`n+-N!5%B{03+Th;Itw29Us`s*>Ut
zAmNGb$1?6h*OCy^z=!)A<pOC?eh2r*5`KZN^#A?Su>^k^f>Q)8_xq&9A=xa_TFBE+
z(L<CQJgIMp3ZW?9klgA11TNY05TZ^5vTq4A!!v;wdNu7ox1-tyDEFmoWz<0WLZFfZ
zNXe1=acjkOWB?dZ1!Q<XfVz>1WJxlgr-K{F^@m*~0@@{nK=!!!;IP_0caRt>0xl61
zYCUc}ta?=GP{X%zqpI&uEaItlI&@mZRuQ-Tjx{5T3a0|r2#pwR1YSU|PhOb({ys5%
zTev*(nfy$^l)%wm#_q}<n*q)pKKqVl-&Gc(n1z9r?T*VScP1fX!@!NejZoo`E--Po
zA4M#J6g0IM3uzJw6$7;f#vO(dMiqKChSU#y38y@2*7RZOaq24aGqOg^YBabX<P?hW
zlp`5H<=<qC<eG8mG6yoKGIk@zbqGsA0$B`X%#_-3sIknk&%-%1Uw{O1023-nC0+R?
z@uQ!sh3$oErPvz6mUNsst;x$Gg5o|BuO(9I_1ZfnmvhM_b0xn@^wqrzl{C1u&B`aV
znANH^ge!a{UkhPX`^3mag34=k@}+iC2W_H2is?o9rVXZ5`}kuW={TG@7F)j<8Uh<0
zz6^Zf|21xYJA;-^%jiFtU-|QIURFNJq=U0OUud=@bN+ep{bXpvuLk`F%wI^qtQwTf
z>2cxv0((HaEc2|NSZ!H_l-W}Ivnf&=Jk@3jtP+F{73MEz&<_)jIZjq*A1g*@QKrY{
z*M6>)J*%MRo8@!s+hwnFbvSu4Q_oO)DefyWWqF%l3Hs=4NC|8C1-vP}+P;FI#DmbF
z!g{cS*kPGb@W8%cT`(4y8U-%OTuMlaEFUpnU1}n2S%Hf^RChpNl#p$n`x9p}!8ywr
zD-mlghb)V(?X>mPWTNqJwlS7UmcJaI+1S}4IKG<Co4ZbAnvb*Lq}y?wv%P-<S;QIF
zPUp>Srxiw14%H3UO<e_G&HY}Wn<yJU26K+5n`GH^%srK%SnpVpH<Z@47$L2+E`?h+
zE#E2iC|#zKWvg-THGUq5w$c8!V7_2BQ4>>RXuDzgZdtZ8J6lRn<f{0(zj++HQ!~2N
znV<YUb;ohYb%<MuOG%&@znEZL<KWu?<+#mwwZ64JG}DUSS@X0WxxRL*Ypbt|lUqV7
zXA4SeMoV$aLhFX<lrC!pX9W_G4ys=aCDD+ekVmV>z8BHe%gpFF{fbrfLcK-u4D^hv
z;>kVN<-X_nh1LU$&$PGimFffjv!l<6H}P}Y)8(t{v!Kb>`ufG^#p;*OFNJT?ufovo
zundTY@Dh;Xkn&JofenEefn`BNFd5Khu-veyA<bY0_#^lMFgVl}zGIAa^MVH@GneJQ
zMiOM!N4w>)HMbQ*ZcSEz{x{CvSZ8-|7*2Ixb-QHV9BnLY9ru-Gkd2CYKjo<Th;_!Q
zNI1+TQXh8(OFAM0vx)o6r`_+R_2C&o3*jnwT;jGrEes`$I36<LcLH!kJpqT(P-#jY
zy|AHhTOCu~t@zUfe0r_LV7J0T8YR2kSY4(j&&jrR#}aS7@*mZlzAPsml#JxWM()2z
z-05G3J}Vs*EEJ($Lb_*oFhBUdAin+V{;I;{p1zf(ntjPI!|(Kc|L3H(4y`vWBARA|
zfmw*D&BRme=d2FuuW1R1Gnw+kilc&5^B86k6XTqjUwN9ejp%9PXs!gVx%N<G`wH7k
zVy%-a7;~b-b8TCaUf?_o1C&J-dxkv1u0P>eVuvHO9jyE@6nwW(wV#?mVnK38;={pb
z)@!V>L-(4B9+=#|8OV}XNC7hA>EPEj_~KdU-qjhV@G~$QzS&Anhu;|mZ5Ix_3J1ST
z>f~vWF}8F}TkYLxrfTMC3YKSS+v&bmCK`H{{>iPVI~~PePnQ?wd(*kiceEK?&UUdq
zX{;Qo#HsH3)#E1a(_-qO>hV4}9L0$BCww~GEo0xhRp&^p#fROZ-n%}JF0afcVk!Cd
zYo`WMx!wH30>{GfLRHmkO;XqGGFO+4;tEP*ip~2=!eKE#znE*otnRGlS^r;##Ybc9
z?W(FAU19Fi`4#=f=M$n!B1s?X*Cp6{Fu3E%Yk{*j>T0mZhy7lEjkvk1a-_;anmxbe
z6u?6weDU&ax#w$WFRBZX>1SI$Bj18Mn!n~2NV9BRCMBASW#;l0CxY0n74>W7uZPTc
zU8lUZ-tGIrcVRBnveXgEbjny+_-C=s?E+aItzAw^2e0fSX11AGzKsWZ4=qRsK@&Mg
zMs8WHn?73)k`oa_OtnnE3|!k*r~fYd+-NTt#@sdEHt0EYO}ozRSbCi|tS2mZS7&t+
zxxc=kj7N=f=iA<`%Qd?k-2GVz=YQd!INM+K@u}WiAAT)FtwEI|wiKxFE_g3F<38C)
z$FdE_^a=1;i`gOCI6t`UdeFanP6^nio~2Gwj>_f|aPoBZW^unbzQ&t?GmtTeY-e~B
zzm8ef)~b$vIl4EySGk((wmP!f%iy$g**Nn!xT<pEF@2bNUcDzLmJ>eqt$6Q$n!V*c
zx}J&iFuX7<>-^$p^N#)YH-JsMG||3r^;``g3YQrN(VZa(P*Df`%uP?__^u%C$8D}~
z??-)+<E~)l$IT5$SK+1$S@Z=E9*a;i9GA*N;3kP)`T|^CwW9pe8Tyti7;s=T6Bc9S
z_P#;^F8%_%ljxGjzb5^zF0qw9gPe@xE?SdD3H6=gz^gnK{$`(l!F^GEhl-1dUT1FJ
zOZQ>TBG}95IspLKl>dAoWYs7xJ`7zW3k@A-9YqDc?{+p!AY(ft6DD^X`;XiJfPg#S
z$El5pGl<09#@g12&s~u0-yD1&=l>)#lac(J#o0=bOh-|LMBL8NgoKlcgNcPq2$6(@
zM8MJ5luu1U>c7Q5{t1$qJ3HI+F*CclxiPu1Gub(sF|+dW@-nlqF|)BTe&k?u^00LV
zxii{2k^e`?|HzRrar*9PVef2VXG`*rT#%8Si?bjZ**`b>-_L*QY2t42|J=#e>A%hT
zXdv@HSD0CuSeXA;_D4~He^U80olG3X?QCpJY@LPFzdM?k*gBcpISc$-<o|W?zc&<M
z{-+lISFQfj<bP8?+AM@9!2G}cCxmGGXPpTEXh@Ki5Y=#B{+k8&6F7JKK5=?>a>3Vu
z(-RJ(2pwevm2VzNnM~2xkG(RH>=!9@if<*6u!tdV6k!CM{DHy|E>#PGoqqG?ezVZ{
z=RK3(%j|sB&Fneoe$yM-!^X{Ze>^Mgx}#Y4_GDpY${dIb2L0!7H4W?`(P4=F-vk{J
zR^&dGe~%gwqyJ3~=>JdJ$1h~qf6L;6VKDxil?54z;(tWqV$1xG1eX6_@c(yLGzvG`
z9JqKTn_T{6`^YV2+x3?#Rmg|W`D_)hs`bfo(eM4$L*+vg0sRfctP;XA)u%ehMh_E@
zyqC)Du<hry-Hsu#Pt0iW{*vz%^JHO?n0+jt16rI8dUegR5wiGPFoYN8=X;$dgwNkz
zZ)TK&T3h)pUy~WXZgxJOg`$&7Uvw9aBq$3Y#0Xr~9Jmqtyf{d$xZA%3v4DEzRa8^}
zTlTn8F+?a`U1xkmdYz_G3k-c9LnA(%OcQy^gG3Y<#cN3V))f5H;Y}Hl;8AledBaPF
z1_ny>fIiDzk)u}UH!<TFqy1^^5QPs49$JGMzxRVZ&(48xD5*I3qMJ1m)lSI+b1<r{
z=QS;|s%hPK<@K?IJO<b+<2a+p-FL{E&);tDaWz8SfB*V)8&sU_`^DRDr`dtUW|`yi
zb#W&;sC;TAfnHnRqws>LwEb@RL`7dc>yE4Hb?tohl}suMAI5FfgId|(pQ>9|Rp``0
zD)C)PX#1l#ygs?yZa<d4XM=P|T!5;;`Vf+E2{N=Wss0JINobYfU@_5J4C(j4o>(5;
z8~!Ibvd~z=kW{gP?mQc*e2QkWUbJGrIQUn_<8W&FZ=&!`1c)Kqfg?t>iPZCRl|i-N
zW5x~zf#X-3;;5IKtWu^E=_m(T_g0sa#V2XdxA`%Gjblx<9VC4j$o8^|iYN-ce>v|D
zYKMrBPUb6}{HXdek#C|SJr!P`@7=UFqzT=>txL)X3CK{a7Ad4{zX_QB!EL@Q%6Qmb
zla+ND+xL1_^M8C5`aCXtF0l1T))s-ScbN7kw}>Iuoue_A22r{fO%ffmFGn^qR)&^|
zDKIaO?BxqXXCutm*x2OkEbx7qAsF~q8!(`XcArb4(QQPFIvJIu)ld(*+Fkfr)Ch))
zyNr#QTWmC#G6_f&-lc2a<+%Z>Hm4(hjh{R}w0ra)beqbPoSdExG$^%V`=n|d&~Ggt
z;5;FC-yNJ{VCfR2!n9T(o3Of(<9sz@;ic;)q0G?-S-OTujv-pxTueh~>maEL0+A*r
zC5c&BSY#mNIYX<9i$htjEt3$1t1(~!frwMsXzO&?a*r4?f?jt(LyHQN&R`{Jwl8Tm
zL(((Cf%MhwWYpiuiC4Y_G}xqGOha=3&TUOf1h0n45C3}fzWR85*)sjNS_PpYzpVnW
z(acFjuNJ?@^ksYfO`GSseTF|^s}nH_n3d}N(Jryeh}aZ7aE^#5rUHg#!RrY*?6sk<
zLuY5ib*%TeHeC!K^x+|NxNEBEzNCxOG0II$5Sd2dLhNh19CTp$J{YNWe*YD#DD^~o
zO62LZej=DUwmqsp+v^PBAk)iM%0nShWo>o(G}8<C+Y5!j^hM#-C4cI03WberpGwJF
z^OQKu2V*@k)@${0s1MI96ZGQ!<<;qcs54uu0x1Gfu$uIH?0$jwSO|_mA_uk6{2$$B
zM;`R19R?ni=mi)Yy`SDn5iERr8;Uvdxl%4C$E#gAKI6PqHAx4XOJ+HewXFJt#m3$K
z5JrX5#)&h1PlY&!z#RD%LXSz&ZI>I}hOUOsPtrN!LnT77M;*?3?55twBj+UM8%L{?
z&+%aadW~^oEsAhowtO(7jzW-dS|d33_V(OQ$sLfHZgx?3)k#b|QA)4<kj4k<Cxqah
zP!G@Fvf3Rvs;*X#7pC$;BJ4W_cHTOK#}k|f6}hjd+F$B;q%|S~+XXPbDCE|XUGlpe
zx1Fsr(J=(dGq*L&xmuht^|GcsJ1v4jBOax8#Cql5I?W~wc<v{-qBnweh9Z3OC54{2
z_Yd<2SPSW6%@t@e?dB_VEwY|%IH~7Y(>WaSbo%30icc~eC2x5P*YjTnv+mrs@<L<{
z6OL}bwF*x=1yx<c5qqL(Z7-tD&CMAZjJ_s+7xucdUeLmGSp-R;Mp!)GSbIHeg>JEX
z+fJp<@ctC|GV{uh8IU-VD(`GJ;dS1@d?)%UXk)ePbzb<3WJ@6B?CvF7DC2B_<I~X2
z%k+e}P|gT4QbCp!?ysLsG=XB|xX3>zX@Y-;BW^MN1}lznd8^|D&3&D!v32&f9aPuC
zEjV_$>41@Z@HrquvXldOCPJJV5TFU0L3t!`S+D-+t&-ej3sG6b%F_-DQM-d2nb1^*
z#l=&hGlq{7EkHu#%<Pt+qHnY$f&yLXP4(T}%qU;KoCP8=IipZN@$WU1pwfQ!6cN0c
z%n_t__k2JD$-xu59Oe?C$J4Ef8oFo`r$dKL$uqZ5l-kb?g%G_^XL-jz7$}QziyoY{
z9Aw|)B6*q<_z>Z>l;xI_iAyS!7x;e9`~yF1O0bl@qM<@GOPQi~%3Dpv)N#rdQ=5Sr
zkT}L!FcHc={?IbiTu5<=<?wyh`E%O7aoH*n##Jbhr%d_%VVAb>s55b{M@cyE%w?nm
z)XVzwnH8tBqEmRJ4u-Vvb@o-ktcPhUaiP<v7wjL)mP%zS!q2Dm@#BhogT>jN%N?CA
zq~+&bM+U{~8}%JT3ir}q{-}0DJo$JXPUaG!)(P1<3zkB5JHKll$dsF<?T;x)lbEpY
z7g+@d!(*{d<#aguQujGWD;!Sbcnc@sVaxD0u;i)meX*ecNx%TjIdjX()GF!<#i6Yj
zy*tTZb1G{<kER6k+g-^tN$F6kvl&8VEWm07>1v$fF)3!{?h%LHoZ&}IW<Bb44gcO!
z`t@ti<gYC4aBn9e14NKVp9$6)=BqbIw4_QNpb#j(ylzjn{ee-dizW7<RKP(#!fk#E
zBE#~`Y?LiX#c0|K|0OFxDURaA5*4#rC07JeFWScCz;?u%FqSAYqDZr6@8Di@`bmIz
zL=qL{ETLOg^GBg6ZnR}=_CnbV`HD2Qt^<5iOO85~A0w20<38Jxsc6F8r6S{ltRcR_
z;pUS61^b94t4(949I3>4GOABuJfM|jD%puG<8S#w_>n<T_^9z5gi{Mqe}~nn&W6fg
z>q#V-qXiAVl01RA%-^nm6tDG}R*x2x_;MSU;0qevsn{7}U3nZN-i;1Ta@#SU4&d|2
zN-8Q8=$p(%eURU-ZIDeX8$eb_*z)jv+f?C!5&b9#ak#!xifK_|LttL3EJ(zMID3^Y
znna_5^{>~eH_)Olwkhej))o*tEwlg#@6QO_7>W&_<Jk^Z1KCz91>3$}?C3+WG;{s>
z;ut*bsk#^t9FJTH4-IA8MM>oqVEn}-St@ztgcRi$nE+f7T8A@+{H?Lw%<sxhzOwbh
zTNPpp+(=wjvC{;m2Q@sbM>H9#d{NE@g=Ym2Spt<Zm(b*%&@&#JF#y9-Cr;Ly3R9+m
z&+>|5Bx%C9Jdq73S!r)dHe<8vXqy09Mtxe{GEY?<j($r!KDJ|mq)oA+Niz%SO&b?}
zZ`V54yvDwHl{;9Tjbf%Pd+}wS>d<Wk6-9X8>ZnCkpDC(LbmT}&W6Ag)_@8m#ta9j!
zmlao5?i<(rJ^!^}VC1XzkjPh6CVJKsE3tiZ$SU2$);@Q?=O{>lDMOKY`#N{-0c11f
z%Q^O0R3@3)pnaLR!Q(KkV>2z|O&U!-SttaWJ`rk@!>b8a?{!R`6VX<mG<yE4EnJX9
z?8A?5XG%^^3BxP7NTt~Hu_HVhVN4`iwsl*?ITE0GwpFm?iYP=7B%Hc$@bJ+zEu!!m
zJK}pfR=<5KAo%hoa*Y#m=sX;Dg8<@&4rbB|7*y^H43Y!#@2n&67!5@C*hmj-j%otl
zUm!<=Ls@Q^(1K>blByCg-$pzcj%;|dsWIdpu)AYI1ic_$w*5(NXq1_phZ7pG?S{u_
z5@~YEN=k4$<X}z}f2)$DX_@VfE#9E1hD3H66;(4(i{I-V(f{z>GA&9ne`Qz9rM^mC
zRwFs`Kr2HpC60MpYV9FI5m?^H$+izX5PbLD!*cU85&qN#mnTb73J#X7IEGzsEHg?u
zX;Ey2tm4EFJSs>K+_G#1sN6H-1SF1f8mE`nO&1ujh;lwzJX3*e(hvA{m$EpWiZW0s
zuHSCFsndihSVOu?$;5F~%I-Oq9@3G;Jm&?USDkEqvn`ZLAZ6d%go+gwL^{v7OId6T
z4H@!wv{4KNp;dGIoTFublw2$2)VJuN`a;Tj{u#;eUA8E0#E3q2C_MHt!H_x5yu?Iw
zjHb>|Z;5V6XD{AQpFY`$+;|WDv^KXBq7dp_w)kt0Jq;8vyEPDZgRjc-SrFQSgr4sA
zrJ<xF)ZPiMLN;E=Tt-RwXHNsj@w-p>zyK2hMjbt3Ajt8xjNG1D3UN(vY%rF;IJK|m
zwa<Rs9(gI%sOPCD7ER{;KA%S8r%0;}orhzf3Snd~aZKaZFWv{<4QzPS>F#5e)xd>&
zn{yo&FUoziT=3C4FJhbPudS{_kMJdkEnQ25{Lr#`l%Y>Zy@zW-vN7NLz$i5iJ5;K5
znObI<HT-u}CiJlixv*D*71gWhPn2oBd(*7_3ZU=PKiLFdcDWS6sS0GuT(D{t4TU1p
z#7fiRyG_eE3X!I22#S6+W#^m-6h0>EIIgX%NipFnN7m#EP8mq8{_6kg?S!*{AkT4y
zDqoKie8amiuL-4iAPF`}dn*FxP!Sl;_=x#bZv=+Z#ojpm44q6vHsUQ__Eb7v;odV$
z!xq(G1!1`J6=l{~SHmTU<PlQ*qKWcVR_)jerfpzIgBvm4%@~hr7m6P%^^WxT8avKj
z%=quC{u5)gF*>-YND3JR{(I>e+ZHF?MX8)Lqu%=^2x#y=jh*Y%;~zEfiBMS;u*Tak
z#_xv##?oQfe{-wFQ56MTN0Ql}D_;broAr$v@`j+_9TI^zqU*L$?Y__yAxf02B!x=l
z62eR~+T~A+1!!nu1PH$^g1h`I`$CbBB*v#fL46kyuK-{EkwBEF1~rquB{=X_w=Y1u
zT|tbV#6WsFvPhJ}GAzfhy$PmE09Sa$jKO@s>hCfi19~UcfB}T(nA|GaC;m2>-=T0}
zw#`sasOCxP-@i=BQJKbrJOQ$O(p^2&qoWtsrib+NWzt2J(D8<WZTPU{DD*9Mb;{tk
z&6)eKyXOz%GLYA)6Z5<<=jisTeB)6`I<>%atPw+|C40p=w!EEQy9x-KjeI|)-F8hH
ztKeagW+3kCqj>|aJZ_%KoQV=~x$UT&l+1YfqcO&w5M|fuB<7cuiFvf^p4ywS`@G_*
zRFsf!Ce|gK8oBK}?!&bZBujF1FRku?tI1N-ih8n;Sn3WwTK#=OpTL{+H`UH6ATj0{
zp%2m`6jMs<wBIS}a9@%Vy^LjoCT-zxPdWc$dWfcMQaY$qb}|rTL+*;ucj+a)HO`Ir
zlU8iYkt@?v1X}7GTyFXPN#r|E@HQ>t0&x%#o%gFCjW0uF*NGt}n13jb`jC;pw2Gmh
zF;4_PgovWzi`!@-K*HvL(~Z!o$Hs2(+rFb-)?jR#VH9#7(=Tj2VFXIF@DdV<&AXkv
z3l#8{;GJQGQs{_0F#UcdpZwwy5@|g(EY}I9`L;xz^t@QOW;2l(>>cAkuGQAZ3!S(n
zfy$efA#qwEMynnmfvV}*e9WzWlqT~l%Na(R4;5OskbbF;HL0o34#w##JVipT1btJ}
zhC>_t*Z84kk87%h)ZEnjAtJxkdgUj}(j!93{Cva$y$Kt-OF0lHRdqy|H++F}^?<RH
z8n-LW!sZ}>-3<fNB%yjocSGt$|Hk_nD`b=81es6vZ-;3VwGI!{x=Wjg6T!~~q8rIh
z(>I-ZkuF^<2I_mgdR3v$(DA-Xx0k~jB#&!;x8Ie9f)XcKH<BS~iSIGNFw>tXqi19J
zes>|{l^o9hDz`%iE8{HMpZDX2V*?Q&idzZ!v?Y>Sd)CP87e-VcX4<gZg_~5|lVIJ%
zK|w_ME2=NvzbZuBOUDV(L!h4FHs3qKxu?zH<&g62moI4AFZBUh*6_SU1%0X{Sp1L(
zuWBlq_yGxbjiBBX>{;$$l?MsXYD_-a!BMWo;sm_rm-l1rW|Y6HZ5Q=IUw4BaPS@IC
zY(*|zPK=R+#3wK{f9DfYE<21iN>oi_eTTB|CaD(=gWf5dE1#;z4k2SusjUxPHKB`j
z4$A(i0-5giWSL~aPo=EV%KcriM<-chu7kx=Ce_yZ5s$%hSfL1#R(J6W+f6KqTq@Of
zP1^`$%_jpN_t8(MR8Z4E<{ZmgFX_t<=gKx=3nzY`8*H;D`uhfdx+5M~Ch<sCCLQ13
zz-K5Mten9$=cHepz>-bx>!F+|UTh%m*}Tw*EyGbY5{^6NHMkv!tRG~<OZ^(@@)W6Y
z@7}@ST32RW#G5jDJ81x|R%fRFQIibTjrspeC&L$Zy<*4|(Io)!CR_c1%_Hl9Hwo^S
zQE*6k0ZH9fg?L}yaIX__sKmM|^w1OPcXFNB9&iQ~4*a<a3tGr!vBYLVA@++6-|Ki_
z5G;5ro)~7+Qg7Fwjglf*gU2YM7wKkdt7b=(jymARR3ve|Xokj+oJcGL)a=E8Sd_-q
z{^pX)lbmxFMP`|b()Fl~hM#^ZSh8FtPzG}y&(Q1&nKXu!n-b|5*E?DK8!Wvp8G}Y8
zFR99MdjdY&&4KxuklTeZmaAE=6(RPCB0jv<9|~b4OO?W88g4|Rhe<cEnaJ#{2_;P?
z8?o!E+tNJti;6!>NPMc6%x&y1V_uo3W6vTob;*g>NqU>OTsfcLvwu&jRY##uVDa&o
zjm;<D)cjaFctO(G|4eEM`*<Cp`(JDnD{=dbpHq}k)wmX7vvZ2Zaqxr+$1#0`3d=ZB
zmH&y>G$E7=82n0=D7v07{*&HsKt=j1ZFi?(F7pOc=INE`>&_SHwFABC(7zw^V&F`J
zd!o`0{mwz}uSf+pmkOpIp(`4P*~LW?IX!JHtsfDq#ur`pipWISMt#Xt@;~we#jH2+
z2jNbJO?h@ikeGbN1F=&1B@7Co;JEtU`4Lg7Wg&D_LIa2EYU2sHQY7uhUN~WTcV^)t
z=vO5}@Yn0NkdRaI5#4}C)WUp(4vw*Osw8VSTHRRIm*yg>%U&d&5w^U)!Cz}c`kKm-
zBm=<fN$4fC12#;#HM~gjq1=5P)Zf;pr2%$-n1Ug_RVnw`UXRSs-R+26XMAz`_F1&)
zFltp2LF~&I1in7TfKMxZr;2$5T(?SjY6p~*h5UswY-<vVSV=EN^K<rGYZqLU_32ME
zg_csKMrFSf6jsy1Kb27GAgIfvd&j0mLcMNT$stb^m<Jk`MBwwKRK)z?^DPx~Q$Sd@
zVT@%H96GZ7$0Qix%=K%uT|6k45f`c=?Fx4}{*_gc=~Z?)LS6b~n|4R}VX-+<+-Bm>
zSk0bD5F4sPDPO%!`l>)fN?NI)Qnwmhb5f6d?KGbf1C~PxoOAwdGk_Kwhq#&yyA&1I
z{>y4YcUzesEnT(HclY5vfUG=ShXv*p4m66scQQi93r#f6{cE0`4WM&++gMvmIG~}U
z7`|Rb*=C^y;a!i^fA53P0fHW3k&?g5+R&}(>!E=!%~Zx?VEjCbMSvihZcC^8EL<?N
z_O{$@s18gO4b4>)jk0XwlT@5~WC;G5`1wTQBkRLGLmAMFvb9StKtl60+@|?4>zf{l
zu5G6VyJx^Bf>}tjzY%)^hNwmXu*Ln{^GRsgMR{l)RItUTGsr{V-e&d=1(&BaNCec)
zqRhehU`V|?G5C2qS~Ox^b?gw*weJ@r0-h*bnV+ruT&O)e%+;V(liHr1ZfStxH1Tp0
zK}%V(6psU|>SuvG+=nLDNR^YAv5H{4kcY@VLikIS_SZYDEsr#+pbR>6%CC%fCrA<?
z$?wrbP&2}rwj9{Aq1C0;h#tl?4K~yLVS`lOY48+X7g(Im<IJB7&WXQYk*qlkW#zF8
z;<*&TraxlKPz41Jo;2@7<48&JDYDKiNePWtA_%K``>y(T;K)~;90(YGOk@ixb#x|I
zPcq3?-^-rnlOGt-9`N!;1{cno&Ce#=Q~7T7cf?{WV>3M8CO4`(_wg@ZXG_(;A`qsb
zrp54<5?qx@PgF0R2;Q&LN5_dB*mk{g#ptL`wB_Jr?<e~HaU|OH6trdzpa`M%XfcP7
z@3Ng{9LqULZNj3u6h8=-3yZ-Ml=8m&k59}O$x~KUg@N;f3Hq38#r|=_#$2QteO?$q
zH*_&HgYWQ-Rqrq5AIdthL&-YOpBn7uD|r8RZdSlXB^{dLH$Sd+7~i^L6m13Mp8aIV
zA14HtF%(MBg4*1Kcmc3Lj(eX?c>3Zw`X7+!6tTW;=FoyN*m}}L6dK=w>C#U>?z&(G
zCaO{4`zF8mpR6N?5f(mVWG!scGS~Flqheb>7>A+6<g4Tp78)dh9%eqwp$TP(w_937
z_Lo(fL3ji1MwoYS-Vw26-c?q}qedaFnD6-##G%n)PJ_h^RY_llm1xPgVocd3D#{G4
zLp3~pDz+#WrN%DbT-2kAR4OkK<LNK~f`Hv7KTDdN4Y{^XOY<vJle+2;XS-+}e?*H#
zv7jwVZ{kCN<lJ~4(cZ^au)@k@gvWyiWz+3(?Z)liLJZ~HgQ>cU0_Si&?|T_*=4j?k
zTUY4;&y1B`IQNWEWP7s05W^7X!U@O=vA{T%CD9;T!-+11)s8;?b3MN7)ck}o7)GrP
zM|w*JS6j|95;Fsl^#whLT@hXWNBTAykdh}-+>5jCwRmt-)|=?<B*Ey<kmy7_RzSIw
z^fx*#t5;`-+zX%!t@On7rK<b3lipI6dL*euvNVY*(Ij(d=*M~}K~;L7BwjbV$mM6O
zF$2FzZe+^C&Byb5QdKrWlFNG<?4)Kan0Yy%1FH9r5FA8EgaDvZ<9m?MnEh=Gpvq${
z@O&Y@csMXuhh=*ggx*Ztp^q{~Iz@a`vX-$GPR`PGjD=+CeIC3Df`-0Rsr%VL0;`>a
z=1+`l``J-?Pp-7~bet+)AuO}>r{;k0`yTUPOESYFcN$<AS~y0&?$hRx78%=Zm`w4F
z9o2LES!$_NO3s!sMrl!OnDaen7Hs8FJC&~4vvbB^(T6U^D~XGmUyMth6U(R-%3xz2
zo543^fM5fZaSq!R@~&QG<P0(Jbe3O{5gXlZl4=J>t7vxFqHNhftloaX$j>=RtJVmv
zvSE&pyHckKic{l5L#73BJ|_d=;*W{>#zEO-%#?rMMz-!k!^OL4;6Kx2Kl&aaCkMw5
zinHS~IvQqXyW3^$nu*CB9p8-LaUrNLEEJ#Q?U-pL;-DrMBMX0_T7fa|d)o7HYR#se
z#NgxH5&DD8Xwe*lC2)lg()+&tw8HBqULUk{b!IzMcDNKVD6-8WPh}5I`m6O#fG|AY
zpHfg}{9Rp{{7I9hAe{W*JrB3I$?Tp6JP*MzVBhtvdrnD=L~@e;=3VNS2m%-;IwLTL
z_-C0LNjTS{4k>C)07KGK(QkLuZxCTII7T@|+!we=tb}M0s>nT^3YwJI-h4S_XAqfA
z&`HpC`psgV@ib{24bBI{vT_SS67*5xED9%?^%Js7mswhbw7cCCB0p2#GHg3}Pc-Se
zLS4#YVLgAYI^C~zO5K~J7_OJOfrBF%+4vMe_!QVfYxY4yn`%hZ1wpnVsTg}M`4h_4
zlMjYof6pU9%x>$C(#_9jZ32+$W4tq?5*b8yPeDsJ_`GmJFBjqtdUey9RD<GFE5m!M
zPoh$oQAtc(Bklz3`{psK)n^Gp;MUqCrGyQ=YSIMO3Ibs&kdbA0D<ext?Gxv+f?4!a
z7!beOs_L<Fv8okCT}?R4t+nbk(ufaEJ9l$d9N?6daFh%vb`p3CfQyVEZFoguZXb4H
zazO{R4y6Wzfo4kvs71Wh2QA0<z_po-QjxsB6PcVdsS#$st>ph56)R#Cs>3bbOv7FU
zzRDISW^5m;M*3mobbD+5FnA@87C4c#oO^_?K6F|k8MdI|3`$R2eSuc==rw-W6k!}O
zW(9O?Gm#z)2~`J6XfCeYg%G+qkeQDBjpHu~0}Kl&#Ez9VH}=)=0sOZMTeMCCMFS%F
zm$7L61R090_kJ^3L6EK*2_+(%PBMMW>c-UN&q2%_0>r_PgulBqst}=_SfJ+fLz>lV
zi0<d>2#Is@BmHny4B#7cAX9C5ZSUHdJ_M785PSx!bePz6tLxx>_A;^|BSLo;raWoz
zb`<_b_KyhX1H$>`1PNYQtNAJ{MHl&6`@V5KNCEA`A_Y`hhn;9@_Vd=0D&CD?#jQ_i
z?r`RkQTU(l4yXEF(`}RJ9t|$h1|(K((#qqa9xD4_M=0=1)xLjqb+KdqCkSbifSqFw
zLAhY_E5*v(ET9U4jffUCq^#{JEKOtO;jHca0uKvYSRI~U|Ndw{#h9IX4(7uf!1ZL5
zgaiVyo3|-4c240Jf{0s1rUhvleq@g86pc0#Id$fItnRa+NjujU6S#RCI4ZPS=|^AI
zHrcq}`W@=_oR=CmMKPsplUcWWI<hBz@0%|-WC&DbBqg<WJ)eQ}>t%aDRc-=pD=>KJ
zW7tc^!{_%+6kM%$tujN-q`-Y60yl?UtvZ;+7V?DbPL%Oj`j9+1(00`)<?L*E2#%6p
z?1-X24B?QP_wF|YxWB?-$T<5e9wI!WV|zUKg$`^Ea@!AB5rqq{-ismQwC_=msem<~
ze4mX-t(U*Z^!VxgCLAEPeGc}?*j&w*|MGYJ3kMxH$Vmx9)>x-b#*!F(Ua?fa$*y<A
zUKwa|T>B63;EG&lGduRtW>=B`iuCS0q@;fI%5S&*b2M399aep#GqrGN$-`$Wl#otZ
zc_lP85;6HzNsJehN9a0r5c-b^wLc)_z}On32SkM6guC8eSj?cjem974y5HoEVn>-1
zMHd2yJxE}N7@GKMRYB=*zpzD<x7^CU#rMi!$uz<jI`v*a2Kd+OKDL(3P&C#R;1PBE
zD$d|QMdpNq0uP_+95So;>JXfAYIp{aM0FYlF9nupTw$eBdW%p%I{It?-+-3l;%I9|
z@8q2_^4s`$MaV)Kqej$`?XFun+kYs9e+Z6%hWa1*xL79e5rL35PUq_#!R9I+=zSsY
z(Mj7hH#VpYkr$J?V;76h5DyFQ;kiF){HykHkxz)h>i01{IYn3?8vK@UBV0C|kmp*m
z)gn{60sUYLLD9G-i8FlZi$$>;=xyPz5R!zV9~`qrfN`OdO152y^zfZ$qBY`L1g~HH
zY}1bmz9*cJcY-D8HWyKcdpfNpD+ZBsH1M&mYO}QlX8W@~Kqxb48{R5p$Q~-xIur3A
zr32OP*b~pYy#!+z-Sv`Hr^C+f{B7_;JcUW0s<SvYTt!s$Wl@*H1~r~i&}r^77?hfY
zBN)n<K*sw)vy=u!kn1J}I7S~zO?G&3Z!N{fZV5q^&*|S!ka#A`Eb>Ub(URkD<@H&+
z?{;BpmC^TfseV#Y*u{yXmeEKQzr>V^8J)~lz3KmmPDn$fHUj9ou>#5BGs%z;dUoN-
z<PmC}27*Z8WWB3{=RK}sxA!_VmE*~it($;62xKctyF^pfG!^dW*<<$CB`m8Ku4qE~
z!7Zxp3cI=(2GoSrI><;GvCUx(-3SqH2t!pbI12b))Cv_VaCuRUi>Oy(YtCPg?}&G?
zGC0OZQ>xK+6t-OXzmqTB1sb%b#GA+PzdhK@PsV=?V2d1;^D>u9wrxg6M*E|}lwTPy
zG#?6|9o+sQc7mUQA97#PT82+Y-yw;oW!G;z?>ET8=bRvMahvESK~@5@bF9SQjOWY#
z8yxx(bt;?)mn4OGB6tk~G!y0F(#7~Z4g9QPg)irZlceM)4NO$wU+^kGA|FLpwGGlK
zRIQ+kt#~+>J=KXtle!FaC8|w)NWWm>mBeEx7J>3ip^M1Z=_iHEVWzqiE1SfqCY?x#
z+K{g8QlBf5yvQi@3)SE6gi!wUjH2+@hpQi-?BVfHRXk1-zZTbt@!e5Kq)G1lq1vzu
zVt%d~)1V-J8)IC0SxLo_mU3AwL^O|);Nm|_Q;mq_0c2RP2$CmziM<FsoLF_TnC6mF
zC%u1%KLC6_4M`p<u~~|Wm<tiX5?phS%4sQh`xE<Nj1*fS(1H+Ch#6zcHBU}o1d-q+
zwAP}b5)F|?nou@i_6r3s5ye180nkFmn-bl4$SD;=Y=oC(R8R=O0-onJ#L5NY2##wX
z{ECAQ`D|pX0l-+N#8CDpb$M9!N$!Bbsq{b>+wg->?(4i5MBkC++?KDcW$?`K^{_|!
zqe~Qc-$fg!r1SI=Qf_3M=3wSm`|?<4!UINEMaz%9isPA${x6Re(BRV_XALW#>#{3)
zyjG6m>5nK--F8Lm&nrLT72FXG+t|HU90FR$_g^ufmzcl+uVO7n%i!Y$M0~2-+=^j*
zxK9Z&Kh2jx6cy+iR{B9oZ?Ml#WN_f^(jTZzVF5X!77{|08VN@eg9(f?_UezPUS)zM
za-g_M$diN521*Bz!P{1bs^bWtNZUL?b1~{d=TtX=UbbRHD@yP;Fawv5F&@@fRe632
z-)VUk!V5is={7*Ue#``C{G)9dpg+%F>YPh2NK{MK#-}Bc|EEo}XZ`4501PPtZrflw
zYuK-)xBQ;3PNzuhy#9}@(cKoJF~7Ts#_VUpRB8IW^S{1h2HMqlSOG?zrR~2`zmve?
zB*;AV2aXuxgbPrR`a;&hiwguZ0kX+Zh)~r493bGm7;WG%LR-B$O+hgHl{fK(;1zsP
z30b;PBYmR8u>R^Ou)fwaOA}sS+ZQ6m`<>$EQ*~hLUU{wcy=Al0z126H>bOG+q~1vg
zEc+Q{#9+9i{V>wh4&3X?Nf^q;Fv@Obu`Lc);d9^Wp*NY^+uOViAOa=*nWRzNe}TFh
zk!2}JS*=QP2MHLQr<<d{9*R&}na__tsnVD(&?vlGh=|szjcs)TAMs`45NrlD`%x>6
zfU!#q)s1{i)b66%#r~%!H}Q+dcr?%W)8GqISxjighViRi;-g&GN_p=SR+lmrwjWg7
z5C{?je2-4O>WMUeKGtz=IQM^0+(gH*)a9e|xSx&M&;Ne^v7_H%P03NA4>6HUj68G4
zhci@!i#Y1pJvWrnO=A7oWu`pUO4E?$w_j6(id1~P*#J#ucBcTW$-w%nUb}l3ngm6B
zbJ^$rGJ%j51mWbmskynJa+*JrzpS`v7;m{aU&qL~{`3u23NP2gDD_>mgcj#Dnd`!b
zh#(KdN6jr5J!F$`G*U>!phT-IyZwZrZ-fT<KsEbB1>?}1(IWO|^p}C$*v^MfB^_s?
z^#nk!jotx&Er2JNM6_Lrfift?@;@l;n)Mm{dy9QpGoQy2SiG;BN-*TVq3omBe5r@*
ztS#H>6l4m@`@KHdQiS?eih;zYlLu*_&YsNH1Sv*{a*7X*h=K20sTaFgE~aE@)<%9S
z!;-NwHxK@Z8iog=6c(E3)dc*{=xq2{?O^y*<1i!Ta3R?0cHeILl!?3gq9@`W?FnLE
zwDOyVY`bsR)J4wndh??Qhg>|J!w#g<*xUv3W)pu6o{?0o2}Wd8jV0Y;gltN5BZ2=S
zlVwQBPfrS--LEY(z4(h({$ft;%Pj9z?h{u)BDYHvH`^D>hnz-GV~_u0`quT6tQ}!M
zl{P%TP^HO}61xGZn^VvacFPw|)FY)+WwjLPOim^dFeIgXnANv~+P@k6+G~FYPmpZa
z4eOK;{_TzJ=F?Vy-hDj{VS7f?4L4_O)VCgR_!T14Vs``oKP2LmN{YmbrnVu<^Ldvr
zDq^2g!j?zhhZV%v$rCRagO88@ZKg<ZGG7|?2G(N~pV%#8kH<viRK-@61{jhP4d2%S
z2T{=-zu}jT?{8Pj_Z4EFG^Auh6&?eU*1XMtOrC!4FSbRjhm0s=B2z5Qfz1)GOcf7e
z|8-2ia=4IO@IvX_$!v}w3|?ZmYuE<=HhK-3xb=w?kLmvPMZz5Mw&^86Jfy~T2}37p
zy9D#>9*VLLv`<tlc2M=2+fc_(Bp)}-+AAY)L$bv3lb$mns<&#b8$FpADDvG20;nRS
zHoG)4vfwqKr;d3m_2ttCzH}%_x3?~%V8DCwhn+Risg|a{&SVt3`MmQP)IW@F(Q!XQ
zogFMq<gs|&79;eQ3dadYMEFjkka`i%L#$C@a&tI!@qALXa<s2ibqep~B%O}568?c=
zhI>#Gc&Njyf53};cGvs=Qkd@V`8I;ZcpqyWu4ppTUJalfSO(tDXppjdIp;&0x<C<C
zPe%V?(z*)VeWHP%!dzY*FEq%xCsFGK%m9NY0qC(f01)e|ZR+Qw>rc>_fy0dVf3?b?
zs<mY&_#r!Ho77`_#)KiwlS~Va;kX46PPMR3HLBz26GcXN$uxg#mpDIKH=FOXvzU*n
zp{s?mLk~=;p+hbpz-+>~GQQZHU;k`Bu$?R|;`aP4ckzm=w4mS<V`RTt1E1*x==N@J
zdONZ~+GlbIMt{?62jA$U#r%yF|9%l6-VRqE*e=6^N>5L>6w$w%lpigiCU8iZ<{aF0
z{F{D2uKc%Eb;qYU&N+b^-8^m@B2G)-s>4AR|Jv&Bq|YGRGZ`n)*USAxZqRBo!D@~y
zO~>usibn?bijxxi2R3EH5Iwt^k3zte$8#LLo=<kqxhwEE^7jzb3*tGskOB&0D@dR>
zv>-^TfE3&l5HC&^Uu}5aMLxo)vr7+0q7S|{D#5d|=W)l3jsmhD&)QqHrYcy1DPEeT
zbg!%MN);xdl9=7Sd~QIYD}vX6!Z~OOcfIl8^u5~y$sjaP2iHt0j;2Yw$s4ai?-wMZ
zgCCdC;@U5$3IA>VPvEPn*U5-^ULv(ndL2#GW@8DU>xpHLdd@P-)(i;;_tqkGmR>=;
z3i9CTXK*$am%y8ADbKie6_#o!lcJ*HB7p_37FNZs9tBl(q~M*7PLplcGdtcl;~#}k
zUa?mbQ9FY@iL~mgIYW_nP~7XzGfLb|j+Aq&nSxeanQrUVArOk|X&*ps_di&v`dG;I
z1i!MoUP0)2Pbksx#g;JzjjWEGrKRP!E34`~n|136-hX_V###}wbJgZTN%t5T+!965
z2*B^5l1AZ$#$Rki>Rbvl(?bP$-WK*@=pFK+XEoORhK``~?g%|-^wYq8tsuk0Yny0l
z3&#(m9@oBo43M*ym0cWDH01uev>J&=IA_5O6he2?c^t!aC3tQL0-1HS22v^OlHtYt
zuXQH6&aY@H7`hZbAU(Y{BMuCX+~lp3{GN=?uMJw2sqbjOB+V_Zz&x71?kcWTek#Q4
z6C3wUAEbRo6nNCnzv_QoIDNuJ3t&f$6zxjKZ5JSikI5Awi<xr}j_i@l?`V;k6-fS+
z*e(MT5^^eOv>bviKRBEx8KH98)IFzd*tbQ+5W5`3nr3age{8XczTX>th%%x{Qkc&D
zfvlTSqsf%r|9B#rt1b^+X8JXWK#<@`<k+OX#3j#T)cdg9DM)6&`~#k_J{0Ag5x!gB
z?q_T_8rv~Qf-x{W9O4sxc&_n@c#UhmVrwr#`E}yuyu6nc$fXKy<cjg~<85ViB#Gai
zM-%5>u!~0<f^Wn+;1rxqOmH1xx$g&!Gm#0<&sadJjvMakl~rwm96*1|_c;lM!J&fj
z?CvMdgwyo7?`_Yw-R`y~tfujdq2t%BF<XFF$T7<ejYi~v4u(g{KRC?m>$9I;S9O2p
zM+UtB1a0XNFV98Y2&oKDu!J)%MH@|T@wbkPJ7qpP#}%49`NQ)Qd@z5Kw%<$A-ZhqS
zyJ`8Elk=H0hl&_7>^$YeO_F_y2qw>C>6@?onrqnAnZ5AhB?WxD!^XRb<_;>G9T@JF
zt{ypq%2QdV1sF1Z;^CE&tBO;v{gfH*(lhTNo$V(&X0=Oui4y&>(zd;#(NmSAB?Gio
z>5#s9!1RzA7Z#~jt#Du`yjh~Re~L%VTu}XmVBbH*_Xp-ntx*~pr6dpR==Tu&>+CN7
zvb9eEO22$QVrx63Udd=laV*iyxBTJvHBq1**e8B0o5g%(pwSktH|Iuaq%^79%`$Fh
zb<HB!DJHTf>={l_`ug=ADHj=r0m~X5E10i9gsji_c-Bpl32U$8Z`V6Sr4}O&qaO5x
z&~xN-`WqB%_Xm2r<)J9=gd}jei^*bhtP#gS-zRny;Qn$c9FU+SM0?~b@IfE4SZqt&
zcZ@yoLLEB!zFlV$xflJ7*XGLdN&n!GQ+X~m<D95AzJC3RH1yfeyL@M2;aOeqf)*Io
zsEbRy!MF(d?bKl?Ooi|%lRC$}S5WzbZw{=V;N`F0$vW}4`#xPDdnlO-iG;%h6rOpT
zbm27Gm1(}{MOve<LkJ=3xY>?4tBn>oB&pp1#<N>YOI-STR57<-<Q0IaqE`NaV{NeW
zxKrPvc%RH2qU%`0Y16vWFz|K`4nDZ#9;>3RXSb{5KdG0cZRZ~-GVIV6@1I@I`~{W6
zsS4ftY5Zzqr-;GGGl*#~(Jh-41J^WaPtpb6O>S<BKW1Z@l!M}9=cL15MRsJKLFoxL
z4im#edOvL@JAHy%*c+5FmYY6$sb#Kn$|tb-AiGVlt9W6my@-o=Xh%?7xH!##-FNa~
zhLil9R)g^$GW8<UZkhYhjnB{77BQ(;l_T_cey+t&_&L+5-{Trn=H}Tf$3yCm^s?QP
z0-xQnORV*}F<oq3i^0c!6g7SfnO(s=q!gxy_;`%=Gztuzkqe=NIF^d9c0Inhh>f=8
zFi2XkS!5^_i44*=K%nfF`1UY%AT?UN0ogB>pt&z-Fk>y!wgav1SOQJb@i{zfme4Er
z+F^mnmwq?w;TfCZycgx~f~a2BdV$B$?NZ6AgmIe)+Zk0ST!>`C0(f+upTIw9et)Bc
z#(1mW38Vq5|0tUc>ypl*^Dv&^NjhOreanDtB-Uy<QMc)fJQr8dN4RLZZilpB6iOv%
z<br2bV{JVyz$qoqrS3_`h`GJMVUsHAxX(U-s1{yTRJkQ%>%4(m_`tXKSSg&J?$1$`
z1#cS;0y4w#*iAnsHvJ^$wi^}ikG&RxgXOE#ze82}^qtL-i98P{Y7Pv%@QDYPI)#^@
zaw0<#lmw>S^whJ8^@jLUu210*I^~&Kc#huCjBCotM1{5R$r1Z<{iud7*fa^r#gmbZ
zFpW2-bV?Sa`5-O&1K>P;g?1uycHRt+-xLmF#|!yT=j_>Lc*;F+?pK{qJNF9<o<)Yr
z2r`~l^H_au;-tNY)*GU%5BxV)IViU>s<2#$n&t$_iJe55cQ>0V53;=sP6;H#3B68P
zY3~(Lnnv%^WgBDjb7t<>y*57cx270)j!<TIorp=~TvPm%p*evJi}tDRxVwT^#7bwk
zOls4(Z*YcIYg|D3*qUM~y-u#XoT1h4d4EQ!RZTIvFtqs+`d!C@5w<C38rka(_Q6>d
zV32|3pC%tT2~=_q3wEP9Oa$OS(!R0#Bqbdf=a5TtEQNE^zIEKNK)Cmv-h{gju96pL
zHkp*>4Lf4ReQEh5vQNN!>B<$-pR00uKeuAP#a%6KQGloZ0}&GvnOf}ican~!S1G*|
zA4q0P9p-h@PxuK-19cS+QU14nbsYQ@=1OD#xpfRrUBC8msRRrmS!%HcZe-6{N1pv@
z4NWAjdEc~W`;xFB^4A*p!M=m9lTCba5fZFZ5jf1~1_9AuuK2Swr;I@u#ub^qPZkz_
z*_MYUSL+In7z(I2#wCLyMMEE3g0Xm8{!zEzY;I^HTllQRnZ_1FOQajq!4m41G@+YG
z@#%Hby6<B*uT(qq|A(q~jE^(w`nF@+ZZL5g+s?#B!v<|^+Y=`fHMWf+w$m7mZ5s{W
z>2+WC{d=D;^KCv%_Id8Cz1HzRHu(%Tur*PMqEPOGKQ|=ttM^;`)M9>S1{<$6@tCh^
zMgsk2^b5x0__!NfxFF%mac*Kli+HZo^-D=89!v%V6RIT^`)}&y4!^l{M}v?|X^4_}
z{EKT&B`QkAxpf7c2J8Q<4?RrOwF9+YM?^FiH!rW`hN!=AUCUM~(wJcouNWv4A7n=)
z$^c{j5Y=063{}Nzz`iGhDykPGAdp2)E0tRurk1p^5<e6kmPGpXAT2QE&=nAfP~|>s
zWXqO>C%4RDqalwE;@lXPq{6E;L8te-W#c#7V^MEi`4v)o%?X(sj9$7|BMn{z61b6j
zz@=!-MY^olE-=t_NlH>OZbv>*CCXJ)#=@!N#V?J6I`tN|+O*RrZ)Kp~_%MBG!eI*&
z=ISM&nzFI3$rdCH8|WNA;M*dZ-W9~_R8#2&7k8OdgUyMMMN$}FWCHmsm<#6mBu%c$
z=4JFNULkv}aMfu)B%5(a%K6Q%#IRNv<AbQ7oh~8qao_q6)!TJ!8d;>R65nt)8kU8J
zXOT<gmHFgmO=8^tuG;J<>)CIo)qP8Tou|(Dey4Qbi#E0r@k0A_Vfo|dSGY1^`hfK=
z$eYlp?TBJ2`2KQ}go5plG2C#A`^Ft;-7xrrDX)54S8yo1&UVewfzDtp&D7ORG|%_#
zFK>tCt{~w{7-|QIJ%<zr`v<$!0P$|aQ(SQNhZaMw5q^hLy{0@cD}j=^N=(Q<4m#K1
zF8AB1AgyCkK<DiVEd-1`x$A`#mCMi#Uc@J*`*aPNni?8t^YiO(SYof5(qaCI9IEfV
zha5}{k-bp29<fWz2oab)hQxC?d8~+!li8GGLyhZ_m2kL{KopvxP>ZGsAx>mKhqs*}
z68v_E{H<8@LihbX1+B2`^~0~T*Y&H@{_U=Q6gO9~P({%kC=rrNkgnP(Xinbw2gSfN
zC!U-ncq<U^h_DC!wRS^Y&0}gZ-?gceIuNOtU-AMQ$u#AXT42k4Lf6IVt}d?U(5R5T
zvF>}_yA1YIUIxLKM4h3cB36gjqX5;>r#|8O_Zt*|PdPU?x1_Rt9Mbn>{{q2i;HWm`
zG;Ab=bm_cUi~nCwpQ#PMn~&QPY`>o>4^1(iekoI#3zkMu6RX*beD-g<4t7|k_lZ>X
z`upX<(#8k)7nyE{ci|z6;_(NJ5<+6<r~~Iq(toz(m78ogcLUpY?-_Y|-(MAVZ>5~=
zb2lucT2E2xv%&>C{`V~htE;55Eedj!i4w}Pb)&l@by2?kG(<D90{C=AaT5_EQ{UEU
z{R3}Xz6gGupMrp~IDFhgN#2&lX<TUn;L$1Nvgoy6?UojTgooMhw_&)#f$tB@b<M^S
znqJkNkzf`4HpAKsrCiv`1r5x+*@F_+<vC{#qq5svLgUA@OZMrjT#w_5n*EYIL?%f7
z<-bcG`~W=j|MB%q|8TlP2#=7Eo^^Mgqj^6ga>rU?C-><NERJl(pKgU81M+oGMHgFz
z_kBD?skbB~HGX1+dw<~$8}w(%4Ygoyk@H|SO~F!)vT^t6(^Iu}{Jp~R>!)~#S7c5L
zbW*adG*ysZX1g=<>2sI7)1UTtK~oPrW`?S@=}s`e{!bJ|TQ=tbY;{n9J7x+RNJcIP
za~}4-|CJ#!2J&11I^<@OrHutMBJdo3ZH9H2JDrP~riVT(H0?uulOGCDIDy%Ig??GJ
zn)|D(hlNW4IHf`j6c#~h^H2<1N^Eiz5PfO&IGUmIrQS23Of;2{Ke`3axcX|{dIcs^
znR7B}@T74Q=i5BuNKjGH=RRthS_~u7ho_{wU>ycm(p6=}npi9CJ_XFe<_+reQM_DR
z|KF0MwoX@5B#c~YNYN_08u)iH+6|`&m5@dp>9Ee~?v`wQ<@}+&qx`^L@m%dIpfs2r
zkef9Aah8ldu4?tca9^BBiZ92;(%ya2>ZE0pKIqn|-cQRy(PJDSRY%PrA{{`X>TW9c
z@7wm7s!xlVaFy+r2h?Dfj{m8guz;NH@s$hqtIgO(`>&84*;N76FB01_;uJer^Ik?O
zK(yNuHMAZt?k_urTzxk|FIDtPLF2mA(`QlK%De&h-Pd{%Z`t5{;|3LcMFnjkpvL_Q
zdQ}W+deF{Cm&_qLoY;2io<Gu5QH?N>tR_&F{+DcvWdZ8#SW-|H>A6^+(igs)-r3;E
z#Yoh=sYU1Am{z0Z3f$^W`Cq6%{^2Zh#Nme-!j=PHQV+PsS)`L|*PetIxaCM<KYB!k
zkDGj?iax|GG#wI}Cq?BxUDyCgMGS792@ohfvA`jo!C$sb!{^?7|J?JSrml`%_jRG6
z_tXU+Sh0Q1_+q|092%xxN1}eTO93$Wc`LQyK=<X#-NRE&=dt{~%b1IQ*9KEp9w7ji
zhI`>^;$FB6mY6{+&X(3EQeI1Ko|V(?cB<3@X2dO*ix{)ZdEO+gR^9K}zA1{y{9Is2
z?MGEz=d!s)GDoRHR<ExcHsyemU<*?zdyR$b?+ZP*J`JB}mkd}4`10?6>Tkn*f#;bR
zww`Q(jVRmffN!o4MMDcxv0ZJ3MY?br_lJ4e8kYjO^|syYKL;^_>rdW1QTnrm>b3vS
zrvDT_m@vp4a(K9HwE;PgopK51xeM7>R;WH{P)~nkw^Ft^7I7~$@o9OhSIqhzA7VZe
z5ZEH&3u>PX_a+n|iJt}URm_jNXNqfdBHRwv>$~bPmwU%=W8l43JsPtu=KIDE+lGAr
znw6ZS&2Db98AnWP(bc2Iq#UES^6N{MkQq*5|0xKHV?e0eIO9L`8D><|SenO|cBA}t
zOFa;tSpAh=5^wL~@}_T`@`*-Wmyy}HKRAFdzYV=hgcGfU>EmK-ZfTuvzT9~X<(Lt6
zP@{(7h;Wy<!B0a*kCxI_S-d}o!1;gcR+_3VHfNu8O?+*7x;s+^$QYu^nH;`*JwhtB
zppweikNzUKzLb5SB}*Kxlp)MScg+aCcCOWk5_Q+kM&ViY+KHpMK+xvYlv=j>@*36k
zzGfcw8{nIaoq;hT3=BYMeiL*jU784n;Leb@Y1o4mOi5>&%?e2~LAFG#LsUL)F~_bQ
zk6Y?-xA5!z@hrnF)sV-Ap$`vZiXyQeb8eOi{&zW+C$@nofKjo+!J-_&R0(bE)aOhj
zlG`%jIkcW2O|>AV8h0jWqQ#F0h-lG0x8d;hpHpeTEH+rAKT<~BzagRD?Bc`QmtZCl
z=o3PjTjezQ<ecr(OSF5lFw7rA2B@JqP6z`7s+3w#A5Ts;%imRk8Wg)=6fPTJd&1bG
z%UC}#aPn3g!T$cndWAvqMvm&$SCi^1*|&I8;F=(zLS(e+3aFZI2`9!2-u3&rcD=53
zDe0BE9Zp()OfGnxPwx{idqD!4RQF0^SYF*kQepCw5Ih;!P{Up7XPsYID0*<@ay$Do
zuX)}^6ItwrCf<QoeMBYae3*RIli_gmDY-#vMHxZl_Ry7!!{fHGVFbAFTpaP`(HqR^
zA1DYTPqd=1qWufP7++1?3e)$ot&TamH_<>695T6*-xy4!jpFE~H1NqRf>a<Vvw87o
zy+m@4+=0wJ<+V`Y98HYQUuD-ApZW4vhnHBD*Yxihu=cdz<?Y<WaYOb!xsuGu|6MN%
zNx?wC;@%6OL1m-rAgVp9k|D*o<emY{`F~qqWBUVy*4E$qpq%v~JYqc-#axucS(v;~
zO==7qch?IUf8e)^0Y?JAi-?RwS$PP{b56MpqJESk58{Y}QGU;>sB!N~*?Z!i&Ue=Y
zZi?s#0ri{Cunna=sMlX}KbiVBZ76Ta><zyod^_HbbZ}`lNjAg3ykCqd_+2Z8x8f$s
zzZo{Wl&@7gE0eT$|EZDY3f$(UlJu;-OE0iayNn=%i6H6Gew-I4ITEr#MjX`VDSs=S
z<PBVFbH8xf>%5ET?1V{=a-tk=F0#>>6@zGJekwbdyc>!YiD}+W(TOFX4je0%%To=^
zoLtZ<X~*4yaaxYkPo8J-fnkifqPP;^6R$Gg+*kJS?nq%m?ok_Cn{Wo8hcJYytR#~E
zRhb(lr!hIM##}fuC2+Sq!(3W1zoLZjq2|&OXQF)a<Lq|uQTwAdV9WyJN4WUt!ha5S
zU2-%25pS~VUA-ZaP5MTx0>Bnyu8OIfxZA%#^BEk6t1+op9-ozvd%%B}Va9_1m=cH=
zCoPS3WrIdf%59Z@z!T`#2LE*owwxtSl7qlNuZ;>SZV|vs;@Z16>?$oQ^y(@dcUEC|
zz#ILuJ)9UPZ~<Q9<!4Wr+V#CeV~Qa_C`vqOhzQrX$ZA$+@oa~0Q+K0-EwgobHz_gv
zJY_*s0u<+NYkHJ4pu(Tq*dY1RzQ<s9{<38~b+VZ!j&&0s_5iHp<NGne>lI(ELs2X}
ztH->h9WD3@E@#6*W>|KS|Ac14Y~Jhp!$A=WV{ss4gJKK)dlsLgsN31HHqlCtT6y0t
zRmS$yeDPOJyVfT#wS;&bRryKBIS>DP`_1b4-gU47rkLgic1J$6gbd;CeFcghQ(c&K
zTWdNyEk-h!<JGv1z!Ie>k@>2nbK|y~o+fiNIg6zKcqer%eb~MIyU65-j;%YaEMf8!
z?+qhZX{Ug&i@k#mH+WaKAs&o;J~B#qLP4?C&70~(S0K5<(woZVox3Z*8|C;jr0|l&
zYF$~Ia*q>{6SAZJt^asIoG}rul`E?`@IwnmzRPphXS_JnWI#~+^cWtPbT)Yp;V_&3
zw^%S86VvZ96|oznMt^<sM&&lVuA|dyAlc-L_}P6}Kv2CLHm;}+_^4;z6XH(5vJqKe
z6{nY!8SCeS!W$;}i+%_gwoJ^tu%r;5r0SKE<hiTUlnfbIlJx(Y5TSO)`veLnS`Wm&
z{}e$%WvGlx<?gY~W0O~;d~*DGWLu`DAKRZ$GRnm$0XBd4@uq+XvQ!K(*MH!$kwk^w
zv<YQ?9aA+Ln!+_S^RaG+{YhMB?&qjrh?1C$CPJ%hFm)od(~qI@T>Jg;(SkAhJD=p#
z_bPbI+*2c?mw+uvs`yH#s!J?Xp;+<jn5;5w`E7M>-j`lpB}`s@j*f@*=T+7#JdeWK
z)=_QSSzqh<yIkK3{FVHqzNU?UtOL`FrpByeQ|35j91=Vfn!fDYRG%(mI=m<D{X>ps
z4bhHy-}wmd+6&eDZa&&!%SM#E-(DwGgBjTeO2R-3t=tcUa1UlgY3sW5c`zf6xl_*5
ze=`N|)^ygpmEe;`82%hMHyR>$ET>f<Vw_FRFBsBv<_WsnRM~#|IB<55Q@k+cEcS9~
z61QdWHyt+P+uv_1V&}~};XMk*QTG0m!xpUR!a&beXL>YpK`o-KQo0`ystes`8Nmqi
z){vOXC-%{RbwNq+G5oTkz%`)dbE$0r1fDglBm9R3b-?57e@KK@VCGc+@rSWrWp7R{
zQ`$6`^A_)}>Zd6b@!4WqnHcNkLOyJ`izzQJ;^!q<?wJJxc6Tb#YTgy<2ZrgB;cKth
zRoRAGt46<p#9Yr}pM=%@hHp%6VH!PMiAd3sX_FhFik)7#f)KXDuZil758YWhWy?~S
zygYoV%n&2>)dR7N*j~aA!00XaOCKyTBBLR7G#rYL+CP9TE<j++PeyuyAxkw^)(aXn
zqerWwKs9IS^}TrcN#JLqx`Alwswp13fqLNmp&0_pbYG!G8p8V2yQfH^mo_$6sD04z
zS&VA+u~XRB>2v2i63!dxW1c;$tU9!rFLj&J&2;q-Y((s|uAYA=<D_#TzA&8ljx5HJ
zao+x0n=&JI*=_j8XsWf0F{aq9LE?h$&Ua!iZL(t0&Lh4qNP$-|5pMidpHPBR=~vA;
zamz%w(!*~6I4S1?iK37FfBxueT^0>kvn?qW%ULxw@EW!MspppCw}EU^SWHM!0fJ2Q
z??0m&ZR<a%iiZWL6A@WsxoL=h5%3XIV@E&T_7Z&3g%K91BKm5&bgX7NW-wzgDTLw^
z!-vFCvPTgGs+X9OJf*}|AgsszD;xa~*)F?<?#}+y^$s#mn<)GqF_8oQM7E?dG5xiD
z<fCz;T39#oR!K2?YCeA^IdV6RTsEo*CO>tqC!X6A#mJOkBr0XHc=Rae#x>6-Xi=uV
zY%c$t!0;vXtKP4kkQN3ILA69rDDBLGBg$rrvq!inXPC12)l`trM5k9UUw{0Q?lii$
z9K#$Kg~tuDUwzRxog*cEN@OaNp<g>YmLJH7jaateGPzLw!!lFnR>N&PWBn`R%<I4>
zSNU*2j5EXYh|E^7?uzS)cGpPjCi3472Ildf$k>lD2~e&ygBn3|@^|=)OnSHY1w*UW
zl`_Y5iyjLiM}l-67h1p$;bL7fVHR88u75&$8%LW9EPD7D0Tg_i@v4IU8A-^+S~qms
zu4{(1{~r7~3^)xb8Um|s+47uGK~wlPg$JIh`q+mr?{)+T9SkItlKo^7ls949cgSH|
zDqlKs1}lFJ3!!*j$JohGX51ve)PB~uj{kAlCj9{*2aL+mBpIGbDDdXm+E%5PdjEJL
zjgM@g%;|!gu-j>t%3lrB<kj$rOkJ!HsdXwqY}ct=WIqjyi4_--MJDOdQp%8$k;<Lp
zQ-%t9m8P_oA!Sr9kh*<BHdv}fZo*d_bUOXuJPq85#SSque0S4_zCFz5uZ4s%>X8-m
zJ>)PyTgzKV*b<$ju}R26Y2T|W5}be#Me-fm?sPWr^?VqNowmYr;~$vtIywL0x`Xf{
zSpTL7)vZ~xeRmL6l+z*YK1%ZA3q_<G%fqUFQ(ce8(q7s#g(~aCLLB#Nfjvr8%7GNy
z$1_XHuR`lBxd%!U*yC*+=JEGl_;Wk*2YT+IvyQ?_FyVt+nYIBZyd&c}lo=Cgtt6`H
z?ewM8WXIk_o_*+@)WI$vYbBve4>S&4W9~zHE0j!sl!k{w&bWdHF$C!h(&thvPvUtr
zRgD?OD>@IchWjvQ?>`sbCW!Vu4srtVZVb^)W^cN7vr9zvu7yW9)GlC`jJb{qV=#;u
zvi6hmux2NHA>p?9cKJWWybCAc5dV+8WiWtwu|}`KFwC-I4_G#V*=MpIEv{|Ja<s;W
zazYwX9}oj?0EtOA2_VIN#BzkQ724~7jW3h>cv0h<Xc3vy^r^byAh8DjYklf!k+iiV
z<F|f}t(GGlBbbG8AJo(Lb{Jk1czU>rdz7Nbhh2f?kZr5P1pdOb)B=6)`f9Oifio9|
znlr}!IDEEo%TFp8Nm$~a2Rdvy$0qIxtfySSyJG6cLP?hl6#@z}L|uBbj3_w@=4#<(
zC8e5Zoq7a8+Uc<OS$&~Si<{E4LQIVf1RehzImb?^r*nueW1qM<=viYW>!Cc>+!u=X
zoRz`Q;^+zUi2ALV6h0TNt?t|3x%?d~wbgCPfh#5EClPV!vum|}jtLYZt92P#lB0L8
z_VTPdIlsN{N$G8VD6Ong>`2Mt5&LPO#|l4@_vjV+zd@dl{%kr1-Ed*Pr7)!FhU9}b
zjK1vWhm*WNyw@U#zwXE!s#?S^>I@9%2f>3{1nnbyE6<rnR=YPorVwkGJqy?Z9x}lB
zoyI12A;rhQ$mncx)0_73a$AmrXqg#pfh>A}P)$5cZ8K&2`{qwa)XfG@)G1fIxC7FW
zTv?kB#a;o4CA&26sW9ldFGXIAwjUoDurPaEMP$KPDiaU!iw)DirJg<3a*gs$WQgtj
zwgiw~4z%lKHlP)8fmnocC+cMW7m+l-XG~y99y313#%ylTn-b3&J-7=CaaPB-1HZAH
zkw1`4XSuOyXw`j9JB$DbD@;o-7Gf!0*?5?aoe0`nzy*j3qs4iNq3>K+M-HksZO+0|
z@gGG%^ZRc|FXq#@=t|ZZYf!ppD|q}@42D|lK?}C}V!qV)WvWcoQI+QV^M)hneLM=e
zFQ;FQV|j<R9CMT-#i8#HWpxjVht^M4$_`0R3l*Q_RVMe=1)x0vDcj!14r!g<lU*c$
zVuhY1^8m43$qzmXREnXBHm#nkHKD$**Vms}^k-2g0n$nM7u8HI@etHWUC#(DJXK!$
z^SsMq<W>aV`z7Ge`4Rb%!});-&M0_ykZ@3HOPV3ic*1~C&bde0JkJU%3rn*hU2~q5
z<X1s!GP=?4B0btE*+dHot~U`JSGYq=ke<^(0**Hj523;93g>XGt?9BA;tKm8jhr6k
z7b-Bdo=GO$%*+=>)6F30ZE@NrQ_SL}7&C{!Tm~M#IQ|xH3qMWK*h{4FZTzFvO96V!
z5t<aOI(0*n@{Xi_UA4ZeQ|acMFU<Z4IQVB4&Il+qD;);NF9BA%R+N)yEsn!?T53?^
z@6@U@%vXlRL0EDIe0E_FIT2EwW>vkQlbb3s)3=q@bNKtCG;s;}_6=+l0JbrGX0L*?
z1uaScvQGP$ry<-3Scn!;KIJ~1_Bugdw>c((gLki_kZ8L6j5o3b)X?MQ-o5s$@AR68
zydXUO+xzA~DsSCCOdMsa;rsvdTNwhw;b!uKVPz_;M%?T8`g&7;&Hmutz6%0JgA3eM
zxbzO5KQokiCzF}(bg~)`U<mJZ+1HFUoq^_B{sJ9>5mp#$u?Q6bE`q6`%?W=WabnPT
z_)d%VHqnu?o<rT<zyZ~zU^HM%-ewWFedwz`BfLpNA-Ls1FKL<nc2kw#K1o?-m#q~d
zIS9Wt>K=u&5$vUxQ^07~o@vB_VqB-eJ<Y8XIa$8<?Ts!N0GC3}=7g;fYl76_0qdjZ
zw32`t3ln9Q_33|ofGl7aETG~y)?li(({1l@Wk=pVK2&pdvo!YD!x;HnY$xVlQSVLL
zg3t_bn47P(GVHF%;cGHG6f}-Y=f&_OFpW)#XDHMeCMj5IQO6z_htR!&Y3L^yh+1jA
zf66uMCjLk#g;O&=9m839-OE1)9BD*uZ@lzl>&$@m7*x)Mj#&<`Li@Jw$hVIt&}&?K
zkF%X)A0(n<2GjAtybJ?Gc++^wS`9G+@EY7?K|Lb&L?ZPvNQGW*1(w-ID=^h)k9#Pj
z>u-WcZ4XVGm~uXf{(*d!7`JD$Y5(UigkdCv#3ZehV2-{uWt!eglEyFAz{{e;S)mBc
zZx)Z(e?sn%MmOIu)I-Z-LCSZg(2V8?GQbh0inddIOQf%!xb{iFQ8txeT&9c{-&K7@
z%3?EWRs3id&r~@4OJs;xx<M_$G;CwlhbyK10YNZCvi5O`QBsDhb^}_?Z>H|bKU}46
zNoSjZ!nn*g!GbkuTS7zX^t7DB1JOAF=S~u(`@F;cab${sBUgek+OAHVsaMReaSWu}
z$r2=j26JRk4VHq5VnS{B|2=_B;CdtpI2jNgFccBphTN=)ny$CYt^^GA>Z<61*wG@b
zvgCMqD~!_bE>lRD1bMi%eF4NBGPV2)eyZ=~3{q*M)Q>v>9brh3HibYD=aYKHm$AAo
z5Yjnt%QiXxCU8Sq8CS{eTbw3nC6G!B{d<5nZHoKR-irp_S2YyQAp8f4ifx81358q9
zXjDK6FqG7+>`tN(EO;Eg`?3~~%1CUMR{nMnwgfLdSph8q<sh<5YR2ceE_}Gqlt%+D
z2THXQ{;y!NUVK!XQay65a3Dq+BT2t_>)tC7!Npd(ukkX7_Bs(*9ftCS1LWoH@KZ2H
ze?q7n-((7vyI<<W;)@{9*n~ZiE$y3%khDtvNyI}~Pfkn$<JTrZ-VkX?@~EN=t^sF+
zLuI{bR{kUW!<V-#Gy2o!AcjG<8})Kw&U?SZ)(6ZT|3s~eL?&=Cf085+U+EkDBrxS7
z-sh%i)v%=eEV9rG8|`WyzhEMLc2X-_f_EK#@LBO}dNO3=1GWt<xI7{fslohz6`GKr
zqDILm0E|gvk-d;IskR1}$KIDc7;GjBsGDxa%)mj@k5%F7jIS@_gee>3jM_lc+F{^f
z@A87RQF-9-5+bvTq_^q!k!TeOtf5r55I$`i+zShOKj=Sx>S9_Xvo<Qtim!o^8Y_3M
zWR5Skj5RheMEg^$Td@7gC<&N;w%20Vx#x$ej29snW7~|RQBycyx*~7D4JTeTENUi{
zzoR?)E0_Q6$-@<llX`lnDP7WCKZ_bAZB>SYs#q!KRL#+j9T>l;!sv{nfOu-w^Zv>}
z1=iQs|4ij^ONWVb@c--=TKidW8VToXGRf-5JkkDtcZkqVA^MWo$S4Y6I8_<uOqOfR
z=CmhD!<^?F=~w#SuD)U5ZF~)3`QAS4NJi?B`)_v`4BiUPm>MiN;YPmhA*2m9M!4Yx
zj6;Ah6;5YBLXIe$h&%ykMf<ag20fllg2yr9??7(>JonmIzBv30@y$C5NOFrm1PRBu
z$m@{YI~j+9x&s(WVs_w_K*`#O1B2WLuMYmj{i#s>wBnh!Z=deeH4LT#{{5|q7=pI(
z!->5@zxn5di7&UhGqVhxp8&wkV|@QhI5Q#!OAqoO7cXa$Bz93}fH*7z{YhQ@nF^g2
zS=IG6u)56<p%=qUbRCd-zYPXmQX;D+(oaUR1PB=qt~h8Pld`NZms{MmKAwc-Nn-=C
z-i5s5M-@UZhp_$g8yVoXysUDVV1Q&bpS~k>J{>btL5vs@-m6!9$f_C#3-mpn7afRf
zxqcj4nCnt=^B(PTwI`$aayEK7&)OBA>HE&yFmakgMv&`psXPnI!}jjQHAIwd9~gY%
z6k_ZSKj8;Q&k$+3N1M*-1z{2(m|7blu?nw-sE6VV$$DGZs^KMxGchxp2meTRg3K~{
zZjWZe7cMKS>Oij#8+nM~{~@3uo&%I(5C}mpdaq8%^BhiFTl?Hr$FX7SJ=dB5<X0@f
zinL7u4#KZ95l8Sc#8bZt3Sywcia`Zj5}4M{WdnrNyCpyi@Ts|S`P^Y~5ew5@iVqji
zi0;g;iaupD@pFaf*9VjiZCE#MUs;V2k_qOe#_M674X&mHpN^wxet+Cs(+31Udk)#+
zUFy_)#~n8*!HRC#@@RCfo`sESS55?OyAyPN@=9hPj2@Kp+Nl?COymN2zO%q}jN%R%
zo0woiQUxKR{!d73pXIQDTwlk6Af`KMua3y&Wqq&nzXyNglMz%!uK>c=!+p6M{<l{{
z!t7|XplpbbiMlB@|1buUsr(=tOEz75pLnlGeNh7`>i&h|fLcsha5K^PzhxNoJ<+~v
z3f$ExQ$Iw;dNaw9#|ct1hUFGDs_@R~^yhmj;~^}_ntpaiqZ?xk7WmClHrIsXLa*pn
zrF}}Knv{bjQCpr=;IXMwR}_L%1k&l<^L4}bmdlT#8O@<~z8xSmi41}F(aTYQroh@e
zZRho+@S7zH%PjCU?}?%Y8`CH<3Dpa~hp9Dolyr3b1v+CU<uF{G5m-eE>=4W{Ey}3D
z-5s0tOx|08=ChzWO&|y%1ClKt!X*`9kW-kb5Qugt2ch9MmG^bkn`)Ay#;`?$%yTlg
z15)g0B!Vy~!Ry)Abg`tKp$DdKe^wlC$m!8*Tdx(iL^Qn5el8TWmbOZr213ZWY_DzA
zf|iy~L~fX(x8Td5nr^jeE)_8&7Oya8XiEr^+K@Q(gEU_78khjpa#WgSdYeA&z4G=C
zdWGc4`(Mf?TQ);bw@zIr?q556MAlp<*Dm+79HVU&!fUIlYFkMlcF9S4@V`^U5lS({
zwWQZ#liJ*Kf4=tnrqx9F51QLBJcC7R%F0v|6GEtsJ&_)6=s7+^5(<OZpsXV<$vr9b
z8&?;c&b)!u@X!xXef%LZoV{ahQc2k2h#6X=wO#vX*r*~3qv);NP@f@1A9_dwlGgc$
z&)xBlesyGzAFlz*<n1rx)JVE_py<x1nSF+Z)fXE2Jb7%Of-}OW*aGc6!O4fs8p8uf
zksy*}R@mPJkDtTB?~_JAq!kB)*muaVP=(BVT(fS`^WaV}R)^ZX{RCCL9_bByG+th_
z3^+Rr{$VkKGls~F=WQ`CKuazQ;SS!HH(n=RGlYQ<8e?Bbg~ZJbbLPJm)ZW*>5Rq(z
z$ip&juK)cfh|c#BgYhYyJn#SXvYk5<LZ)-&>h`SNNyuDBQK|#PmM>%wO{0cr6dHu0
zQlJALn&8DyaP#m<tSt++A1(Ayo`x5@{6$r+clp>YAZ8Q7A!WB1Ti{_k^}WH$2#TPZ
zrf)4o@TH|7ythY<$kdBGe3`cQki~HeA;SPq$txYE(Z)zPWei{b3I}bm4&OnrnD10W
zom#=CY8wcer^S^kbb<|EDNx9`UxRscQijz+TO?Pgw2?MW)^hnFa!s*R$<XNLTpR#D
zUWJF*6oX2s>I^E^9PaTDQTSyr94vW6ZCa-A85!j_$?e!3t|T6+MLyA4d|^c++~+6i
zYL-V2Y`3a`I(lFD8DW+yBZC!q8ynmF=5nG*DfR$iNUqbu>Xg9rPVzd^*#C~_jCGEF
zzH|0(8u$P#EMuADO*fV!r27&t5<NBn09z$qPeG)<FY)_<RHATq8(omLu$rEhm7gl-
z^~b}1uI3+7D1hq;?j~;Yw^3QWW+$rCUnjM>3u`wjTx035QyokwUl_D><|97;{zD1s
zgp<xyXFm)JOtb`YbN;j_(la;;hf{$@RJ@{qZ>MsH{xmRAqj%7rJL;I%5a`M8?!;rK
zE_qVSPdz!EW)hGw=c*NJX8Pq7;ql=VzP>gerxNiD^lZ4vZK@1V7#IlC#jEHY*6hK^
zPi06_wlKdUqfv`y1xoCNtu9eaCXqW!UKTn)W*Zcvk*4na@j3P4Ql4lgXgdhs>QH-}
z@G5o530#Ik(&OTs5YdRB@bU50!nQ&h5phrfr5&8dQ&MYcl-fvf{FmYnJP=p$K{of-
zGHf88vCm8teXH2R=@Kr)?aDcp%R@RLbg^)L5rIYwqbl<H<0iKAfC3`vRm?q`+Q1Y#
zbxP;9E?g{CKqoLStk;I<#0h|ma5y!hj_V=gW`wLE#zbbi`WoAv=dbYCkH1sWk>HEK
z?5Nqoq}Z&o<7TL4)O-lr%BBOlHT_L5S)_sopxJ>{7z`Um#{+kcTZbifJ8{eAFBYmS
zN9Ydnjy%<@8T=?)7v<^ww=Jk!H8So~6_Z$pa~*^fo=QjrWs<pL0xodzc=9%0Mv^c5
z)b#3qRyGA1Q?qGSPDDb|HAfA;J?NnF^qWPk1Lsf~C1K{``8H__h}fbf%>Cc6^?Dqf
zw!KJ6NFmdu5=qL$0(tXUb@(Li6bLRGUZ6ACypH|!dNuS8ry}^bSZBp+H&ITSjja$K
z{d~j3GY3h)`*?)jXlHYI<GoWmya}02IVcL(1iy~4xADTFI$2!k{Bef^Zx3zK);e%_
zk%5H?M@)0R8I`rU`?W3hJuR^8l`;XN=2C$HQ0rin^ZWn-iRFmIah4Ab*xT(UvIWjB
zth(-(ZQ1^5xCvzw9F#=<_Tz4IS^K60(z)Uc!`?s;gw{Y(hzYnivdBMwC*Rzj;Nl3G
z(AY~|V-k0bkiyTYou81q>2M>xD1pFSI<V*lAZGdgiV0-?5PF{=ER&Q-BiGyUu(rUY
zWi^)0;k2X7M=P@M<0HyQ5j=&v@6+Rn8pB3$6s}Bfhw!@_`n28&!bRxL2Ru~yeu9@5
zh%b03c~YXq?VocvzR$Q1)Z;uven2ecp8Yg?z~CCYKZ&a<3O!q@;{G5<@;%^26!-9k
zk<1lh``xw_)Tz`Hgc&;OMP<9)^{Q}{i|0Cn4Hr{jn6rI>#e_J>Ijm;@WLb>oE%Ns*
zBl{oY-m@H4oK5)5`jIC8rXD2igR&POi1Vi^+jYmz8UILWgpRad5(`b%6c*HAPGZ-t
z=K{2-BIn}hR2)HGfxvPrIHRn9h1lc7c|sb<o3BUtHxhsY-14fppjAv0N8Yb<JJLAm
z1ZDGzy({Wz`NxFi1cqA`KXm(LnEKPO+kT;{E_anYsm^b*$yr8~=Z#PGmWijl2F+C%
z1FjoW(jqoHi=HI3Iee<kkevY{a#}SLs$}>D3s!x9Ag?>&Mo-~4$?~NystgQ_?o!9q
zUie7Ucz^J*YqEL-D_J)0sH1wgyugsdoYIKY^{pu9t!%VpJ2>>_`)R0FOp6iXtu3f7
z4fL6qz|KmtL0X1GQtv(sh5O|O=H-*X?oT3$mY=4~kYloL%46wOB1}a`5h<L-Vl0V!
zI=h)tx-d#5y(9^eW~tIuyKLM7eP6ha`MlSg&J7}Zc?8ANciYRvbZY2gYAM6w=4n?b
zw?6s1SS*Xp#4W|at523WM;tCnQ@^aTD%EQVn)Cg0L9{2zfkh89_phR%vEDeOf~CUr
z^HYKctF9t{C7(o}BoOL+;^kSAHUTu?SPB2wmkA!)%IC8@e#hpg+GsWJHwd#|trK<n
zB<y=!QMPtdl_w;U7OL|)pX#%Q#54XOgYD~67V<UGA+-Rx5(NUe;Dg50(K^cP)!|m+
zcJ^S5-LSo(%gBKIkRIQy^3As}*6~kksD;L%WqARa7aMms#g2LB_&*Y!8i0phhs}_Y
zLq>edhC9_{i|D$IF$KP3{xhc0``r1~+w=P_cBKyo;r+kE5DX)EFdp08TBLDgDzh#m
zUibBIr77XS-BRpNNFb)TvNv4(vIyGqZEqp6UPmpwi15z)3i8*05B*F|R~qZkW!}tD
zIiG`@=9<Q&P#D%}curMPpoaz<nsp1iyLpOydV4yA`u+e5i<_9@%^LKWvBkv*3;5Gp
zEa2NYeX-%%?n9$RL$k{T_=;J#7#oY5XR7{q_a1Jen+;spOAY7joJ9>l(#nic7}1{<
zA}K%ZXZ6#0??6If?BN_~wrZ0^FZYo(i{J&E0k*HKn7vshh^F5D&?za4m%DZCAx>A@
zw2w~xFz6ya+Z&34T9^PM%92ntp(`#uB_Itb)||6^Muq@GPqztUFka-(!smH(QX{uH
zNUX*@L1gg8(|Q+NPYp{?UJPcB%dvU1;Hs?*&WhTqEvz$sF398h#I$trkdb|2;Yyo)
zQx^@hCQkbwZ81~l!*A$B0qxQUMXHP=zp)=k5fw89A1aCF!z-UWMbMPQE;9D}%Wqh-
zytASqaQXV({g?0lMt~9=;8J{xb?)#@4a%hwTzoZN#W~wQ?|~j=2_qQNHfNcu?+g%O
zG5CcC!XQ8PUNh3v-%NIdxhz^E*}8o#x;!ex8q?E)LTxa$#wD<KdZJn?4CB$RJDH}1
z;l)^NMK2cG&ZT8mUl+o9prmz)$1$dDAa^q$?=ayp<Y*_g!=S&8hn(knZG5>bC+ukB
z5A{%{ZRcXmF7DV4x({qg3VhN!@|zn+uSiBN1-AH;s4Lv9jHuf&+H(PXs~Fu{9TU&4
z-7Azj)_9~vIDXWGj8NJ+>SOTK^>*&SusQYqyhnpY0^`;<y<*dMXh^Kr3D0=wD)4UB
zjNd7N$k4sG>F*h2NF6he_$;pNuH7y!Wfg%1v@lHaoc)1PLqdB*G(Hnr98rYz<641A
z2%zCsmt+I@z~@oD@-EHiptPcWQ}H5+d~{PTn2O@f#?T%i>7V=fykT(1o%ozw1M#+G
z3CnYiDHr-GYjlVi1zT{|AEghc&&m`taVF*1;z-{5&Kj!gt|%WwNfI5Ui$XFpI=M)n
z6a+Gw;(OU9{|S-vs-lJbyY~Ew=L6SPyk|z}QH!!A2i>HEl9OfvQpbVKnv0chEv-;o
zIe|}Y@>5k8T;8fyei1ty{-BH5A(I@>fE%5OU<+fDOjtVAq*k@W<JNo+<Whm+=xPfX
z#sv;tkz#JP5B{eOIw8sXL-UJxf;l&VciOr?1#{gtCfOlJHB`V)HQ1H|!hkNUxU=;|
zMf$`DZbxObT3_CM?udarQqr8-x?LWeFU`~CY#(EKYdiX!9yba2^DW`l4YklF#~CE*
zGyv;>Klgt4W=Ll1h3HoSa{fN4-H#mp(uaoJxn9LFG*4M}P>P&E{nNcXcbD6-j-M6P
zdFIg8VMFFthCR%0R_g`ju&lR-HEv>4z(Rc06EnTX`hm*3lt+7=A3wIox64WJ2jmg(
z+c(iY`e|dW=jaA0+ctC!d>t~7Ino1UGR)N%bJHQ@#_xX1gFc<%q4N9X;GX${LBucK
z-{e^ggFb>r;I6#{v4t0S&=qB@D|*XWa3?;1&@40$!RMw^J9pYrx*M20*<-3oKv)w#
zk`gexH<ngt)cxz6X5jvaeB#Jb1`5F13EKw)%-VU2v+D9Z*>xG>MNVwb{q0Gwga&;3
zf}i;v52571S%7-Zb~t0=CzG^Nfr*Az`a~DSelh9022w`Y=|5z-GBJfvrsZ=0sKw+9
zCyCta%`KRnSX2gF;CnOPRBTkCmiPO~kZ&AX`!;JI3v$02KSV;atDM8WMcb4xFHfIy
zDnPf^m!x!ivXB88%sT;R1#~tpJiFB4!SYa*)XW*;qwZsjX*TM@CMUa^Dpy|RUognR
z0mr6Af^?Xa1q7a-{}t;gAaRWwFv?XAB;Ce0X{-9-LyWE|jS+4T5`lewFRGDkAG-?>
zm5jHUxHScOtS48*@gqZ!BL^QNS)wt`PoJD?Z7;By0|t)2xVk*lIY|s{M^!_yry==t
z=r^5vh9zx6xq=`X$@Nzs=yoAb0k`uu=9GuigL1kRkC>Se$6Ktne$@5?_ZnfjUuV`h
zRRoTa@{Wl~F~x*-YKnos&Cn%YRtwf>oB+|IrfYVKk&|5&H<Fic*^+uKrBEWiD(8u0
zeV>OzECbAaCs4ylc?-5IM#YXHj_FB7EQIL&4)r*uwa-^vFt=}lkj8@<XIM#aNesdf
z)%6W!`C!|53y|PiPI5onbz*?Mwj+rbIIcxmA)raORnfTtP*DCW+{&)R*UxHj>snI>
z%9_X{vweN3GNz0gX`>ZUdm>9&;fb=D=l^pMAvi%NAq!7w)z-p$H+S>%)`@lY;6%XU
zAkQ<`z@j^hsdZN7VX!2#={O`<-mVnIS@WRS`q{^-!uoX1Ux^NU&9UEN);f7aodD@A
z!E2CEN5N^p^_?<cT8}UD6w=SIwxQj(pYQ7yUfxkFrW9c0Z;2G^62-3;A>UsRVk;|)
zy-=V(!-v<~z>?f+<+g$qf`<C`^^s|?x={O3d4R#v1x^R#fACdSz7y~^Nrwl2=yl@I
zCaaJQRF}Z|W48*!_U6dT($lNMBL$LhmWkUbjOt>ciWk43^d3ko<ES1JyWXV^9x?}@
z@&P1IAO;VVyyPt}n+Ak>T<w!XOQt<?>xTYXkDAEd1T}`ZUZ>V;Gty2yk}$^a(VJPc
z{JFnqWIaDXIrUww-|$&Z7?uwdk{GqQxnCzRwAY5>SzU7J-PSXiX45k!fgQ9N*V;C9
z$K_R<(-6Lm@YC!lf3%>45A*Bd-gNJir!cSdL-!eHAM^ZoDMbxVD;GAfv^~_KZW=ym
zL+{AEwFW-v$nd#iaMwry(Yy9m+uPegI}w;ybO1g?sIn=~bXm|E7UFc-mDm=^K%&!}
z$cnFCO;g&;gtM%))t00VVp^Pj%?c~2W-p5vq0MS4ZG89X(>fZt!F?Nn(`daBBo9uh
z<CuKlk+d+_3^gVCdO!fY5(X?`9zh%d5pS<g63))fW?$Sx(bL3K#+A&S?iOq6Kj_qF
zb<sgN2I|7)ePjw7N4MxVC_HUiL6oo2BgCw;-IIqIiji&+c)nOCJ{M+EpUG;cvar(7
zBR?y<B}+V@jiiQ*Qh#rzsvd~vH_~fq0*#=<=VVHluJPq2Hrls5;-wVMLU&(Ik!UU>
z=~sTGAT;EA$F@^>Mn!w*?<_uc>9srC71L6VW~P~9gZ!UBTZbaO^#-b>`?Zame{=;U
zXx?7eT??nmn5g^?CEB1S=evVp*WTpF8Q&R<LWfm>@_h_O!6{?rNvH0W&_yxyDB~@!
z@hj7c?3yo1R2mTG&jsC@)9Hini*rI^MZ{XM0a|b@vwlq)XyO+hu++x5Vz9CU8IY{Y
zf*V|Xkfv4uB6Vz^-f=Gco9_cR!d@cGIluTvgrK$OLXOTnOJVWR^!n?gHs@R)G;P3E
zS^y;A=%$*>I>U(#40wPNNnwL5!6e7z0gu@=7*b+Fx;0Xi6|dk!x-L9ap7h>RRv%%M
zJ5opzc^U1_K<e_0GnPXRwkv<iLxdMToTG_Is&FIm>=xMAjb&qrI;pPh4lV5G@}Zms
zIVx$rl|KnVY>&i#0P(Wx{Q({2yZhp;yXxU;QQhn;a38?fJIo9cN3MY_aUmB!Q4?|s
zWRuzx7LfPo9%sA82VPq;Mp}Gnvl8ZGM5+Bu4G|h<TNfsgQ_!KEV+RNDV0(R#vHBv=
zoi}-vD>OQiwB=4-^RCXhWnMX#IyRe9gE%tDKO^;73sw=5nQ{{U35Fr2x$S7J+x@8K
zo1UIj%;>rOYsEqN)3E`0o;@SD5j&Y&f^yoq1c$_J6_UgvzDO}C^1+mUtPF{e?*Cz}
zDN?A9=?-9!v*(OHR{CvbNew<EicWc9o%J0oEK|tK3eYBSFJQYu6-c2r5gUXc!ETPG
z5F&YnV-jA>k>{TktC$52$D6<R%4Or^c%kQd@3$#KtyUH2zIf97@^%H<&q&-Vs#mhC
zn9n-GcuhaQnj1>-&!#whA*9DJLzz+}<(~x8^M?ZPlpuNLAY6b*7NTt01d=BU*N>t>
zIVl3SUVN(yKX?-&<&{M#@HiAz)6gcJ<k9F)oD;hyy)Fj?9D!!N`!x(90y^#>je3bY
z2HH^{-`*25XsI4hb5L}kYA=IAi$SBlkrr<fy0~Mt9wD-v=~c8O*q0PT=&!Pj49DYu
zsXD)d*oF7=ecMI8Zk@53rV&l=2~bPl`9dAyDlT;bTWmQWp#U_u8|7n<5J0WHRR_sa
z0p(Ti7B9cT41_^RZzP`tSK)}axGcx<{;JG*%~@EDwwL~UvYoh-3%(pn%&Ws`@c!lU
zVa@Py_;Q#n=<(FTcXy>x@JyjSoAtI8F<2QLPzWFoE+(KJ-h0wY)P4h$vU8F6;&}Yz
z`6)^CmD6!WpYreciN&}!WH(!i^{$-?AS3|5J^p(0`&XWysZq<Le@~u2ZS^>#mTb}r
z@JQPu02QsKS4Jbfcx}k?J50(x+Gu0P2BI2~f1?2dHQ^eDyIDI7KA-8J^{wDMuzrf_
zMOSAzdYuhr+B%kM>mguqRF)Nuf*^YM`MP0DdmUE;!d@pa7X`%xiu#zV<R}V412=J6
z&K8g{)J(g4C87LV^&9NNgH45_Hh|WL;*&z85hX<1B11VKB6sV_G^(b96Sj{3k=;_j
zXI;O%x{2HogEY+K!yhQQ(;2w;3?rzz0ORPE&+xr5fO`b7>+mX?+#B%%aFtHYy;j|c
z)s}kzLX3lSX=U@bT5(SQZw{MB<R{2KAF#G`8&r6V-DxINQ`8edM<0|44-#rSpkEQa
zDpN9|`G+g*ATNT3b`KYE;h7QT(Ev1(<`yza9d!ZIAe<Dxc0!!VK&wSB&yr!`Upldv
ziLP_<nHa#K0N1W}HYAjO^{)%nPt$%kCDIWqBtac}uR9^uA(^>hsH^_FJWD#H6RF_C
z>^%YSsX3jAztUA~iEL~r{Qza0K2!IHy}s4<rQpBy*`ox{u?tmxmD@5f_+<xzhDGo)
zes1zqEB7P8s}pnCsBs#Ml*J~wKOUp@x@f~WmBPdN(q5q^_2mnZ%8Da1*(&1ihX9RW
zc*KxG)udaB0rrEhmqBKaCzC!=FNNaeP|xfiaWPft4~9d`Zs|VOZNN-+KH#$${)DeY
zIK{~E#pphpLiwbGS~M#R{8n;EA;Z$rHPfHCOh%vt!w3l^y@`Ia0<5$WCNY7hT*G!|
z>U{AW_`PubqWlwbbElF2%;A4lNlVUxT+VYvi3g;=Sb!-ZO61s@mGs&xQrUJ*SQbM&
zAm6GnZu;B<!;K;+^#B=Z-nGUP86Q~I0~;i&CIDC(dt$}R;1?9?sb7O+A_%%?Wu#(?
zeBCdSk#kc5U4Dcey}3v3HcK{|0ZF&@KTE`~x#F$K4s*qK?2iRzb0KW6SJ`Em?|FwV
zQ6l#O#4G$uM|))s%%7~cV3Ni{D03H|X)O2be9`d`bq3}Gxp>bx>l`Fh6#qQV;l86O
zym7tbS%|zSQ^{Gj;SlerePJR#)_$Aw=kx|2a!n@0^!hsI-L9*w7*NVXbAKJ1Hmg>a
z;hKBX9NGU|Yo3egT)eS!-QxexjHf^;p9rX0;^E;z#vEw(c9nsKLfJ?H(;vjP)sOLk
zB63{&eIm_xnxYP`^tuEXToNr(TeqZ0Hcz+Eg9Z*aN7xihCn{l@tfab~d&T85;4xnd
z=}%`$;Ha_ia%mXj85SZ@IQ%ZpG`xtVj;VVl4tbVw6>M9J2$>lA6N_NC*NcK)y1X>?
z74aoTCv&eojO)~GgDt$_Gzuw0Z+s4HDRUEwc|ms&v(z{%$kgk#Eo@7dpY>-6ukfok
z^2<Y(hWhwKZ(I{MVm_HK1^IVJT(=Xv@UC`sR_SfAIt(fCB~6sjY_UL59TGBXVLvUU
zq9W}&MOv^%0f`J`2kd3rTE*0~Hte!5ADIdmD)Fs;AyLe9;VBj$DOI=Qg<+g+u(^Pd
z&o08#-bq5fvglRE^uM{GJYL7^IE;Xxso|trQfqjel@kkE_&CW?!pV<Ge^pC4Ql3-C
zEq@^fr=Z-m(`K2p#CnUed&|FGSO2G92x&bWnsDRb*Lq)5C-Tw9LMGPU8s2YRP;4Cu
z#(>}P5z_(%Zh%aiO8w1S*rsmCjVzZK_fnacUx@AO`vXM7;}0TxM~9coCR<;c_4#*#
zn5<$E1}w*OMGRg#e>7w9^8V;Xy$D3->NG(3^0T7==9v`Vz1I1Jsd*dtR}@>tk~Cbs
z%1OuoTd5XKK9Z_Pt&vK7iIpHoXRp)VF;!4kZJ<L{E4F~hH9GzS$TX_$XEz~{!^7?^
z=czBAq$AEA&8Nbl6iuKo6g~MWOc}-L9fdlEG?El{MFE?4LiT0r=ZG7Mzamqb1*8K$
zdNDTAnZTyZ43j-x&BZK-!$)syB?06NEnQ8SbWx8=FNJ%)t_Hpix=+B2Te=F0G{|)Y
zN7*M@b<@wgk6URM=1ltegzM}%nwk^I6&Fb#S|6qXpYO0llc(elT4#pT@<{0t84dzl
zwTZvyG(iIAjWah(NB|K__W2jc#Z)UcJyHK~9~SU6WV<p$-<2r@C-sCPdbb1ntpkhS
zggNLF5VA!@XgnQ*Ox~QBed1WWwgYL|ZJisCnjpxL#ggOkyLlhgb83$fy+=eOeh97N
zx8BpbE`q%_#c0XP`9eXj{hSQ7t_pa_g?=FuYlx<u*n7MK;<hHm;d8WMVf5p}^oS!m
znZ2VS=ngH8MdC1y&Im|eJ~Th?DQGL_D(a#@6?(AUQ|qRWcaaF?tlzg<RAV^0DwV>v
z;kQjaCCI7|0#5Fzr@S+SJagH<4g1ci$8Z55xzkSs&k$OwRGWyjhE7ws%eY%YHCtC|
zE{PZi0_l2I1yIc}w4Gl6Hn<~K_!^d#bm4vxWHO0wO%(s(J;*r_Y4l6;dF#oVA*SSm
zXa$0QW7l6|&43VbkU;dVBideZU<A2G^JUnPaqNGV!`6RQxvs#U;=LPImJL0p4C3=G
z*A7*^>+nfWF;-Yg88WjWVH&u#Z(2WIDT+c{MP+TTpZDXAV%Ai_w+~!J=X;En%rwv~
zXimQ1B3^nT${ZB0sh7L?3&BTicsjYo7*dqUvy=|(nSzTa<>#xuX5P4+1G!J|0Y{mo
z&vBx;0m^x<#5aBt6xEO`%&xui-0S{Zs7WX3S5svW9u)}?Ilh_!kv=fZT~_t+_CUWH
zY_18&T=tgb)U#<op?f-!^dh9T)8L`5wT5qAbREP0#2>hPEu`&rmBv4&PWgS?1%G)@
zk4mYghl1Y`A<pQN5E4$y>BDNgDS<2VjWrUdq|@LCzQZNwUK?L|9g>s$uBX-^3;mHE
zS^5gTQsaQXiN$%f5ssf{h4um$gDd5;-nQz)Ml?kUyWe+exIq6l-0J>S0NS_EccB7e
z+4IWtR$3n|{QThKI|}#qZL}kCSp=SsrP|g$mrXJ}bewM$iC_N1;jVl?#@%!B>$>#4
z@^7X^%MtP<2w^v&;?Kw@Ipv;ID%4bMp7c~r`vsETfDpZ2%J|I)uAOmzlpZ3Ycgqp{
z8ea=eBv}E)ne=WV{t>Bc*2dT?W)9PLGBOs2>B~|)KP}?Sto@4XOE(V8DeMwB(uU-R
z#LXws&4~Z?NDzYou8G4jkdH&?)vmxUof5S=FJYt@9fZy9H9qqO5CR(h3EX!A0b`nL
z2K7p;JBK)Fa!i~^ggV|;cMn~Dy9cI6hd1iS`z*(>1*_@hkCzEeUBMS=b5hpsx`%WA
zlz6%xa{pg<Zy8lp+l7q^f+8Ux-Q6G^BHbw+(g@Psjl?FU8>BlV1td3}(k<Pv>D)Bm
zLZA12-fxWa|D16c{6Jycd#yX?oc9&>sw<c+byfjTsZ0H8K=+N0x1IT=^oZbTNZwD_
zn#F0Er7&mWle`U*xoR@T&FH|aIu*FYPr@%Gal1PY?QRr>!=%Cw!l)6O2!0ph4U<eg
zd%UhjSV|tldvX4?-FrJoo8JoD3-KTK6l;*&;D>~C<0W54=vUt#`TC|aX!Z*7w5o}C
zG<tjB7Vslbz7{n4Qyr?48gG&MQBr5$`2v^Msc5?vWr*t=R0x5*PQ^`_D<U7!g^G%m
z2RbU>;pXe4Ws1&)-SfH<d}sge?(!$`@nW+$i|ufIN0G1VG`-vAeZ%ZI$BXpFONk04
zLE0`aiqo$lpO8;XYRJDLuPtkzn24m(&@~8EYuyuD0WxlHd}uIZAaprkxHrUk$uol+
zfwaoIr_auJ@dNfye?J@X)<rz}bx7$!0uVfK^`L_R^&&~*EO!@+4ztbgXakLZ;`P4W
z2%N@R{dB3%jA-;WQRCR__Ml!-=_8#wm#fnedd>Y<CjylZJY0wu^*2Cc?a9X(Tk1f9
zbXPBLD2=-_ryG~vZxu$j(MgFT2-FhF=yrFJwPPzrRZ6j=RQw&W^K&k@(DDE+-?@NC
zLSlT@PFQ<}XccL@?M+B!i@PH@pf=g)eBsB@YIudlr${9{^`bo#s;QQ&tTIFp78a4+
z8$cL`QUf>iaV~W!283tzT__#H#B{zyN`@ms&GG9bN@D_q4-DlBfX^o@+as$^7eP9Q
zDm8I+q-cI!CDBi4Pt$kCzSdHrw_eJHe>kcfs>CauUgXXvOf-C?eIxl{T@z`Tm?+5T
zGTeQ5FqPBNfC5x}zQ^3bG3(j&gEIvajZ_({*C6>ILJ!WrMEry25kE07=ubeBP|96#
zi&ynRz(t!}m@Y#Y-G1YqqG58W&TSN_7kJ@Kgwe}$D*)mLMhEa?c8~MvhS$GE%6^*U
z_C7Cts~hUhK31FTc+Tm?=8M4x9fs8e`!HZ8X$VWJF(Vi6!DPoeV2Z*>5{Bj=*TuT#
zf#$j|<U8KwaeTc%Ae9<_PWRyXo~$UZuy0R3R*zzvQ?;5vORZLxV~nZ_BLZ%<s0DxJ
zmv`MK=_59`by-a59dx96&17FJzrm;lIPVgp<KCG8!^@602&>dD&qLaYz~@{bs_dH~
z?q!kXR_{thVH{c}2CVe)xu;IRl##^hKX(|XuO0~}_8(+9KtaUuwYzg;)zB8RIe2!6
z{-jk3OXuyEr~V^1j3=$ie7`z>uuJswXqI2bjEX&|=7^~+`u&&tAS;mQsN?DRORP$B
zh6@Q1;V;ZTcNgB;U1bfiT&!2DZYprK-)1t3D99pVYE0&^Kwg117fDrBWke%h_+rAx
zOu(sofdZu*oFWc}M8|7UuU=8ADfv;@X(il6B4w*j?X6)!jEQ6I3_j-IK7W<_g;vPW
zd}^-<O%$yMc^=mEQ|CgVNqoDnfMdr2?PNLJpm%0ygpnyT-4`hMZErL$!Gn)`4Vn!7
z+13yaLwd{YdC>4IVPfl1U&3B;WGJJVFgyzFE|As+VYC4|9#DiFA0~@djS=$(w!O*8
zSxS0zfER^JU&$7UZy{MWhhVpvOJ)|yqeVeG;5koQ{>iRqEPZ87Y3R7)z2iy>YDeY9
zEtT1%ZFj4LZgx@gOH7v%>;y=No-RctmChGKZ}b^YxDuRKR<@hGbcsT@OH(32%@m^x
z3NplRLP=>T6;AMr^ILXH&)<aVl#))yi;t>cV^+lZzgnw^5`Uh9zMtGu-}dokmeh?t
zUh}1S1A=7UjKq4vVVHf{VMh+~B16lz;RR%h{71R|vQG}VlD)M3f+wc2{lCJq)3Bk<
zQZa7rK>&nL=}nS{5Heo1Z0V9z=5WnQ)FZvn`r@tzra1hG(LRmaR2A2q^C@ETaSS}l
zUQz(jTu8Rl#yh}pPW?3uqqAg3uC_e;*Y{q}`B-b%z3QHou7b#I%3~;^Crg}P`NfY4
z_)vj4V~hi`rJjHJO*yUoO&BRZ{E<-ng#D)}+}lN8io4zQ;YtH{`{rPD1ZEY=H)s`c
z#JMC#;Td_)Sr=ZH-nR(k#?_FVyr`aeD8swNTd_uv<&WC>mBJuXHeumyZeC3L3k?wj
ztm(f#^?<Cd9=SBORhD8ClXjIx*XiaLBbcU7YE98a97!vmF@;CuQC=Mlj6Mt<7uIO6
z^t%$Qf}luQ`G#0xsneZpew!>VVoc3}t0qk7^c+GFCb@RqhI=qX6n2ld2|1F{zzzjC
z-e}cft0x`fx+Ad{=~2m!Ni=RFtYtf$EH}u1N)V77)xz!16n0{O<+1IO*wMlV%`caC
ze2a*_GD5RV&va-rxmxyzy|R&Jeb`s6fA4Z-!eeRteBsmr-ix(DmGJ0YuC~E1fu$T|
zN*QqX1D;xf+GwdO^N#9tKg##@4&?vRM-FIXiwr~=QxR%&-+*Nk8QUKu&~f?96icCe
z7v=DAg7jY=__ed@95KAOxSuh}U!d9iMpl~w+4ZL6kD}29zSn1#WX4Ej5~{MFtdzGy
z#OC;Uy(nW9uNAVCo6Oz(!3?9YI$fnr7)PW;sv1iPZbiGOed1Q?p^PIu!nUVa6-P)x
z@z<`dF-^0=SO~mYI)&ZY&c*Rtj~2Z<0F5d7BYiNcEZC0|{pUjheUY|4t&c)C!6jrF
zLAJ`R`$it#ZXil)Wh16a-H6Bc!RuTCzKTUuKSq&Jbg!t91jpp*cIHoxWG(5J7xX(u
z%EHPFGapPxQVcgJ4<zADQ@0PSL;j%?Rg!N!G8jEExI`C`K_KkAOH&X_mL;0aH_g|3
z+`)m=yNk8(Jwz?Ude;ST3@wH}AN(+dL!;k0sNS1Nv3s=?piNI}cQoZ)ikt>bnNRIc
zb|6#x88d9Q=rSvd5GJ_3z+Gy3CGbuEYj#j*K?U1gBz_BV^By)2^riO7Wqpak@c0{`
zVjaeEXK2OGVd%C<6jxGZ?4h_J2I_=CcY&@yPhH*b)DF+hmrW9(NYp57rl8-|Rn{W!
zLJyw)t4;o-o0KAzqu7K!AlY%3j55pTf`@;WFx&h?yWZye5_IzYvx<j$_~jYW)UJn5
zPM9AASe|h=EBjsZisuwtJ-em3zwC9+8QWh}u^7w69O3jAn`*=ji+<owU2)YsImn2j
zU%5@NN5!DU+F$GFK^#EiQ~B7WE=U>4iX9S8KmT1zQqf1Tp8g#6-i-h5qGp)IQYn<S
zlC<;SQ}sti$hW~r9aP=-;;RLrwX^43q#_Ux1HCD0n)2W%9L#q8LRC@W(Gzl_vjCQF
z?wWfIV&ZtyMpvJX1iZU`CVtA$FyuQ55#9ScmQTTj9A&>3B|TLBTIymCVz}CI1i~q<
ztE-#3)qALfe_(|VXIgpoVBjjph=|#SgESDx6BeyF>-+r93aBHk`&t;#c?A2n<3b|8
z(7LR+g?>Ao0~0pD+^CAJW|&Wr{~DqjHfS<*Odqg9cCIm;OMT`ha<rD(hc2YvY{gTg
z<R;W0wrH8#@&1QTF5?+WMssfXYdz-Egom%0%pg4LI7H5n7nM9r7W5r<^Y$0VhYO$F
zF2QQEcUZT5D_qc>c?2~o^sD1}hpK}KRBOM?yUGi`lG0L)rCgxsCE_e!+xMQHk#VD$
z;?K-|y2<jyl4c{3#<rgQU8#n98D3Sb3--CsYHVzrx)n&l2zaSiRSD<j$8s!97^6`{
z6EwZ(AVLHf-O)AQff21}2{1Z#;z?}$N0O2{7V_cOwoiu*e_ro+TtVwUA3t!Xv%)c#
zV4B&Te(`CBQeVMr@h!5}Y9Y|Cg2FUPDWXQd5Tnx~&as$&^jrPO_|tB~Lvsc<(AQgi
z)h!EPQt4ufu3ZxS#2TLWMf&PlgFiiqgBYchX`{sBCH0&Siq1)d95ULFd)Y&d{L%*S
z@tbOE{@gt~(TDAutJtE9+|YFO6Z@+DtxKtQQAGvL6wIw*H}9L&&-tHalwJ(K|1a;W
zR@QIhE;q~y-RfC5d2#4~uPunva;77;Teh-Dh$NTBoXNw)=hhg((UR~)Wd7QhrVJGJ
zhQP+BHvE{{aF7bObr4%==x~}_$-rRF>eFOK+DcwaT?dNoWXINbN?bzbXqB#ZbRir<
z9n@JpY~sgCnZSeM3tTCdbk7wJT1h{)2QVj^#)re!m^R+eR}wq=c%a)twbeZ$=6LOv
z*S>EVyG9#GDgsb(aN5Cw#h7bl8rE<&{4Pv<*I)-XQ<H`wDM{^nriXH5!Mz|~XAE)L
z9akz^#G|e-AKd}%a0)UO^ZlC(Q2DHWNqm<QYgjH?f*fkMZ0i4z!D{tmFmo%}fUT4w
z7C*~|$UPQYG>UjJ+Y@@&16>v%gJa*0lcan>5oF_^PY`C%pZexkRcNTM?^Qp(W)&-3
zRI@gdL$nC3OF2msHufY=o1j1$b_M#7nvya6i7h1varEpwc+C0uVeONfr8;P*a|59$
zP>9#Gi+4xIxKs3K=Ev_s1P>n{9%H0$)soK_&eb_Rx(Ss;8bl_4B?!=b1z~?^^O1as
zYUW44(pyyZj`raJ3Au$}sUE)Ew}D~nGko`6lX_j74S(7Sc;_Got=TYu-0mRMaNVs8
z5Zh8O(+thX^-<JT**oVIv8POJAJ1FQ`S*m1q=+RaR!|N=z{(YQuA11$jE&ENcX{;d
z#|nvUumKWc7->*T%+9OaXda79l;iN{+}Y1|VF#;_xvsTbj%J=|kW|5xc22c*sENCg
zk2+3JAsaF_wYcaC0g)P__@L6>3NwjDo2%^L8la<JT@#qa3(azld}*#_og-<rkRmEl
z=!(M#Yd<S-wLU4MS>33K8BtX7^_5bs+h>G&L(!QMz_M6v_u*3Mo!7apsZw2<jMuXL
zxR#rd3tjWMQUXG8xY)N!@bG7)tLq{bLRLl-!p?3@`t*SU6+a|I`S`UEK1rRb$Ul6D
zC*1Gzki4Fr7fP^R0HbrwIiOPE4NAsvA~k`HSDhlJT2?d<V%2RonI&1!r<H3|%Rn>o
zkrDCS84)#e<U@~^@MG*4Zqo&OOT(=ak*gWW1oB@tvtPd32_TlHEtP?8BH%?96wS01
zG2OF{V0<np-biuX?WW^v*mdP>^oNCc<&2LbEI9q*O=hXVz*gCzJdKq&s=@PVwtTJw
zmC-=Qm#S!j<5x=$fA+xBz|haU`jM9yN&XzbZ$&jPcJIz$QnX_Q5GYvsSFcU41#OM`
z!y|QFDcK__4KxLIqyLBX0yySMGY!qs6c;OT#OX$ohqk^Z=F@bORLxs`?B_%30c(Z8
z_GA0^6o(tU6DMrs=wuSqMe=>DgcX-HC5!aPDKuTE+FS86PdFZWW17~Bvi$7jrLDiV
z-d@-(+Luq~m_${k&%FX8wD(wbqOLB;oE7z~I`3^=&;?!T!`ls;INO?*<2w>xV9KC%
zI;<y4))I?e3lyQdi{3YKw>uj_R*Cnm&lks)SL1(|3VQsIu>GQ~U+UK|Sh?Za%*b<H
zEfo*)$JX)C!60PeF(G6>tyaRAt*&O<0j-6kwk2X3(H-T8U`zftz9N#Q9Gfj75AA9z
zNhq!S(uuz_mm6%W_vWPICAQpyK8%=k;gtxS=;7t^XN+$l3G0Vqs}mvKpuSuVlVy}+
zqhDB!4+(E)Eoo`trl=&#F^)XlEF#bt_${<ori~ygQOUiOi2PZjJV%PBcU>zAw$A8l
zr8uoyCi`F~K+7!WH(_z6KH(3Tn@_llx{tfmB^OF#Ac9E!=lX9M{Bgt{Fv57O3~nD;
zXdnR%`Nx+U3A7g9GNdrIT=!uNujYgw&WtV~oRwDBY&**H@E+&;WMaAWkv!WW|4!F1
z%2oLewiWpy`O(T+m}y&0R7*ud#bU^VW>2ceZ8B-*po+@#<KZMqFDo)BM3LD{+I@tV
zZ&<;S_SLWX1$?^|8=fI1i!fgE+gK6Zxf-%IpL_<<Qg9bZKG(6|k@$&)^tP;=`OVSo
z1=+=pu!!F|S7^~QRfFAQd!y<0xXgskq}im<_$lEgYrnW)!`kK<i>h9XEh5ADf=nae
zqQ27W>gaJ%ZG$a_oZ)NmBgh<l4DN)6wtdXaK|97Hf#8W#HRs~)&D3gZ{IV|bAFozE
zcfty1TiW3K^goFXx_B%KaIZuWTiHS65to{pDhAHOVo+}jy4cG$9nsTF&azY{JN}*Y
z%+}jnc(LFMn#i!M_0?E8fgx*HMz`j5<c`)Nay?NK@x%GD1NVkarm*&E*?nDGgi1*j
zqnp(JM1$swW?0dE;x++k%IL8091+qMu0pt_$3~sz3fp=K#>+1qkOM@`pVeZ4bIzRy
zM<A@-rS6&N?NA>{aok1&m|#}V-jy9gmvQ@#wHBPjP=}(jk`9Ouzu4K#+S;dmdodIP
zBoI%IfTYeq+P^~=PWc|&@hrB3DU!RmDqG1dZo0hv6S5|1lfrWAD4wGof}mk#-cpdS
zkC|bS&ND}^A|<8}a%9!}$Y!1?EG9dMPugk<-lis2#WSn()33jcFbKhx7<UhXQ<_11
zq+tv?c6~33+Q?B{!75Y&;rOEuhUdIjUg9v#ryuiaF@;+qhxrUB<Q@u;)ytT$D?-DR
zmlM&<g}s*FwtPAck73<WN%vypQpyg?mp!S09nH7I0i4h2nCzP+K=3lHN?-nGLy^Rm
zKDA`TcN95fQD=G+nZ;cUkhbtE$B9BIAuy^+N-!-R7glOr?Oh9;T+QzYR?_mZw<xoV
z(7I2)*_2~uNOXjXsQ~v`P7G0Pu7k4TeMA@3yk>psv<zR{wRc`Q;7{euwktNvN5CL=
zGN6OQLm?~Gp=DGhV}`X3`{sceIs7m#yNOzDic3>~+k@eHPXzgPSeKG{vxu&eVGNpN
zb{2**4#Eo^rLMJq7ft{YRZ0?OxM!Rct+Z_{<EvJWA$-jyY*}{=^-nvx9wMP3S;^OK
zO31A`_yJP{Frt9$J@TDSOo?&m2sLvYB{nlX4gz(c6yqBl8W>4akO*x#Z*P`oKK$)v
z)k^Sv(Ur*QeRM}qAUX(bjnMC{Zlh3rx$ffl;<%+)2Y~gAnF%?I_-{b{zE~<OcwuZd
zRK``a%?}X(=5zFdlqt%-Ycn*<09E2Q891kmpDBpBKKbTXX!IIv_TWxh*BUt1L>Rg}
z6DQNY0;MWqW~;Y{xnNIzvJN7~!rmW43FpGp{zydP9@d9Z=YED=bfAo++Z4@0Z_h8G
z8cnW>=FlQRsNDPCbh}?XmLYL%iIQ_aGEf-_F~7h>k`d5|>%6(R=vY?`->kH>v<zG^
zQ;5zgE!7TwoJNdNR8!+r)zIi|5vL5(LZX<m6szR<Z^(GCA<~Z}d*ZO7Oe;>IBuQ&H
z^&XNv`IXE~yUqr5aj|Cz*pAS0Au0x{3R4BGI)~vn&rU0L&I8sES#H`<xA;M)rw&CW
z<sBtXpEYC3HP6}TyGooWzxvM#Nh4BxY}F1U$Cmis%ZagZoyltSV!{6QAjj$sAS@(J
zdy=?spu3%h(qt7Byr2eOYBdptXJ**>UwK?i&9q6=WX7Ls*5C!m&FW>&W3QJiaqkd|
zj&i1roW&owu^mKN`a<6)b6R3AxJ}4cK0e%T9|+KFXFssVWqM*v2=w*VaLwN`0=8qF
zVR?a?4jqT8QEy&RA%f!)j%eYcT5Wp5>@WxFu*5Ocz!di5#g3-5y}t1^@wQ{ax03I~
zRYPr%9w=h4+t^$_(+1I=SFroM-NfwAK~jy0yukxVJ}0<T9lLo#pWb+J+*ABK9bjPd
z7}2%`Gkp!?E^L0a-m^&BTDY9wStN>z1riDQFMYA+Nnien=NWoLM`GJC$Q*ujAIX`<
z+820m(Qv&1n4WY6Uv%0n*!Q*{RWuE!JLXD6_`g4FX0O<$n?EuBO(IF;p2zabrg7H<
zm*2!`seErn&r=t{@wb5e<-6@RK=3$v+J&|^VQaoF%SX56N=sK|@$CqzzU;ws@Vk^K
zQ|pr3{kmpiAUB-Xr49Y`nl}CuxdNTuBn*5ULbvFVG91{pi{6bgxz1*eo_<ZKf(pVw
zdFnG7r=qhTSRaa3@Ah2Xzm<m8DJr@_k&UF}Rp)J=qxh=h4_%0o*gVsoDm9$aD<2XO
zbTK`0#B>Z4y@2znT_dsOINDE!@dCh1!eFRP5qj~0|Hq~$`^W4?z^TL#@M0p)o?0U2
zqDgnlxq8TpQ|M8vDdk_!BeCQ%iXOV2o6byA_#k+|F_xDCSX5E|w*Bo(mwf7;QB9;!
zaL;-<Yh<|C=qw@@mplw2=#2=VQz=+ED@J${b2l~I`G=gxzR6|QI@V0UZu0fm!nzbx
zdg+$AVOi`QZS`Sm{bSm`Koe8N%O{swG?{Z>*6vbFaa;5R#3Zcaozio*cf^GuXv&mk
zfO(tv&R0xjbg%STY%XEt&RgST?PszxW6~(uGc+M<(t*9J1A5Z-p=c76UOUi8gfP$G
zHNp2ox+nL3S$j-5zNB?S9kdu*!|8iI3fl$)X)1x1dgXjm2Cq{GqRB)ZJcPyvXcx<B
zP%11e&0bFo)HXT{!qUArBixj^cO2nIy?=Q=l4jcGlrdXm<QFfOr&6>OfXWYt8tID$
za1Ze`SUy(^&UcWi;*@KWvd#_nd+}M`AJ)vDdKhSu))Hh>w)PMTW2o@SDl_&kP~D`o
zjvpE0*}oAzy@=Epu&K4?M5PrH$5>kndT@tR7)4h+b*;8Vzb8~&qNu|;Mg*3z^`l*4
zMI0Hn6Gr||r^f7YlsV(c(Ph9iAhddqx-(Hd&txQ(sg<T;^?0>&qO}3gY`ZlMOnZ>n
zS$%fyaYNu8bVtCiT7=ws^Scg>-szhI*o;xm9UJf)O-JIClU#1)!@(>l2{+(Pa<<$P
zQ<J*CtLR*##q`kDR!KWuC?dlr@xH4v6<0>2zPP)xp7<eHaF&Pk_|9=FWSv4uAv0n4
z=NN?Fy>HV?y0<CXqKutvYI|@b+n!A~tzV>O#}<H8IXSkO%@>@gRN#0Vm}YuYUrGyd
zU8EN7O=0#>RIs`qZd}rGq%IxN_$a@kywDRi629GZt%%Lh@n9VR+~Z@G<3A)9a-b>j
zofMKAhYAEQi5f2Z7|}o(=5T4Wg;II!a}Z>y`Z~qe-*)_7@7;FwF^e38FOxfD@87Cf
z=8WFgiiKiN@Xy$m7xxzG-*QYBm`XGneIIFe%0P9xJ8wAUcM|;g!!G7Zn;PkTN+ehS
zFrw!yo3bxtr;#7|?X_U4;_bq_y>#UMt5OJpCL-;_+#;jQ*pSnI8AhrmRZL7V<(NkS
ziiIdCgQ6t)KE7h51Vfg9VVjpE9g_#d=^|Z8cIZ9!YxEa*7wwoIhHUwk7^NGtH7Q>6
zDSGh(E(4wUNxBeLp3gtSY^?h4aLwB=*j%(P>^4+LW6XX+Gdvfr?64L~V~4iKmud5)
zmIb~iE(6Zshu17bP4BmidOv~sc#VAg2)6-x9NHQ8@CT2wakPY!J%B94SiTfx%UQp{
zwTTFhJbzZyYssr{3ga{V(KKwPG<wzTl&%n=eT&<sz)t12t9f2(xt~)H@5J8Qxouga
z%;?qfSWi1WdAHqs^%>%bel-nUI%NIymdoEr#NPX?Bek?GK28T?UTWEn5}CJMaSA^(
zOfG(AdY#gZkb{tIbJw$2h}<94<j84Lgc{FdWxw`*N{xe@^qs^y(xfjS<GryEA@Sub
zlm5KX7h{garU+G&410IM>C{rRp5^m_8j5$J2av46?8By~Z;H0tkBIX~I#m<|7iE5=
z9MatI#eZ|&N?B{j^1Nlkvvhwg@2|P2-w2h0p;#8pl)Y7evVzYt_PhnASa)yJhre;~
zTb|ix%3sXc%DH#8^h}AfIIo5cn^)TdYt)&qB9=T6fi79+1TK{}7FHHRPfr203lw>Z
z`i5KzksQizue7oFB0T4SF4}2bx+1JlK<<vXWE?jZb)A^s!wq>smbnQTG=e7$)fSN2
zHIzX8yeP!ZZ#FFW=#|XrSg_4c-N~pA8~PQG?QrrW7S%j76(eSMyM&kkd@vXsdz0mH
zKGthcVd#m6@~uBk-;rMq;yK>G7>#O-7eq$V)>xG*;N)CYa2SRE^2k)Ew7=hHXPr9Y
z)fDMueYQSQ%2#K4wrelv*TrXv>h%hO_Z+!ZbiKO#KJG2M^Q?Hg1$)1bY#WQzD+Dh%
zF$=yE=lT%e4_A0putX$eFp%L$ZTO6Z0ouOAM&B%{cL?{$m3#_#Y0mG*dwJ45#n}8P
zal*#k<qM#A6NDV;6l#j8hr&0l`545-dba>ptF^Z#JKVWJF>zOO@SPdrOBF%U7Crg1
z=_9>ppzqU-l*1|WfMv8zLjs*s&6E#kJ-r#nVYu+Ntys-vj86W>CtGd+TVYmxFiqxM
ztO$yfJTD?goK=}zf{*p+)X=D&dYQIcAioN?oes4;Y0**&vzc{rEFiGuO^8)J3iLSB
z&{()QNNy$r5Q38lw$9C}>ta~;DL&<V#P^031ZR!)azw6+im`^$Vr&(0uXc5>uSa~z
zA`@gr-fI0s)4+P^Mju@4D8yYt-OK^AJ+U|pH6!h-M4oVuZJ-+8c|6m9ARm5**KL|{
zEjzPvOu!Au-#Z?)9MV@e@-O}za4MTXkKOfYwJ`2GqlhbT7F9v9RNYQIG>=2VYm8wS
zyiILZENN%Np*_D1vN0<$%GaxDG~-IwcYY}D73r1AWUg?$INNotU-V%33OL)i5>E&m
zfU;#%;+Ybm=y5nAiK>Zf=dHI#uAp29o`Pw%B>081Ey%~mOi#yqh|}h^Ef*BeTcC8N
z`G%N&_kQ7Qgy2XRa?h)4pQnF&<L~dmByB6kWt3hnqzwI-UJr4m6YV>5&jf5bJ(hC-
zt$rW@I!b`7%5c)C@LM`Ij1=5h#nH(4W@h4q17)7h5UR70R$I8JHFK)?Umc<1O1C&t
zHxb&LttxnT5P5CXUeZp}lbr63fEY$OQEs?Rm&xS@RR60X{fnTY>}SA$m?ijb4kUDl
z76cRb*>PNuW%O^CY>RT*$)O6F&knq7fC!Iv@=d->IsaMP-6=1?bAg6;T{$)QD|I;T
zE}iZ=1366;l|L^*NJec;jtG^`r5evtuo{@?%{!V3yt~F4QYp>qPLajB0j(q@Gtzo{
zCGAB7@sNwWq+a#M0^%AAvs91bB63A<{pzz)d`Q8F0?i$}N-S0WAo!YTqtDZ@5gKX?
zH2}`EO~ub1nM&JP(p}O@ImDShsLK5HDcIA;?5X)X>b*>9Rl{ne#r|YOY($U7P^OFI
zbH_NV4>$bpPycKv)P}M}BMX<aTLJKIYUIUK$}4dpny~#pWZt4QslEWe{j@{Px3!ZS
zN3C1vF)Fhzk6)tP96B0&B`Q(=dl&ULfH5wq`p_%iU-kohe#Sm>r@|*xjU_c+8ePVg
zq(haso{OV2O49SAvBE|H;Hw}yh;znowifk-+vx0VOM8FM^kWp2lUt`op`?e9W{beu
z=EP7wzSTIZ`P*B%3sTCPjnOm_TSQdn6N0I}9v_l3+mnAKPd=I;s+|%raBd7y2FYzF
z@x4sab!pK4B@&r{Y&nqMt6l&ry~r$x8Uwi)?d)?vmnsgFYJ{dZZ8=tZt9CNhuzF2d
z>PJR3W|8%B&Q}eKlWr>KGpC;@Y_}#vm_a>VHas%rw`-;x3xnp0p^Z*_dr!!V-BH;7
zBbZMfwAU??DE%tgGwF`Q4d%feeIxP2=({IbX{~4PT<dSrY~*Tdg-&Hzl8hOm<$A!&
z&((<8)$$15UuvFk<6|IBkmYLQ%Z&GFJW3R~OJ8?v_$l(UHX5e<`f|xm_&Fq8U&n_Y
zKs1_^-S=&s$@hF<Tc55-4wMmqS1t%Dz})N?(N!Z$2m_|*9bCpTKW94JqZ7PxHDNsv
zGVK1^Hoh&2jaV(!yFE>w>?U~kVlMLH5>0A1(wDb4UI8$I@a9S%QOA**8c9M**1`V<
z0PX;Kf(j`*riEmw<+<V*M#sc=<HDe@(Eu&{D>h>x0o)ziaaviLcYOM=(nA<zwBP*j
z=_fSsBx;%9V{zx*fE$Gv)z&mVM7BwBfsKAUDq*n~vewp2a;ba`@>?0mXVDpGExr-E
znsP6GWM-2^ycP6|r~eu!veM^f#^4u!xP8mSm@MKqY3ZM}mm)(y(Tc$aHuOZKbWblS
zo#`KDwhoV+pu8&Dy-H@4w5>sF0#30z0p^KYIRW@sx;xf5OMSgPw&o8^JmUbyoq8So
zB+Uw)bApf6D)K*+<rrpbeyjFbH0aNJ0tO!iDoe?0<rewBab|dwb#9HV#%`z3cpLnw
zI(x@;SqFoKlt}{54RY8<A=@TwdIigAA~bhB5-18W5?lupCWHj1CH-nTyY_RIvn)Gb
z*QHRQPTdw<MGPs%3w<YSpo5+5e&({yA0?%cY4mL4y7$8_W%9;n*ABwMTZhF#$*F=_
zNG$vsii;xvRL`f^^prS{7rcx8eij>+F5R7G#J-Wt>d8*vki7tndxHNX6I?bDdZU6=
zlr$F<0c@$y-(%IQ#l%^mPXcIv1Hqn$oCmywb7XCxwif>*u<jZbOrJ!<A$SFLnyE$$
zn#q5McVeY5nEpNkUmntcZ;>p{%TNJ<B#Yg9wd5q4*VX_gsW+t4j&75|#&xjLx>f9(
zEkzR17PKR&?~poCM$Ve2jTxKfSur>Ia3DOR1FY`ccVA^D+)qn43JBi%teXtLWPufW
z+-F~H7jo!T6IuS|{*79TCd!prflp$59#ch&LhS7u`wCO-n>7-^I<-)PDa0<8a`Cy}
zf{VE2{RQQ@-cT90I8J-jU*b}H_JPF6`9m7A6NW`?jU2o(a7Z}6PVI`IbM10MRb~h>
zNi8&Myp&&08PY7}k2rVF4Fdr-09HNv{M7eerAK2G2Xdven|lIjkeZ8Iq=V;+r8^e|
zo`g)7qc!OSz14vH8n%=G!_^Oem%03;SDlHmqs$E(pXxar8%y^rV#{0U3xWw!zRp{(
z3g;Zd{uXfN$b4s6FdM|d2=s2r7-Phk<1oLZ*W+;~YLn5ovg^|Rkcm$5-@Fa#QHxOR
z2(EORS}P7BnuNiF<q9zFdTB-D08yIpx&*4->4(v<?~v|a&Sg`GA3Q3`<plMyh?G@}
zke*v?(yD!l)=21y1Ehzy>)uG6;)4O}xOB_M!=^>>^@W5=eLj8-hXN3=2%IErZ386X
zE&M5KB{JFX)KWRFGrF$MM-dQ_NZzBJZ~FG#j}0>}joww~<NGr@XWCV|jm#!%!ZJ{S
z+;D<aiX>g1hO37Z(+vBgLP)cG;mU`CY}K1uTeenU$Gu1q3dcI<_BaAU$WxBD!}Txe
z7Ed(bSzjeQsRjJ>G3VRmKYb{TGOd1>0-1{+^yZo}P1~vx)8C0#yFZ72^R&o*ypO$D
zVQG1b;b#mvv_4hd86r_pgH;(T_1t~YLjOVz)y|x@2vrkoB+vPR*P;SfP!7PvY^QdV
zJISGveXQ*GF;L+lN;`QtCP`vFab3v$k;B;t`d)!r*i-~3^u{!GbX%st=sUj4jfFLJ
zW<{7+3r;kL#2ue;e>AK#(?WKXbv5|&gdO|b)lItoR2Ew{cmEI$#5pVKBkyg3w7Hiv
zNFN8O1m=+DCtJ(N4y-`>^}Z|WxMSRS@$c=W(pq>%!GL!YRa_B;uhiiBKp-cN<4vQx
zi%Ue_n;e;vcjg|`TW7%3@?cqvlJCuW`?^-#SruCfxpM>Mf-GTwmD;v41%dLKcu`iE
zThXKCVKg_5>ASIs$3#50bDS`9_m|}W(ekcRRM|hTU#y-(MJZDx1p9p_t%o6QB)=+e
zM6nb36(UVuppFV|KqFfPK}pG~F~n#ByJ*$OhfKQQjFMF?DAzuJ!#j1pz@EZTK0?vi
zUfjrj@nVKRqk|pKQmrj{?Q-J&&X`|CHCLR|%#5+<V~N&XV9!e9Ub$<9v-v_%Pu^ju
zlDJ}{ugaNV-+PG+V&{{9OVRS=LQfz0o|OHUp9f_7ac*i$2?86TTCwu_)Qzb6o(D$@
zRk5&ibJzWs0&&A$1v>Z_gj8pWl$Mp>4r?=Il8t$%J;eOKvH!4*%Hmebv}CI$TdeH!
z`U?KdqE0mjo4x$)-1DEl8_i^*7S5Cf(>+a>eU9iDwfedbUJ4ynk}V&{?QMSlkoHno
z#n~;dG=crj!OhA2Dj=*RF+UDmOEFA^KQGsl{8cO^T5mp|>${%LHQ}C>fS_)lRNj5A
z_oDhtBF7iifTYNn9{L%}Z;^%kOAH%4DvxOgAHOrq-y#p0LcQHH0*Ws+!mPmL$PJMf
zb>G<MBEbuiWFJuU(j&!6$eI2kEQ98D`y@N%O?rdj*xlWXF@+n&-IFiF^?6u2VMCuP
z{4N#_{hJ0Zug{x>Z73Vp5hz|E={-#Zpx)Y*trN3d*+>c!tQ9|jD_GB^h74}y%k_#^
z3`kyEUYFDN|5tJqXy`w(gHI5?KP~^M8UsD^w{i<G+@27hf4~3vfT!O8HmLvkZ=h=P
z&utiRlK)en{eQn<6B<(NaA8J#41K&HRty9<QZ(d{3NL<kzLCF@rSD0H<cCH_N1sK=
zM~sdyz@E!hod^aQHfvsy;OT?JL5j*cu=)A<imEzYGwhvbPjL#s|EDmR=dxOA#;aQa
z=j4zVm6Z4o49L&|c#d{MT#_f1!_FX-N}qcVGaH+r59#kkP47%UV(X6}k2wD6J2^=c
zpqg0eJgB}io{!z=dNlmJg9WeJVv1g~sqXav-~i+9{_cPO9MoYq{k=4xT(_y3wVUM~
zew5{OnO|z^?*r^0;IV4hfBn;LS~Z|cu|+Lr0Bpva?FPw&PiXm3S|njLXRQBiFQ7zg
z%)(&it*%>bis9)OO<nyabsdHIMhK4n$gg3RfBME+hLX^)I~=DI&|qMSZNLlaN0IsT
zcsf{-r4RN2wB}DPejW3f{+T&Wltt%9P$Y1004i_D%K*dEu9qY}2+v<4W9G+PdziRo
z{6#tNCJUts`Vtd5^pWx5BFE7z`96B%^0_4)kVjv6n7Ev~5C55b=8gdtOU>?fJK0u>
z2fxI~(SKfVrFBDtNql&|;&Tq%&*SKO!Hn=j2?6V{P89BiXW5D&FB##V4yOI;!Ao?h
z_h%RT+!}F1wgu}$f4k<_2V2Dm0`AvK?%PB~MMY*8^}xTvmPzcp(2wIX@8Djb;7`7d
zG8{}~vO6D>4EHADu_NWXS_!bead+JM<+mOsNPN5E<oBdkr0cqv;P4oPO7gZ941C<m
zS~#=I<K?#CBVJDw33KZsVBeReQux7Z6+jnK8}mlpZ&_4d5B*&e$*)Zni9GkKaJe`H
zzt2Px^Wy^?E|;;*7JgRGODmq;ytpoCVTMOZQz}yf;3mGZ2MDR^wRqItXmbHob)w^q
zIE6+*-@B7uMYT=+$ok^qSC>nkwkP+TGdj<~4;K}SVE%`zbvx*yYxofu5QD7Z9RZ#K
z`~Tr7(tU1rkFU2g!;ci+A8?E;L-zJo0o<?EMMnLS2hz>u!Msi6D#_#3%LR|U?`yZ)
znZCrAi>~^)2!woYEX{x_)H`o%5XJ#e^2k_@*&#RVfenRMmLyAa{{{R2Xnq0Pf=S^U
zDF8&C*~iR+r;I@@hxYCz{YH#A^EDe_)LG21A$Kb-u?z^4g>I%m{Q%J@vci!YGzQsp
z&%=g{Wu=humn2?oPpt<3U#$kg$94dSgOy~XNPFMbhnv0CB=BASNo{-_i%}2qsvkKb
z5|ZI;rJ;1o2LR`YuJ3udPY3tfdkK&<L1JQJTDxyLs7tebJ=y+}1lh8xIEPrT-eFVb
zM2$Kk4(19NOA#KzAb)?@ov~cWp7o1T{rdq<a=Hyg#F`m>-$mEQQ?h7U{lKj^5iiG@
zTy5=#omi#TM`veuJiR!m`y&OXmOqjn-~whv?%zs<WT34=;cN`*WoT!L=P=`2Jl;zH
zGq@Xy$yKV)eh%fdoDPAeJpgn5?>-Al#|#@fs*x_ggwMG!L}^Uyw&JG_LQp*sKPvPs
z7!_dKI0QfXjF^_|gNa}B9Sfbb;OiCQTT?54PfSx33=dP+vG2wzziI?D5LX5mDt<Ky
zk*~UqiQ`;vg(?Xn;^XKt-lS({iv~9?rwJ(BzYk^OB6Q{Ri$CB4^3Kl=`dJq4Yzs4(
zm)!2B#y=q?rCrd195jfx3|K&u^sinpK;Tp(MYm9TiP$m^l=K(D#o0Ffq=q7};yL(Y
z#iT|MTi@HX+cTO>uQiWqRpC)=*xk(}{UFPV7Im*jDEN`+bw^NkF`V>UAVw01L7tLQ
ztuOR^E@egJJgG#Sd+}26%5Th$3#-Y%?}rf(OmEu*9P5eO4!}Cg@bMn%iX(nr5)ZkQ
za|fx$Z^lRxqc1C@aeZI(5c#{61KNCOetC&EYVffZPUyxu6A%tOrN-=vZP=8+FXt~}
zPQ(rEA&?r2t2iYnuq}1~mlj%BrdiR%Z0C`Dr&1@pYz1bSbb-NrKl1A6U+4Q3m4Dsy
zrvSV<Jsiz`?KopbiuGPhswgyU3-jYtJFyF^4Se7`5rcAaY+1aW1H5(*-kFxn#s{$z
zM83}u8gL;trHHO>VJ;&3Qewc4l?15J^sf(^pa*Wh`+Jn4lzfGM^Sw_Q_jPtqMNv<4
zf7>`eF9yvAr{!D%na1EyMGcVih#LK=Ql9WdYqTGYXOH4=B(ehAcNbHJ=t=v_d0Vw(
zsgYC*A;@j6IwPgib7i7+RjSO7q|R~<DZPNHmDLdvWI-KAY!d$2tD%n#M<qBMAAgb}
zQT{!?k@A`W*!-`)(YKtzv?&NDgG7q;yQY&x71HXYIY24~&`o7SOBqh%1IwYI0}`ag
zhGPA2*%n_0w$ckqd>{hR+ftWcCDG{9kFV3=m2WAN+`knI4Q#e%A-<c!pojV$Y5>Qk
z$V#b*!i9gT%mc9h|2ZfCS>q-lWt3>oqZXW=NTR)dG8wgQi>qURHCq@)0*0mq&H=TY
z{xF<qTr#DcNa=Fee#{r2MJ{goW{PhqJk^W0Bbr4W5_AtMQlVo@vYa(S0~tD7_JB*n
z%&q@|##Am<1(Fse8EPS>`l+Ve%=3R=mkUUoVkr3uO5CKk4ir)7)XD(41UAkUM=U81
z^j9|-GUl=c3Ymx0Khv6-f!=chl6L_!ecFx4=+dKcyZG(vdhk6{^9`i5{G=F>mh&zK
zrI$#ObdxuV9msc=aC#yLXqttTpB1k<a!3vi4la)J;sw#b$Lsw9{j(hc7j$W_C^@6L
zDWmV+G&_q*p@f?QEYYw~r!fZ8P4Z}EP*d?y(h|9dI#t{{qi^EpI5k@syiAK7HBSrJ
zU$At(8@y4D0PB4LXVPI2Q-<61PzP%IPBK5b&|N;0>g?zomWna@ZxjZggv9`kH)dW;
zPPrTnlCKIzyW^{>`9xT06#lpu-$DU^abt(lGFV4+-`FPRm5gyxZ(gfDvom9_ZWygM
z=R*&HE#_?nevuW=ArIhDcgB;1)?{^v1QD3fdDzK~5<C2c?;t4>;v<RlY;r_;iDI%F
z7F+6XEC?7hkVmTqXmPtuMwc7sJF78w19hJ{OcF(Yrv9&dE%-^P%P|o`u|b&}uk&Gw
zbGB@Djx-`vZc2jarSlLdj6Ql`^NJYB17(G{s6SKcqBUzN)9l0ew*u=DN7eLg2%k-b
zeB}SN<i92EsFmj-oUpgWCY;(>`o-I{2N<u5?nG!f-_ehJridP=^DYmP+vSgti*UG@
zDauUWcbv7`zxwlPX>7|43pfb1f^oZ?yHA1Cf8OIG!3X0usj#rHE(<1i9pkmSu6Voe
zG+!nVnKzLzF)>3*%uC4130SO|fY*)c*x%t{pr=>9R8|)C9XIDK-jW;DTyUC@|A<7X
zJBz-dmJ{?71qJ2PJY-p}L&Ca_E<&CYRqTjvLJ8lpT4>;_*U-8Z;Cu{)7h%HsklfsM
z!)H74?^^<KlMK9j3N2>ONM{z8>v^ZDE`7QV$mtAE8P6*v1ZIj<t`HjAn#vR*1!n6B
z#MjG1qV!k>a@R$fEXWmA8~E;YkT_ssa$e%QdeZLCY9R>jh9&Xs(3J7n`=ndgY%YPz
z`Bs6ExXpcFqyNu34HwFp_3_Z<mB;C45blXaE>$`yWz6RS#j8y_O(qzFXDCIjC8YD>
zqVme+_OM#+6lF069p*}63JHozPIhn}Oc6m8W}FYezTa}>Q=IW!@VV;ZvT=U$oZbFU
zSUUZ)S=(~zw5Pt0JqTasQ>e$M`FF8ezs7RTN-!&NkbI%aD=}C1<uVlc{qMp{odK=j
zOV{o&td8emQ!N0X+BHPY0b9yTAGm;eN<aRL9q<DG8N(;hlc!S4Q)Yrh$yEdZt)B{w
zPw9z^3;8O-FMSr0%U(o<l=CG++#cl3ieGK?p8*;CAVuMj3e%u}_UZx(^zd#2piDnn
zV~V;nRf>a((7DkE9OYG--7-5fU=lc3nAQxujO{-kn;h9wqE;$aTj2e}<_NjdcsNN@
zFO@#a`DiKqf14DcO3_%cFgRLj$p*q{K2qd3D!{cn=<{HrFyQdKgJS!?aWlf08M1nX
z9()>?jYw_@&iT<Facwr^u^e$Tj<><5VGcXf-{0e#{9lhDqhf?nrrU(gWwr1uy{f^q
z-exhYt`1v9M#jw!w<ox#N1~{-R8+VcpUZX*HUTSPG+!2n_ATAkUdrk}f%tBpqJyiW
z3cJ<s=2u)+v(L1T$)p4)*t>fkaf41it@;{!VPWA2(_oS%BqS&<HR#+mx5P~Y&+QWQ
zPXlw*5^4Yim1z}wOaTO3*;}Qd&<B}+=Fv)IK|?}96eq#G(NfeLwfQR1nvs%j_)nTp
z_bR><t<yBrLas`wn?)~IiIe!bSzzsq4)Xv0)!)qX&usmhr2hXZasB^5s{L=*{%2wS
nsRj`Hb&0nBr!4UN_z~tv5o|vG4teq!@Fgw&L9ATF!2kaMG?9Wz

literal 0
HcmV?d00001

diff --git a/storage-access.bs b/storage-access.bs
index 9beb926..1182429 100644
--- a/storage-access.bs
+++ b/storage-access.bs
@@ -21,15 +21,27 @@ spec:html; type:dfn; text:session history; url:https://html.spec.whatwg.org/mult
 spec:html; type:dfn; text:current entry; url:https://html.spec.whatwg.org/multipage/history.html#current-entry
 </pre>
 
+<pre class=biblio>
+{
+    "STORAGE-ACCESS-INTRO": {
+        "authors": ["John Wilander"],
+        "date": "February 2018",
+        "href": "https://webkit.org/blog/8124/introducing-storage-access-api/",
+        "publisher": "WebKit",
+        "rawDate": "2018-02-21",
+        "status": "Blog post",
+        "title": "Introducing Storage Access API"
+    }
+}
+</pre>
+
 <style>
 .XXX {
     color: #E50000;
-    background: white;
-    border: solid red;
+    font-weight: bold;
 }
-.XXX {
-    margin: 1.5em 0;
-    padding: 0.5em 1em;
+.XXX::before {
+    content: "TODO: ";
 }
 </style>
 
@@ -38,7 +50,10 @@ spec:html; type:dfn; text:current entry; url:https://html.spec.whatwg.org/multip
 
 <em>This section is non-normative.</em>
 
-ISSUE: Write this section.
+Browsers sometimes block access to client-side storage mechanisms in third-party contexts. This can break authenticated embeds such as commenting widgets, which often rely on cookies for authentication.
+
+The Storage Access API enables cross-origin iframes to request and be granted access to their client-side storage, so that authenticated embeds can work in such browsers. [[STORAGE-ACCESS-INTRO]]
+
 </section>
 
 <h2 id="infra">Infrastructure</h2>
@@ -81,11 +96,13 @@ When invoked, |document|.<dfn export method for=Document><code>requestStorageAcc
 1. If |document|'s <a for=Document>browsing context</a> is a [=top-level browsing context=], [=resolve=] |p| and abort these steps.
 1. If |document|'s <a for=Document>browsing context</a> is [=same origin=] with its [=top-level browsing context=], [=resolve=] |p| and abort these steps.
 1. If the |document|'s {{Window}} object has [=transient activation=] and the |document|'s [=active sandboxing flag set=] has its [=sandbox storage access by user activation flag=] set, [=reject=] |p| and abort these steps.
-1. If |document|'s <a for=Document>browsing context</a>'s [=opener browsing context=] is not its [=top-level browsing context=], [=reject=] |p| and abort these steps.
+1. <span class=XXX>Remove this step when [privacycg/storage-access#10](https://github.com/privacycg/storage-access/issues/10) is resolved.</span> If |document|'s <a for=Document>browsing context</a>'s [=opener browsing context=] is not its [=top-level browsing context=], [=reject=] |p| and abort these steps.
 1. If the algorithm is invoked when the |document|'s {{Window}} object does not have [=transient activation=], [=reject=] |p| and abort these steps.
 1. <span class=XXX>Finish this algorithm.</span>
 1. [=If aborted=], return |p|.
 
+ISSUE(10): Provide mechanism for nested iframes to request storage access
+
 <div class=issue>
 <p>Complete this algorithm.
 <p>See its <a href="https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess">MDN page</a>, <a href="https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/dom/DocumentStorageAccess.cpp#L123">WebKit implementation</a>, and <a href="https://hg.mozilla.org/mozilla-central/file/tip/dom/base/Document.cpp#l15629">Gecko implementation</a>.
@@ -96,12 +113,16 @@ When invoked, |document|.<dfn export method for=Document><code>requestStorageAcc
 
 When the [=current entry=] of a [=browsing context=]'s [=session history=] changes, the [=has storage access flag=] of the {{Document}} of the old [=current entry=] is unset.
 
-<h3 id="cookies">Changes to {{Document/cookie}}</h3>
+ISSUE: Finish this section.
 
-ISSUE: Write this section.
+<h3 id="storage">Changes to various client-side storage mechanisms</h3>
 
 ISSUE(4): Should this API affect client-side storage other than cookies?
 
+<h4 id="cookies">Cookies</h4>
+
+ISSUE: Write this section.
+
 <h3 id="sandboxing-storage-access">Sandboxing storage access</h3>
 
 A [=sandboxing flag set=] has a <dfn export>sandbox storage access by user activation flag</dfn>. This flag prevents content from requesting storage access.
@@ -112,10 +133,53 @@ To the [=parse a sandboxing directive=] algorithm, add the following under step
 <li>The [=sandbox storage access by user activation flag=], unless <var ignore>tokens</var> contains the <dfn export attr-value for=iframe/sandbox>allow-storage-access-by-user-activation</dfn> keyword.
 </ul>
 
-ISSUE(10): Provide mechanism for nested iframes to request storage access
-
 ISSUE(12): What about Feature Policy?
 
-<h2 id="acknowledgements" class="no-num">Acknowledgements</h2>
+<h2 id="privacy">Privacy considerations</h2>
 
 ISSUE: Write this section.
+
+<figure id=example-prompt>
+<img src=images/storage-access-prompt.png
+     alt="A modal dialog box which states 'Do you want to allow “video.example” to use cookies and website data while browsing “news.example”? This will allow “video.example” to track your activity.' and which has two buttons, “Don’t Allow” and “Allow”.">
+<figcaption>An example prompt which could be shown to the user when a site calls `document.`{{Document/requestStorageAccess()}}.</figcaption>
+</figure>
+
+<h2 id="security">Security considerations</h2>
+
+ISSUE: Write this section.
+
+<h2 id="acknowledgements" class="no-num">Acknowledgements</h2>
+
+Many thanks to
+Anne van Kesteren,
+Ben Kelly,
+Brad Girardeau,
+Brad Hill,
+Brandon Maslen,
+Chris Mills,
+Dave Longley,
+Domenic Denicola,
+Ehsan Akhgari,
+Jack Frankland,
+James Coleman,
+James Hartig,
+Jeffrey Yasskin,
+Kushal Dave,
+Luís Rudge,
+Maciej Stachowiak,
+Matias Woloski,
+Mike O'Neill,
+Mike West,
+Pete Snyder,
+Rob Stone,
+Stefan Leyhane,
+Steven Englehardt,
+Theresa O'Connor,
+Travis Leithead,
+Yan Zhu,
+Zach Edwards,
+and everyone who commented on [whatwg/html#3338](https://github.com/whatwg/html/issues/3338), [privacycg/proposals#2](https://github.com/privacycg/proposals/issues/2), and [privacycg/storage-access/issues](https://github.com/privacycg/storage-access/issues)
+for their feedback on this proposal.
+
+Thanks to the [WebKit Open Source Project](https://webkit.org/) for allowing us to use the [Storage Access API Prompt](#example-prompt) image, which was [originally published on webkit.org](https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/).

From 8c9b71644cc769451a114fd0981912e773b321d6 Mon Sep 17 00:00:00 2001
From: Theresa O'Connor <hober@apple.com>
Date: Tue, 14 Apr 2020 11:36:38 -0700
Subject: [PATCH 5/8] Finish up hasStorageAccess() and requestStorageAccess().

---
 storage-access.bs | 97 ++++++++++++++++++++++++++++++++---------------
 1 file changed, 66 insertions(+), 31 deletions(-)

diff --git a/storage-access.bs b/storage-access.bs
index 1182429..94fac66 100644
--- a/storage-access.bs
+++ b/storage-access.bs
@@ -50,9 +50,9 @@ spec:html; type:dfn; text:current entry; url:https://html.spec.whatwg.org/multip
 
 <em>This section is non-normative.</em>
 
-Browsers sometimes block access to client-side storage mechanisms in third-party contexts. This can break authenticated embeds such as commenting widgets, which often rely on cookies for authentication.
+User Agents sometimes block access to client-side storage mechanisms in third-party contexts. This can break authenticated embeds such as commenting widgets, which often rely on cookies for authentication.
 
-The Storage Access API enables cross-origin iframes to request and be granted access to their client-side storage, so that authenticated embeds can work in such browsers. [[STORAGE-ACCESS-INTRO]]
+The Storage Access API enables cross-origin <{iframe}>s to request and be granted access to their client-side storage, so that authenticated embeds can work in such User Agents. [[STORAGE-ACCESS-INTRO]]
 
 </section>
 
@@ -62,7 +62,7 @@ This specification defines several additions to the HTML standard, and depends o
 
 <h2 id="the-storage-access-api">The Storage Access API</h2>
 
-Each {{Document}} has an associated <dfn export for=Document id=storage-access-flag>has storage access flag</dfn>, initially unset.
+<h3 id="the-document-object">Changes to {{Document}}</h3>
 
 <pre class="idl">
 partial interface Document {
@@ -71,52 +71,87 @@ partial interface Document {
 };
 </pre>
 
-When invoked, |document|.<dfn export method for=Document><code>hasStorageAccess()</code></dfn> must run these steps:
+This specification defines two methods on {{Document}}: {{Document/hasStorageAccess()}} and {{Document/requestStorageAccess()}}. The {{Document/hasStorageAccess()}} method returns a {{Promise}} that resolves with a {{boolean}} indicating whether the document has access to its first-party storage. The {{Document/requestStorageAccess()}} method returns a {{Promise}} that resolves when the document has been granted access to its first-party storage, and rejects otherwise.
+
+Each {{Document}} has an associated <dfn export for=Document id=has-storage-access-flag>has storage access flag</dfn>, initially unset.
+
+Each {{Document}} has an associated <dfn export for=Document id=was-expressly-denied-storage-access-flag>was expressly denied storage access flag</dfn>, initially unset.
+
+When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>hasStorageAccess()</code></dfn> method must run these steps:
+
+<!-- https://developer.mozilla.org/en-US/docs/Web/API/Document/hasStorageAccess -->
+<!-- https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/dom/DocumentStorageAccess.cpp#L80 -->
+<!-- https://hg.mozilla.org/mozilla-central/file/tip/dom/base/Document.cpp#l15512 -->
 
 1. Let |p| be [=a new promise=].
-1. If |document|'s [=has storage access flag=] is set, [=resolve=] |p| with true and abort these steps.
-1. If the |document|'s [=active sandboxing flag set=] has its [=sandboxed origin browsing context flag=] set, [=resolve=] |p| with false and abort these steps.
-1. If |document|'s <a for=Document>browsing context</a> is a [=top-level browsing context=], [=resolve=] |p| with true and abort these steps.
-1. If |document|'s <a for=Document>browsing context</a> is [=same origin=] with its [=top-level browsing context=], [=resolve=] |p| with true and abort these steps.
-1. <span class=XXX>Finish this algorithm.</span>
+1. If |doc|'s [=was expressly denied storage access flag=] is set, [=resolve=] |p| with false and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L85 -->
+1. If |doc|'s [=active sandboxing flag set=] has its [=sandboxed origin browsing context flag=] set, [=resolve=] |p| with false and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L90 --> <!-- Gecko's Document.cpp#l15526 -->
+1. If |doc|'s <a for=Document>browsing context</a> is a [=top-level browsing context=], [=resolve=] |p| with true and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L95 --> <!-- Gecko's Document.cpp#l15531 -->
+1. Let |topDoc| be the [=active document=] of |doc|'s <a for=Document>browsing context</a>'s [=top-level browsing context=].
+1. If |doc| is [=same origin=] with |topDoc|, [=resolve=] |p| with true and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L102 --> <!-- Gecko's Document.cpp#l15541 -->
+1. Resolve |p| with the result of running [=determine if a document has storage access=] with |doc| and |topDoc| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L115 --> <!-- Gecko's Document.cpp#l15548 -->
 1. [=If aborted=], return |p|.
 
-<div class=issue>
-<p>Complete this algorithm.
-<p>See its <a href="https://developer.mozilla.org/en-US/docs/Web/API/Document/hasStorageAccess">MDN page</a>, <a href="https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/dom/DocumentStorageAccess.cpp#L80">WebKit implementation</a>, and <a href="https://hg.mozilla.org/mozilla-central/file/tip/dom/base/Document.cpp#l15558">Gecko implementation</a>.
-</ul>
-</div>
+When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>requestStorageAccess()</code></dfn> method must run these steps:
 
-When invoked, |document|.<dfn export method for=Document><code>requestStorageAccess()</code></dfn> must run these steps:
+<!-- https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess -->
+<!-- https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/dom/DocumentStorageAccess.cpp#L123 -->
+<!-- https://hg.mozilla.org/mozilla-central/file/tip/dom/base/Document.cpp#l15629 -->
 
 1. Let |p| be [=a new promise=].
-1. If |document|'s [=has storage access flag=] is set, [=resolve=] |p| and abort these steps.
-1. If the |document|'s [=active sandboxing flag set=] has its [=sandboxed origin browsing context flag=] set, [=reject=] |p| and abort these steps.
-1. If |document|'s [=has storage access flag=] is unset, [=reject=] |p| and abort these steps.
-1. If |document|'s <a for=Document>browsing context</a> is a [=top-level browsing context=], [=resolve=] |p| and abort these steps.
-1. If |document|'s <a for=Document>browsing context</a> is [=same origin=] with its [=top-level browsing context=], [=resolve=] |p| and abort these steps.
-1. If the |document|'s {{Window}} object has [=transient activation=] and the |document|'s [=active sandboxing flag set=] has its [=sandbox storage access by user activation flag=] set, [=reject=] |p| and abort these steps.
-1. <span class=XXX>Remove this step when [privacycg/storage-access#10](https://github.com/privacycg/storage-access/issues/10) is resolved.</span> If |document|'s <a for=Document>browsing context</a>'s [=opener browsing context=] is not its [=top-level browsing context=], [=reject=] |p| and abort these steps.
-1. If the algorithm is invoked when the |document|'s {{Window}} object does not have [=transient activation=], [=reject=] |p| and abort these steps.
-1. <span class=XXX>Finish this algorithm.</span>
+1. If |doc|'s [=was expressly denied storage access flag=] is set, [=reject=] |p| and abort these steps.
+1. If |doc|'s [=has storage access flag=] is set, [=resolve=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L128 --> <!-- Gecko's Document.cpp#l15604 -->
+1. If the |doc|'s [=active sandboxing flag set=] has its [=sandboxed origin browsing context flag=] set, [=reject=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L133 --> <!-- Gecko's Document.cpp#l15618 -->
+1. If |doc|'s <a for=Document>browsing context</a> is a [=top-level browsing context=], [=resolve=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L138 --> <!-- Gecko's Document.cpp#l15632 -->
+1. Let |topDoc| be the [=active document=] of |doc|'s <a for=Document>browsing context</a>'s [=top-level browsing context=].
+1. If |doc| is [=same origin=] with |topDoc|, [=resolve=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L146 --> <!-- Gecko's Document.cpp#l15604 --> <!-- Gecko's Document.cpp#l15657 -->
+1. If |doc|'s [=active sandboxing flag set=] has its [=sandbox storage access by user activation flag=] set, [=reject=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L152 --> <!-- Gecko's Document.cpp#l15667 -->
+1. If |doc|'s <a for=Document>browsing context</a>'s [=opener browsing context=] is not its [=top-level browsing context=], [=reject=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L158 --> <!-- Gecko's Document.cpp#l15673 -->
+1. If the algorithm is invoked when |doc|'s {{Window}} object does not have [=transient activation=], [=reject=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L163 --> <!-- Gecko's Document.cpp#l15680 -->
+1. [=Determine the storage access policy=] with |doc|, |topDoc|, and |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L177 --> <!-- Gecko's Document.cpp#l15685 -->
+1. Set |doc|'s [=has storage access flag=], [=resolve=] |p|, and abort these steps. <!-- Gecko's Document.cpp#l15805 -->
 1. [=If aborted=], return |p|.
 
-ISSUE(10): Provide mechanism for nested iframes to request storage access
+ISSUE(10): Remove step 9 if we determine that nested <{iframe}>s should be able to request storage access.
 
-<div class=issue>
-<p>Complete this algorithm.
-<p>See its <a href="https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess">MDN page</a>, <a href="https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/dom/DocumentStorageAccess.cpp#L123">WebKit implementation</a>, and <a href="https://hg.mozilla.org/mozilla-central/file/tip/dom/base/Document.cpp#l15629">Gecko implementation</a>.
-</ul>
-</div>
+<h4 id="ua-policy">User Agent storage access policies</h4>
+
+Different User Agents have different policies around whether or not third-party <{iframe}>'s may access data placed into client-side storage mechanisms when the <{iframe}>'s {{Document}}'s <a for=Document>origin</a> was loaded in a first-party context. User Agents check these policies when client-side storage is accessed (see [[#storage]]) as well as by {{Document/hasStorageAccess()}} and {{Document/requestStorageAccess()}}.
+
+When required to <dfn type="abstract-op">determine if a document has storage access</dfn> with {{Document|Documents}} |doc| and |topDoc|, run these steps:
+
+1. Assert: |topDoc| is the [=active document=] of |doc|'s <a for=Document>browsing context</a>'s [=top-level browsing context=].
+1. If |doc|'s [=has storage access flag=] is set, return true.
+1. Let |has storage access| (a {{boolean}}) be the result of running a UA-defined set of steps to determine if |doc| has storage access when it is loaded in a third-party context on |topDoc|.
+1. If |has storage access| is true, set |doc|'s [=has storage access flag=].
+1. Return |has storage access|.
+
+When required to <dfn type="abstract-op">determine the storage access policy</dfn> for {{Document|Documents}} |doc| and |topDoc| with {{Promise}} |p|, run these steps:
+
+1. Assert: |topDoc| is the [=active document=] of |doc|'s <a for=Document>browsing context</a>'s [=top-level browsing context=].
+1. Let |should implicitly grant| and |should implicitly deny| (both {{boolean|booleans}}) be the result of running a UA-defined set of steps to determine if |doc|'s request for storage access on |topDoc| should be granted or denied without prompting the user.
+1. If |should implicitly grant| is true, [=resolve=] |p| and abort these steps.
+1. If |should implicitly deny| is true, [=reject=] |p| and abort these steps.
+1. Ask the user if they would like to grant |doc| access to its storage when it is loaded in a third-party context on |topDoc|, and wait for an answer. Let |user expression of permission| (a {{boolean}}) be the result.
+
+    Note: if |user expression of permission| is false, the user **expressly chose** to deny |doc| access to its storage.
+1. If |user expression of permission| is true, [=resolve=] |p|. <!-- WebKit's DocumentStorageAccess.cpp#L191 -->
+1. If |user expression of permission| is false, let |w| be |doc|'s {{Window}} object and run these steps:
+    1. If |w| has [=transient activation=] and |user expression of permission| is false, [=consume user activation=] with |w|. <!-- WebKit's DocumentStorageAccess.cpp#L181 -->
+    1. Unset |doc|'s [=has storage access flag=].
+    1. Set |doc|'s [=was expressly denied storage access flag=].
+    1. [=Reject=] |p|. <!-- WebKit's DocumentStorageAccess.cpp#L194 --> <!-- Gecko's Document.cpp#l15805 -->
 
 <h3 id="navigation">Changes to navigation</h3>
 
-When the [=current entry=] of a [=browsing context=]'s [=session history=] changes, the [=has storage access flag=] of the {{Document}} of the old [=current entry=] is unset.
+Before changing the [=current entry=] of a [=session history=], unset the [=has storage access flag=] of the old [=current entry=]'s {{Document}}, if it has one.
 
 ISSUE: Finish this section.
 
 <h3 id="storage">Changes to various client-side storage mechanisms</h3>
 
+ISSUE: Write this section. For each kind of client-side storage affected, modify them to invoke [=determine if a document has storage access=] & modify their behavior based on the result.
+
 ISSUE(4): Should this API affect client-side storage other than cookies?
 
 <h4 id="cookies">Cookies</h4>

From c1225ad022d38a97b1523e823cb9c6eec263d877 Mon Sep 17 00:00:00 2001
From: Theresa O'Connor <hober@apple.com>
Date: Tue, 14 Apr 2020 11:37:18 -0700
Subject: [PATCH 6/8] Generate spec from commit 8c9b716.

---
 index.html | 2215 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 2215 insertions(+)
 create mode 100644 index.html

diff --git a/index.html b/index.html
new file mode 100644
index 0000000..c25aabf
--- /dev/null
+++ b/index.html
@@ -0,0 +1,2215 @@
+<!doctype html><html lang="en">
+ <head>
+  <meta charset="utf-8">
+  <title>The Storage Access API</title>
+  <meta content="width=device-width" name="viewport">
+<style data-fill-with="stylesheet">/******************************************************************************
+ *                   Style sheet for the W3C specifications                   *
+ *
+ * Special classes handled by this style sheet include:
+ *
+ * Indices
+ *   - .toc for the Table of Contents (<ol class="toc">)
+ *     + <span class="secno"> for the section numbers
+ *   - #toc for the Table of Contents (<nav id="toc">)
+ *   - ul.index for Indices (<a href="#ref">term</a><span>, in §N.M</span>)
+ *   - table.index for Index Tables (e.g. for properties or elements)
+ *
+ * Structural Markup
+ *   - table.data for general data tables
+ *     -> use 'scope' attribute, <colgroup>, <thead>, and <tbody> for best results !
+ *     -> use <table class='complex data'> for extra-complex tables
+ *     -> use <td class='long'> for paragraph-length cell content
+ *     -> use <td class='pre'> when manual line breaks/indentation would help readability
+ *   - dl.switch for switch statements
+ *   - ol.algorithm for algorithms (helps to visualize nesting)
+ *   - .figure and .caption (HTML4) and figure and figcaption (HTML5)
+ *     -> .sidefigure for right-floated figures
+ *   - ins/del
+ *
+ * Code
+ *   - pre and code
+ *
+ * Special Sections
+ *   - .note       for informative notes             (div, p, span, aside, details)
+ *   - .example    for informative examples          (div, p, pre, span)
+ *   - .issue      for issues                        (div, p, span)
+ *   - .assertion  for assertions                    (div, p, span)
+ *   - .advisement for loud normative statements     (div, p, strong)
+ *   - .annoying-warning for spec obsoletion notices (div, aside, details)
+ *
+ * Definition Boxes
+ *   - pre.def   for WebIDL definitions
+ *   - table.def for tables that define other entities (e.g. CSS properties)
+ *   - dl.def    for definition lists that define other entitles (e.g. HTML elements)
+ *
+ * Numbering
+ *   - .secno for section numbers in .toc and headings (<span class='secno'>3.2</span>)
+ *   - .marker for source-inserted example/figure/issue numbers (<span class='marker'>Issue 4</span>)
+ *   - ::before styled for CSS-generated issue/example/figure numbers:
+ *     -> Documents wishing to use this only need to add
+ *        figcaption::before,
+ *        .caption::before { content: "Figure "  counter(figure) " ";  }
+ *        .example::before { content: "Example " counter(example) " "; }
+ *        .issue::before   { content: "Issue "   counter(issue) " ";   }
+ *
+ * Header Stuff (ignore, just don't conflict with these classes)
+ *   - .head for the header
+ *   - .copyright for the copyright
+ *
+ * Miscellaneous
+ *   - .overlarge for things that should be as wide as possible, even if
+ *     that overflows the body text area. This can be used on an item or
+ *     on its container, depending on the effect desired.
+ *     Note that this styling basically doesn't help at all when printing,
+ *     since A4 paper isn't much wider than the max-width here.
+ *     It's better to design things to fit into a narrower measure if possible.
+ *   - js-added ToC jump links (see fixup.js)
+ *
+ ******************************************************************************/
+
+/******************************************************************************/
+/*                                   Body                                     */
+/******************************************************************************/
+
+	body {
+		counter-reset: example figure issue;
+
+		/* Layout */
+		max-width: 50em;               /* limit line length to 50em for readability   */
+		margin: 0 auto;                /* center text within page                     */
+		padding: 1.6em 1.5em 2em 50px; /* assume 16px font size for downlevel clients */
+		padding: 1.6em 1.5em 2em calc(26px + 1.5em); /* leave space for status flag     */
+
+		/* Typography */
+		line-height: 1.5;
+		font-family: sans-serif;
+		widows: 2;
+		orphans: 2;
+		word-wrap: break-word;
+		overflow-wrap: break-word;
+		hyphens: auto;
+
+		/* Colors */
+		color: black;
+		background: white top left fixed no-repeat;
+		background-size: 25px auto;
+	}
+
+
+/******************************************************************************/
+/*                         Front Matter & Navigation                          */
+/******************************************************************************/
+
+/** Header ********************************************************************/
+
+	div.head { margin-bottom: 1em }
+	div.head hr { border-style: solid; }
+
+	div.head h1 {
+		font-weight: bold;
+		margin: 0 0 .1em;
+		font-size: 220%;
+	}
+
+	div.head h2 { margin-bottom: 1.5em;}
+
+/** W3C Logo ******************************************************************/
+
+	.head .logo {
+		float: right;
+		margin: 0.4rem 0 0.2rem .4rem;
+	}
+
+	.head img[src*="logos/W3C"] {
+		display: block;
+		border: solid #1a5e9a;
+		border-width: .65rem .7rem .6rem;
+		border-radius: .4rem;
+		background: #1a5e9a;
+		color: white;
+		font-weight: bold;
+	}
+
+	.head a:hover > img[src*="logos/W3C"],
+	.head a:focus > img[src*="logos/W3C"] {
+		opacity: .8;
+	}
+
+	.head a:active > img[src*="logos/W3C"] {
+		background: #c00;
+		border-color: #c00;
+	}
+
+	/* see also additional rules in Link Styling section */
+
+/** Copyright *****************************************************************/
+
+	p.copyright,
+	p.copyright small { font-size: small }
+
+/** Back to Top / ToC Toggle **************************************************/
+
+	@media print {
+		#toc-nav {
+			display: none;
+		}
+	}
+	@media not print {
+		#toc-nav {
+			position: fixed;
+			z-index: 2;
+			bottom: 0; left: 0;
+			margin: 0;
+			min-width: 1.33em;
+			border-top-right-radius: 2rem;
+			box-shadow: 0 0 2px;
+			font-size: 1.5em;
+			color: black;
+		}
+		#toc-nav > a {
+			display: block;
+			white-space: nowrap;
+
+			height: 1.33em;
+			padding: .1em 0.3em;
+			margin: 0;
+
+			background: white;
+			box-shadow: 0 0 2px;
+			border: none;
+			border-top-right-radius: 1.33em;
+			background: white;
+		}
+		#toc-nav > #toc-jump {
+			padding-bottom: 2em;
+			margin-bottom: -1.9em;
+		}
+
+		#toc-nav > a:hover,
+		#toc-nav > a:focus {
+			background: #f8f8f8;
+		}
+		#toc-nav > a:not(:hover):not(:focus) {
+			color: #707070;
+		}
+
+		/* statusbar gets in the way on keyboard focus; remove once browsers fix */
+		#toc-nav > a[href="#toc"]:not(:hover):focus:last-child {
+			padding-bottom: 1.5rem;
+		}
+
+		#toc-nav:not(:hover) > a:not(:focus) > span + span {
+			/* Ideally this uses :focus-within on #toc-nav */
+			display: none;
+		}
+		#toc-nav > a > span + span {
+			padding-right: 0.2em;
+		}
+
+		#toc-toggle-inline {
+			vertical-align: 0.05em;
+			font-size: 80%;
+			color: gray;
+			color: hsla(203,20%,40%,.7);
+			border-style: none;
+			background: transparent;
+			position: relative;
+		}
+		#toc-toggle-inline:hover:not(:active),
+		#toc-toggle-inline:focus:not(:active) {
+			text-shadow: 1px 1px silver;
+			top: -1px;
+			left: -1px;
+		}
+
+		#toc-nav :active {
+			color: #C00;
+		}
+	}
+
+/** ToC Sidebar ***************************************************************/
+
+	/* Floating sidebar */
+	@media screen {
+		body.toc-sidebar #toc {
+			position: fixed;
+			top: 0; bottom: 0;
+			left: 0;
+			width: 23.5em;
+			max-width: 80%;
+			max-width: calc(100% - 2em - 26px);
+			overflow: auto;
+			padding: 0 1em;
+			padding-left: 42px;
+			padding-left: calc(1em + 26px);
+			background: inherit;
+			background-color: #f7f8f9;
+			z-index: 1;
+			box-shadow: -.1em 0 .25em rgba(0,0,0,.1) inset;
+		}
+		body.toc-sidebar #toc h2 {
+			margin-top: .8rem;
+			font-variant: small-caps;
+			font-variant: all-small-caps;
+			text-transform: lowercase;
+			font-weight: bold;
+			color: gray;
+			color: hsla(203,20%,40%,.7);
+		}
+		body.toc-sidebar #toc-jump:not(:focus) {
+			width: 0;
+			height: 0;
+			padding: 0;
+			position: absolute;
+			overflow: hidden;
+		}
+	}
+	/* Hide main scroller when only the ToC is visible anyway */
+	@media screen and (max-width: 28em) {
+		body.toc-sidebar {
+			overflow: hidden;
+		}
+	}
+
+	/* Sidebar with its own space */
+	@media screen and (min-width: 78em) {
+		body:not(.toc-inline) #toc {
+			position: fixed;
+			top: 0; bottom: 0;
+			left: 0;
+			width: 23.5em;
+			overflow: auto;
+			padding: 0 1em;
+			padding-left: 42px;
+			padding-left: calc(1em + 26px);
+			background: inherit;
+			background-color: #f7f8f9;
+			z-index: 1;
+			box-shadow: -.1em 0 .25em rgba(0,0,0,.1) inset;
+		}
+		body:not(.toc-inline) #toc h2 {
+			margin-top: .8rem;
+			font-variant: small-caps;
+			font-variant: all-small-caps;
+			text-transform: lowercase;
+			font-weight: bold;
+			color: gray;
+			color: hsla(203,20%,40%,.7);
+		}
+
+		body:not(.toc-inline) {
+			padding-left: 29em;
+		}
+		/* See also Overflow section at the bottom */
+
+		body:not(.toc-inline) #toc-jump:not(:focus) {
+			width: 0;
+			height: 0;
+			padding: 0;
+			position: absolute;
+			overflow: hidden;
+		}
+	}
+	@media screen and (min-width: 90em) {
+		body:not(.toc-inline) {
+			margin: 0 4em;
+		}
+	}
+
+/******************************************************************************/
+/*                                Sectioning                                  */
+/******************************************************************************/
+
+/** Headings ******************************************************************/
+
+	h1, h2, h3, h4, h5, h6, dt {
+		page-break-after: avoid;
+		page-break-inside: avoid;
+		font: 100% sans-serif;   /* Reset all font styling to clear out UA styles */
+		font-family: inherit;    /* Inherit the font family. */
+		line-height: 1.2;        /* Keep wrapped headings compact */
+		hyphens: manual;         /* Hyphenated headings look weird */
+	}
+
+	h2, h3, h4, h5, h6 {
+		margin-top: 3rem;
+	}
+
+	h1, h2, h3 {
+		color: #005A9C;
+		background: transparent;
+	}
+
+	h1 { font-size: 170%; }
+	h2 { font-size: 140%; }
+	h3 { font-size: 120%; }
+	h4 { font-weight: bold; }
+	h5 { font-style: italic; }
+	h6 { font-variant: small-caps; }
+	dt { font-weight: bold; }
+
+/** Subheadings ***************************************************************/
+
+	h1 + h2,
+	#subtitle {
+		/* #subtitle is a subtitle in an H2 under the H1 */
+		margin-top: 0;
+	}
+	h2 + h3,
+	h3 + h4,
+	h4 + h5,
+	h5 + h6 {
+		margin-top: 1.2em; /* = 1 x line-height */
+	}
+
+/** Section divider ***********************************************************/
+
+	:not(.head) > hr {
+		font-size: 1.5em;
+		text-align: center;
+		margin: 1em auto;
+		height: auto;
+		border: transparent solid 0;
+		background: transparent;
+	}
+	:not(.head) > hr::before {
+		content: "\2727\2003\2003\2727\2003\2003\2727";
+	}
+
+/******************************************************************************/
+/*                            Paragraphs and Lists                            */
+/******************************************************************************/
+
+	p {
+		margin: 1em 0;
+	}
+
+	dd > p:first-child,
+	li > p:first-child {
+		margin-top: 0;
+	}
+
+	ul, ol {
+		margin-left: 0;
+		padding-left: 2em;
+	}
+
+	li {
+		margin: 0.25em 0 0.5em;
+		padding: 0;
+	}
+
+	dl dd {
+		margin: 0 0 .5em 2em;
+	}
+
+	.head dd + dd { /* compact for header */
+		margin-top: -.5em;
+	}
+
+	/* Style for algorithms */
+	ol.algorithm ol:not(.algorithm),
+	.algorithm > ol ol:not(.algorithm) {
+	 border-left: 0.5em solid #DEF;
+	}
+
+	/* Put nice boxes around each algorithm. */
+	[data-algorithm]:not(.heading) {
+	  padding: .5em;
+	  border: thin solid #ddd; border-radius: .5em;
+	  margin: .5em calc(-0.5em - 1px);
+	}
+	[data-algorithm]:not(.heading) > :first-child {
+	  margin-top: 0;
+	}
+	[data-algorithm]:not(.heading) > :last-child {
+	  margin-bottom: 0;
+	}
+
+	/* Style for switch/case <dl>s */
+	dl.switch > dd > ol.only,
+	dl.switch > dd > .only > ol {
+	 margin-left: 0;
+	}
+	dl.switch > dd > ol.algorithm,
+	dl.switch > dd > .algorithm > ol {
+	 margin-left: -2em;
+	}
+	dl.switch {
+	 padding-left: 2em;
+	}
+	dl.switch > dt {
+	 text-indent: -1.5em;
+	 margin-top: 1em;
+	}
+	dl.switch > dt + dt {
+	 margin-top: 0;
+	}
+	dl.switch > dt::before {
+	 content: '\21AA';
+	 padding: 0 0.5em 0 0;
+	 display: inline-block;
+	 width: 1em;
+	 text-align: right;
+	 line-height: 0.5em;
+	}
+
+/** Terminology Markup ********************************************************/
+
+
+/******************************************************************************/
+/*                                 Inline Markup                              */
+/******************************************************************************/
+
+/** Terminology Markup ********************************************************/
+	dfn   { /* Defining instance */
+		font-weight: bolder;
+	}
+	a > i { /* Instance of term */
+		font-style: normal;
+	}
+	dt dfn code, code.idl {
+		font-size: medium;
+	}
+	dfn var {
+		font-style: normal;
+	}
+
+/** Change Marking ************************************************************/
+
+	del { color: red;  text-decoration: line-through; }
+	ins { color: #080; text-decoration: underline;    }
+
+/** Miscellaneous improvements to inline formatting ***************************/
+
+	sup {
+		vertical-align: super;
+		font-size: 80%
+	}
+
+/******************************************************************************/
+/*                                    Code                                    */
+/******************************************************************************/
+
+/** General monospace/pre rules ***********************************************/
+
+	pre, code, samp {
+		font-family: Menlo, Consolas, "DejaVu Sans Mono", Monaco, monospace;
+		font-size: .9em;
+		page-break-inside: avoid;
+		hyphens: none;
+		text-transform: none;
+	}
+	pre code,
+	code code {
+		font-size: 100%;
+	}
+
+	pre {
+		margin-top: 1em;
+		margin-bottom: 1em;
+		overflow: auto;
+	}
+
+/** Inline Code fragments *****************************************************/
+
+  /* Do something nice. */
+
+/******************************************************************************/
+/*                                    Links                                   */
+/******************************************************************************/
+
+/** General Hyperlinks ********************************************************/
+
+	/* We hyperlink a lot, so make it less intrusive */
+	a[href] {
+		color: #034575;
+		text-decoration: none;
+		border-bottom: 1px solid #707070;
+		/* Need a bit of extending for it to look okay */
+		padding: 0 1px 0;
+		margin: 0 -1px 0;
+	}
+	a:visited {
+		border-bottom-color: #BBB;
+	}
+
+	/* Use distinguishing colors when user is interacting with the link */
+	a[href]:focus,
+	a[href]:hover {
+		background: #f8f8f8;
+		background: rgba(75%, 75%, 75%, .25);
+		border-bottom-width: 3px;
+		margin-bottom: -2px;
+	}
+	a[href]:active {
+		color: #C00;
+		border-color: #C00;
+	}
+
+	/* Backout above styling for W3C logo */
+	.head .logo,
+	.head .logo a {
+		border: none;
+		text-decoration: none;
+		background: transparent;
+	}
+
+/******************************************************************************/
+/*                                    Images                                  */
+/******************************************************************************/
+
+	img {
+		border-style: none;
+	}
+
+	/* For autogen numbers, add
+	   .caption::before, figcaption::before { content: "Figure " counter(figure) ". "; }
+	*/
+
+	figure, .figure, .sidefigure {
+		page-break-inside: avoid;
+		text-align: center;
+		margin: 2.5em 0;
+	}
+	.figure img,    .sidefigure img,    figure img,
+	.figure object, .sidefigure object, figure object {
+		max-width: 100%;
+		margin: auto;
+	}
+	.figure pre, .sidefigure pre, figure pre {
+		text-align: left;
+		display: table;
+		margin: 1em auto;
+	}
+	.figure table, figure table {
+		margin: auto;
+	}
+	@media screen and (min-width: 20em) {
+		.sidefigure {
+			float: right;
+			width: 50%;
+			margin: 0 0 0.5em 0.5em
+		}
+	}
+	.caption, figcaption, caption {
+		font-style: italic;
+		font-size: 90%;
+	}
+	.caption::before, figcaption::before, figcaption > .marker {
+		font-weight: bold;
+	}
+	.caption, figcaption {
+		counter-increment: figure;
+	}
+
+	/* DL list is indented 2em, but figure inside it is not */
+	dd > .figure, dd > figure { margin-left: -2em }
+
+/******************************************************************************/
+/*                             Colored Boxes                                  */
+/******************************************************************************/
+
+	.issue, .note, .example, .assertion, .advisement, blockquote {
+		padding: .5em;
+		border: .5em;
+		border-left-style: solid;
+		page-break-inside: avoid;
+	}
+	span.issue, span.note {
+		padding: .1em .5em .15em;
+		border-right-style: solid;
+	}
+
+	.issue,
+	.note,
+	.example,
+	.advisement,
+	.assertion,
+	blockquote {
+		margin: 1em auto;
+	}
+	.note  > p:first-child,
+	.issue > p:first-child,
+	blockquote > :first-child {
+		margin-top: 0;
+	}
+	blockquote > :last-child {
+		margin-bottom: 0;
+	}
+
+/** Blockquotes ***************************************************************/
+
+	blockquote {
+		border-color: silver;
+	}
+
+/** Open issue ****************************************************************/
+
+	.issue {
+		border-color: #E05252;
+		background: #FBE9E9;
+		counter-increment: issue;
+		overflow: auto;
+	}
+	.issue::before, .issue > .marker {
+		text-transform: uppercase;
+		color: #AE1E1E;
+		padding-right: 1em;
+		text-transform: uppercase;
+	}
+	/* Add .issue::before { content: "Issue " counter(issue) " "; } for autogen numbers,
+	   or use class="marker" to mark up the issue number in source. */
+
+/** Example *******************************************************************/
+
+	.example {
+		border-color: #E0CB52;
+		background: #FCFAEE;
+		counter-increment: example;
+		overflow: auto;
+		clear: both;
+	}
+	.example::before, .example > .marker {
+		text-transform: uppercase;
+		color: #827017;
+		min-width: 7.5em;
+		display: block;
+	}
+	/* Add .example::before { content: "Example " counter(example) " "; } for autogen numbers,
+	   or use class="marker" to mark up the example number in source. */
+
+/** Non-normative Note ********************************************************/
+
+	.note {
+		border-color: #52E052;
+		background: #E9FBE9;
+		overflow: auto;
+	}
+
+	.note::before, .note > .marker,
+	details.note > summary::before,
+	details.note > summary > .marker {
+		text-transform: uppercase;
+		display: block;
+		color: hsl(120, 70%, 30%);
+	}
+	/* Add .note::before { content: "Note"; } for autogen label,
+	   or use class="marker" to mark up the label in source. */
+
+	details.note > summary {
+		display: block;
+		color: hsl(120, 70%, 30%);
+	}
+	details.note[open] > summary {
+		border-bottom: 1px silver solid;
+	}
+
+/** Assertion Box *************************************************************/
+	/*  for assertions in algorithms */
+
+	.assertion {
+		border-color: #AAA;
+		background: #EEE;
+	}
+
+/** Advisement Box ************************************************************/
+	/*  for attention-grabbing normative statements */
+
+	.advisement {
+		border-color: orange;
+		border-style: none solid;
+		background: #FFEECC;
+	}
+	strong.advisement {
+		display: block;
+		text-align: center;
+	}
+	.advisement > .marker {
+		color: #B35F00;
+	}
+
+/** Spec Obsoletion Notice ****************************************************/
+	/* obnoxious obsoletion notice for older/abandoned specs. */
+
+	details {
+		display: block;
+	}
+	summary {
+		font-weight: bolder;
+	}
+
+	.annoying-warning:not(details),
+	details.annoying-warning:not([open]) > summary,
+	details.annoying-warning[open] {
+		background: #fdd;
+		color: red;
+		font-weight: bold;
+		padding: .75em 1em;
+		border: thick red;
+		border-style: solid;
+		border-radius: 1em;
+	}
+	.annoying-warning :last-child {
+		margin-bottom: 0;
+	}
+
+@media not print {
+	details.annoying-warning[open] {
+		position: fixed;
+		left: 1em;
+		right: 1em;
+		bottom: 1em;
+		z-index: 1000;
+	}
+}
+
+	details.annoying-warning:not([open]) > summary {
+		text-align: center;
+	}
+
+/** Entity Definition Boxes ***************************************************/
+
+	.def {
+		padding: .5em 1em;
+		background: #DEF;
+		margin: 1.2em 0;
+		border-left: 0.5em solid #8CCBF2;
+	}
+
+/******************************************************************************/
+/*                                    Tables                                  */
+/******************************************************************************/
+
+	th, td {
+		text-align: left;
+		text-align: start;
+	}
+
+/** Property/Descriptor Definition Tables *************************************/
+
+	table.def {
+		/* inherits .def box styling, see above */
+		width: 100%;
+		border-spacing: 0;
+	}
+
+	table.def td,
+	table.def th {
+		padding: 0.5em;
+		vertical-align: baseline;
+		border-bottom: 1px solid #bbd7e9;
+	}
+
+	table.def > tbody > tr:last-child th,
+	table.def > tbody > tr:last-child td {
+		border-bottom: 0;
+	}
+
+	table.def th {
+		font-style: italic;
+		font-weight: normal;
+		padding-left: 1em;
+		width: 3em;
+	}
+
+	/* For when values are extra-complex and need formatting for readability */
+	table td.pre {
+		white-space: pre-wrap;
+	}
+
+	/* A footnote at the bottom of a def table */
+	table.def           td.footnote {
+		padding-top: 0.6em;
+	}
+	table.def           td.footnote::before {
+		content: " ";
+		display: block;
+		height: 0.6em;
+		width: 4em;
+		border-top: thin solid;
+	}
+
+/** Data tables (and properly marked-up index tables) *************************/
+	/*
+		 <table class="data"> highlights structural relationships in a table
+		 when correct markup is used (e.g. thead/tbody, th vs. td, scope attribute)
+
+		 Use class="complex data" for particularly complicated tables --
+		 (This will draw more lines: busier, but clearer.)
+
+		 Use class="long" on table cells with paragraph-like contents
+		 (This will adjust text alignment accordingly.)
+		 Alternately use class="longlastcol" on tables, to have the last column assume "long".
+	*/
+
+	table {
+		word-wrap: normal;
+		overflow-wrap: normal;
+		hyphens: manual;
+	}
+
+	table.data,
+	table.index {
+		margin: 1em auto;
+		border-collapse: collapse;
+		border: hidden;
+		width: 100%;
+	}
+	table.data caption,
+	table.index caption {
+		max-width: 50em;
+		margin: 0 auto 1em;
+	}
+
+	table.data td,  table.data th,
+	table.index td, table.index th {
+		padding: 0.5em 1em;
+		border-width: 1px;
+		border-color: silver;
+		border-top-style: solid;
+	}
+
+	table.data thead td:empty {
+		padding: 0;
+		border: 0;
+	}
+
+	table.data  thead,
+	table.index thead,
+	table.data  tbody,
+	table.index tbody {
+		border-bottom: 2px solid;
+	}
+
+	table.data colgroup,
+	table.index colgroup {
+		border-left: 2px solid;
+	}
+
+	table.data  tbody th:first-child,
+	table.index tbody th:first-child  {
+		border-right: 2px solid;
+		border-top: 1px solid silver;
+		padding-right: 1em;
+	}
+
+	table.data th[colspan],
+	table.data td[colspan] {
+		text-align: center;
+	}
+
+	table.complex.data th,
+	table.complex.data td {
+		border: 1px solid silver;
+		text-align: center;
+	}
+
+	table.data.longlastcol td:last-child,
+	table.data td.long {
+	 vertical-align: baseline;
+	 text-align: left;
+	}
+
+	table.data img {
+		vertical-align: middle;
+	}
+
+
+/*
+Alternate table alignment rules
+
+	table.data,
+	table.index {
+		text-align: center;
+	}
+
+	table.data  thead th[scope="row"],
+	table.index thead th[scope="row"] {
+		text-align: right;
+	}
+
+	table.data  tbody th:first-child,
+	table.index tbody th:first-child  {
+		text-align: right;
+	}
+
+Possible extra rowspan handling
+
+	table.data  tbody th[rowspan]:not([rowspan='1']),
+	table.index tbody th[rowspan]:not([rowspan='1']),
+	table.data  tbody td[rowspan]:not([rowspan='1']),
+	table.index tbody td[rowspan]:not([rowspan='1']) {
+		border-left: 1px solid silver;
+	}
+
+	table.data  tbody th[rowspan]:first-child,
+	table.index tbody th[rowspan]:first-child,
+	table.data  tbody td[rowspan]:first-child,
+	table.index tbody td[rowspan]:first-child{
+		border-left: 0;
+		border-right: 1px solid silver;
+	}
+*/
+
+/******************************************************************************/
+/*                                  Indices                                   */
+/******************************************************************************/
+
+
+/** Table of Contents *********************************************************/
+
+	.toc a {
+		/* More spacing; use padding to make it part of the click target. */
+		padding-top: 0.1rem;
+		/* Larger, more consistently-sized click target */
+		display: block;
+		/* Reverse color scheme */
+		color: black;
+		border-color: #3980B5;
+		border-bottom-width: 3px !important;
+		margin-bottom: 0px !important;
+	}
+	.toc a:visited {
+		border-color: #054572;
+	}
+	.toc a:not(:focus):not(:hover) {
+		/* Allow colors to cascade through from link styling */
+		border-bottom-color: transparent;
+	}
+
+	.toc, .toc ol, .toc ul, .toc li {
+		list-style: none; /* Numbers must be inlined into source */
+		/* because generated content isn't search/selectable and markers can't do multilevel yet */
+		margin:  0;
+		padding: 0;
+		line-height: 1.1rem; /* consistent spacing */
+	}
+
+	/* ToC not indented until third level, but font style & margins show hierarchy */
+	.toc > li             { font-weight: bold;   }
+	.toc > li li          { font-weight: normal; }
+	.toc > li li li       { font-size:   95%;    }
+	.toc > li li li li    { font-size:   90%;    }
+	.toc > li li li li .secno { font-size: 85%; }
+	.toc > li li li li li { font-size:   85%;    }
+	.toc > li li li li li .secno { font-size: 100%; }
+
+	/* @supports not (display:grid) { */
+		.toc > li             { margin: 1.5rem 0;    }
+		.toc > li li          { margin: 0.3rem 0;    }
+		.toc > li li li       { margin-left: 2rem;   }
+
+		/* Section numbers in a column of their own */
+		.toc .secno {
+			float: left;
+			width: 4rem;
+			white-space: nowrap;
+		}
+
+		.toc li {
+			clear: both;
+		}
+
+		:not(li) > .toc              { margin-left:  5rem; }
+		.toc .secno                  { margin-left: -5rem; }
+		.toc > li li li .secno       { margin-left: -7rem; }
+		.toc > li li li li .secno    { margin-left: -9rem; }
+		.toc > li li li li li .secno { margin-left: -11rem; }
+
+		/* Tighten up indentation in narrow ToCs */
+		@media (max-width: 30em) {
+			:not(li) > .toc              { margin-left:  4rem; }
+			.toc .secno                  { margin-left: -4rem; }
+			.toc > li li li              { margin-left:  1rem; }
+			.toc > li li li .secno       { margin-left: -5rem; }
+			.toc > li li li li .secno    { margin-left: -6rem; }
+			.toc > li li li li li .secno { margin-left: -7rem; }
+		}
+	/* } */
+
+	@supports (display:grid) and (display:contents) {
+		/* Use #toc over .toc to override non-@supports rules. */
+		#toc {
+			display: grid;
+			align-content: start;
+			grid-template-columns: auto 1fr;
+			grid-column-gap: 1rem;
+			column-gap: 1rem;
+			grid-row-gap: .6rem;
+			row-gap: .6rem;
+		}
+		#toc h2 {
+			grid-column: 1 / -1;
+			margin-bottom: 0;
+		}
+		#toc ol,
+		#toc li,
+		#toc a {
+			display: contents;
+			/* Switch <a> to subgrid when supported */
+		}
+		#toc span {
+			margin: 0;
+		}
+		#toc > .toc > li > a > span {
+			/* The spans of the top-level list,
+			   comprising the first items of each top-level section. */
+			margin-top: 1.1rem;
+		}
+		#toc#toc .secno { /* Ugh, need more specificity to override base.css */
+			grid-column: 1;
+			width: auto;
+			margin-left: 0;
+		}
+		#toc .content {
+			grid-column: 2;
+			width: auto;
+			margin-right: 1rem;
+		}
+		#toc .content:hover {
+			background: rgba(75%, 75%, 75%, .25);
+			border-bottom: 3px solid #054572;
+			margin-bottom: -3px;
+		}
+		#toc li li li .content {
+			margin-left: 1rem;
+		}
+		#toc li li li li .content {
+			margin-left: 2rem;
+		}
+	}
+
+
+/** Index *********************************************************************/
+
+	/* Index Lists: Layout */
+	ul.index       { margin-left: 0; columns: 15em; text-indent: 1em hanging; }
+	ul.index li    { margin-left: 0; list-style: none; break-inside: avoid; }
+	ul.index li li { margin-left: 1em }
+	ul.index dl    { margin-top: 0; }
+	ul.index dt    { margin: .2em 0 .2em 20px;}
+	ul.index dd    { margin: .2em 0 .2em 40px;}
+	/* Index Lists: Typography */
+	ul.index ul,
+	ul.index dl { font-size: smaller; }
+	@media not print {
+		ul.index li span {
+			white-space: nowrap;
+			color: transparent; }
+		ul.index li a:hover + span,
+		ul.index li a:focus + span {
+			color: #707070;
+		}
+	}
+
+/** Index Tables *****************************************************/
+	/* See also the data table styling section, which this effectively subclasses */
+
+	table.index {
+		font-size: small;
+		border-collapse: collapse;
+		border-spacing: 0;
+		text-align: left;
+		margin: 1em 0;
+	}
+
+	table.index td,
+	table.index th {
+		padding: 0.4em;
+	}
+
+	table.index tr:hover td:not([rowspan]),
+	table.index tr:hover th:not([rowspan]) {
+		background: #f7f8f9;
+	}
+
+	/* The link in the first column in the property table (formerly a TD) */
+	table.index th:first-child a {
+		font-weight: bold;
+	}
+
+/******************************************************************************/
+/*                                    Print                                   */
+/******************************************************************************/
+
+	@media print {
+		/* Pages have their own margins. */
+		html {
+			margin: 0;
+		}
+		/* Serif for print. */
+		body {
+			font-family: serif;
+		}
+	}
+	@page {
+		margin: 1.5cm 1.1cm;
+	}
+
+/******************************************************************************/
+/*                                    Legacy                                  */
+/******************************************************************************/
+
+	/* This rule is inherited from past style sheets. No idea what it's for. */
+	.hide { display: none }
+
+
+
+/******************************************************************************/
+/*                             Overflow Control                               */
+/******************************************************************************/
+
+	.figure .caption, .sidefigure .caption, figcaption {
+		/* in case figure is overlarge, limit caption to 50em */
+		max-width: 50rem;
+		margin-left: auto;
+		margin-right: auto;
+	}
+	.overlarge {
+		/* Magic to create good table positioning:
+		   "content column" is 50ems wide at max; less on smaller screens.
+		   Extra space (after ToC + content) is empty on the right.
+
+		   1. When table < content column, centers table in column.
+		   2. When content < table < available, left-aligns.
+		   3. When table > available, fills available + scroll bar.
+		*/ 
+		display: grid;
+		grid-template-columns: minmax(0, 50em);
+	}
+	.overlarge > table {
+		/* limit preferred width of table */
+		max-width: 50em;
+		margin-left: auto;
+		margin-right: auto;
+	}
+
+	@media (min-width: 55em) {
+		.overlarge {
+			margin-right: calc(13px + 26.5rem - 50vw);
+			max-width: none;
+		}
+	}
+	@media screen and (min-width: 78em) {
+		body:not(.toc-inline) .overlarge {
+			/* 30.5em body padding 50em content area */
+			margin-right: calc(40em - 50vw) !important;
+		}
+	}
+	@media screen and (min-width: 90em) {
+		body:not(.toc-inline) .overlarge {
+			/* 4em html margin 30.5em body padding 50em content area */
+			margin-right: calc(84.5em - 100vw) !important;
+		}
+	}
+
+	@media not print {
+		.overlarge {
+			overflow-x: auto;
+			/* See Lea Verou's explanation background-attachment:
+			 * http://lea.verou.me/2012/04/background-attachment-local/
+			 *
+			background: top left  / 4em 100% linear-gradient(to right,  #ffffff, rgba(255, 255, 255, 0)) local,
+			            top right / 4em 100% linear-gradient(to left, #ffffff, rgba(255, 255, 255, 0)) local,
+			            top left  / 1em 100% linear-gradient(to right,  #c3c3c5, rgba(195, 195, 197, 0)) scroll,
+			            top right / 1em 100% linear-gradient(to left, #c3c3c5, rgba(195, 195, 197, 0)) scroll,
+			            white;
+			background-repeat: no-repeat;
+			*/
+		}
+	}
+</style>
+  <link href="https://www.w3.org/StyleSheets/TR/2016/cg-draft" rel="stylesheet">
+  <meta content="Bikeshed version 2891b22e, updated Thu Mar 26 15:21:43 2020 -0700" name="generator">
+  <link href="https://privacycg.github.io/storage-access/" rel="canonical">
+  <meta content="a764b9415f740d225686048c0ba13535d6a7f24f" name="document-revision">
+<style>
+.XXX {
+    color: #E50000;
+    font-weight: bold;
+}
+.XXX::before {
+    content: "TODO: ";
+}
+</style>
+<style>/* style-autolinks */
+
+.css.css, .property.property, .descriptor.descriptor {
+    color: #005a9c;
+    font-size: inherit;
+    font-family: inherit;
+}
+.css::before, .property::before, .descriptor::before {
+    content: "‘";
+}
+.css::after, .property::after, .descriptor::after {
+    content: "’";
+}
+.property, .descriptor {
+    /* Don't wrap property and descriptor names */
+    white-space: nowrap;
+}
+.type { /* CSS value <type> */
+    font-style: italic;
+}
+pre .property::before, pre .property::after {
+    content: "";
+}
+[data-link-type="property"]::before,
+[data-link-type="propdesc"]::before,
+[data-link-type="descriptor"]::before,
+[data-link-type="value"]::before,
+[data-link-type="function"]::before,
+[data-link-type="at-rule"]::before,
+[data-link-type="selector"]::before,
+[data-link-type="maybe"]::before {
+    content: "‘";
+}
+[data-link-type="property"]::after,
+[data-link-type="propdesc"]::after,
+[data-link-type="descriptor"]::after,
+[data-link-type="value"]::after,
+[data-link-type="function"]::after,
+[data-link-type="at-rule"]::after,
+[data-link-type="selector"]::after,
+[data-link-type="maybe"]::after {
+    content: "’";
+}
+
+[data-link-type].production::before,
+[data-link-type].production::after,
+.prod [data-link-type]::before,
+.prod [data-link-type]::after {
+    content: "";
+}
+
+[data-link-type=element],
+[data-link-type=element-attr] {
+    font-family: Menlo, Consolas, "DejaVu Sans Mono", monospace;
+    font-size: .9em;
+}
+[data-link-type=element]::before { content: "<" }
+[data-link-type=element]::after  { content: ">" }
+
+[data-link-type=biblio] {
+    white-space: pre;
+}</style>
+<style>/* style-counters */
+
+body {
+    counter-reset: example figure issue;
+}
+.issue {
+    counter-increment: issue;
+}
+.issue:not(.no-marker)::before {
+    content: "Issue " counter(issue);
+}
+
+.example {
+    counter-increment: example;
+}
+.example:not(.no-marker)::before {
+    content: "Example " counter(example);
+}
+.invalid.example:not(.no-marker)::before,
+.illegal.example:not(.no-marker)::before {
+    content: "Invalid Example" counter(example);
+}
+
+figcaption {
+    counter-increment: figure;
+}
+figcaption:not(.no-marker)::before {
+    content: "Figure " counter(figure) " ";
+}</style>
+<style>/* style-dfn-panel */
+
+.dfn-panel {
+    position: absolute;
+    z-index: 35;
+    height: auto;
+    width: -webkit-fit-content;
+    width: fit-content;
+    max-width: 300px;
+    max-height: 500px;
+    overflow: auto;
+    padding: 0.5em 0.75em;
+    font: small Helvetica Neue, sans-serif, Droid Sans Fallback;
+    background: #DDDDDD;
+    color: black;
+    border: outset 0.2em;
+}
+.dfn-panel:not(.on) { display: none; }
+.dfn-panel * { margin: 0; padding: 0; text-indent: 0; }
+.dfn-panel > b { display: block; }
+.dfn-panel a { color: black; }
+.dfn-panel a:not(:hover) { text-decoration: none !important; border-bottom: none !important; }
+.dfn-panel > b + b { margin-top: 0.25em; }
+.dfn-panel ul { padding: 0; }
+.dfn-panel li { list-style: inside; }
+.dfn-panel.activated {
+    display: inline-block;
+    position: fixed;
+    left: .5em;
+    bottom: 2em;
+    margin: 0 auto;
+    max-width: calc(100vw - 1.5em - .4em - .5em);
+    max-height: 30vh;
+}
+
+.dfn-paneled { cursor: pointer; }
+</style>
+<style>/* style-md-lists */
+
+/* This is a weird hack for me not yet following the commonmark spec
+   regarding paragraph and lists. */
+[data-md] > :first-child {
+    margin-top: 0;
+}
+[data-md] > :last-child {
+    margin-bottom: 0;
+}</style>
+<style>/* style-selflinks */
+
+.heading, .issue, .note, .example, li, dt {
+    position: relative;
+}
+a.self-link {
+    position: absolute;
+    top: 0;
+    left: calc(-1 * (3.5rem - 26px));
+    width: calc(3.5rem - 26px);
+    height: 2em;
+    text-align: center;
+    border: none;
+    transition: opacity .2s;
+    opacity: .5;
+}
+a.self-link:hover {
+    opacity: 1;
+}
+.heading > a.self-link {
+    font-size: 83%;
+}
+li > a.self-link {
+    left: calc(-1 * (3.5rem - 26px) - 2em);
+}
+dfn > a.self-link {
+    top: auto;
+    left: auto;
+    opacity: 0;
+    width: 1.5em;
+    height: 1.5em;
+    background: gray;
+    color: white;
+    font-style: normal;
+    transition: opacity .2s, background-color .2s, color .2s;
+}
+dfn:hover > a.self-link {
+    opacity: 1;
+}
+dfn > a.self-link:hover {
+    color: black;
+}
+
+a.self-link::before            { content: "¶"; }
+.heading > a.self-link::before { content: "§"; }
+dfn > a.self-link::before      { content: "#"; }</style>
+<style>/* style-syntax-highlighting */
+pre.idl.highlight { color: #708090; }
+.highlight:not(.idl) { background: hsl(24, 20%, 95%); }
+code.highlight { padding: .1em; border-radius: .3em; }
+pre.highlight, pre > code.highlight { display: block; padding: 1em; margin: .5em 0; overflow: auto; border-radius: 0; }
+c-[a] { color: #990055 } /* Keyword.Declaration */
+c-[b] { color: #990055 } /* Keyword.Type */
+c-[c] { color: #708090 } /* Comment */
+c-[d] { color: #708090 } /* Comment.Multiline */
+c-[e] { color: #0077aa } /* Name.Attribute */
+c-[f] { color: #669900 } /* Name.Tag */
+c-[g] { color: #222222 } /* Name.Variable */
+c-[k] { color: #990055 } /* Keyword */
+c-[l] { color: #000000 } /* Literal */
+c-[m] { color: #000000 } /* Literal.Number */
+c-[n] { color: #0077aa } /* Name */
+c-[o] { color: #999999 } /* Operator */
+c-[p] { color: #999999 } /* Punctuation */
+c-[s] { color: #a67f59 } /* Literal.String */
+c-[t] { color: #a67f59 } /* Literal.String.Single */
+c-[u] { color: #a67f59 } /* Literal.String.Double */
+c-[cp] { color: #708090 } /* Comment.Preproc */
+c-[c1] { color: #708090 } /* Comment.Single */
+c-[cs] { color: #708090 } /* Comment.Special */
+c-[kc] { color: #990055 } /* Keyword.Constant */
+c-[kn] { color: #990055 } /* Keyword.Namespace */
+c-[kp] { color: #990055 } /* Keyword.Pseudo */
+c-[kr] { color: #990055 } /* Keyword.Reserved */
+c-[ld] { color: #000000 } /* Literal.Date */
+c-[nc] { color: #0077aa } /* Name.Class */
+c-[no] { color: #0077aa } /* Name.Constant */
+c-[nd] { color: #0077aa } /* Name.Decorator */
+c-[ni] { color: #0077aa } /* Name.Entity */
+c-[ne] { color: #0077aa } /* Name.Exception */
+c-[nf] { color: #0077aa } /* Name.Function */
+c-[nl] { color: #0077aa } /* Name.Label */
+c-[nn] { color: #0077aa } /* Name.Namespace */
+c-[py] { color: #0077aa } /* Name.Property */
+c-[ow] { color: #999999 } /* Operator.Word */
+c-[mb] { color: #000000 } /* Literal.Number.Bin */
+c-[mf] { color: #000000 } /* Literal.Number.Float */
+c-[mh] { color: #000000 } /* Literal.Number.Hex */
+c-[mi] { color: #000000 } /* Literal.Number.Integer */
+c-[mo] { color: #000000 } /* Literal.Number.Oct */
+c-[sb] { color: #a67f59 } /* Literal.String.Backtick */
+c-[sc] { color: #a67f59 } /* Literal.String.Char */
+c-[sd] { color: #a67f59 } /* Literal.String.Doc */
+c-[se] { color: #a67f59 } /* Literal.String.Escape */
+c-[sh] { color: #a67f59 } /* Literal.String.Heredoc */
+c-[si] { color: #a67f59 } /* Literal.String.Interpol */
+c-[sx] { color: #a67f59 } /* Literal.String.Other */
+c-[sr] { color: #a67f59 } /* Literal.String.Regex */
+c-[ss] { color: #a67f59 } /* Literal.String.Symbol */
+c-[vc] { color: #0077aa } /* Name.Variable.Class */
+c-[vg] { color: #0077aa } /* Name.Variable.Global */
+c-[vi] { color: #0077aa } /* Name.Variable.Instance */
+c-[il] { color: #000000 } /* Literal.Number.Integer.Long */
+</style>
+ <body>
+  <header>
+   <p data-fill-with="logo"></p>
+   <h1 class="no-ref" id="title">The Storage Access API</h1>
+   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Draft Community Group Report, <time datetime="2020-04-14">14 April 2020</time></span></h2>
+   <div data-fill-with="spec-metadata">
+    <dl>
+     <dt>This version:
+     <dd><a class="u-url" href="https://privacycg.github.io/storage-access/">https://privacycg.github.io/storage-access/</a>
+     <dt>Issue Tracking:
+     <dd><a href="https://github.com/privacycg/storage-access/issues/">GitHub</a>
+     <dd><a href="#issues-index">Inline In Spec</a>
+     <dt class="editor">Editor:
+     <dd class="editor p-author h-card vcard" data-editor-id="89478"><a class="p-name fn u-email email" href="mailto:wilander@apple.com">John Wilander</a> (<a class="p-org org" href="https://apple.com/">Apple Inc.</a>)
+    </dl>
+   </div>
+   <div data-fill-with="warning"></div>
+   <p class="copyright" data-fill-with="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2020 the Contributors to “The Storage Access API”, published by the <a href="http://www.w3.org/community/privacycg/">Privacy Community Group</a>.
+
+This document is licensed under the <a href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>.
+
+Contributions to this document are made under the <a href="https://www.w3.org/community/about/agreements/cla/">W3C Community Contributor License Agreement (CLA)</a>. </p>
+   <hr title="Separator for header">
+  </header>
+  <div data-fill-with="abstract">
+   <h2 class="no-num no-toc no-ref heading settled" id="abstract"><span class="content">Abstract</span></h2>
+   <p>The Storage Access API enables content in iframes to request access to website data (such as cookies).</p>
+  </div>
+  <h2 class="no-num no-toc no-ref heading settled" id="status"><span class="content">Status of this document</span></h2>
+  <div data-fill-with="status">
+   <p>This specification is intended to be merged into the HTML Living Standard. It is neither a WHATWG Living Standard nor is it on the standards track at W3C.</p>
+   <p>It was published by the <a href="http://www.w3.org/community/privacycg/">Privacy Community Group</a>.
+Please note that under the <a href="http://www.w3.org/community/about/agreements/cla/">W3C Community Contributor License Agreement (CLA)</a> there is a limited opt-out and other conditions apply.
+Learn more about <a href="http://www.w3.org/community/">W3C Community and Business Groups</a>.</p>
+  </div>
+  <div data-fill-with="at-risk"></div>
+  <nav data-fill-with="table-of-contents" id="toc">
+   <h2 class="no-num no-toc no-ref" id="contents">Table of Contents</h2>
+   <ol class="toc" role="directory">
+    <li><a href="#intro"><span class="secno">1</span> <span class="content">Introduction</span></a>
+    <li><a href="#infra"><span class="secno">2</span> <span class="content">Infrastructure</span></a>
+    <li>
+     <a href="#the-storage-access-api"><span class="secno">3</span> <span class="content">The Storage Access API</span></a>
+     <ol class="toc">
+      <li>
+       <a href="#the-document-object"><span class="secno">3.1</span> <span class="content">Changes to <code class="idl"><span>Document</span></code></span></a>
+       <ol class="toc">
+        <li><a href="#ua-policy"><span class="secno">3.1.1</span> <span class="content">User Agent storage access policies</span></a>
+       </ol>
+      <li><a href="#navigation"><span class="secno">3.2</span> <span class="content">Changes to navigation</span></a>
+      <li>
+       <a href="#storage"><span class="secno">3.3</span> <span class="content">Changes to various client-side storage mechanisms</span></a>
+       <ol class="toc">
+        <li><a href="#cookies"><span class="secno">3.3.1</span> <span class="content">Cookies</span></a>
+       </ol>
+      <li><a href="#sandboxing-storage-access"><span class="secno">3.4</span> <span class="content">Sandboxing storage access</span></a>
+     </ol>
+    <li><a href="#privacy"><span class="secno">4</span> <span class="content">Privacy considerations</span></a>
+    <li><a href="#security"><span class="secno">5</span> <span class="content">Security considerations</span></a>
+    <li><a href="#acknowledgements"><span class="secno"></span> <span class="content">Acknowledgements</span></a>
+    <li><a href="#conformance"><span class="secno"></span> <span class="content"> Conformance</span></a>
+    <li>
+     <a href="#index"><span class="secno"></span> <span class="content">Index</span></a>
+     <ol class="toc">
+      <li><a href="#index-defined-here"><span class="secno"></span> <span class="content">Terms defined by this specification</span></a>
+      <li><a href="#index-defined-elsewhere"><span class="secno"></span> <span class="content">Terms defined by reference</span></a>
+     </ol>
+    <li>
+     <a href="#references"><span class="secno"></span> <span class="content">References</span></a>
+     <ol class="toc">
+      <li><a href="#normative"><span class="secno"></span> <span class="content">Normative References</span></a>
+      <li><a href="#informative"><span class="secno"></span> <span class="content">Informative References</span></a>
+     </ol>
+    <li><a href="#idl-index"><span class="secno"></span> <span class="content">IDL Index</span></a>
+    <li><a href="#issues-index"><span class="secno"></span> <span class="content">Issues Index</span></a>
+   </ol>
+  </nav>
+  <main>
+   <section class="non-normative">
+    <h2 class="heading settled" data-level="1" id="intro"><span class="secno">1. </span><span class="content">Introduction</span><a class="self-link" href="#intro"></a></h2>
+    <p><em>This section is non-normative.</em></p>
+    <p>User Agents sometimes block access to client-side storage mechanisms in third-party contexts. This can break authenticated embeds such as commenting widgets, which often rely on cookies for authentication.</p>
+    <p>The Storage Access API enables cross-origin <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element" id="ref-for-the-iframe-element">iframe</a></code>s to request and be granted access to their client-side storage, so that authenticated embeds can work in such User Agents. <a data-link-type="biblio" href="#biblio-storage-access-intro">[STORAGE-ACCESS-INTRO]</a></p>
+   </section>
+   <h2 class="heading settled" data-level="2" id="infra"><span class="secno">2. </span><span class="content">Infrastructure</span><a class="self-link" href="#infra"></a></h2>
+   <p>This specification defines several additions to the HTML standard, and depends on the Infra standard. <a data-link-type="biblio" href="#biblio-infra">[INFRA]</a> <a data-link-type="biblio" href="#biblio-html">[HTML]</a></p>
+   <h2 class="heading settled" data-level="3" id="the-storage-access-api"><span class="secno">3. </span><span class="content">The Storage Access API</span><a class="self-link" href="#the-storage-access-api"></a></h2>
+   <h3 class="heading settled" data-level="3.1" id="the-document-object"><span class="secno">3.1. </span><span class="content">Changes to <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document">Document</a></code></span><a class="self-link" href="#the-document-object"></a></h3>
+<pre class="idl highlight def"><c- b>partial</c-> <c- b>interface</c-> <a class="idl-code" data-link-type="interface" href="https://dom.spec.whatwg.org/#document" id="ref-for-document①"><c- g>Document</c-></a> {
+  <c- b>Promise</c->&lt;<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean"><c- b>boolean</c-></a>> <a class="idl-code" data-link-type="method" href="#dom-document-hasstorageaccess" id="ref-for-dom-document-hasstorageaccess"><c- g>hasStorageAccess</c-></a>();
+  <c- b>Promise</c->&lt;<c- b>void</c->> <a class="idl-code" data-link-type="method" href="#dom-document-requeststorageaccess" id="ref-for-dom-document-requeststorageaccess"><c- g>requestStorageAccess</c-></a>();
+};
+</pre>
+   <p>This specification defines two methods on <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document②">Document</a></code>: <code class="idl"><a data-link-type="idl" href="#dom-document-hasstorageaccess" id="ref-for-dom-document-hasstorageaccess①">hasStorageAccess()</a></code> and <code class="idl"><a data-link-type="idl" href="#dom-document-requeststorageaccess" id="ref-for-dom-document-requeststorageaccess①">requestStorageAccess()</a></code>. The <code class="idl"><a data-link-type="idl" href="#dom-document-hasstorageaccess" id="ref-for-dom-document-hasstorageaccess②">hasStorageAccess()</a></code> method returns a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise">Promise</a></code> that resolves with a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean①">boolean</a></code> indicating whether the document has access to its first-party storage. The <code class="idl"><a data-link-type="idl" href="#dom-document-requeststorageaccess" id="ref-for-dom-document-requeststorageaccess②">requestStorageAccess()</a></code> method returns a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise①">Promise</a></code> that resolves when the document has been granted access to its first-party storage, and rejects otherwise.</p>
+   <p>Each <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document③">Document</a></code> has an associated <dfn class="dfn-paneled" data-dfn-for="Document" data-dfn-type="dfn" data-export id="has-storage-access-flag">has storage access flag</dfn>, initially unset.</p>
+   <p>Each <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document④">Document</a></code> has an associated <dfn class="dfn-paneled" data-dfn-for="Document" data-dfn-type="dfn" data-export id="was-expressly-denied-storage-access-flag">was expressly denied storage access flag</dfn>, initially unset.</p>
+   <p>When invoked on <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document⑤">Document</a></code> <var>doc</var>, the <dfn class="dfn-paneled idl-code" data-dfn-for="Document" data-dfn-type="method" data-export id="dom-document-hasstorageaccess"><code>hasStorageAccess()</code></dfn> method must run these steps:</p>
+   <ol>
+    <li data-md>
+     <p>Let <var>p</var> be <a data-link-type="dfn" href="https://heycam.github.io/webidl/#a-new-promise" id="ref-for-a-new-promise">a new promise</a>.</p>
+    <li data-md>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="#was-expressly-denied-storage-access-flag" id="ref-for-was-expressly-denied-storage-access-flag">was expressly denied storage access flag</a> is set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve">resolve</a> <var>p</var> with false and abort these steps.</p>
+    <li data-md>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set">active sandboxing flag set</a> has its <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#sandboxed-origin-browsing-context-flag" id="ref-for-sandboxed-origin-browsing-context-flag">sandboxed origin browsing context flag</a> set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve①">resolve</a> <var>p</var> with false and abort these steps.</p>
+    <li data-md>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc">browsing context</a> is a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context">top-level browsing context</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve②">resolve</a> <var>p</var> with true and abort these steps.</p>
+    <li data-md>
+     <p>Let <var>topDoc</var> be the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#active-document" id="ref-for-active-document">active document</a> of <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc①">browsing context</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context①">top-level browsing context</a>.</p>
+    <li data-md>
+     <p>If <var>doc</var> is <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#same-origin" id="ref-for-same-origin">same origin</a> with <var>topDoc</var>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve③">resolve</a> <var>p</var> with true and abort these steps.</p>
+    <li data-md>
+     <p>Resolve <var>p</var> with the result of running <a data-link-type="dfn" href="#determine-if-a-document-has-storage-access" id="ref-for-determine-if-a-document-has-storage-access">determine if a document has storage access</a> with <var>doc</var> and <var>topDoc</var> and abort these steps.</p>
+    <li data-md>
+     <p><a data-link-type="dfn" href="https://infra.spec.whatwg.org/#if-aborted" id="ref-for-if-aborted">If aborted</a>, return <var>p</var>.</p>
+   </ol>
+   <p>When invoked on <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document⑥">Document</a></code> <var>doc</var>, the <dfn class="dfn-paneled idl-code" data-dfn-for="Document" data-dfn-type="method" data-export id="dom-document-requeststorageaccess"><code>requestStorageAccess()</code></dfn> method must run these steps:</p>
+   <ol>
+    <li data-md>
+     <p>Let <var>p</var> be <a data-link-type="dfn" href="https://heycam.github.io/webidl/#a-new-promise" id="ref-for-a-new-promise①">a new promise</a>.</p>
+    <li data-md>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="#was-expressly-denied-storage-access-flag" id="ref-for-was-expressly-denied-storage-access-flag①">was expressly denied storage access flag</a> is set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject">reject</a> <var>p</var> and abort these steps.</p>
+    <li data-md>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="#has-storage-access-flag" id="ref-for-has-storage-access-flag">has storage access flag</a> is set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve④">resolve</a> <var>p</var> and abort these steps.</p>
+    <li data-md>
+     <p>If the <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set①">active sandboxing flag set</a> has its <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#sandboxed-origin-browsing-context-flag" id="ref-for-sandboxed-origin-browsing-context-flag①">sandboxed origin browsing context flag</a> set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject①">reject</a> <var>p</var> and abort these steps.</p>
+    <li data-md>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc②">browsing context</a> is a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context②">top-level browsing context</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑤">resolve</a> <var>p</var> and abort these steps.</p>
+    <li data-md>
+     <p>Let <var>topDoc</var> be the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#active-document" id="ref-for-active-document①">active document</a> of <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc③">browsing context</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context③">top-level browsing context</a>.</p>
+    <li data-md>
+     <p>If <var>doc</var> is <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#same-origin" id="ref-for-same-origin①">same origin</a> with <var>topDoc</var>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑥">resolve</a> <var>p</var> and abort these steps.</p>
+    <li data-md>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set②">active sandboxing flag set</a> has its <a data-link-type="dfn" href="#sandbox-storage-access-by-user-activation-flag" id="ref-for-sandbox-storage-access-by-user-activation-flag">sandbox storage access by user activation flag</a> set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject②">reject</a> <var>p</var> and abort these steps.</p>
+    <li data-md>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc④">browsing context</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#opener-browsing-context" id="ref-for-opener-browsing-context">opener browsing context</a> is not its <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context④">top-level browsing context</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject③">reject</a> <var>p</var> and abort these steps.</p>
+    <li data-md>
+     <p>If the algorithm is invoked when <var>doc</var>’s <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/window-object.html#window" id="ref-for-window">Window</a></code> object does not have <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/interaction.html#transient-activation" id="ref-for-transient-activation">transient activation</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject④">reject</a> <var>p</var> and abort these steps.</p>
+    <li data-md>
+     <p><a data-link-type="dfn" href="#determine-the-storage-access-policy" id="ref-for-determine-the-storage-access-policy">Determine the storage access policy</a> with <var>doc</var>, <var>topDoc</var>, and <var>p</var> and abort these steps.</p>
+    <li data-md>
+     <p>Set <var>doc</var>’s <a data-link-type="dfn" href="#has-storage-access-flag" id="ref-for-has-storage-access-flag①">has storage access flag</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑦">resolve</a> <var>p</var>, and abort these steps.</p>
+    <li data-md>
+     <p><a data-link-type="dfn" href="https://infra.spec.whatwg.org/#if-aborted" id="ref-for-if-aborted①">If aborted</a>, return <var>p</var>.</p>
+   </ol>
+   <p class="issue" id="issue-dab76aba"><a class="self-link" href="#issue-dab76aba"></a> Remove step 9 if we determine that nested <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element" id="ref-for-the-iframe-element①">iframe</a></code>s should be able to request storage access. <a href="https://github.com/privacycg/storage-access/issues/10">&lt;https://github.com/privacycg/storage-access/issues/10></a></p>
+   <h4 class="heading settled" data-level="3.1.1" id="ua-policy"><span class="secno">3.1.1. </span><span class="content">User Agent storage access policies</span><a class="self-link" href="#ua-policy"></a></h4>
+   <p>Different User Agents have different policies around whether or not third-party <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element" id="ref-for-the-iframe-element②">iframe</a></code>'s may access data placed into client-side storage mechanisms when the <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element" id="ref-for-the-iframe-element③">iframe</a></code>'s <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document⑦">Document</a></code>'s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-document-origin" id="ref-for-concept-document-origin">origin</a> was loaded in a first-party context. User Agents check these policies when client-side storage is accessed (see <a href="#storage">§ 3.3 Changes to various client-side storage mechanisms</a>) as well as by <code class="idl"><a data-link-type="idl" href="#dom-document-hasstorageaccess" id="ref-for-dom-document-hasstorageaccess③">hasStorageAccess()</a></code> and <code class="idl"><a data-link-type="idl" href="#dom-document-requeststorageaccess" id="ref-for-dom-document-requeststorageaccess③">requestStorageAccess()</a></code>.</p>
+   <p>When required to <dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="determine-if-a-document-has-storage-access" type="abstract-op">determine if a document has storage access</dfn> with <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document⑧">Documents</a></code> <var>doc</var> and <var>topDoc</var>, run these steps:</p>
+   <ol>
+    <li data-md>
+     <p class="assertion">Assert: <var>topDoc</var> is the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#active-document" id="ref-for-active-document②">active document</a> of <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc⑤">browsing context</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context⑤">top-level browsing context</a>.</p>
+    <li data-md>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="#has-storage-access-flag" id="ref-for-has-storage-access-flag②">has storage access flag</a> is set, return true.</p>
+    <li data-md>
+     <p>Let <var>has storage access</var> (a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean②">boolean</a></code>) be the result of running a UA-defined set of steps to determine if <var>doc</var> has storage access when it is loaded in a third-party context on <var>topDoc</var>.</p>
+    <li data-md>
+     <p>If <var>has storage access</var> is true, set <var>doc</var>’s <a data-link-type="dfn" href="#has-storage-access-flag" id="ref-for-has-storage-access-flag③">has storage access flag</a>.</p>
+    <li data-md>
+     <p>Return <var>has storage access</var>.</p>
+   </ol>
+   <p>When required to <dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="determine-the-storage-access-policy" type="abstract-op">determine the storage access policy</dfn> for <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document⑨">Documents</a></code> <var>doc</var> and <var>topDoc</var> with <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise②">Promise</a></code> <var>p</var>, run these steps:</p>
+   <ol>
+    <li data-md>
+     <p class="assertion">Assert: <var>topDoc</var> is the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#active-document" id="ref-for-active-document③">active document</a> of <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc⑥">browsing context</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context⑥">top-level browsing context</a>.</p>
+    <li data-md>
+     <p>Let <var>should implicitly grant</var> and <var>should implicitly deny</var> (both <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean③">booleans</a></code>) be the result of running a UA-defined set of steps to determine if <var>doc</var>’s request for storage access on <var>topDoc</var> should be granted or denied without prompting the user.</p>
+    <li data-md>
+     <p>If <var>should implicitly grant</var> is true, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑧">resolve</a> <var>p</var> and abort these steps.</p>
+    <li data-md>
+     <p>If <var>should implicitly deny</var> is true, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject⑤">reject</a> <var>p</var> and abort these steps.</p>
+    <li data-md>
+     <p>Ask the user if they would like to grant <var>doc</var> access to its storage when it is loaded in a third-party context on <var>topDoc</var>, and wait for an answer. Let <var>user expression of permission</var> (a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean④">boolean</a></code>) be the result.</p>
+     <p class="note" role="note"><span>Note:</span> if <var>user expression of permission</var> is false, the user <strong>expressly chose</strong> to deny <var>doc</var> access to its storage.</p>
+    <li data-md>
+     <p>If <var>user expression of permission</var> is true, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑨">resolve</a> <var>p</var>.</p>
+    <li data-md>
+     <p>If <var>user expression of permission</var> is false, let <var>w</var> be <var>doc</var>’s <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/window-object.html#window" id="ref-for-window①">Window</a></code> object and run these steps:</p>
+     <ol>
+      <li data-md>
+       <p>If <var>w</var> has <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/interaction.html#transient-activation" id="ref-for-transient-activation①">transient activation</a> and <var>user expression of permission</var> is false, <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/interaction.html#consume-user-activation" id="ref-for-consume-user-activation">consume user activation</a> with <var>w</var>.</p>
+      <li data-md>
+       <p>Unset <var>doc</var>’s <a data-link-type="dfn" href="#has-storage-access-flag" id="ref-for-has-storage-access-flag④">has storage access flag</a>.</p>
+      <li data-md>
+       <p>Set <var>doc</var>’s <a data-link-type="dfn" href="#was-expressly-denied-storage-access-flag" id="ref-for-was-expressly-denied-storage-access-flag②">was expressly denied storage access flag</a>.</p>
+      <li data-md>
+       <p><a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject⑥">Reject</a> <var>p</var>.</p>
+     </ol>
+   </ol>
+   <h3 class="heading settled" data-level="3.2" id="navigation"><span class="secno">3.2. </span><span class="content">Changes to navigation</span><a class="self-link" href="#navigation"></a></h3>
+   <p>Before changing the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/history.html#current-entry" id="ref-for-current-entry">current entry</a> of a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/history.html#session-history" id="ref-for-session-history">session history</a>, unset the <a data-link-type="dfn" href="#has-storage-access-flag" id="ref-for-has-storage-access-flag⑤">has storage access flag</a> of the old <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/history.html#current-entry" id="ref-for-current-entry①">current entry</a>'s <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document①⓪">Document</a></code>, if it has one.</p>
+   <p class="issue" id="issue-91b7518d"><a class="self-link" href="#issue-91b7518d"></a> Finish this section.</p>
+   <h3 class="heading settled" data-level="3.3" id="storage"><span class="secno">3.3. </span><span class="content">Changes to various client-side storage mechanisms</span><a class="self-link" href="#storage"></a></h3>
+   <p class="issue" id="issue-82f734f9"><a class="self-link" href="#issue-82f734f9"></a> Write this section. For each kind of client-side storage affected, modify them to invoke <a data-link-type="dfn" href="#determine-if-a-document-has-storage-access" id="ref-for-determine-if-a-document-has-storage-access①">determine if a document has storage access</a> &amp; modify their behavior based on the result.</p>
+   <p class="issue" id="issue-924f0e5d"><a class="self-link" href="#issue-924f0e5d"></a> Should this API affect client-side storage other than cookies? <a href="https://github.com/privacycg/storage-access/issues/4">&lt;https://github.com/privacycg/storage-access/issues/4></a></p>
+   <h4 class="heading settled" data-level="3.3.1" id="cookies"><span class="secno">3.3.1. </span><span class="content">Cookies</span><a class="self-link" href="#cookies"></a></h4>
+   <p class="issue" id="issue-089b92ec"><a class="self-link" href="#issue-089b92ec"></a> Write this section.</p>
+   <h3 class="heading settled" data-level="3.4" id="sandboxing-storage-access"><span class="secno">3.4. </span><span class="content">Sandboxing storage access</span><a class="self-link" href="#sandboxing-storage-access"></a></h3>
+   <p>A <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#sandboxing-flag-set" id="ref-for-sandboxing-flag-set">sandboxing flag set</a> has a <dfn class="dfn-paneled" data-dfn-type="dfn" data-export id="sandbox-storage-access-by-user-activation-flag">sandbox storage access by user activation flag</dfn>. This flag prevents content from requesting storage access.</p>
+   <p>To the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#parse-a-sandboxing-directive" id="ref-for-parse-a-sandboxing-directive">parse a sandboxing directive</a> algorithm, add the following under step 3:</p>
+   <ul>
+    <li>The <a data-link-type="dfn" href="#sandbox-storage-access-by-user-activation-flag" id="ref-for-sandbox-storage-access-by-user-activation-flag①">sandbox storage access by user activation flag</a>, unless <var>tokens</var> contains the <dfn data-dfn-for="iframe/sandbox" data-dfn-type="attr-value" data-export id="attr-valuedef-iframe-sandbox-allow-storage-access-by-user-activation"><code>allow-storage-access-by-user-activation</code><a class="self-link" href="#attr-valuedef-iframe-sandbox-allow-storage-access-by-user-activation"></a></dfn> keyword. 
+   </ul>
+   <p class="issue" id="issue-4c448f45"><a class="self-link" href="#issue-4c448f45"></a> What about Feature Policy? <a href="https://github.com/privacycg/storage-access/issues/12">&lt;https://github.com/privacycg/storage-access/issues/12></a></p>
+   <h2 class="heading settled" data-level="4" id="privacy"><span class="secno">4. </span><span class="content">Privacy considerations</span><a class="self-link" href="#privacy"></a></h2>
+   <p class="issue" id="issue-089b92ec①"><a class="self-link" href="#issue-089b92ec①"></a> Write this section.</p>
+   <figure id="example-prompt">
+     <img alt="A modal dialog box which states &apos;Do you want to allow “video.example” to use cookies and website data while browsing “news.example”? This will allow “video.example” to track your activity.&apos; and which has two buttons, “Don’t Allow” and “Allow”." src="images/storage-access-prompt.png"> 
+    <figcaption>An example prompt which could be shown to the user when a site calls <code>document.</code><code class="idl"><a data-link-type="idl" href="#dom-document-requeststorageaccess" id="ref-for-dom-document-requeststorageaccess④">requestStorageAccess()</a></code>.</figcaption>
+   </figure>
+   <h2 class="heading settled" data-level="5" id="security"><span class="secno">5. </span><span class="content">Security considerations</span><a class="self-link" href="#security"></a></h2>
+   <p class="issue" id="issue-089b92ec②"><a class="self-link" href="#issue-089b92ec②"></a> Write this section.</p>
+   <h2 class="no-num heading settled" id="acknowledgements"><span class="content">Acknowledgements</span><a class="self-link" href="#acknowledgements"></a></h2>
+   <p>Many thanks to
+Anne van Kesteren,
+Ben Kelly,
+Brad Girardeau,
+Brad Hill,
+Brandon Maslen,
+Chris Mills,
+Dave Longley,
+Domenic Denicola,
+Ehsan Akhgari,
+Jack Frankland,
+James Coleman,
+James Hartig,
+Jeffrey Yasskin,
+Kushal Dave,
+Luís Rudge,
+Maciej Stachowiak,
+Matias Woloski,
+Mike O’Neill,
+Mike West,
+Pete Snyder,
+Rob Stone,
+Stefan Leyhane,
+Steven Englehardt,
+Theresa O’Connor,
+Travis Leithead,
+Yan Zhu,
+Zach Edwards,
+and everyone who commented on <a href="https://github.com/whatwg/html/issues/3338">whatwg/html#3338</a>, <a href="https://github.com/privacycg/proposals/issues/2">privacycg/proposals#2</a>, and <a href="https://github.com/privacycg/storage-access/issues">privacycg/storage-access/issues</a> for their feedback on this proposal.</p>
+   <p>Thanks to the <a href="https://webkit.org/">WebKit Open Source Project</a> for allowing us to use the <a href="#example-prompt">Storage Access API Prompt</a> image, which was <a href="https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/">originally published on webkit.org</a>.</p>
+  </main>
+  <div data-fill-with="conformance">
+   <h2 class="no-ref no-num heading settled" id="conformance"><span class="content"> Conformance</span><a class="self-link" href="#conformance"></a></h2>
+   <p> Conformance requirements are expressed with a combination of descriptive assertions and RFC 2119 terminology.
+            The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL”
+            in the normative parts of this document
+            are to be interpreted as described in RFC 2119.
+            However, for readability,
+            these words do not appear in all uppercase letters in this specification. </p>
+   <p> All of the text of this specification is normative
+            except sections explicitly marked as non-normative, examples, and notes. <a data-link-type="biblio" href="#biblio-rfc2119">[RFC2119]</a> </p>
+   <p> Examples in this specification are introduced with the words “for example”
+            or are set apart from the normative text with <code>class="example"</code>, like this: </p>
+   <div class="example" id="example-example"><a class="self-link" href="#example-example"></a> This is an example of an informative example. </div>
+   <p> Informative notes begin with the word “Note”
+            and are set apart from the normative text with <code>class="note"</code>, like this: </p>
+   <p class="note" role="note"> Note, this is an informative note. </p>
+  </div>
+<script>
+(function() {
+  "use strict";
+  var collapseSidebarText = '<span aria-hidden="true">←</span> '
+                          + '<span>Collapse Sidebar</span>';
+  var expandSidebarText   = '<span aria-hidden="true">→</span> '
+                          + '<span>Pop Out Sidebar</span>';
+  var tocJumpText         = '<span aria-hidden="true">↑</span> '
+                          + '<span>Jump to Table of Contents</span>';
+
+  var sidebarMedia = window.matchMedia('screen and (min-width: 78em)');
+  var autoToggle   = function(e){ toggleSidebar(e.matches) };
+  if(sidebarMedia.addListener) {
+    sidebarMedia.addListener(autoToggle);
+  }
+
+  function toggleSidebar(on) {
+    if (on == undefined) {
+      on = !document.body.classList.contains('toc-sidebar');
+    }
+
+    /* Don’t scroll to compensate for the ToC if we’re above it already. */
+    var headY = 0;
+    var head = document.querySelector('.head');
+    if (head) {
+      // terrible approx of "top of ToC"
+      headY += head.offsetTop + head.offsetHeight;
+    }
+    var skipScroll = window.scrollY < headY;
+
+    var toggle = document.getElementById('toc-toggle');
+    var tocNav = document.getElementById('toc');
+    if (on) {
+      var tocHeight = tocNav.offsetHeight;
+      document.body.classList.add('toc-sidebar');
+      document.body.classList.remove('toc-inline');
+      toggle.innerHTML = collapseSidebarText;
+      if (!skipScroll) {
+        window.scrollBy(0, 0 - tocHeight);
+      }
+      tocNav.focus();
+      sidebarMedia.addListener(autoToggle); // auto-collapse when out of room
+    }
+    else {
+      document.body.classList.add('toc-inline');
+      document.body.classList.remove('toc-sidebar');
+      toggle.innerHTML = expandSidebarText;
+      if (!skipScroll) {
+        window.scrollBy(0, tocNav.offsetHeight);
+      }
+      if (toggle.matches(':hover')) {
+        /* Unfocus button when not using keyboard navigation,
+           because I don’t know where else to send the focus. */
+        toggle.blur();
+      }
+    }
+  }
+
+  function createSidebarToggle() {
+    /* Create the sidebar toggle in JS; it shouldn’t exist when JS is off. */
+    var toggle = document.createElement('a');
+      /* This should probably be a button, but appearance isn’t standards-track.*/
+    toggle.id = 'toc-toggle';
+    toggle.class = 'toc-toggle';
+    toggle.href = '#toc';
+    toggle.innerHTML = collapseSidebarText;
+
+    sidebarMedia.addListener(autoToggle);
+    var toggler = function(e) {
+      e.preventDefault();
+      sidebarMedia.removeListener(autoToggle); // persist explicit off states
+      toggleSidebar();
+      return false;
+    }
+    toggle.addEventListener('click', toggler, false);
+
+
+    /* Get <nav id=toc-nav>, or make it if we don’t have one. */
+    var tocNav = document.getElementById('toc-nav');
+    if (!tocNav) {
+      tocNav = document.createElement('p');
+      tocNav.id = 'toc-nav';
+      /* Prepend for better keyboard navigation */
+      document.body.insertBefore(tocNav, document.body.firstChild);
+    }
+    /* While we’re at it, make sure we have a Jump to Toc link. */
+    var tocJump = document.getElementById('toc-jump');
+    if (!tocJump) {
+      tocJump = document.createElement('a');
+      tocJump.id = 'toc-jump';
+      tocJump.href = '#toc';
+      tocJump.innerHTML = tocJumpText;
+      tocNav.appendChild(tocJump);
+    }
+
+    tocNav.appendChild(toggle);
+  }
+
+  var toc = document.getElementById('toc');
+  if (toc) {
+    createSidebarToggle();
+    toggleSidebar(sidebarMedia.matches);
+
+    /* If the sidebar has been manually opened and is currently overlaying the text
+       (window too small for the MQ to add the margin to body),
+       then auto-close the sidebar once you click on something in there. */
+    toc.addEventListener('click', function(e) {
+      if(e.target.tagName.toLowerCase() == "a" && document.body.classList.contains('toc-sidebar') && !sidebarMedia.matches) {
+        toggleSidebar(false);
+      }
+    }, false);
+  }
+  else {
+    console.warn("Can’t find Table of Contents. Please use <nav id='toc'> around the ToC.");
+  }
+
+  /* Wrap tables in case they overflow */
+  var tables = document.querySelectorAll(':not(.overlarge) > table.data, :not(.overlarge) > table.index');
+  var numTables = tables.length;
+  for (var i = 0; i < numTables; i++) {
+    var table = tables[i];
+    var wrapper = document.createElement('div');
+    wrapper.className = 'overlarge';
+    table.parentNode.insertBefore(wrapper, table);
+    wrapper.appendChild(table);
+  }
+
+})();
+</script>
+  <h2 class="no-num no-ref heading settled" id="index"><span class="content">Index</span><a class="self-link" href="#index"></a></h2>
+  <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="content">Terms defined by this specification</span><a class="self-link" href="#index-defined-here"></a></h3>
+  <ul class="index">
+   <li><a href="#attr-valuedef-iframe-sandbox-allow-storage-access-by-user-activation">allow-storage-access-by-user-activation</a><span>, in §3.4</span>
+   <li><a href="#determine-if-a-document-has-storage-access">determine if a document has storage access</a><span>, in §3.1.1</span>
+   <li><a href="#determine-the-storage-access-policy">determine the storage access policy</a><span>, in §3.1.1</span>
+   <li><a href="#dom-document-hasstorageaccess">hasStorageAccess()</a><span>, in §3.1</span>
+   <li><a href="#has-storage-access-flag">has storage access flag</a><span>, in §3.1</span>
+   <li><a href="#dom-document-requeststorageaccess">requestStorageAccess()</a><span>, in §3.1</span>
+   <li><a href="#sandbox-storage-access-by-user-activation-flag">sandbox storage access by user activation flag</a><span>, in §3.4</span>
+   <li><a href="#was-expressly-denied-storage-access-flag">was expressly denied storage access flag</a><span>, in §3.1</span>
+  </ul>
+  <aside class="dfn-panel" data-for="term-for-document">
+   <a href="https://dom.spec.whatwg.org/#document">https://dom.spec.whatwg.org/#document</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-document">3.1. Changes to Document</a> <a href="#ref-for-document①">(2)</a> <a href="#ref-for-document②">(3)</a> <a href="#ref-for-document③">(4)</a> <a href="#ref-for-document④">(5)</a> <a href="#ref-for-document⑤">(6)</a> <a href="#ref-for-document⑥">(7)</a>
+    <li><a href="#ref-for-document⑦">3.1.1. User Agent storage access policies</a> <a href="#ref-for-document⑧">(2)</a> <a href="#ref-for-document⑨">(3)</a>
+    <li><a href="#ref-for-document①⓪">3.2. Changes to navigation</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-concept-document-origin">
+   <a href="https://dom.spec.whatwg.org/#concept-document-origin">https://dom.spec.whatwg.org/#concept-document-origin</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-concept-document-origin">3.1.1. User Agent storage access policies</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-window">
+   <a href="https://html.spec.whatwg.org/multipage/window-object.html#window">https://html.spec.whatwg.org/multipage/window-object.html#window</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-window">3.1. Changes to Document</a>
+    <li><a href="#ref-for-window①">3.1.1. User Agent storage access policies</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-active-document">
+   <a href="https://html.spec.whatwg.org/multipage/browsers.html#active-document">https://html.spec.whatwg.org/multipage/browsers.html#active-document</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-active-document">3.1. Changes to Document</a> <a href="#ref-for-active-document①">(2)</a>
+    <li><a href="#ref-for-active-document②">3.1.1. User Agent storage access policies</a> <a href="#ref-for-active-document③">(2)</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-active-sandboxing-flag-set">
+   <a href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set">https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-active-sandboxing-flag-set">3.1. Changes to Document</a> <a href="#ref-for-active-sandboxing-flag-set①">(2)</a> <a href="#ref-for-active-sandboxing-flag-set②">(3)</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-concept-document-bc">
+   <a href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc">https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-concept-document-bc">3.1. Changes to Document</a> <a href="#ref-for-concept-document-bc①">(2)</a> <a href="#ref-for-concept-document-bc②">(3)</a> <a href="#ref-for-concept-document-bc③">(4)</a> <a href="#ref-for-concept-document-bc④">(5)</a>
+    <li><a href="#ref-for-concept-document-bc⑤">3.1.1. User Agent storage access policies</a> <a href="#ref-for-concept-document-bc⑥">(2)</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-consume-user-activation">
+   <a href="https://html.spec.whatwg.org/multipage/interaction.html#consume-user-activation">https://html.spec.whatwg.org/multipage/interaction.html#consume-user-activation</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-consume-user-activation">3.1.1. User Agent storage access policies</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-current-entry">
+   <a href="https://html.spec.whatwg.org/multipage/history.html#current-entry">https://html.spec.whatwg.org/multipage/history.html#current-entry</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-current-entry">3.2. Changes to navigation</a> <a href="#ref-for-current-entry①">(2)</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-the-iframe-element">
+   <a href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element">https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-the-iframe-element">1. Introduction</a>
+    <li><a href="#ref-for-the-iframe-element①">3.1. Changes to Document</a>
+    <li><a href="#ref-for-the-iframe-element②">3.1.1. User Agent storage access policies</a> <a href="#ref-for-the-iframe-element③">(2)</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-opener-browsing-context">
+   <a href="https://html.spec.whatwg.org/multipage/browsers.html#opener-browsing-context">https://html.spec.whatwg.org/multipage/browsers.html#opener-browsing-context</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-opener-browsing-context">3.1. Changes to Document</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-parse-a-sandboxing-directive">
+   <a href="https://html.spec.whatwg.org/multipage/origin.html#parse-a-sandboxing-directive">https://html.spec.whatwg.org/multipage/origin.html#parse-a-sandboxing-directive</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-parse-a-sandboxing-directive">3.4. Sandboxing storage access</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-same-origin">
+   <a href="https://html.spec.whatwg.org/multipage/origin.html#same-origin">https://html.spec.whatwg.org/multipage/origin.html#same-origin</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-same-origin">3.1. Changes to Document</a> <a href="#ref-for-same-origin①">(2)</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-sandboxed-origin-browsing-context-flag">
+   <a href="https://html.spec.whatwg.org/multipage/origin.html#sandboxed-origin-browsing-context-flag">https://html.spec.whatwg.org/multipage/origin.html#sandboxed-origin-browsing-context-flag</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-sandboxed-origin-browsing-context-flag">3.1. Changes to Document</a> <a href="#ref-for-sandboxed-origin-browsing-context-flag①">(2)</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-sandboxing-flag-set">
+   <a href="https://html.spec.whatwg.org/multipage/origin.html#sandboxing-flag-set">https://html.spec.whatwg.org/multipage/origin.html#sandboxing-flag-set</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-sandboxing-flag-set">3.4. Sandboxing storage access</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-session-history">
+   <a href="https://html.spec.whatwg.org/multipage/history.html#session-history">https://html.spec.whatwg.org/multipage/history.html#session-history</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-session-history">3.2. Changes to navigation</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-top-level-browsing-context">
+   <a href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context">https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-top-level-browsing-context">3.1. Changes to Document</a> <a href="#ref-for-top-level-browsing-context①">(2)</a> <a href="#ref-for-top-level-browsing-context②">(3)</a> <a href="#ref-for-top-level-browsing-context③">(4)</a> <a href="#ref-for-top-level-browsing-context④">(5)</a>
+    <li><a href="#ref-for-top-level-browsing-context⑤">3.1.1. User Agent storage access policies</a> <a href="#ref-for-top-level-browsing-context⑥">(2)</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-transient-activation">
+   <a href="https://html.spec.whatwg.org/multipage/interaction.html#transient-activation">https://html.spec.whatwg.org/multipage/interaction.html#transient-activation</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-transient-activation">3.1. Changes to Document</a>
+    <li><a href="#ref-for-transient-activation①">3.1.1. User Agent storage access policies</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-if-aborted">
+   <a href="https://infra.spec.whatwg.org/#if-aborted">https://infra.spec.whatwg.org/#if-aborted</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-if-aborted">3.1. Changes to Document</a> <a href="#ref-for-if-aborted①">(2)</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-idl-promise">
+   <a href="https://heycam.github.io/webidl/#idl-promise">https://heycam.github.io/webidl/#idl-promise</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-idl-promise">3.1. Changes to Document</a> <a href="#ref-for-idl-promise①">(2)</a>
+    <li><a href="#ref-for-idl-promise②">3.1.1. User Agent storage access policies</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-a-new-promise">
+   <a href="https://heycam.github.io/webidl/#a-new-promise">https://heycam.github.io/webidl/#a-new-promise</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-a-new-promise">3.1. Changes to Document</a> <a href="#ref-for-a-new-promise①">(2)</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-idl-boolean">
+   <a href="https://heycam.github.io/webidl/#idl-boolean">https://heycam.github.io/webidl/#idl-boolean</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-idl-boolean">3.1. Changes to Document</a> <a href="#ref-for-idl-boolean①">(2)</a>
+    <li><a href="#ref-for-idl-boolean②">3.1.1. User Agent storage access policies</a> <a href="#ref-for-idl-boolean③">(2)</a> <a href="#ref-for-idl-boolean④">(3)</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-reject">
+   <a href="https://heycam.github.io/webidl/#reject">https://heycam.github.io/webidl/#reject</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-reject">3.1. Changes to Document</a> <a href="#ref-for-reject①">(2)</a> <a href="#ref-for-reject②">(3)</a> <a href="#ref-for-reject③">(4)</a> <a href="#ref-for-reject④">(5)</a>
+    <li><a href="#ref-for-reject⑤">3.1.1. User Agent storage access policies</a> <a href="#ref-for-reject⑥">(2)</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="term-for-resolve">
+   <a href="https://heycam.github.io/webidl/#resolve">https://heycam.github.io/webidl/#resolve</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-resolve">3.1. Changes to Document</a> <a href="#ref-for-resolve①">(2)</a> <a href="#ref-for-resolve②">(3)</a> <a href="#ref-for-resolve③">(4)</a> <a href="#ref-for-resolve④">(5)</a> <a href="#ref-for-resolve⑤">(6)</a> <a href="#ref-for-resolve⑥">(7)</a> <a href="#ref-for-resolve⑦">(8)</a>
+    <li><a href="#ref-for-resolve⑧">3.1.1. User Agent storage access policies</a> <a href="#ref-for-resolve⑨">(2)</a>
+   </ul>
+  </aside>
+  <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span class="content">Terms defined by reference</span><a class="self-link" href="#index-defined-elsewhere"></a></h3>
+  <ul class="index">
+   <li>
+    <a data-link-type="biblio">[DOM]</a> defines the following terms:
+    <ul>
+     <li><span class="dfn-paneled" id="term-for-document" style="color:initial">Document</span>
+     <li><span class="dfn-paneled" id="term-for-concept-document-origin" style="color:initial">origin</span>
+    </ul>
+   <li>
+    <a data-link-type="biblio">[HTML]</a> defines the following terms:
+    <ul>
+     <li><span class="dfn-paneled" id="term-for-window" style="color:initial">Window</span>
+     <li><span class="dfn-paneled" id="term-for-active-document" style="color:initial">active document</span>
+     <li><span class="dfn-paneled" id="term-for-active-sandboxing-flag-set" style="color:initial">active sandboxing flag set</span>
+     <li><span class="dfn-paneled" id="term-for-concept-document-bc" style="color:initial">browsing context</span>
+     <li><span class="dfn-paneled" id="term-for-consume-user-activation" style="color:initial">consume user activation</span>
+     <li><span class="dfn-paneled" id="term-for-current-entry" style="color:initial">current entry</span>
+     <li><span class="dfn-paneled" id="term-for-the-iframe-element" style="color:initial">iframe</span>
+     <li><span class="dfn-paneled" id="term-for-opener-browsing-context" style="color:initial">opener browsing context</span>
+     <li><span class="dfn-paneled" id="term-for-parse-a-sandboxing-directive" style="color:initial">parse a sandboxing directive</span>
+     <li><span class="dfn-paneled" id="term-for-same-origin" style="color:initial">same origin</span>
+     <li><span class="dfn-paneled" id="term-for-sandboxed-origin-browsing-context-flag" style="color:initial">sandboxed origin browsing context flag</span>
+     <li><span class="dfn-paneled" id="term-for-sandboxing-flag-set" style="color:initial">sandboxing flag set</span>
+     <li><span class="dfn-paneled" id="term-for-session-history" style="color:initial">session history</span>
+     <li><span class="dfn-paneled" id="term-for-top-level-browsing-context" style="color:initial">top-level browsing context</span>
+     <li><span class="dfn-paneled" id="term-for-transient-activation" style="color:initial">transient activation</span>
+    </ul>
+   <li>
+    <a data-link-type="biblio">[INFRA]</a> defines the following terms:
+    <ul>
+     <li><span class="dfn-paneled" id="term-for-if-aborted" style="color:initial">if aborted</span>
+    </ul>
+   <li>
+    <a data-link-type="biblio">[WebIDL]</a> defines the following terms:
+    <ul>
+     <li><span class="dfn-paneled" id="term-for-idl-promise" style="color:initial">Promise</span>
+     <li><span class="dfn-paneled" id="term-for-a-new-promise" style="color:initial">a new promise</span>
+     <li><span class="dfn-paneled" id="term-for-idl-boolean" style="color:initial">boolean</span>
+     <li><span class="dfn-paneled" id="term-for-reject" style="color:initial">reject</span>
+     <li><span class="dfn-paneled" id="term-for-resolve" style="color:initial">resolve</span>
+    </ul>
+  </ul>
+  <h2 class="no-num no-ref heading settled" id="references"><span class="content">References</span><a class="self-link" href="#references"></a></h2>
+  <h3 class="no-num no-ref heading settled" id="normative"><span class="content">Normative References</span><a class="self-link" href="#normative"></a></h3>
+  <dl>
+   <dt id="biblio-dom">[DOM]
+   <dd>Anne van Kesteren. <a href="https://dom.spec.whatwg.org/">DOM Standard</a>. Living Standard. URL: <a href="https://dom.spec.whatwg.org/">https://dom.spec.whatwg.org/</a>
+   <dt id="biblio-html">[HTML]
+   <dd>Anne van Kesteren; et al. <a href="https://html.spec.whatwg.org/multipage/">HTML Standard</a>. Living Standard. URL: <a href="https://html.spec.whatwg.org/multipage/">https://html.spec.whatwg.org/multipage/</a>
+   <dt id="biblio-infra">[INFRA]
+   <dd>Anne van Kesteren; Domenic Denicola. <a href="https://infra.spec.whatwg.org/">Infra Standard</a>. Living Standard. URL: <a href="https://infra.spec.whatwg.org/">https://infra.spec.whatwg.org/</a>
+   <dt id="biblio-rfc2119">[RFC2119]
+   <dd>S. Bradner. <a href="https://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a>. March 1997. Best Current Practice. URL: <a href="https://tools.ietf.org/html/rfc2119">https://tools.ietf.org/html/rfc2119</a>
+   <dt id="biblio-webidl">[WebIDL]
+   <dd>Boris Zbarsky. <a href="https://heycam.github.io/webidl/">Web IDL</a>. 15 December 2016. ED. URL: <a href="https://heycam.github.io/webidl/">https://heycam.github.io/webidl/</a>
+  </dl>
+  <h3 class="no-num no-ref heading settled" id="informative"><span class="content">Informative References</span><a class="self-link" href="#informative"></a></h3>
+  <dl>
+   <dt id="biblio-storage-access-intro">[STORAGE-ACCESS-INTRO]
+   <dd>John Wilander. <a href="https://webkit.org/blog/8124/introducing-storage-access-api/">Introducing Storage Access API</a>. February 2018. Blog post. URL: <a href="https://webkit.org/blog/8124/introducing-storage-access-api/">https://webkit.org/blog/8124/introducing-storage-access-api/</a>
+  </dl>
+  <h2 class="no-num no-ref heading settled" id="idl-index"><span class="content">IDL Index</span><a class="self-link" href="#idl-index"></a></h2>
+<pre class="idl highlight def"><c- b>partial</c-> <c- b>interface</c-> <a class="idl-code" data-link-type="interface" href="https://dom.spec.whatwg.org/#document"><c- g>Document</c-></a> {
+  <c- b>Promise</c->&lt;<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean"><c- b>boolean</c-></a>> <a class="idl-code" data-link-type="method" href="#dom-document-hasstorageaccess"><c- g>hasStorageAccess</c-></a>();
+  <c- b>Promise</c->&lt;<c- b>void</c->> <a class="idl-code" data-link-type="method" href="#dom-document-requeststorageaccess"><c- g>requestStorageAccess</c-></a>();
+};
+
+</pre>
+  <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content">Issues Index</span><a class="self-link" href="#issues-index"></a></h2>
+  <div style="counter-reset:issue">
+   <div class="issue"> Remove step 9 if we determine that nested <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element">iframe</a></code>s should be able to request storage access. <a href="https://github.com/privacycg/storage-access/issues/10">&lt;https://github.com/privacycg/storage-access/issues/10></a><a href="#issue-dab76aba"> ↵ </a></div>
+   <div class="issue"> Finish this section.<a href="#issue-91b7518d"> ↵ </a></div>
+   <div class="issue"> Write this section. For each kind of client-side storage affected, modify them to invoke <a data-link-type="dfn" href="#determine-if-a-document-has-storage-access">determine if a document has storage access</a> &amp; modify their behavior based on the result.<a href="#issue-82f734f9"> ↵ </a></div>
+   <div class="issue"> Should this API affect client-side storage other than cookies? <a href="https://github.com/privacycg/storage-access/issues/4">&lt;https://github.com/privacycg/storage-access/issues/4></a><a href="#issue-924f0e5d"> ↵ </a></div>
+   <div class="issue"> Write this section.<a href="#issue-089b92ec"> ↵ </a></div>
+   <div class="issue"> What about Feature Policy? <a href="https://github.com/privacycg/storage-access/issues/12">&lt;https://github.com/privacycg/storage-access/issues/12></a><a href="#issue-4c448f45"> ↵ </a></div>
+   <div class="issue"> Write this section.<a href="#issue-089b92ec①"> ↵ </a></div>
+   <div class="issue"> Write this section.<a href="#issue-089b92ec②"> ↵ </a></div>
+  </div>
+  <aside class="dfn-panel" data-for="has-storage-access-flag">
+   <b><a href="#has-storage-access-flag">#has-storage-access-flag</a></b><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-has-storage-access-flag">3.1. Changes to Document</a> <a href="#ref-for-has-storage-access-flag①">(2)</a>
+    <li><a href="#ref-for-has-storage-access-flag②">3.1.1. User Agent storage access policies</a> <a href="#ref-for-has-storage-access-flag③">(2)</a> <a href="#ref-for-has-storage-access-flag④">(3)</a>
+    <li><a href="#ref-for-has-storage-access-flag⑤">3.2. Changes to navigation</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="was-expressly-denied-storage-access-flag">
+   <b><a href="#was-expressly-denied-storage-access-flag">#was-expressly-denied-storage-access-flag</a></b><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-was-expressly-denied-storage-access-flag">3.1. Changes to Document</a> <a href="#ref-for-was-expressly-denied-storage-access-flag①">(2)</a>
+    <li><a href="#ref-for-was-expressly-denied-storage-access-flag②">3.1.1. User Agent storage access policies</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="dom-document-hasstorageaccess">
+   <b><a href="#dom-document-hasstorageaccess">#dom-document-hasstorageaccess</a></b><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-dom-document-hasstorageaccess">3.1. Changes to Document</a> <a href="#ref-for-dom-document-hasstorageaccess①">(2)</a> <a href="#ref-for-dom-document-hasstorageaccess②">(3)</a>
+    <li><a href="#ref-for-dom-document-hasstorageaccess③">3.1.1. User Agent storage access policies</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="dom-document-requeststorageaccess">
+   <b><a href="#dom-document-requeststorageaccess">#dom-document-requeststorageaccess</a></b><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-dom-document-requeststorageaccess">3.1. Changes to Document</a> <a href="#ref-for-dom-document-requeststorageaccess①">(2)</a> <a href="#ref-for-dom-document-requeststorageaccess②">(3)</a>
+    <li><a href="#ref-for-dom-document-requeststorageaccess③">3.1.1. User Agent storage access policies</a>
+    <li><a href="#ref-for-dom-document-requeststorageaccess④">4. Privacy considerations</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="determine-if-a-document-has-storage-access">
+   <b><a href="#determine-if-a-document-has-storage-access">#determine-if-a-document-has-storage-access</a></b><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-determine-if-a-document-has-storage-access">3.1. Changes to Document</a>
+    <li><a href="#ref-for-determine-if-a-document-has-storage-access①">3.3. Changes to various client-side storage mechanisms</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="determine-the-storage-access-policy">
+   <b><a href="#determine-the-storage-access-policy">#determine-the-storage-access-policy</a></b><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-determine-the-storage-access-policy">3.1. Changes to Document</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="sandbox-storage-access-by-user-activation-flag">
+   <b><a href="#sandbox-storage-access-by-user-activation-flag">#sandbox-storage-access-by-user-activation-flag</a></b><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-sandbox-storage-access-by-user-activation-flag">3.1. Changes to Document</a>
+    <li><a href="#ref-for-sandbox-storage-access-by-user-activation-flag①">3.4. Sandboxing storage access</a>
+   </ul>
+  </aside>
+<script>/* script-dfn-panel */
+
+document.body.addEventListener("click", function(e) {
+    var queryAll = function(sel) { return [].slice.call(document.querySelectorAll(sel)); }
+    // Find the dfn element or panel, if any, that was clicked on.
+    var el = e.target;
+    var target;
+    var hitALink = false;
+    while(el.parentElement) {
+        if(el.tagName == "A") {
+            // Clicking on a link in a <dfn> shouldn't summon the panel
+            hitALink = true;
+        }
+        if(el.classList.contains("dfn-paneled")) {
+            target = "dfn";
+            break;
+        }
+        if(el.classList.contains("dfn-panel")) {
+            target = "dfn-panel";
+            break;
+        }
+        el = el.parentElement;
+    }
+    if(target != "dfn-panel") {
+        // Turn off any currently "on" or "activated" panels.
+        queryAll(".dfn-panel.on, .dfn-panel.activated").forEach(function(el){
+            el.classList.remove("on");
+            el.classList.remove("activated");
+        });
+    }
+    if(target == "dfn" && !hitALink) {
+        // open the panel
+        var dfnPanel = document.querySelector(".dfn-panel[data-for='" + el.id + "']");
+        if(dfnPanel) {
+            dfnPanel.classList.add("on");
+            var rect = el.getBoundingClientRect();
+            dfnPanel.style.left = window.scrollX + rect.right + 5 + "px";
+            dfnPanel.style.top = window.scrollY + rect.top + "px";
+            var panelRect = dfnPanel.getBoundingClientRect();
+            var panelWidth = panelRect.right - panelRect.left;
+            if(panelRect.right > document.body.scrollWidth && (rect.left - (panelWidth + 5)) > 0) {
+                // Reposition, because the panel is overflowing
+                dfnPanel.style.left = window.scrollX + rect.left - (panelWidth + 5) + "px";
+            }
+        } else {
+            console.log("Couldn't find .dfn-panel[data-for='" + el.id + "']");
+        }
+    } else if(target == "dfn-panel") {
+        // Switch it to "activated" state, which pins it.
+        el.classList.add("activated");
+        el.style.left = null;
+        el.style.top = null;
+    }
+
+});
+</script>
\ No newline at end of file

From 507b672c9818f0ab5f350ad60309d16b087e9bd9 Mon Sep 17 00:00:00 2001
From: Theresa O'Connor <hober@apple.com>
Date: Wed, 15 Apr 2020 14:24:57 -0700
Subject: [PATCH 7/8] Fixes and new issues based on @annevk's review.

---
 storage-access.bs | 67 ++++++++++++++++++++++++++++-------------------
 1 file changed, 40 insertions(+), 27 deletions(-)

diff --git a/storage-access.bs b/storage-access.bs
index 94fac66..ca1522b 100644
--- a/storage-access.bs
+++ b/storage-access.bs
@@ -45,14 +45,24 @@ spec:html; type:dfn; text:current entry; url:https://html.spec.whatwg.org/multip
 }
 </style>
 
+ISSUE: don't use the terms "first party" and "third party"
+
+ISSUE: use the [=top-level origin=] concept from [[!HTML]].
+
+ISSUE: [check for unique origin or opaque origin?](https://github.com/privacycg/storage-access/pull/24#discussion_r408779042)
+
 <section class="non-normative">
 <h2 id="intro">Introduction</h2>
 
 <em>This section is non-normative.</em>
 
-User Agents sometimes block access to client-side storage mechanisms in third-party contexts. This can break authenticated embeds such as commenting widgets, which often rely on cookies for authentication.
+User Agents sometimes block access to client-side storage mechanisms in third party contexts. This can break authenticated embeds such as commenting widgets, which often rely on cookies for authentication.
+
+The Storage Access API enables cross origin <{iframe}>s to request and be granted access to their client-side storage, so that authenticated embeds can work in such User Agents. [[STORAGE-ACCESS-INTRO]]
 
-The Storage Access API enables cross-origin <{iframe}>s to request and be granted access to their client-side storage, so that authenticated embeds can work in such User Agents. [[STORAGE-ACCESS-INTRO]]
+ISSUE: [cross origin or cross site?](https://github.com/privacycg/storage-access/pull/24#discussion_r408771982)
+
+ISSUE: give other examples beyond authenticated embeds
 
 </section>
 
@@ -71,7 +81,7 @@ partial interface Document {
 };
 </pre>
 
-This specification defines two methods on {{Document}}: {{Document/hasStorageAccess()}} and {{Document/requestStorageAccess()}}. The {{Document/hasStorageAccess()}} method returns a {{Promise}} that resolves with a {{boolean}} indicating whether the document has access to its first-party storage. The {{Document/requestStorageAccess()}} method returns a {{Promise}} that resolves when the document has been granted access to its first-party storage, and rejects otherwise.
+This specification defines two methods on {{Document}}: {{Document/hasStorageAccess()}} and {{Document/requestStorageAccess()}}. The {{Document/hasStorageAccess()}} method returns a {{Promise}} that resolves with a {{boolean}} indicating whether the document has access to its first party storage. The {{Document/requestStorageAccess()}} method returns a {{Promise}} that resolves when the document has been granted access to its first party storage, and rejects otherwise.
 
 Each {{Document}} has an associated <dfn export for=Document id=has-storage-access-flag>has storage access flag</dfn>, initially unset.
 
@@ -84,13 +94,13 @@ When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>ha
 <!-- https://hg.mozilla.org/mozilla-central/file/tip/dom/base/Document.cpp#l15512 -->
 
 1. Let |p| be [=a new promise=].
-1. If |doc|'s [=was expressly denied storage access flag=] is set, [=resolve=] |p| with false and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L85 -->
-1. If |doc|'s [=active sandboxing flag set=] has its [=sandboxed origin browsing context flag=] set, [=resolve=] |p| with false and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L90 --> <!-- Gecko's Document.cpp#l15526 -->
-1. If |doc|'s <a for=Document>browsing context</a> is a [=top-level browsing context=], [=resolve=] |p| with true and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L95 --> <!-- Gecko's Document.cpp#l15531 -->
+1. If |doc|'s [=was expressly denied storage access flag=] is set, [=resolve=] |p| with false and return |p|. <!-- WebKit's DocumentStorageAccess.cpp#L85 -->
+1. If |doc|'s [=active sandboxing flag set=] has its [=sandboxed origin browsing context flag=] set, [=resolve=] |p| with false and return |p|. <!-- WebKit's DocumentStorageAccess.cpp#L90 --> <!-- Gecko's Document.cpp#l15526 -->
+1. If |doc|'s <a for=Document>browsing context</a> is a [=top-level browsing context=], [=resolve=] |p| with true and return |p|. <!-- WebKit's DocumentStorageAccess.cpp#L95 --> <!-- Gecko's Document.cpp#l15531 -->
 1. Let |topDoc| be the [=active document=] of |doc|'s <a for=Document>browsing context</a>'s [=top-level browsing context=].
-1. If |doc| is [=same origin=] with |topDoc|, [=resolve=] |p| with true and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L102 --> <!-- Gecko's Document.cpp#l15541 -->
-1. Resolve |p| with the result of running [=determine if a document has storage access=] with |doc| and |topDoc| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L115 --> <!-- Gecko's Document.cpp#l15548 -->
-1. [=If aborted=], return |p|.
+1. If |doc| is [=same origin=] with |topDoc|, [=resolve=] |p| with true and return |p|. <!-- WebKit's DocumentStorageAccess.cpp#L102 --> <!-- Gecko's Document.cpp#l15541 -->
+1. Resolve |p| with the result of running [=determine if a document has storage access=] with |doc| and |topDoc|. <!-- WebKit's DocumentStorageAccess.cpp#L115 --> <!-- Gecko's Document.cpp#l15548 -->
+1. Return |p|.
 
 When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>requestStorageAccess()</code></dfn> method must run these steps:
 
@@ -99,40 +109,41 @@ When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>re
 <!-- https://hg.mozilla.org/mozilla-central/file/tip/dom/base/Document.cpp#l15629 -->
 
 1. Let |p| be [=a new promise=].
-1. If |doc|'s [=was expressly denied storage access flag=] is set, [=reject=] |p| and abort these steps.
-1. If |doc|'s [=has storage access flag=] is set, [=resolve=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L128 --> <!-- Gecko's Document.cpp#l15604 -->
-1. If the |doc|'s [=active sandboxing flag set=] has its [=sandboxed origin browsing context flag=] set, [=reject=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L133 --> <!-- Gecko's Document.cpp#l15618 -->
-1. If |doc|'s <a for=Document>browsing context</a> is a [=top-level browsing context=], [=resolve=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L138 --> <!-- Gecko's Document.cpp#l15632 -->
+1. If |doc|'s [=was expressly denied storage access flag=] is set, [=reject=] |p| and return |p|.
+1. If |doc|'s [=has storage access flag=] is set, [=resolve=] |p| and return |p|. <!-- WebKit's DocumentStorageAccess.cpp#L128 --> <!-- Gecko's Document.cpp#l15604 -->
+1. If the |doc|'s [=active sandboxing flag set=] has its [=sandboxed origin browsing context flag=] set, [=reject=] |p| and return |p|. <!-- WebKit's DocumentStorageAccess.cpp#L133 --> <!-- Gecko's Document.cpp#l15618 -->
+1. If |doc|'s <a for=Document>browsing context</a> is a [=top-level browsing context=], [=resolve=] |p| and return |p|. <!-- WebKit's DocumentStorageAccess.cpp#L138 --> <!-- Gecko's Document.cpp#l15632 -->
 1. Let |topDoc| be the [=active document=] of |doc|'s <a for=Document>browsing context</a>'s [=top-level browsing context=].
-1. If |doc| is [=same origin=] with |topDoc|, [=resolve=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L146 --> <!-- Gecko's Document.cpp#l15604 --> <!-- Gecko's Document.cpp#l15657 -->
-1. If |doc|'s [=active sandboxing flag set=] has its [=sandbox storage access by user activation flag=] set, [=reject=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L152 --> <!-- Gecko's Document.cpp#l15667 -->
-1. If |doc|'s <a for=Document>browsing context</a>'s [=opener browsing context=] is not its [=top-level browsing context=], [=reject=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L158 --> <!-- Gecko's Document.cpp#l15673 -->
-1. If the algorithm is invoked when |doc|'s {{Window}} object does not have [=transient activation=], [=reject=] |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L163 --> <!-- Gecko's Document.cpp#l15680 -->
-1. [=Determine the storage access policy=] with |doc|, |topDoc|, and |p| and abort these steps. <!-- WebKit's DocumentStorageAccess.cpp#L177 --> <!-- Gecko's Document.cpp#l15685 -->
-1. Set |doc|'s [=has storage access flag=], [=resolve=] |p|, and abort these steps. <!-- Gecko's Document.cpp#l15805 -->
-1. [=If aborted=], return |p|.
+1. If |doc| is [=same origin=] with |topDoc|, [=resolve=] |p| and return |p|. <!-- WebKit's DocumentStorageAccess.cpp#L146 --> <!-- Gecko's Document.cpp#l15604 --> <!-- Gecko's Document.cpp#l15657 -->
+1. If |doc|'s [=active sandboxing flag set=] has its [=sandbox storage access by user activation flag=] set, [=reject=] |p| and return |p|. <!-- WebKit's DocumentStorageAccess.cpp#L152 --> <!-- Gecko's Document.cpp#l15667 -->
+1. If |doc|'s <a for=Document>browsing context</a>'s [=opener browsing context=] is not its [=top-level browsing context=], [=reject=] |p| and return |p|. <!-- WebKit's DocumentStorageAccess.cpp#L158 --> <!-- Gecko's Document.cpp#l15673 -->
+1. If the algorithm is invoked when |doc|'s {{Window}} object does not have [=transient activation=], [=reject=] |p| and return |p|. <!-- WebKit's DocumentStorageAccess.cpp#L163 --> <!-- Gecko's Document.cpp#l15680 -->
+1. [=Determine the storage access policy=] with |doc|, |topDoc|, and |p|, and return |p|. <!-- WebKit's DocumentStorageAccess.cpp#L177 --> <!-- Gecko's Document.cpp#l15685 -->
+1. Set |doc|'s [=has storage access flag=], [=resolve=] |p|, and return |p|. <!-- Gecko's Document.cpp#l15805 -->
 
 ISSUE(10): Remove step 9 if we determine that nested <{iframe}>s should be able to request storage access.
 
+ISSUE: [rewrite to not block the main thread.](https://github.com/privacycg/storage-access/pull/24#discussion_r408780546)
+
 <h4 id="ua-policy">User Agent storage access policies</h4>
 
-Different User Agents have different policies around whether or not third-party <{iframe}>'s may access data placed into client-side storage mechanisms when the <{iframe}>'s {{Document}}'s <a for=Document>origin</a> was loaded in a first-party context. User Agents check these policies when client-side storage is accessed (see [[#storage]]) as well as by {{Document/hasStorageAccess()}} and {{Document/requestStorageAccess()}}.
+Different User Agents have different policies around whether or not third party <{iframe}>'s may access data placed into client-side storage mechanisms when the <{iframe}>'s {{Document}}'s <a for=Document>origin</a> was loaded in a first party context. User Agents check these policies when client-side storage is accessed (see [[#storage]]) as well as by {{Document/hasStorageAccess()}} and {{Document/requestStorageAccess()}}.
 
 When required to <dfn type="abstract-op">determine if a document has storage access</dfn> with {{Document|Documents}} |doc| and |topDoc|, run these steps:
 
 1. Assert: |topDoc| is the [=active document=] of |doc|'s <a for=Document>browsing context</a>'s [=top-level browsing context=].
 1. If |doc|'s [=has storage access flag=] is set, return true.
-1. Let |has storage access| (a {{boolean}}) be the result of running a UA-defined set of steps to determine if |doc| has storage access when it is loaded in a third-party context on |topDoc|.
+1. Let |has storage access| (a {{boolean}}) be the result of running a UA-defined set of steps to determine if |doc| has storage access when it is loaded in a third party context on |topDoc|.
 1. If |has storage access| is true, set |doc|'s [=has storage access flag=].
 1. Return |has storage access|.
 
 When required to <dfn type="abstract-op">determine the storage access policy</dfn> for {{Document|Documents}} |doc| and |topDoc| with {{Promise}} |p|, run these steps:
 
 1. Assert: |topDoc| is the [=active document=] of |doc|'s <a for=Document>browsing context</a>'s [=top-level browsing context=].
-1. Let |should implicitly grant| and |should implicitly deny| (both {{boolean|booleans}}) be the result of running a UA-defined set of steps to determine if |doc|'s request for storage access on |topDoc| should be granted or denied without prompting the user.
-1. If |should implicitly grant| is true, [=resolve=] |p| and abort these steps.
-1. If |should implicitly deny| is true, [=reject=] |p| and abort these steps.
-1. Ask the user if they would like to grant |doc| access to its storage when it is loaded in a third-party context on |topDoc|, and wait for an answer. Let |user expression of permission| (a {{boolean}}) be the result.
+1. Let |implicitly granted| and |implicitly denied| (both {{boolean|booleans}}) be the result of running a UA-defined set of steps to determine if |doc|'s request for storage access on |topDoc| should be granted or denied without prompting the user.
+1. If |implicitly granted| is true, [=resolve=] |p| and return.
+1. If |implicitly denied| is true, [=reject=] |p| and return.
+1. Ask the user if they would like to grant |doc| access to its storage when it is loaded in a third party context on |topDoc|, and wait for an answer. Let |user expression of permission| (a {{boolean}}) be the result.
 
     Note: if |user expression of permission| is false, the user **expressly chose** to deny |doc| access to its storage.
 1. If |user expression of permission| is true, [=resolve=] |p|. <!-- WebKit's DocumentStorageAccess.cpp#L191 -->
@@ -142,11 +153,13 @@ When required to <dfn type="abstract-op">determine the storage access policy</df
     1. Set |doc|'s [=was expressly denied storage access flag=].
     1. [=Reject=] |p|. <!-- WebKit's DocumentStorageAccess.cpp#L194 --> <!-- Gecko's Document.cpp#l15805 -->
 
+ISSUE: [since this is UA-defined, does it make sense to follow-up separately with a user prompt?](https://github.com/privacycg/storage-access/pull/24#discussion_r408784492)
+
 <h3 id="navigation">Changes to navigation</h3>
 
 Before changing the [=current entry=] of a [=session history=], unset the [=has storage access flag=] of the old [=current entry=]'s {{Document}}, if it has one.
 
-ISSUE: Finish this section.
+ISSUE(3): What this section should look like ultimately hinges on this issue.
 
 <h3 id="storage">Changes to various client-side storage mechanisms</h3>
 

From c94752f0a351e10a9a7c797f95dd8a84541552c0 Mon Sep 17 00:00:00 2001
From: Theresa O'Connor <hober@apple.com>
Date: Wed, 15 Apr 2020 14:25:50 -0700
Subject: [PATCH 8/8] Regenerate based on 507b672.

---
 index.html | 92 +++++++++++++++++++++++++++++-------------------------
 1 file changed, 50 insertions(+), 42 deletions(-)

diff --git a/index.html b/index.html
index c25aabf..99f83c4 100644
--- a/index.html
+++ b/index.html
@@ -1224,7 +1224,7 @@
   <link href="https://www.w3.org/StyleSheets/TR/2016/cg-draft" rel="stylesheet">
   <meta content="Bikeshed version 2891b22e, updated Thu Mar 26 15:21:43 2020 -0700" name="generator">
   <link href="https://privacycg.github.io/storage-access/" rel="canonical">
-  <meta content="a764b9415f740d225686048c0ba13535d6a7f24f" name="document-revision">
+  <meta content="c1225ad022d38a97b1523e823cb9c6eec263d877" name="document-revision">
 <style>
 .XXX {
     color: #E50000;
@@ -1480,7 +1480,7 @@
   <header>
    <p data-fill-with="logo"></p>
    <h1 class="no-ref" id="title">The Storage Access API</h1>
-   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Draft Community Group Report, <time datetime="2020-04-14">14 April 2020</time></span></h2>
+   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Draft Community Group Report, <time datetime="2020-04-15">15 April 2020</time></span></h2>
    <div data-fill-with="spec-metadata">
     <dl>
      <dt>This version:
@@ -1554,11 +1554,16 @@ <h2 class="no-num no-toc no-ref" id="contents">Table of Contents</h2>
    </ol>
   </nav>
   <main>
+   <p class="issue" id="issue-092ab0ec"><a class="self-link" href="#issue-092ab0ec"></a> don’t use the terms "first party" and "third party"</p>
+   <p class="issue" id="issue-abeca561"><a class="self-link" href="#issue-abeca561"></a> use the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#top-level-origin" id="ref-for-top-level-origin">top-level origin</a> concept from <a data-link-type="biblio" href="#biblio-html">[HTML]</a>.</p>
+   <p class="issue" id="issue-a668f049"><a class="self-link" href="#issue-a668f049"></a> <a href="https://github.com/privacycg/storage-access/pull/24#discussion_r408779042">check for unique origin or opaque origin?</a></p>
    <section class="non-normative">
     <h2 class="heading settled" data-level="1" id="intro"><span class="secno">1. </span><span class="content">Introduction</span><a class="self-link" href="#intro"></a></h2>
     <p><em>This section is non-normative.</em></p>
-    <p>User Agents sometimes block access to client-side storage mechanisms in third-party contexts. This can break authenticated embeds such as commenting widgets, which often rely on cookies for authentication.</p>
-    <p>The Storage Access API enables cross-origin <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element" id="ref-for-the-iframe-element">iframe</a></code>s to request and be granted access to their client-side storage, so that authenticated embeds can work in such User Agents. <a data-link-type="biblio" href="#biblio-storage-access-intro">[STORAGE-ACCESS-INTRO]</a></p>
+    <p>User Agents sometimes block access to client-side storage mechanisms in third party contexts. This can break authenticated embeds such as commenting widgets, which often rely on cookies for authentication.</p>
+    <p>The Storage Access API enables cross origin <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element" id="ref-for-the-iframe-element">iframe</a></code>s to request and be granted access to their client-side storage, so that authenticated embeds can work in such User Agents. <a data-link-type="biblio" href="#biblio-storage-access-intro">[STORAGE-ACCESS-INTRO]</a></p>
+    <p class="issue" id="issue-f1562ab4"><a class="self-link" href="#issue-f1562ab4"></a> <a href="https://github.com/privacycg/storage-access/pull/24#discussion_r408771982">cross origin or cross site?</a></p>
+    <p class="issue" id="issue-1aebf08e"><a class="self-link" href="#issue-1aebf08e"></a> give other examples beyond authenticated embeds</p>
    </section>
    <h2 class="heading settled" data-level="2" id="infra"><span class="secno">2. </span><span class="content">Infrastructure</span><a class="self-link" href="#infra"></a></h2>
    <p>This specification defines several additions to the HTML standard, and depends on the Infra standard. <a data-link-type="biblio" href="#biblio-infra">[INFRA]</a> <a data-link-type="biblio" href="#biblio-html">[HTML]</a></p>
@@ -1569,7 +1574,7 @@ <h3 class="heading settled" data-level="3.1" id="the-document-object"><span clas
   <c- b>Promise</c->&lt;<c- b>void</c->> <a class="idl-code" data-link-type="method" href="#dom-document-requeststorageaccess" id="ref-for-dom-document-requeststorageaccess"><c- g>requestStorageAccess</c-></a>();
 };
 </pre>
-   <p>This specification defines two methods on <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document②">Document</a></code>: <code class="idl"><a data-link-type="idl" href="#dom-document-hasstorageaccess" id="ref-for-dom-document-hasstorageaccess①">hasStorageAccess()</a></code> and <code class="idl"><a data-link-type="idl" href="#dom-document-requeststorageaccess" id="ref-for-dom-document-requeststorageaccess①">requestStorageAccess()</a></code>. The <code class="idl"><a data-link-type="idl" href="#dom-document-hasstorageaccess" id="ref-for-dom-document-hasstorageaccess②">hasStorageAccess()</a></code> method returns a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise">Promise</a></code> that resolves with a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean①">boolean</a></code> indicating whether the document has access to its first-party storage. The <code class="idl"><a data-link-type="idl" href="#dom-document-requeststorageaccess" id="ref-for-dom-document-requeststorageaccess②">requestStorageAccess()</a></code> method returns a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise①">Promise</a></code> that resolves when the document has been granted access to its first-party storage, and rejects otherwise.</p>
+   <p>This specification defines two methods on <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document②">Document</a></code>: <code class="idl"><a data-link-type="idl" href="#dom-document-hasstorageaccess" id="ref-for-dom-document-hasstorageaccess①">hasStorageAccess()</a></code> and <code class="idl"><a data-link-type="idl" href="#dom-document-requeststorageaccess" id="ref-for-dom-document-requeststorageaccess①">requestStorageAccess()</a></code>. The <code class="idl"><a data-link-type="idl" href="#dom-document-hasstorageaccess" id="ref-for-dom-document-hasstorageaccess②">hasStorageAccess()</a></code> method returns a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise">Promise</a></code> that resolves with a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean①">boolean</a></code> indicating whether the document has access to its first party storage. The <code class="idl"><a data-link-type="idl" href="#dom-document-requeststorageaccess" id="ref-for-dom-document-requeststorageaccess②">requestStorageAccess()</a></code> method returns a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-promise" id="ref-for-idl-promise①">Promise</a></code> that resolves when the document has been granted access to its first party storage, and rejects otherwise.</p>
    <p>Each <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document③">Document</a></code> has an associated <dfn class="dfn-paneled" data-dfn-for="Document" data-dfn-type="dfn" data-export id="has-storage-access-flag">has storage access flag</dfn>, initially unset.</p>
    <p>Each <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document④">Document</a></code> has an associated <dfn class="dfn-paneled" data-dfn-for="Document" data-dfn-type="dfn" data-export id="was-expressly-denied-storage-access-flag">was expressly denied storage access flag</dfn>, initially unset.</p>
    <p>When invoked on <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document⑤">Document</a></code> <var>doc</var>, the <dfn class="dfn-paneled idl-code" data-dfn-for="Document" data-dfn-type="method" data-export id="dom-document-hasstorageaccess"><code>hasStorageAccess()</code></dfn> method must run these steps:</p>
@@ -1577,52 +1582,51 @@ <h3 class="heading settled" data-level="3.1" id="the-document-object"><span clas
     <li data-md>
      <p>Let <var>p</var> be <a data-link-type="dfn" href="https://heycam.github.io/webidl/#a-new-promise" id="ref-for-a-new-promise">a new promise</a>.</p>
     <li data-md>
-     <p>If <var>doc</var>’s <a data-link-type="dfn" href="#was-expressly-denied-storage-access-flag" id="ref-for-was-expressly-denied-storage-access-flag">was expressly denied storage access flag</a> is set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve">resolve</a> <var>p</var> with false and abort these steps.</p>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="#was-expressly-denied-storage-access-flag" id="ref-for-was-expressly-denied-storage-access-flag">was expressly denied storage access flag</a> is set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve">resolve</a> <var>p</var> with false and return <var>p</var>.</p>
     <li data-md>
-     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set">active sandboxing flag set</a> has its <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#sandboxed-origin-browsing-context-flag" id="ref-for-sandboxed-origin-browsing-context-flag">sandboxed origin browsing context flag</a> set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve①">resolve</a> <var>p</var> with false and abort these steps.</p>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set">active sandboxing flag set</a> has its <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#sandboxed-origin-browsing-context-flag" id="ref-for-sandboxed-origin-browsing-context-flag">sandboxed origin browsing context flag</a> set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve①">resolve</a> <var>p</var> with false and return <var>p</var>.</p>
     <li data-md>
-     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc">browsing context</a> is a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context">top-level browsing context</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve②">resolve</a> <var>p</var> with true and abort these steps.</p>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc">browsing context</a> is a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context">top-level browsing context</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve②">resolve</a> <var>p</var> with true and return <var>p</var>.</p>
     <li data-md>
      <p>Let <var>topDoc</var> be the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#active-document" id="ref-for-active-document">active document</a> of <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc①">browsing context</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context①">top-level browsing context</a>.</p>
     <li data-md>
-     <p>If <var>doc</var> is <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#same-origin" id="ref-for-same-origin">same origin</a> with <var>topDoc</var>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve③">resolve</a> <var>p</var> with true and abort these steps.</p>
+     <p>If <var>doc</var> is <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#same-origin" id="ref-for-same-origin">same origin</a> with <var>topDoc</var>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve③">resolve</a> <var>p</var> with true and return <var>p</var>.</p>
     <li data-md>
-     <p>Resolve <var>p</var> with the result of running <a data-link-type="dfn" href="#determine-if-a-document-has-storage-access" id="ref-for-determine-if-a-document-has-storage-access">determine if a document has storage access</a> with <var>doc</var> and <var>topDoc</var> and abort these steps.</p>
+     <p>Resolve <var>p</var> with the result of running <a data-link-type="dfn" href="#determine-if-a-document-has-storage-access" id="ref-for-determine-if-a-document-has-storage-access">determine if a document has storage access</a> with <var>doc</var> and <var>topDoc</var>.</p>
     <li data-md>
-     <p><a data-link-type="dfn" href="https://infra.spec.whatwg.org/#if-aborted" id="ref-for-if-aborted">If aborted</a>, return <var>p</var>.</p>
+     <p>Return <var>p</var>.</p>
    </ol>
    <p>When invoked on <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document⑥">Document</a></code> <var>doc</var>, the <dfn class="dfn-paneled idl-code" data-dfn-for="Document" data-dfn-type="method" data-export id="dom-document-requeststorageaccess"><code>requestStorageAccess()</code></dfn> method must run these steps:</p>
    <ol>
     <li data-md>
      <p>Let <var>p</var> be <a data-link-type="dfn" href="https://heycam.github.io/webidl/#a-new-promise" id="ref-for-a-new-promise①">a new promise</a>.</p>
     <li data-md>
-     <p>If <var>doc</var>’s <a data-link-type="dfn" href="#was-expressly-denied-storage-access-flag" id="ref-for-was-expressly-denied-storage-access-flag①">was expressly denied storage access flag</a> is set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject">reject</a> <var>p</var> and abort these steps.</p>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="#was-expressly-denied-storage-access-flag" id="ref-for-was-expressly-denied-storage-access-flag①">was expressly denied storage access flag</a> is set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject">reject</a> <var>p</var> and return <var>p</var>.</p>
     <li data-md>
-     <p>If <var>doc</var>’s <a data-link-type="dfn" href="#has-storage-access-flag" id="ref-for-has-storage-access-flag">has storage access flag</a> is set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve④">resolve</a> <var>p</var> and abort these steps.</p>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="#has-storage-access-flag" id="ref-for-has-storage-access-flag">has storage access flag</a> is set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve④">resolve</a> <var>p</var> and return <var>p</var>.</p>
     <li data-md>
-     <p>If the <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set①">active sandboxing flag set</a> has its <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#sandboxed-origin-browsing-context-flag" id="ref-for-sandboxed-origin-browsing-context-flag①">sandboxed origin browsing context flag</a> set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject①">reject</a> <var>p</var> and abort these steps.</p>
+     <p>If the <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set①">active sandboxing flag set</a> has its <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#sandboxed-origin-browsing-context-flag" id="ref-for-sandboxed-origin-browsing-context-flag①">sandboxed origin browsing context flag</a> set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject①">reject</a> <var>p</var> and return <var>p</var>.</p>
     <li data-md>
-     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc②">browsing context</a> is a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context②">top-level browsing context</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑤">resolve</a> <var>p</var> and abort these steps.</p>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc②">browsing context</a> is a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context②">top-level browsing context</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑤">resolve</a> <var>p</var> and return <var>p</var>.</p>
     <li data-md>
      <p>Let <var>topDoc</var> be the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#active-document" id="ref-for-active-document①">active document</a> of <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc③">browsing context</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context③">top-level browsing context</a>.</p>
     <li data-md>
-     <p>If <var>doc</var> is <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#same-origin" id="ref-for-same-origin①">same origin</a> with <var>topDoc</var>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑥">resolve</a> <var>p</var> and abort these steps.</p>
+     <p>If <var>doc</var> is <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#same-origin" id="ref-for-same-origin①">same origin</a> with <var>topDoc</var>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑥">resolve</a> <var>p</var> and return <var>p</var>.</p>
     <li data-md>
-     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set②">active sandboxing flag set</a> has its <a data-link-type="dfn" href="#sandbox-storage-access-by-user-activation-flag" id="ref-for-sandbox-storage-access-by-user-activation-flag">sandbox storage access by user activation flag</a> set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject②">reject</a> <var>p</var> and abort these steps.</p>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set②">active sandboxing flag set</a> has its <a data-link-type="dfn" href="#sandbox-storage-access-by-user-activation-flag" id="ref-for-sandbox-storage-access-by-user-activation-flag">sandbox storage access by user activation flag</a> set, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject②">reject</a> <var>p</var> and return <var>p</var>.</p>
     <li data-md>
-     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc④">browsing context</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#opener-browsing-context" id="ref-for-opener-browsing-context">opener browsing context</a> is not its <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context④">top-level browsing context</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject③">reject</a> <var>p</var> and abort these steps.</p>
+     <p>If <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc④">browsing context</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#opener-browsing-context" id="ref-for-opener-browsing-context">opener browsing context</a> is not its <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context④">top-level browsing context</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject③">reject</a> <var>p</var> and return <var>p</var>.</p>
     <li data-md>
-     <p>If the algorithm is invoked when <var>doc</var>’s <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/window-object.html#window" id="ref-for-window">Window</a></code> object does not have <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/interaction.html#transient-activation" id="ref-for-transient-activation">transient activation</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject④">reject</a> <var>p</var> and abort these steps.</p>
+     <p>If the algorithm is invoked when <var>doc</var>’s <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/window-object.html#window" id="ref-for-window">Window</a></code> object does not have <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/interaction.html#transient-activation" id="ref-for-transient-activation">transient activation</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject④">reject</a> <var>p</var> and return <var>p</var>.</p>
     <li data-md>
-     <p><a data-link-type="dfn" href="#determine-the-storage-access-policy" id="ref-for-determine-the-storage-access-policy">Determine the storage access policy</a> with <var>doc</var>, <var>topDoc</var>, and <var>p</var> and abort these steps.</p>
+     <p><a data-link-type="dfn" href="#determine-the-storage-access-policy" id="ref-for-determine-the-storage-access-policy">Determine the storage access policy</a> with <var>doc</var>, <var>topDoc</var>, and <var>p</var>, and return <var>p</var>.</p>
     <li data-md>
-     <p>Set <var>doc</var>’s <a data-link-type="dfn" href="#has-storage-access-flag" id="ref-for-has-storage-access-flag①">has storage access flag</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑦">resolve</a> <var>p</var>, and abort these steps.</p>
-    <li data-md>
-     <p><a data-link-type="dfn" href="https://infra.spec.whatwg.org/#if-aborted" id="ref-for-if-aborted①">If aborted</a>, return <var>p</var>.</p>
+     <p>Set <var>doc</var>’s <a data-link-type="dfn" href="#has-storage-access-flag" id="ref-for-has-storage-access-flag①">has storage access flag</a>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑦">resolve</a> <var>p</var>, and return <var>p</var>.</p>
    </ol>
    <p class="issue" id="issue-dab76aba"><a class="self-link" href="#issue-dab76aba"></a> Remove step 9 if we determine that nested <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element" id="ref-for-the-iframe-element①">iframe</a></code>s should be able to request storage access. <a href="https://github.com/privacycg/storage-access/issues/10">&lt;https://github.com/privacycg/storage-access/issues/10></a></p>
+   <p class="issue" id="issue-a1e99cc7"><a class="self-link" href="#issue-a1e99cc7"></a> <a href="https://github.com/privacycg/storage-access/pull/24#discussion_r408780546">rewrite to not block the main thread.</a></p>
    <h4 class="heading settled" data-level="3.1.1" id="ua-policy"><span class="secno">3.1.1. </span><span class="content">User Agent storage access policies</span><a class="self-link" href="#ua-policy"></a></h4>
-   <p>Different User Agents have different policies around whether or not third-party <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element" id="ref-for-the-iframe-element②">iframe</a></code>'s may access data placed into client-side storage mechanisms when the <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element" id="ref-for-the-iframe-element③">iframe</a></code>'s <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document⑦">Document</a></code>'s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-document-origin" id="ref-for-concept-document-origin">origin</a> was loaded in a first-party context. User Agents check these policies when client-side storage is accessed (see <a href="#storage">§ 3.3 Changes to various client-side storage mechanisms</a>) as well as by <code class="idl"><a data-link-type="idl" href="#dom-document-hasstorageaccess" id="ref-for-dom-document-hasstorageaccess③">hasStorageAccess()</a></code> and <code class="idl"><a data-link-type="idl" href="#dom-document-requeststorageaccess" id="ref-for-dom-document-requeststorageaccess③">requestStorageAccess()</a></code>.</p>
+   <p>Different User Agents have different policies around whether or not third party <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element" id="ref-for-the-iframe-element②">iframe</a></code>'s may access data placed into client-side storage mechanisms when the <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element" id="ref-for-the-iframe-element③">iframe</a></code>'s <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document⑦">Document</a></code>'s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-document-origin" id="ref-for-concept-document-origin">origin</a> was loaded in a first party context. User Agents check these policies when client-side storage is accessed (see <a href="#storage">§ 3.3 Changes to various client-side storage mechanisms</a>) as well as by <code class="idl"><a data-link-type="idl" href="#dom-document-hasstorageaccess" id="ref-for-dom-document-hasstorageaccess③">hasStorageAccess()</a></code> and <code class="idl"><a data-link-type="idl" href="#dom-document-requeststorageaccess" id="ref-for-dom-document-requeststorageaccess③">requestStorageAccess()</a></code>.</p>
    <p>When required to <dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="determine-if-a-document-has-storage-access" type="abstract-op">determine if a document has storage access</dfn> with <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document⑧">Documents</a></code> <var>doc</var> and <var>topDoc</var>, run these steps:</p>
    <ol>
     <li data-md>
@@ -1630,7 +1634,7 @@ <h4 class="heading settled" data-level="3.1.1" id="ua-policy"><span class="secno
     <li data-md>
      <p>If <var>doc</var>’s <a data-link-type="dfn" href="#has-storage-access-flag" id="ref-for-has-storage-access-flag②">has storage access flag</a> is set, return true.</p>
     <li data-md>
-     <p>Let <var>has storage access</var> (a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean②">boolean</a></code>) be the result of running a UA-defined set of steps to determine if <var>doc</var> has storage access when it is loaded in a third-party context on <var>topDoc</var>.</p>
+     <p>Let <var>has storage access</var> (a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean②">boolean</a></code>) be the result of running a UA-defined set of steps to determine if <var>doc</var> has storage access when it is loaded in a third party context on <var>topDoc</var>.</p>
     <li data-md>
      <p>If <var>has storage access</var> is true, set <var>doc</var>’s <a data-link-type="dfn" href="#has-storage-access-flag" id="ref-for-has-storage-access-flag③">has storage access flag</a>.</p>
     <li data-md>
@@ -1641,13 +1645,13 @@ <h4 class="heading settled" data-level="3.1.1" id="ua-policy"><span class="secno
     <li data-md>
      <p class="assertion">Assert: <var>topDoc</var> is the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#active-document" id="ref-for-active-document③">active document</a> of <var>doc</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc" id="ref-for-concept-document-bc⑥">browsing context</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context" id="ref-for-top-level-browsing-context⑥">top-level browsing context</a>.</p>
     <li data-md>
-     <p>Let <var>should implicitly grant</var> and <var>should implicitly deny</var> (both <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean③">booleans</a></code>) be the result of running a UA-defined set of steps to determine if <var>doc</var>’s request for storage access on <var>topDoc</var> should be granted or denied without prompting the user.</p>
+     <p>Let <var>implicitly granted</var> and <var>implicitly denied</var> (both <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean③">booleans</a></code>) be the result of running a UA-defined set of steps to determine if <var>doc</var>’s request for storage access on <var>topDoc</var> should be granted or denied without prompting the user.</p>
     <li data-md>
-     <p>If <var>should implicitly grant</var> is true, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑧">resolve</a> <var>p</var> and abort these steps.</p>
+     <p>If <var>implicitly granted</var> is true, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑧">resolve</a> <var>p</var> and return.</p>
     <li data-md>
-     <p>If <var>should implicitly deny</var> is true, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject⑤">reject</a> <var>p</var> and abort these steps.</p>
+     <p>If <var>implicitly denied</var> is true, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject⑤">reject</a> <var>p</var> and return.</p>
     <li data-md>
-     <p>Ask the user if they would like to grant <var>doc</var> access to its storage when it is loaded in a third-party context on <var>topDoc</var>, and wait for an answer. Let <var>user expression of permission</var> (a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean④">boolean</a></code>) be the result.</p>
+     <p>Ask the user if they would like to grant <var>doc</var> access to its storage when it is loaded in a third party context on <var>topDoc</var>, and wait for an answer. Let <var>user expression of permission</var> (a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean④">boolean</a></code>) be the result.</p>
      <p class="note" role="note"><span>Note:</span> if <var>user expression of permission</var> is false, the user <strong>expressly chose</strong> to deny <var>doc</var> access to its storage.</p>
     <li data-md>
      <p>If <var>user expression of permission</var> is true, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#resolve" id="ref-for-resolve⑨">resolve</a> <var>p</var>.</p>
@@ -1664,9 +1668,10 @@ <h4 class="heading settled" data-level="3.1.1" id="ua-policy"><span class="secno
        <p><a data-link-type="dfn" href="https://heycam.github.io/webidl/#reject" id="ref-for-reject⑥">Reject</a> <var>p</var>.</p>
      </ol>
    </ol>
+   <p class="issue" id="issue-65ce4cf9"><a class="self-link" href="#issue-65ce4cf9"></a> <a href="https://github.com/privacycg/storage-access/pull/24#discussion_r408784492">since this is UA-defined, does it make sense to follow-up separately with a user prompt?</a></p>
    <h3 class="heading settled" data-level="3.2" id="navigation"><span class="secno">3.2. </span><span class="content">Changes to navigation</span><a class="self-link" href="#navigation"></a></h3>
    <p>Before changing the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/history.html#current-entry" id="ref-for-current-entry">current entry</a> of a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/history.html#session-history" id="ref-for-session-history">session history</a>, unset the <a data-link-type="dfn" href="#has-storage-access-flag" id="ref-for-has-storage-access-flag⑤">has storage access flag</a> of the old <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/history.html#current-entry" id="ref-for-current-entry①">current entry</a>'s <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document①⓪">Document</a></code>, if it has one.</p>
-   <p class="issue" id="issue-91b7518d"><a class="self-link" href="#issue-91b7518d"></a> Finish this section.</p>
+   <p class="issue" id="issue-d63174c9"><a class="self-link" href="#issue-d63174c9"></a> What this section should look like ultimately hinges on this issue. <a href="https://github.com/privacycg/storage-access/issues/3">&lt;https://github.com/privacycg/storage-access/issues/3></a></p>
    <h3 class="heading settled" data-level="3.3" id="storage"><span class="secno">3.3. </span><span class="content">Changes to various client-side storage mechanisms</span><a class="self-link" href="#storage"></a></h3>
    <p class="issue" id="issue-82f734f9"><a class="self-link" href="#issue-82f734f9"></a> Write this section. For each kind of client-side storage affected, modify them to invoke <a data-link-type="dfn" href="#determine-if-a-document-has-storage-access" id="ref-for-determine-if-a-document-has-storage-access①">determine if a document has storage access</a> &amp; modify their behavior based on the result.</p>
    <p class="issue" id="issue-924f0e5d"><a class="self-link" href="#issue-924f0e5d"></a> Should this API affect client-side storage other than cookies? <a href="https://github.com/privacycg/storage-access/issues/4">&lt;https://github.com/privacycg/storage-access/issues/4></a></p>
@@ -1981,6 +1986,12 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
     <li><a href="#ref-for-top-level-browsing-context⑤">3.1.1. User Agent storage access policies</a> <a href="#ref-for-top-level-browsing-context⑥">(2)</a>
    </ul>
   </aside>
+  <aside class="dfn-panel" data-for="term-for-top-level-origin">
+   <a href="https://html.spec.whatwg.org/multipage/webappapis.html#top-level-origin">https://html.spec.whatwg.org/multipage/webappapis.html#top-level-origin</a><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-top-level-origin">Unnumbered Section</a>
+   </ul>
+  </aside>
   <aside class="dfn-panel" data-for="term-for-transient-activation">
    <a href="https://html.spec.whatwg.org/multipage/interaction.html#transient-activation">https://html.spec.whatwg.org/multipage/interaction.html#transient-activation</a><b>Referenced in:</b>
    <ul>
@@ -1988,12 +1999,6 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
     <li><a href="#ref-for-transient-activation①">3.1.1. User Agent storage access policies</a>
    </ul>
   </aside>
-  <aside class="dfn-panel" data-for="term-for-if-aborted">
-   <a href="https://infra.spec.whatwg.org/#if-aborted">https://infra.spec.whatwg.org/#if-aborted</a><b>Referenced in:</b>
-   <ul>
-    <li><a href="#ref-for-if-aborted">3.1. Changes to Document</a> <a href="#ref-for-if-aborted①">(2)</a>
-   </ul>
-  </aside>
   <aside class="dfn-panel" data-for="term-for-idl-promise">
    <a href="https://heycam.github.io/webidl/#idl-promise">https://heycam.github.io/webidl/#idl-promise</a><b>Referenced in:</b>
    <ul>
@@ -2053,13 +2058,9 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
      <li><span class="dfn-paneled" id="term-for-sandboxing-flag-set" style="color:initial">sandboxing flag set</span>
      <li><span class="dfn-paneled" id="term-for-session-history" style="color:initial">session history</span>
      <li><span class="dfn-paneled" id="term-for-top-level-browsing-context" style="color:initial">top-level browsing context</span>
+     <li><span class="dfn-paneled" id="term-for-top-level-origin" style="color:initial">top-level origin</span>
      <li><span class="dfn-paneled" id="term-for-transient-activation" style="color:initial">transient activation</span>
     </ul>
-   <li>
-    <a data-link-type="biblio">[INFRA]</a> defines the following terms:
-    <ul>
-     <li><span class="dfn-paneled" id="term-for-if-aborted" style="color:initial">if aborted</span>
-    </ul>
    <li>
     <a data-link-type="biblio">[WebIDL]</a> defines the following terms:
     <ul>
@@ -2098,8 +2099,15 @@ <h2 class="no-num no-ref heading settled" id="idl-index"><span class="content">I
 </pre>
   <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content">Issues Index</span><a class="self-link" href="#issues-index"></a></h2>
   <div style="counter-reset:issue">
+   <div class="issue"> don’t use the terms "first party" and "third party"<a href="#issue-092ab0ec"> ↵ </a></div>
+   <div class="issue"> use the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#top-level-origin">top-level origin</a> concept from <a data-link-type="biblio" href="#biblio-html">[HTML]</a>.<a href="#issue-abeca561"> ↵ </a></div>
+   <div class="issue"> <a href="https://github.com/privacycg/storage-access/pull/24#discussion_r408779042">check for unique origin or opaque origin?</a><a href="#issue-a668f049"> ↵ </a></div>
+   <div class="issue"> <a href="https://github.com/privacycg/storage-access/pull/24#discussion_r408771982">cross origin or cross site?</a><a href="#issue-f1562ab4"> ↵ </a></div>
+   <div class="issue"> give other examples beyond authenticated embeds<a href="#issue-1aebf08e"> ↵ </a></div>
    <div class="issue"> Remove step 9 if we determine that nested <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#the-iframe-element">iframe</a></code>s should be able to request storage access. <a href="https://github.com/privacycg/storage-access/issues/10">&lt;https://github.com/privacycg/storage-access/issues/10></a><a href="#issue-dab76aba"> ↵ </a></div>
-   <div class="issue"> Finish this section.<a href="#issue-91b7518d"> ↵ </a></div>
+   <div class="issue"> <a href="https://github.com/privacycg/storage-access/pull/24#discussion_r408780546">rewrite to not block the main thread.</a><a href="#issue-a1e99cc7"> ↵ </a></div>
+   <div class="issue"> <a href="https://github.com/privacycg/storage-access/pull/24#discussion_r408784492">since this is UA-defined, does it make sense to follow-up separately with a user prompt?</a><a href="#issue-65ce4cf9"> ↵ </a></div>
+   <div class="issue"> What this section should look like ultimately hinges on this issue. <a href="https://github.com/privacycg/storage-access/issues/3">&lt;https://github.com/privacycg/storage-access/issues/3></a><a href="#issue-d63174c9"> ↵ </a></div>
    <div class="issue"> Write this section. For each kind of client-side storage affected, modify them to invoke <a data-link-type="dfn" href="#determine-if-a-document-has-storage-access">determine if a document has storage access</a> &amp; modify their behavior based on the result.<a href="#issue-82f734f9"> ↵ </a></div>
    <div class="issue"> Should this API affect client-side storage other than cookies? <a href="https://github.com/privacycg/storage-access/issues/4">&lt;https://github.com/privacycg/storage-access/issues/4></a><a href="#issue-924f0e5d"> ↵ </a></div>
    <div class="issue"> Write this section.<a href="#issue-089b92ec"> ↵ </a></div>