forked from TrueCloudLab/frostfs-api-go
e88a6ee028
We want to remove all innner ring queries to authenticate owner by public keys. Therefore we put public keys into session token. Later public keys could be gathered with NeoID or other centre of authority.
34 lines
1.4 KiB
Protocol Buffer
34 lines
1.4 KiB
Protocol Buffer
syntax = "proto3";
|
|
package session;
|
|
option go_package = "github.com/nspcc-dev/neofs-proto/session";
|
|
|
|
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
|
|
|
|
option (gogoproto.stable_marshaler_all) = true;
|
|
|
|
message VerificationHeader {
|
|
// PublicKey is a session public key
|
|
bytes PublicKey = 1;
|
|
// KeySignature is a session public key signature. Signed by trusted side
|
|
bytes KeySignature = 2;
|
|
}
|
|
|
|
// User token granting rights for object manipulation
|
|
message Token {
|
|
// Header carries verification data of session key
|
|
VerificationHeader Header = 1 [(gogoproto.nullable) = false];
|
|
// OwnerID is an owner of manipulation object
|
|
bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
|
|
// FirstEpoch is an initial epoch of token lifetime
|
|
uint64 FirstEpoch = 3;
|
|
// LastEpoch is a last epoch of token lifetime
|
|
uint64 LastEpoch = 4;
|
|
// ObjectID is an object identifier of manipulation object
|
|
repeated bytes ObjectID = 5 [(gogoproto.customtype) = "ObjectID", (gogoproto.nullable) = false];
|
|
// Signature is a token signature, signed by owner of manipulation object
|
|
bytes Signature = 6;
|
|
// ID is a token identifier. valid UUIDv4 represented in bytes
|
|
bytes ID = 7 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
|
|
// PublicKeys associated with owner
|
|
repeated bytes PublicKeys = 8;
|
|
}
|