[#1400] owner: Upgrade SDK package

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>

cmd/neofs-adm/internal/modules/morph/subnet.go

@@ -14,9 +14,9 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client"
 	morphsubnet "github.com/nspcc-dev/neofs-node/pkg/morph/client/subnet"
 	"github.com/nspcc-dev/neofs-node/pkg/util/rand"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/subnet"
 	subnetid "github.com/nspcc-dev/neofs-sdk-go/subnet/id"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -217,7 +217,8 @@ var cmdSubnetCreate = &cobra.Command{
 		}
 
 		// declare creator ID and encode it
-		creator := *owner.NewIDFromPublicKey(&key.PrivateKey.PublicKey)
+		var creator user.ID
+		user.IDFromKey(&creator, key.PrivateKey.PublicKey)
 
 		// fill subnet info and encode it
 		var info subnet.Info
@@ -393,7 +394,7 @@ var cmdSubnetGet = &cobra.Command{
 		}
 
 		// print information
-		var ownerID owner.ID
+		var ownerID user.ID
 
 		info.ReadOwner(&ownerID)
 
@@ -607,18 +608,13 @@ func manageSubnetClients(cmd *cobra.Command, rm bool) error {
 	}
 
 	// read client ID and encode it
-	var clientID owner.ID
+	var clientID user.ID
 
-	err = clientID.Parse(viper.GetString(flagSubnetClientID))
+	err = clientID.DecodeString(viper.GetString(flagSubnetClientID))
 	if err != nil {
 		return fmt.Errorf("decode client ID text: %w", err)
 	}
 
-	binClientID, err := clientID.Marshal()
-	if err != nil {
-		return fmt.Errorf("marshal client ID: %w", err)
-	}
-
 	// read group ID and encode it
 	var groupID internal.SubnetClientGroupID
 
@@ -636,7 +632,7 @@ func manageSubnetClients(cmd *cobra.Command, rm bool) error {
 
 	prm.SetGroup(binGroupID)
 	prm.SetSubnet(binID)
-	prm.SetClient(binClientID)
+	prm.SetClient(clientID.WalletBytes())
 
 	if rm {
 		prm.SetRemove()

cmd/neofs-cli/modules/accounting/balance.go

@@ -10,7 +10,7 @@ import (
 	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key"
 	"github.com/nspcc-dev/neofs-node/pkg/util/precision"
 	"github.com/nspcc-dev/neofs-sdk-go/accounting"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -24,18 +24,16 @@ var accountingBalanceCmd = &cobra.Command{
 	Short: "Get internal balance of NeoFS account",
 	Long:  `Get internal balance of NeoFS account`,
 	Run: func(cmd *cobra.Command, args []string) {
-		var oid *owner.ID
+		var oid user.ID
 
 		pk, err := key.GetOrGenerate()
 		common.ExitOnErr(cmd, "", err)
 
 		balanceOwner, _ := cmd.Flags().GetString(ownerFlag)
 		if balanceOwner == "" {
-			oid = owner.NewIDFromPublicKey(&pk.PublicKey)
+			user.IDFromKey(&oid, pk.PublicKey)
 		} else {
-			oid := owner.NewID()
-			err := oid.Parse(balanceOwner)
-			common.ExitOnErr(cmd, "can't decode owner ID wallet address: %w", err)
+			common.ExitOnErr(cmd, "can't decode owner ID wallet address: %w", oid.DecodeString(balanceOwner))
 		}
 
 		cli, err := internalclient.GetSDKClientByFlag(pk, commonflags.RPC)
@@ -43,7 +41,7 @@ var accountingBalanceCmd = &cobra.Command{
 
 		var prm internalclient.BalanceOfPrm
 		prm.SetClient(cli)
-		prm.SetAccount(*oid)
+		prm.SetAccount(oid)
 
 		res, err := internalclient.BalanceOf(prm)
 		common.ExitOnErr(cmd, "rpc error: %w", err)

cmd/neofs-cli/modules/bearer/create.go

@@ -17,7 +17,7 @@ import (
 	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	"github.com/nspcc-dev/neofs-sdk-go/client"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/spf13/cobra"
 )
 
@@ -96,8 +96,9 @@ func createToken(cmd *cobra.Command, _ []string) error {
 	}
 
 	ownerStr, _ := cmd.Flags().GetString(ownerFlag)
-	ownerID := owner.NewID()
-	if err := ownerID.Parse(ownerStr); err != nil {
+
+	var ownerID user.ID
+	if err := ownerID.DecodeString(ownerStr); err != nil {
 		return fmt.Errorf("can't parse recipient: %w", err)
 	}
 
@@ -105,7 +106,7 @@ func createToken(cmd *cobra.Command, _ []string) error {
 	b.SetExpiration(exp)
 	b.SetNotBefore(nvb)
 	b.SetIssuedAt(iat)
-	b.SetOwnerID(*ownerID)
+	b.SetOwnerID(ownerID)
 
 	eaclPath, _ := cmd.Flags().GetString(eaclFlag)
 	if eaclPath != "" {

cmd/neofs-cli/modules/container.go

@@ -23,10 +23,10 @@ import (
 	"github.com/nspcc-dev/neofs-sdk-go/netmap"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/policy"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
 	subnetid "github.com/nspcc-dev/neofs-sdk-go/subnet/id"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	versionSDK "github.com/nspcc-dev/neofs-sdk-go/version"
 	"github.com/spf13/cobra"
 )
@@ -114,22 +114,21 @@ var listContainersCmd = &cobra.Command{
 	Short: "List all created containers",
 	Long:  "List all created containers",
 	Run: func(cmd *cobra.Command, args []string) {
-		var oid *owner.ID
+		var idUser user.ID
 
 		key, err := getKey()
 		common.ExitOnErr(cmd, "", err)
 
 		if containerOwner == "" {
-			oid = owner.NewIDFromPublicKey(&key.PublicKey)
+			user.IDFromKey(&idUser, key.PublicKey)
 		} else {
-			oid, err = ownerFromString(containerOwner)
-			common.ExitOnErr(cmd, "", err)
+			common.ExitOnErr(cmd, "", userFromString(&idUser, containerOwner))
 		}
 
 		var prm internalclient.ListContainersPrm
 
 		prepareAPIClientWithKey(cmd, key, &prm)
-		prm.SetAccount(*oid)
+		prm.SetAccount(idUser)
 
 		res, err := internalclient.ListContainers(prm)
 		common.ExitOnErr(cmd, "rpc error: %w", err)
@@ -168,10 +167,11 @@ It will be stored in sidechain when inner ring will accepts it.`,
 		key, err := getKey()
 		common.ExitOnErr(cmd, "", err)
 
-		var idOwner *owner.ID
+		var idOwner *user.ID
 
 		if idOwner = tok.OwnerID(); idOwner == nil {
-			idOwner = owner.NewIDFromPublicKey(&key.PublicKey)
+			idOwner = new(user.ID)
+			user.IDFromKey(idOwner, key.PublicKey)
 		}
 
 		ver := versionSDK.Current()

cmd/neofs-cli/modules/object.go

@@ -27,8 +27,8 @@ import (
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
 	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/spf13/cobra"
 )
 
@@ -335,7 +335,7 @@ func prepareSessionPrmWithOwner(
 	cmd *cobra.Command,
 	addr *addressSDK.Address,
 	key *ecdsa.PrivateKey,
-	ownerID *owner.ID,
+	ownerID *user.ID,
 	prms ...clientKeySession,
 ) {
 	cli, err := internalclient.GetSDKClientByFlag(key, commonflags.RPC)
@@ -739,8 +739,11 @@ func getObjectHash(cmd *cobra.Command, _ []string) {
 	}
 }
 
-func getOwnerID(key *ecdsa.PrivateKey) (*owner.ID, error) {
-	return owner.NewIDFromPublicKey(&key.PublicKey), nil
+func getOwnerID(key *ecdsa.PrivateKey) (*user.ID, error) {
+	var res user.ID
+	user.IDFromKey(&res, key.PublicKey)
+
+	return &res, nil
 }
 
 var searchUnaryOpVocabulary = map[string]object.SearchMatchType{

cmd/neofs-cli/modules/root.go

@@ -2,7 +2,6 @@ package cmd
 
 import (
 	"crypto/ecdsa"
-	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -21,8 +20,8 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/util/gendoc"
 	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	"github.com/nspcc-dev/neofs-sdk-go/client"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -187,16 +186,14 @@ func getTTL() uint32 {
 	return ttl
 }
 
-// ownerFromString converts string with NEO3 wallet address to neofs owner ID.
-func ownerFromString(s string) (*owner.ID, error) {
-	result := owner.NewID()
-
-	err := result.Parse(s)
+// userFromString decodes user ID from string input.
+func userFromString(id *user.ID, s string) error {
+	err := id.DecodeString(s)
 	if err != nil {
-		return nil, errors.New("can't decode owner ID wallet address")
+		return fmt.Errorf("invalid user ID: %w", err)
 	}
 
-	return result, nil
+	return nil
 }
 
 func printVerbose(format string, a ...interface{}) {

cmd/neofs-cli/modules/session/create.go

@@ -9,8 +9,8 @@ import (
 	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key"
 	"github.com/nspcc-dev/neofs-node/pkg/network"
 	"github.com/nspcc-dev/neofs-sdk-go/client"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -69,8 +69,10 @@ func createSession(cmd *cobra.Command, _ []string) error {
 		lifetime = lfArg
 	}
 
-	ownerID := owner.NewIDFromPublicKey(&privKey.PublicKey)
-	tok, err := CreateSession(c, ownerID, lifetime)
+	var ownerID user.ID
+	user.IDFromKey(&ownerID, privKey.PublicKey)
+
+	tok, err := CreateSession(c, &ownerID, lifetime)
 	if err != nil {
 		return err
 	}
@@ -95,7 +97,7 @@ func createSession(cmd *cobra.Command, _ []string) error {
 
 // CreateSession returns newly created session token with the specified owner and lifetime.
 // `Issued-At` and `Not-Valid-Before` fields are set to current epoch.
-func CreateSession(c *client.Client, owner *owner.ID, lifetime uint64) (*session.Token, error) {
+func CreateSession(c *client.Client, owner *user.ID, lifetime uint64) (*session.Token, error) {
 	var netInfoPrm internalclient.NetworkInfoPrm
 	netInfoPrm.SetClient(c)
 

cmd/neofs-cli/modules/storagegroup.go

@@ -13,8 +13,8 @@ import (
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
 	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	storagegroupAPI "github.com/nspcc-dev/neofs-sdk-go/storagegroup"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/spf13/cobra"
 )
 
@@ -140,7 +140,7 @@ func init() {
 type sgHeadReceiver struct {
 	cmd     *cobra.Command
 	key     *ecdsa.PrivateKey
-	ownerID *owner.ID
+	ownerID *user.ID
 	prm     internalclient.HeadObjectPrm
 }
 

cmd/neofs-node/cache.go

@@ -12,7 +12,7 @@ import (
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	netmapSDK "github.com/nspcc-dev/neofs-sdk-go/netmap"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 type netValueReader func(interface{}) (interface{}, error)
@@ -248,14 +248,14 @@ func newCachedContainerLister(c *cntClient.Client) *ttlContainerLister {
 
 	lruCnrListerCache := newNetworkTTLCache(containerListerCacheSize, containerListerCacheTTL, func(key interface{}) (interface{}, error) {
 		var (
-			id    *owner.ID
+			id    *user.ID
 			strID = key.(string)
 		)
 
 		if strID != "" {
-			id = owner.NewID()
+			id = new(user.ID)
 
-			err := id.Parse(strID)
+			err := id.DecodeString(strID)
 			if err != nil {
 				return nil, err
 			}
@@ -270,7 +270,7 @@ func newCachedContainerLister(c *cntClient.Client) *ttlContainerLister {
 // List returns list of container IDs from the cache. If list is missing in the
 // cache or expired, then it returns container IDs from side chain and updates
 // the cache.
-func (s *ttlContainerLister) List(id *owner.ID) ([]*cid.ID, error) {
+func (s *ttlContainerLister) List(id *user.ID) ([]*cid.ID, error) {
 	var str string
 
 	if id != nil {
@@ -286,7 +286,7 @@ func (s *ttlContainerLister) List(id *owner.ID) ([]*cid.ID, error) {
 }
 
 // InvalidateContainerList removes cached list of container IDs.
-func (s *ttlContainerLister) InvalidateContainerList(id *owner.ID) {
+func (s *ttlContainerLister) InvalidateContainerList(id *user.ID) {
 	(*ttlNetCache)(s).remove(id.String())
 }
 

cmd/neofs-node/config.go

@@ -45,7 +45,7 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/util/logger"
 	"github.com/nspcc-dev/neofs-node/pkg/util/state"
 	"github.com/nspcc-dev/neofs-sdk-go/netmap"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/nspcc-dev/neofs-sdk-go/version"
 	"github.com/panjf2000/ants/v2"
 	"go.etcd.io/bbolt"
@@ -77,7 +77,7 @@ type cfg struct {
 
 	key *keys.PrivateKey
 
-	ownerIDFromKey *owner.ID // owner ID calculated from key
+	ownerIDFromKey user.ID // user ID calculated from key
 
 	apiVersion version.Version
 
@@ -234,8 +234,6 @@ func initCfg(path string) *cfg {
 
 	key := nodeconfig.Key(appCfg)
 
-	ownerIDFromKey := owner.NewIDFromPublicKey(&key.PrivateKey.PublicKey)
-
 	var logPrm logger.Prm
 
 	err := logPrm.SetLevelString(
@@ -316,10 +314,10 @@ func initCfg(path string) *cfg {
 			Key:         &key.PrivateKey,
 		}),
 		persistate: persistate,
-
-		ownerIDFromKey: ownerIDFromKey,
 	}
 
+	user.IDFromKey(&c.ownerIDFromKey, key.PrivateKey.PublicKey)
+
 	if metricsconfig.Address(c.appCfg) != "" {
 		c.metricsCollector = metrics.NewStorageMetrics()
 		netState.metrics = c.metricsCollector

cmd/neofs-node/container.go

@@ -32,7 +32,7 @@ import (
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	"github.com/nspcc-dev/neofs-sdk-go/netmap"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.uber.org/zap"
 )
 
@@ -557,7 +557,7 @@ type morphContainerReader struct {
 	get containerCore.Source
 
 	lister interface {
-		List(*owner.ID) ([]*cid.ID, error)
+		List(*user.ID) ([]*cid.ID, error)
 	}
 }
 
@@ -569,7 +569,7 @@ func (x *morphContainerReader) GetEACL(id *cid.ID) (*eaclSDK.Table, error) {
 	return x.eacl.GetEACL(id)
 }
 
-func (x *morphContainerReader) List(id *owner.ID) ([]*cid.ID, error) {
+func (x *morphContainerReader) List(id *user.ID) ([]*cid.ID, error) {
 	return x.lister.List(id)
 }
 

cmd/neofs-node/object.go

@@ -43,7 +43,7 @@ import (
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	objectSDK "github.com/nspcc-dev/neofs-sdk-go/object"
 	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.uber.org/zap"
 )
 
@@ -124,8 +124,8 @@ func (i *delNetInfo) TombstoneLifetime() (uint64, error) {
 // returns node owner ID calculated from configured private key.
 //
 // Implements method needed for Object.Delete service.
-func (i *delNetInfo) LocalNodeID() *owner.ID {
-	return i.cfg.ownerIDFromKey
+func (i *delNetInfo) LocalNodeID() *user.ID {
+	return &i.cfg.ownerIDFromKey
 }
 
 type innerRingFetcherWithNotary struct {

cmd/neofs-node/session.go

@@ -15,12 +15,12 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage/persistent"
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage/temporary"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 type sessionStorage interface {
 	Create(ctx context.Context, body *session.CreateRequestBody) (*session.CreateResponseBody, error)
-	Get(ownerID *owner.ID, tokenID []byte) *storage.PrivateToken
+	Get(ownerID *user.ID, tokenID []byte) *storage.PrivateToken
 	RemoveOld(epoch uint64)
 
 	Close() error

go.mod

@@ -18,8 +18,8 @@ require (
 	github.com/nspcc-dev/neo-go v0.98.2
 	github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220321144137-d5a9af5860af // indirect
 	github.com/nspcc-dev/neofs-api-go/v2 v2.12.1
-	github.com/nspcc-dev/neofs-contract v0.14.2
-	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220419095511-d20999113a2e
+	github.com/nspcc-dev/neofs-contract v0.15.1
+	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220424111116-497053c785f5
 	github.com/nspcc-dev/tzhash v1.5.2
 	github.com/panjf2000/ants/v2 v2.4.0
 	github.com/paulmach/orb v0.2.2

pkg/core/container/fmt.go

@@ -6,7 +6,6 @@ import (
 
 	"github.com/nspcc-dev/neofs-node/pkg/core/version"
 	"github.com/nspcc-dev/neofs-sdk-go/container"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 )
 
 var (
@@ -28,8 +27,8 @@ func CheckFormat(c *container.Container) error {
 		return fmt.Errorf("incorrect version %s", v)
 	}
 
-	if ln := len(c.OwnerID().ToV2().GetValue()); ln != owner.NEO3WalletSize {
-		return fmt.Errorf("incorrect owner identifier: expected length %d != %d", owner.NEO3WalletSize, ln)
+	if c.OwnerID() == nil {
+		return errors.New("missing owner")
 	}
 
 	if _, err := c.NonceUUID(); err != nil {

pkg/core/container/fmt_test.go

@@ -7,7 +7,7 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/util/test"
 	"github.com/nspcc-dev/neofs-sdk-go/container"
 	"github.com/nspcc-dev/neofs-sdk-go/netmap"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/nspcc-dev/neofs-sdk-go/version"
 	"github.com/stretchr/testify/require"
 )
@@ -27,9 +27,10 @@ func TestCheckFormat(t *testing.T) {
 
 	require.Error(t, CheckFormat(c))
 
-	oid := owner.NewIDFromPublicKey(&test.DecodeKey(-1).PublicKey)
+	var oid user.ID
+	user.IDFromKey(&oid, test.DecodeKey(-1).PublicKey)
 
-	c.SetOwnerID(oid)
+	c.SetOwnerID(&oid)
 
 	// set incorrect nonce
 	cV2 := c.ToV2()

pkg/core/object/fmt.go

@@ -16,8 +16,8 @@ import (
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/storagegroup"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // FormatValidator represents an object format validator.
@@ -102,10 +102,6 @@ func (v *FormatValidator) Validate(obj *object.Object, unprepared bool) error {
 		return errNilCID
 	}
 
-	if err := v.checkOwner(obj); err != nil {
-		return err
-	}
-
 	if err := v.checkAttributes(obj); err != nil {
 		return fmt.Errorf("invalid attributes: %w", err)
 	}
@@ -155,15 +151,16 @@ func (v *FormatValidator) validateSignatureKey(obj *object.Object) error {
 	return nil
 }
 
-func (v *FormatValidator) checkOwnerKey(id *owner.ID, key []byte) error {
+func (v *FormatValidator) checkOwnerKey(id *user.ID, key []byte) error {
 	pub, err := keys.NewPublicKeyFromBytes(key, elliptic.P256())
 	if err != nil {
 		return err
 	}
 
-	id2 := owner.NewIDFromPublicKey((*ecdsa.PublicKey)(pub))
+	var id2 user.ID
+	user.IDFromKey(&id2, (ecdsa.PublicKey)(*pub))
 
-	if !id.Equal(id2) {
+	if !id.Equals(id2) {
 		return fmt.Errorf("(%T) different owner identifiers %s/%s", v, id, id2)
 	}
 
@@ -334,8 +331,7 @@ func (v *FormatValidator) checkAttributes(obj *object.Object) error {
 var errIncorrectOwner = errors.New("incorrect object owner")
 
 func (v *FormatValidator) checkOwner(obj *object.Object) error {
-	// TODO: use an appropriate functionality after neofs-api-go#352
-	if len(obj.OwnerID().ToV2().GetValue()) != owner.NEO3WalletSize {
+	if idOwner := obj.OwnerID(); idOwner == nil || len(idOwner.WalletBytes()) == 0 {
 		return errIncorrectOwner
 	}
 

pkg/core/object/fmt_test.go

@@ -13,9 +13,9 @@ import (
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
 	oidtest "github.com/nspcc-dev/neofs-sdk-go/object/id/test"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
 	"github.com/nspcc-dev/neofs-sdk-go/storagegroup"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/stretchr/testify/require"
 )
 
@@ -29,9 +29,12 @@ func testSHA(t *testing.T) [sha256.Size]byte {
 }
 
 func blankValidObject(key *ecdsa.PrivateKey) *object.Object {
+	var idOwner user.ID
+	user.IDFromKey(&idOwner, key.PublicKey)
+
 	obj := object.New()
 	obj.SetContainerID(cidtest.ID())
-	obj.SetOwnerID(owner.NewIDFromPublicKey(&key.PublicKey))
+	obj.SetOwnerID(&idOwner)
 
 	return obj
 }
@@ -78,14 +81,15 @@ func TestFormatValidator_Validate(t *testing.T) {
 		obj.SetContainerID(cidtest.ID())
 		obj.SetID(oidtest.ID())
 
-		require.Error(t, v.Validate(obj, true))
+		require.Error(t, v.Validate(obj, false))
 	})
 
 	t.Run("correct w/ session token", func(t *testing.T) {
-		oid := owner.NewIDFromPublicKey((*ecdsa.PublicKey)(ownerKey.PublicKey()))
+		var idOwner user.ID
+		user.IDFromKey(&idOwner, ownerKey.PrivateKey.PublicKey)
 
 		tok := sessiontest.Token()
-		tok.SetOwnerID(oid)
+		tok.SetOwnerID(&idOwner)
 
 		obj := object.New()
 		obj.SetContainerID(cidtest.ID())

pkg/innerring/processors/container/common.go

@@ -10,8 +10,8 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client/neofsid"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 var (
@@ -21,7 +21,7 @@ var (
 )
 
 type ownerIDSource interface {
-	OwnerID() *owner.ID
+	OwnerID() *user.ID
 }
 
 func tokenFromEvent(src interface {
@@ -52,7 +52,15 @@ func (cp *Processor) checkKeyOwnership(ownerIDSrc ownerIDSource, key *keys.Publi
 		}
 	}
 
-	if ownerIDSrc.OwnerID().Equal(owner.NewIDFromPublicKey((*ecdsa.PublicKey)(key))) {
+	ownerSrc := ownerIDSrc.OwnerID()
+	if ownerSrc == nil {
+		return errors.New("missing owner")
+	}
+
+	var ownerKey user.ID
+	user.IDFromKey(&ownerKey, (ecdsa.PublicKey)(*key))
+
+	if ownerSrc.Equals(ownerKey) {
 		return nil
 	}
 
@@ -82,8 +90,10 @@ func (cp *Processor) checkKeyOwnershipWithToken(ownerIDSrc ownerIDSource, key *k
 		return errors.New("signed with a non-session key")
 	}
 
+	ownerToken, ownerSrc := token.OwnerID(), ownerIDSrc.OwnerID()
+
 	// check owner
-	if !token.OwnerID().Equal(ownerIDSrc.OwnerID()) {
+	if ownerToken == nil || ownerSrc == nil || !ownerToken.Equals(*ownerSrc) {
 		return errors.New("owner differs with token owner")
 	}
 

pkg/innerring/processors/container/process_container.go

@@ -286,6 +286,11 @@ func checkNNS(ctx *putContainerContext, cnr *containerSDK.Container) error {
 }
 
 func checkSubnet(subCli *morphsubnet.Client, cnr *containerSDK.Container) error {
+	owner := cnr.OwnerID()
+	if owner == nil {
+		return errors.New("missing owner")
+	}
+
 	prm := morphsubnet.UserAllowedPrm{}
 
 	subID := cnr.PlacementPolicy().SubnetID()
@@ -298,13 +303,8 @@ func checkSubnet(subCli *morphsubnet.Client, cnr *containerSDK.Container) error
 		return fmt.Errorf("could not marshal container subnetwork: %w", err)
 	}
 
-	ownerID, err := cnr.OwnerID().Marshal()
-	if err != nil {
-		return fmt.Errorf("could not marshal container ownerID: %w", err)
-	}
-
 	prm.SetID(rawSubID)
-	prm.SetClient(ownerID)
+	prm.SetClient(owner.WalletBytes())
 
 	res, err := subCli.UserAllowed(prm)
 	if err != nil {

pkg/innerring/processors/neofs/process_bind.go

@@ -8,7 +8,7 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client/neofsid"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/event/neofs"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.uber.org/zap"
 )
 
@@ -84,8 +84,11 @@ func (np *Processor) approveBindCommon(e *bindCommonContext) {
 		return
 	}
 
+	var id user.ID
+	id.SetScriptHash(u160)
+
 	prm := neofsid.CommonBindPrm{}
-	prm.SetOwnerID(owner.ScriptHashToIDBytes(u160))
+	prm.SetOwnerID(id.WalletBytes())
 	prm.SetKeys(e.Keys())
 	prm.SetHash(e.bindCommon.TxHash())
 

pkg/innerring/processors/settlement/audit/calculate.go

@@ -14,7 +14,7 @@ import (
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.uber.org/zap"
 )
 
@@ -323,11 +323,14 @@ func (c *singleResultCtx) auditEpoch() uint64 {
 	return c.eAudit
 }
 
-func ownerFromKey(key []byte) (*owner.ID, error) {
+func ownerFromKey(key []byte) (*user.ID, error) {
 	pubKey, err := keys.NewPublicKeyFromBytes(key, elliptic.P256())
 	if err != nil {
 		return nil, err
 	}
 
-	return owner.NewIDFromPublicKey((*ecdsa.PublicKey)(pubKey)), nil
+	var id user.ID
+	user.IDFromKey(&id, (ecdsa.PublicKey)(*pubKey))
+
+	return &id, nil
 }

pkg/innerring/processors/settlement/basic/collect.go

@@ -65,7 +65,7 @@ func (inc *IncomeSettlementContext) Collect() {
 
 		txTable.Transfer(&common.TransferTx{
 			From:   owner.Owner(),
-			To:     inc.bankOwner,
+			To:     &inc.bankOwner,
 			Amount: total,
 		})
 	}

pkg/innerring/processors/settlement/basic/context.go

@@ -7,7 +7,7 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neofs-node/pkg/innerring/processors/settlement/common"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client/container"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.uber.org/zap"
 )
 
@@ -22,7 +22,7 @@ type (
 
 	// BalanceFetcher uses NEP-17 compatible balance contract
 	BalanceFetcher interface {
-		Balance(id *owner.ID) (*big.Int, error)
+		Balance(id *user.ID) (*big.Int, error)
 	}
 
 	IncomeSettlementContext struct {
@@ -39,7 +39,7 @@ type (
 		exchange    common.Exchanger
 		accounts    common.AccountStorage
 
-		bankOwner *owner.ID
+		bankOwner user.ID
 
 		// this table is not thread safe, make sure you use it with mu.Lock()
 		distributeTable *NodeSizeTable
@@ -58,11 +58,8 @@ type (
 	}
 )
 
-func NewIncomeSettlementContext(p *IncomeSettlementContextPrms) (*IncomeSettlementContext, error) {
-	bankingAccount := owner.NewID()
-	bankingAccount.SetScriptHash(util.Uint160{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
-
-	return &IncomeSettlementContext{
+func NewIncomeSettlementContext(p *IncomeSettlementContextPrms) *IncomeSettlementContext {
+	res := &IncomeSettlementContext{
 		log:             p.Log,
 		epoch:           p.Epoch,
 		rate:            p.Rate,
@@ -72,7 +69,10 @@ func NewIncomeSettlementContext(p *IncomeSettlementContextPrms) (*IncomeSettleme
 		placement:       p.Placement,
 		exchange:        p.Exchange,
 		accounts:        p.Accounts,
-		bankOwner:       bankingAccount,
 		distributeTable: NewNodeSizeTable(),
-	}, nil
+	}
+
+	res.bankOwner.SetScriptHash(util.Uint160{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
+
+	return res
 }

pkg/innerring/processors/settlement/basic/distribute.go

@@ -14,7 +14,7 @@ func (inc *IncomeSettlementContext) Distribute() {
 
 	txTable := common.NewTransferTable()
 
-	bankBalance, err := inc.balances.Balance(inc.bankOwner)
+	bankBalance, err := inc.balances.Balance(&inc.bankOwner)
 	if err != nil {
 		inc.log.Error("can't fetch balance of banking account",
 			zap.String("error", err.Error()))
@@ -35,7 +35,7 @@ func (inc *IncomeSettlementContext) Distribute() {
 		}
 
 		txTable.Transfer(&common.TransferTx{
-			From:   inc.bankOwner,
+			From:   &inc.bankOwner,
 			To:     nodeOwner,
 			Amount: normalizedValue(n, total, bankBalance),
 		})

pkg/innerring/processors/settlement/common/types.go

@@ -4,7 +4,7 @@ import (
 	"math/big"
 
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // NodeInfo groups the data about the storage node
@@ -21,7 +21,7 @@ type NodeInfo interface {
 // necessary for calculating audit fee.
 type ContainerInfo interface {
 	// Must return identifier of the container owner.
-	Owner() *owner.ID
+	Owner() *user.ID
 }
 
 // ContainerStorage is an interface of
@@ -42,7 +42,7 @@ type PlacementCalculator interface {
 type AccountStorage interface {
 	// Must resolve information about the storage node
 	// to its ID in system.
-	ResolveKey(NodeInfo) (*owner.ID, error)
+	ResolveKey(NodeInfo) (*user.ID, error)
 }
 
 // Exchanger is an interface of monetary component.
@@ -50,5 +50,5 @@ type Exchanger interface {
 	// Must transfer amount of GASe-12 from sender to recipient.
 	//
 	// Amount must be positive.
-	Transfer(sender, recipient *owner.ID, amount *big.Int, details []byte)
+	Transfer(sender, recipient *user.ID, amount *big.Int, details []byte)
 }

pkg/innerring/processors/settlement/common/util.go

@@ -3,7 +3,7 @@ package common
 import (
 	"math/big"
 
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 type TransferTable struct {
@@ -11,7 +11,7 @@ type TransferTable struct {
 }
 
 type TransferTx struct {
-	From, To *owner.ID
+	From, To *user.ID
 
 	Amount *big.Int
 }
@@ -23,7 +23,7 @@ func NewTransferTable() *TransferTable {
 }
 
 func (t *TransferTable) Transfer(tx *TransferTx) {
-	if tx.From.Equal(tx.To) {
+	if tx.From.Equals(*tx.To) {
 		return
 	}
 

pkg/innerring/processors/subnet/put.go

@@ -4,9 +4,9 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/subnet"
 	subnetid "github.com/nspcc-dev/neofs-sdk-go/subnet/id"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // Put represents a notification about NeoFS subnet creation.
@@ -17,7 +17,7 @@ type Put interface {
 
 	// ReadCreator reads the user ID of the subnet creator.
 	// Returns an error if the ID is missing.
-	ReadCreator(id *owner.ID) error
+	ReadCreator(id *user.ID) error
 
 	// ReadInfo reads information about a subnet to be created.
 	ReadInfo(info *subnet.Info) error
@@ -57,7 +57,7 @@ func (x PutValidator) Assert(event Put) error {
 	}
 
 	// read creator's user ID in NeoFS system
-	var creator owner.ID
+	var creator user.ID
 	if err = event.ReadCreator(&creator); err != nil {
 		return fmt.Errorf("read creator: %w", err)
 	}

pkg/innerring/processors/subnet/put_test.go

@@ -4,10 +4,10 @@ import (
 	"errors"
 	"testing"
 
-	ownertest "github.com/nspcc-dev/neofs-sdk-go/owner/test"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
+	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
 	"github.com/stretchr/testify/require"
 
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/subnet"
 	subnetid "github.com/nspcc-dev/neofs-sdk-go/subnet/id"
 )
@@ -15,7 +15,7 @@ import (
 type put struct {
 	idEvent
 
-	creator owner.ID
+	creator user.ID
 
 	creatorErr error
 
@@ -24,7 +24,7 @@ type put struct {
 	infoErr error
 }
 
-func (x put) ReadCreator(id *owner.ID) error {
+func (x put) ReadCreator(id *user.ID) error {
 	if x.creatorErr != nil {
 		return x.creatorErr
 	}
@@ -99,9 +99,7 @@ func TestPutValidator_Assert(t *testing.T) {
 	e.info.SetID(e.id)
 
 	// diff explicit creator and the one in info
-	var creator2 owner.ID
-
-	creator2 = *ownertest.ID()
+	creator2 := *usertest.ID()
 
 	e.info.SetOwner(creator2)
 

pkg/innerring/settlement.go

@@ -25,8 +25,8 @@ import (
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	netmapAPI "github.com/nspcc-dev/neofs-sdk-go/netmap"
 	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/storagegroup"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.uber.org/zap"
 )
 
@@ -93,7 +93,7 @@ func (n nodeInfoWrapper) Price() *big.Int {
 	return big.NewInt(int64(n.ni.Price))
 }
 
-func (c *containerWrapper) Owner() *owner.ID {
+func (c *containerWrapper) Owner() *user.ID {
 	return (*containerAPI.Container)(c).OwnerID()
 }
 
@@ -201,16 +201,19 @@ func (s settlementDeps) SGInfo(addr *addressSDK.Address) (audit.SGInfo, error) {
 	return (*sgWrapper)(sg), nil
 }
 
-func (s settlementDeps) ResolveKey(ni common.NodeInfo) (*owner.ID, error) {
+func (s settlementDeps) ResolveKey(ni common.NodeInfo) (*user.ID, error) {
 	pub, err := keys.NewPublicKeyFromBytes(ni.PublicKey(), elliptic.P256())
 	if err != nil {
 		return nil, err
 	}
 
-	return owner.NewIDFromPublicKey((*ecdsa.PublicKey)(pub)), nil
+	var id user.ID
+	user.IDFromKey(&id, (ecdsa.PublicKey)(*pub))
+
+	return &id, nil
 }
 
-func (s settlementDeps) Transfer(sender, recipient *owner.ID, amount *big.Int, details []byte) {
+func (s settlementDeps) Transfer(sender, recipient *user.ID, amount *big.Int, details []byte) {
 	if s.settlementCtx == "" {
 		panic("unknown settlement deps context")
 	}
@@ -275,7 +278,7 @@ func (b basicIncomeSettlementDeps) Estimations(epoch uint64) ([]*containerClient
 	return result, nil
 }
 
-func (b basicIncomeSettlementDeps) Balance(id *owner.ID) (*big.Int, error) {
+func (b basicIncomeSettlementDeps) Balance(id *user.ID) (*big.Int, error) {
 	return b.balanceClient.BalanceOf(id)
 }
 
@@ -296,5 +299,5 @@ func (b *basicSettlementConstructor) CreateContext(epoch uint64) (*basic.IncomeS
 		Placement:   b.dep,
 		Exchange:    b.dep,
 		Accounts:    b.dep,
-	})
+	}), nil
 }

pkg/innerring/subnet.go

@@ -17,9 +17,9 @@ import (
 	subnetevents "github.com/nspcc-dev/neofs-node/pkg/morph/event/subnet"
 	"github.com/nspcc-dev/neofs-node/pkg/util"
 	"github.com/nspcc-dev/neofs-sdk-go/netmap"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/subnet"
 	subnetid "github.com/nspcc-dev/neofs-sdk-go/subnet/id"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/panjf2000/ants/v2"
 	"go.uber.org/zap"
 )
@@ -199,7 +199,7 @@ var errMissingSubnetOwner = errors.New("missing subnet owner")
 
 // ReadCreator unmarshals the subnet creator from a binary NeoFS API protocol's format.
 // Returns an error if the byte array is empty.
-func (x putSubnetEvent) ReadCreator(id *owner.ID) error {
+func (x putSubnetEvent) ReadCreator(id *user.ID) error {
 	data := x.ev.Owner()
 
 	if len(data) == 0 {
@@ -211,8 +211,7 @@ func (x putSubnetEvent) ReadCreator(id *owner.ID) error {
 		return err
 	}
 
-	// it would be better if we could do it not like this
-	*id = *owner.NewIDFromPublicKey((*ecdsa.PublicKey)(key))
+	user.IDFromKey(id, (ecdsa.PublicKey)(*key))
 
 	return nil
 }

pkg/local_object_storage/engine/engine_test.go

@@ -1,7 +1,6 @@
 package engine
 
 import (
-	"crypto/sha256"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -10,15 +9,14 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/blobstor"
 	meta "github.com/nspcc-dev/neofs-node/pkg/local_object_storage/metabase"
 	"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/shard"
-	"github.com/nspcc-dev/neofs-node/pkg/util/test"
 	"github.com/nspcc-dev/neofs-sdk-go/checksum"
+	checksumtest "github.com/nspcc-dev/neofs-sdk-go/checksum/test"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	objecttest "github.com/nspcc-dev/neofs-sdk-go/object/address/test"
 	oidtest "github.com/nspcc-dev/neofs-sdk-go/object/id/test"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
-	ownertest "github.com/nspcc-dev/neofs-sdk-go/owner/test"
+	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
 	"github.com/nspcc-dev/neofs-sdk-go/version"
 	"github.com/nspcc-dev/tzhash/tz"
 	"github.com/panjf2000/ants/v2"
@@ -141,15 +139,14 @@ func generateObjectWithCID(t testing.TB, cnr cid.ID) *object.Object {
 	ver.SetMajor(2)
 	ver.SetMinor(1)
 
-	var csum checksum.Checksum
-	csum.SetSHA256(sha256.Sum256(owner.PublicKeyToIDBytes(&test.DecodeKey(-1).PublicKey)))
+	csum := checksumtest.Checksum()
 
 	var csumTZ checksum.Checksum
 	csumTZ.SetTillichZemor(tz.Sum(csum.Value()))
 
 	obj := object.New()
 	obj.SetID(oidtest.ID())
-	obj.SetOwnerID(ownertest.ID())
+	obj.SetOwnerID(usertest.ID())
 	obj.SetContainerID(cnr)
 	obj.SetVersion(&ver)
 	obj.SetPayloadChecksum(csum)

pkg/local_object_storage/metabase/db_test.go

@@ -1,20 +1,18 @@
 package meta_test
 
 import (
-	"crypto/sha256"
 	"os"
 	"testing"
 
 	meta "github.com/nspcc-dev/neofs-node/pkg/local_object_storage/metabase"
-	"github.com/nspcc-dev/neofs-node/pkg/util/test"
 	"github.com/nspcc-dev/neofs-sdk-go/checksum"
+	checksumtest "github.com/nspcc-dev/neofs-sdk-go/checksum/test"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
 	oidtest "github.com/nspcc-dev/neofs-sdk-go/object/id/test"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
-	ownertest "github.com/nspcc-dev/neofs-sdk-go/owner/test"
+	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
 	"github.com/nspcc-dev/neofs-sdk-go/version"
 	"github.com/nspcc-dev/tzhash/tz"
 	"github.com/stretchr/testify/require"
@@ -61,15 +59,14 @@ func generateObjectWithCID(t testing.TB, cnr cid.ID) *object.Object {
 	ver.SetMajor(2)
 	ver.SetMinor(1)
 
-	var csum checksum.Checksum
-	csum.SetSHA256(sha256.Sum256(owner.PublicKeyToIDBytes(&test.DecodeKey(-1).PublicKey)))
+	csum := checksumtest.Checksum()
 
 	var csumTZ checksum.Checksum
 	csumTZ.SetTillichZemor(tz.Sum(csum.Value()))
 
 	obj := object.New()
 	obj.SetID(oidtest.ID())
-	obj.SetOwnerID(ownertest.ID())
+	obj.SetOwnerID(usertest.ID())
 	obj.SetContainerID(cnr)
 	obj.SetVersion(&ver)
 	obj.SetPayloadChecksum(csum)

pkg/local_object_storage/shard/shard_test.go

@@ -12,14 +12,12 @@ import (
 	meta "github.com/nspcc-dev/neofs-node/pkg/local_object_storage/metabase"
 	"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/shard"
 	"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/writecache"
-	"github.com/nspcc-dev/neofs-node/pkg/util/test"
 	"github.com/nspcc-dev/neofs-sdk-go/checksum"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	oidtest "github.com/nspcc-dev/neofs-sdk-go/object/id/test"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
-	ownertest "github.com/nspcc-dev/neofs-sdk-go/owner/test"
+	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
 	"github.com/nspcc-dev/neofs-sdk-go/version"
 	"github.com/nspcc-dev/tzhash/tz"
 	"github.com/stretchr/testify/require"
@@ -77,7 +75,8 @@ func generateObject(t *testing.T) *object.Object {
 }
 
 func generateObjectWithCID(t *testing.T, cnr cid.ID) *object.Object {
-	data := owner.PublicKeyToIDBytes(&test.DecodeKey(-1).PublicKey)
+	data := make([]byte, 32)
+	rand.Read(data)
 	return generateObjectWithPayload(cnr, data)
 }
 
@@ -94,7 +93,7 @@ func generateObjectWithPayload(cnr cid.ID, data []byte) *object.Object {
 
 	obj := object.New()
 	obj.SetID(oidtest.ID())
-	obj.SetOwnerID(ownertest.ID())
+	obj.SetOwnerID(usertest.ID())
 	obj.SetContainerID(cnr)
 	obj.SetVersion(&ver)
 	obj.SetPayload(data)

pkg/morph/client/balance/balanceOf.go

@@ -6,13 +6,13 @@ import (
 
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // BalanceOf receives the amount of funds in the client's account
 // through the Balance contract call, and returns it.
-func (c *Client) BalanceOf(id *owner.ID) (*big.Int, error) {
-	h, err := address.StringToUint160(id.String())
+func (c *Client) BalanceOf(id *user.ID) (*big.Int, error) {
+	h, err := address.StringToUint160(id.EncodeToString())
 	if err != nil {
 		return nil, err
 	}

pkg/morph/client/balance/transfer.go

@@ -5,14 +5,14 @@ import (
 
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // TransferPrm groups parameters of TransferX method.
 type TransferPrm struct {
 	Amount int64
 
-	From, To *owner.ID
+	From, To *user.ID
 
 	Details []byte
 
@@ -24,12 +24,12 @@ type TransferPrm struct {
 //
 // If TryNotary is provided, calls notary contract.
 func (c *Client) TransferX(p TransferPrm) error {
-	from, err := address.StringToUint160(p.From.String())
+	from, err := address.StringToUint160(p.From.EncodeToString())
 	if err != nil {
 		return err
 	}
 
-	to, err := address.StringToUint160(p.To.String())
+	to, err := address.StringToUint160(p.To.EncodeToString())
 	if err != nil {
 		return err
 	}

pkg/morph/client/container/list.go

@@ -5,23 +5,20 @@ import (
 
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // List returns a list of container identifiers belonging
-// to the specified owner of NeoFS system. The list is composed
+// to the specified user of NeoFS system. The list is composed
 // through Container contract call.
 //
 // Returns the identifiers of all NeoFS containers if pointer
-// to owner identifier is nil.
-func (c *Client) List(ownerID *owner.ID) ([]*cid.ID, error) {
+// to user identifier is nil.
+func (c *Client) List(idUser *user.ID) ([]*cid.ID, error) {
 	var rawID []byte
-	if ownerID == nil {
-		rawID = []byte{}
-	} else if v2 := ownerID.ToV2(); v2 == nil {
-		return nil, errUnsupported // use other major version if there any
-	} else {
-		rawID = v2.GetValue()
+
+	if idUser != nil {
+		rawID = idUser.WalletBytes()
 	}
 
 	prm := client.TestInvokePrm{}

pkg/morph/client/neofsid/keys.go

@@ -6,16 +6,16 @@ import (
 
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // AccountKeysPrm groups parameters of AccountKeys operation.
 type AccountKeysPrm struct {
-	id *owner.ID
+	id *user.ID
 }
 
 // SetID sets owner ID.
-func (a *AccountKeysPrm) SetID(id *owner.ID) {
+func (a *AccountKeysPrm) SetID(id *user.ID) {
 	a.id = id
 }
 
@@ -23,7 +23,7 @@ func (a *AccountKeysPrm) SetID(id *owner.ID) {
 func (x *Client) AccountKeys(p AccountKeysPrm) (keys.PublicKeys, error) {
 	prm := client.TestInvokePrm{}
 	prm.SetMethod(keyListingMethod)
-	prm.SetArgs(p.id.ToV2().GetValue())
+	prm.SetArgs(p.id.WalletBytes())
 
 	items, err := x.client.TestInvoke(prm)
 	if err != nil {

pkg/services/accounting/morph/executor.go

@@ -2,11 +2,13 @@ package accounting
 
 import (
 	"context"
+	"errors"
+	"fmt"
 
 	"github.com/nspcc-dev/neofs-api-go/v2/accounting"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client/balance"
 	accountingSvc "github.com/nspcc-dev/neofs-node/pkg/services/accounting"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 type morphExecutor struct {
@@ -20,7 +22,19 @@ func NewExecutor(client *balance.Client) accountingSvc.ServiceExecutor {
 }
 
 func (s *morphExecutor) Balance(ctx context.Context, body *accounting.BalanceRequestBody) (*accounting.BalanceResponseBody, error) {
-	amount, err := s.client.BalanceOf(owner.NewIDFromV2(body.GetOwnerID()))
+	idV2 := body.GetOwnerID()
+	if idV2 == nil {
+		return nil, errors.New("missing account")
+	}
+
+	var id user.ID
+
+	err := id.ReadFromV2(*idV2)
+	if err != nil {
+		return nil, fmt.Errorf("invalid account: %w", err)
+	}
+
+	amount, err := s.client.BalanceOf(&id)
 	if err != nil {
 		return nil, err
 	}

pkg/services/container/morph/executor.go

@@ -14,8 +14,8 @@ import (
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 type morphExecutor struct {
@@ -29,9 +29,9 @@ type Reader interface {
 	eacl.Source
 
 	// List returns a list of container identifiers belonging
-	// to the specified owner of NeoFS system. Returns the identifiers
+	// to the specified user of NeoFS system. Returns the identifiers
 	// of all NeoFS containers if pointer to owner identifier is nil.
-	List(*owner.ID) ([]*cid.ID, error)
+	List(*user.ID) ([]*cid.ID, error)
 }
 
 // Writer is an interface of container storage updater.
@@ -158,9 +158,19 @@ func (s *morphExecutor) Get(ctx context.Context, body *container.GetRequestBody)
 }
 
 func (s *morphExecutor) List(ctx context.Context, body *container.ListRequestBody) (*container.ListResponseBody, error) {
-	oid := owner.NewIDFromV2(body.GetOwnerID())
+	idV2 := body.GetOwnerID()
+	if idV2 == nil {
+		return nil, fmt.Errorf("missing user ID")
+	}
 
-	cnrs, err := s.rdr.List(oid)
+	var id user.ID
+
+	err := id.ReadFromV2(*idV2)
+	if err != nil {
+		return nil, fmt.Errorf("invalid user ID: %w", err)
+	}
+
+	cnrs, err := s.rdr.List(&id)
 	if err != nil {
 		return nil, err
 	}

pkg/services/container/morph/executor_test.go

@@ -14,11 +14,12 @@ import (
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
 	"github.com/nspcc-dev/neofs-sdk-go/eacl"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/stretchr/testify/require"
 )
 
-type mock struct{}
+type mock struct {
+	containerSvcMorph.Reader
+}
 
 func (m mock) Put(_ *containerSDK.Container) (*cid.ID, error) {
 	return new(cid.ID), nil
@@ -32,18 +33,6 @@ func (m mock) PutEACL(_ *eacl.Table) error {
 	return nil
 }
 
-func (m mock) Get(_ *cid.ID) (*containerSDK.Container, error) {
-	panic("implement me")
-}
-
-func (m mock) GetEACL(_ *cid.ID) (*eacl.Table, error) {
-	panic("implement me")
-}
-
-func (m mock) List(_ *owner.ID) ([]*cid.ID, error) {
-	panic("implement me")
-}
-
 func TestInvalidToken(t *testing.T) {
 	m := mock{}
 	e := containerSvcMorph.NewExecutor(m, m)

pkg/services/object/acl/acl.go

@@ -16,7 +16,7 @@ import (
 	bearerSDK "github.com/nspcc-dev/neofs-sdk-go/bearer"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // CheckerPrm groups parameters for Checker
@@ -112,7 +112,7 @@ func (c *Checker) CheckBasicACL(info v2.RequestInfo) bool {
 }
 
 // StickyBitCheck validates owner field in the request if sticky bit is enabled.
-func (c *Checker) StickyBitCheck(info v2.RequestInfo, owner *owner.ID) bool {
+func (c *Checker) StickyBitCheck(info v2.RequestInfo, owner *user.ID) bool {
 	// According to NeoFS specification sticky bit has no effect on system nodes
 	// for correct intra-container work with objects (in particular, replication).
 	if info.RequestRole() == eaclSDK.RoleSystem {
@@ -211,6 +211,11 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
 // entity. This method might be defined on whole ACL service because it will
 // require fetching current epoch to check lifetime.
 func isValidBearer(reqInfo v2.RequestInfo, st netmap.State) error {
+	ownerCnr := reqInfo.ContainerOwner()
+	if ownerCnr == nil {
+		return errors.New("missing container owner")
+	}
+
 	token := reqInfo.Bearer()
 
 	// 0. Check if bearer token is present in reqInfo.
@@ -234,7 +239,7 @@ func isValidBearer(reqInfo v2.RequestInfo, st netmap.State) error {
 		panic("unexpected false return from Issuer method on signed bearer token")
 	}
 
-	if !issuer.Equal(reqInfo.ContainerOwner()) {
+	if !issuer.Equals(*ownerCnr) {
 		// TODO: #767 in this case we can issue all owner keys from neofs.id and check once again
 		return errBearerNotSignedByOwner
 	}
@@ -260,12 +265,15 @@ func isValidLifetime(t *bearerSDK.Token, epoch uint64) bool {
 	return epoch >= t.NotBefore() && epoch <= t.Expiration()
 }
 
-func isOwnerFromKey(id *owner.ID, key *keys.PublicKey) bool {
+func isOwnerFromKey(id *user.ID, key *keys.PublicKey) bool {
 	if id == nil || key == nil {
 		return false
 	}
 
-	return id.Equal(owner.NewIDFromPublicKey((*ecdsa.PublicKey)(key)))
+	var id2 user.ID
+	user.IDFromKey(&id2, (ecdsa.PublicKey)(*key))
+
+	return id.Equals(id2)
 }
 
 func unmarshalPublicKey(bs []byte) *keys.PublicKey {

pkg/services/object/acl/acl_test.go

@@ -7,8 +7,8 @@ import (
 	v2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/v2"
 	cidSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
-	ownertest "github.com/nspcc-dev/neofs-sdk-go/owner/test"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
+	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
 	"github.com/stretchr/testify/require"
 )
 
@@ -40,11 +40,11 @@ func TestStickyCheck(t *testing.T) {
 
 		setSticky(&info, true)
 
-		require.True(t, checker.StickyBitCheck(info, ownertest.ID()))
+		require.True(t, checker.StickyBitCheck(info, usertest.ID()))
 
 		setSticky(&info, false)
 
-		require.True(t, checker.StickyBitCheck(info, ownertest.ID()))
+		require.True(t, checker.StickyBitCheck(info, usertest.ID()))
 	})
 
 	t.Run("owner ID and/or public key emptiness", func(t *testing.T) {
@@ -65,10 +65,10 @@ func TestStickyCheck(t *testing.T) {
 				info.SetSenderKey(nil)
 			}
 
-			var ownerID *owner.ID
+			var ownerID *user.ID
 
 			if withOwner {
-				ownerID = ownertest.ID()
+				ownerID = usertest.ID()
 			}
 
 			require.Equal(t, expected, checker.StickyBitCheck(info, ownerID))

pkg/services/object/acl/eacl/v2/headers.go

@@ -13,7 +13,7 @@ import (
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	objectSDKAddress "github.com/nspcc-dev/neofs-sdk-go/object/address"
 	objectSDKID "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 type Option func(*cfg)
@@ -216,7 +216,7 @@ func oidHeader(oid objectSDKID.ID) sysObjHdr {
 	}
 }
 
-func ownerIDHeader(ownerID *owner.ID) sysObjHdr {
+func ownerIDHeader(ownerID user.ID) sysObjHdr {
 	return sysObjHdr{
 		k: acl.FilterObjectOwnerID,
 		v: ownerID.String(),

pkg/services/object/acl/eacl/v2/object.go

@@ -38,8 +38,6 @@ func headersFromObject(obj *object.Object, addr *objectSDKAddress.Address) []eac
 
 		res = append(res,
 			cidHeader(cnr),
-			// owner ID
-			ownerIDHeader(obj.OwnerID()),
 			// creation epoch
 			sysObjHdr{
 				k: acl.FilterObjectCreationEpoch,
@@ -63,6 +61,10 @@ func headersFromObject(obj *object.Object, addr *objectSDKAddress.Address) []eac
 			},
 		)
 
+		if idOwner := obj.OwnerID(); idOwner != nil {
+			res = append(res, ownerIDHeader(*idOwner))
+		}
+
 		cs, ok := obj.PayloadChecksum()
 		if ok {
 			res = append(res, sysObjHdr{

pkg/services/object/acl/v2/classifier.go

@@ -35,6 +35,11 @@ func (c senderClassifier) classify(
 		return nil, errContainerIDNotSet
 	}
 
+	ownerCnr := cnr.OwnerID()
+	if ownerCnr == nil {
+		return nil, errors.New("missing container owner")
+	}
+
 	ownerID, ownerKey, err := req.RequestOwner()
 	if err != nil {
 		return nil, err
@@ -45,7 +50,7 @@ func (c senderClassifier) classify(
 	// TODO: #767 get owner from neofs.id if present
 
 	// if request owner is the same as container owner, return RoleUser
-	if ownerID.Equal(cnr.OwnerID()) {
+	if ownerID.Equals(*ownerCnr) {
 		return &classifyResult{
 			role: eaclSDK.RoleUser,
 			isIR: false,

pkg/services/object/acl/v2/request.go

@@ -10,8 +10,8 @@ import (
 	containerIDSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // RequestInfo groups parsed version-independent (from SDK library)
@@ -21,7 +21,7 @@ type RequestInfo struct {
 	requestRole eaclSDK.Role
 	isInnerRing bool
 	operation   eaclSDK.Operation // put, get, head, etc.
-	cnrOwner    *owner.ID         // container owner
+	cnrOwner    *user.ID          // container owner
 
 	idCnr *containerIDSDK.ID
 
@@ -52,7 +52,7 @@ func (r RequestInfo) Request() interface{} {
 }
 
 // ContainerOwner returns owner if the container.
-func (r RequestInfo) ContainerOwner() *owner.ID {
+func (r RequestInfo) ContainerOwner() *user.ID {
 	return r.cnrOwner
 }
 
@@ -112,7 +112,7 @@ type MetaWithToken struct {
 
 // RequestOwner returns ownerID and its public key
 // according to internal meta information.
-func (r MetaWithToken) RequestOwner() (*owner.ID, *keys.PublicKey, error) {
+func (r MetaWithToken) RequestOwner() (*user.ID, *keys.PublicKey, error) {
 	if r.vheader == nil {
 		return nil, nil, fmt.Errorf("%w: nil verification header", ErrMalformedRequest)
 	}
@@ -129,7 +129,13 @@ func (r MetaWithToken) RequestOwner() (*owner.ID, *keys.PublicKey, error) {
 		return nil, nil, fmt.Errorf("%w: nil at body signature", ErrMalformedRequest)
 	}
 
-	key := unmarshalPublicKey(bodySignature.GetKey())
+	key, err := unmarshalPublicKey(bodySignature.GetKey())
+	if err != nil {
+		return nil, nil, fmt.Errorf("invalid key in body signature: %w", err)
+	}
 
-	return owner.NewIDFromPublicKey((*ecdsa.PublicKey)(key)), key, nil
+	var idSender user.ID
+	user.IDFromKey(&idSender, (ecdsa.PublicKey)(*key))
+
+	return &idSender, key, nil
 }

pkg/services/object/acl/v2/service.go

@@ -12,6 +12,7 @@ import (
 	cidSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.uber.org/zap"
 )
 
@@ -366,9 +367,16 @@ func (p putStreamBasicChecker) Send(request *objectV2.PutRequest) error {
 			return err
 		}
 
-		ownerID, err := getObjectOwnerFromMessage(request)
+		idV2 := part.GetHeader().GetOwnerID()
+		if idV2 == nil {
+			return errors.New("missing object owner")
+		}
+
+		var idOwner user.ID
+
+		err = idOwner.ReadFromV2(*idV2)
 		if err != nil {
-			return err
+			return fmt.Errorf("invalid object owner: %w", err)
 		}
 
 		sTok := sessionSDK.NewTokenFromV2(request.GetMetaHeader().GetSessionToken())
@@ -392,7 +400,7 @@ func (p putStreamBasicChecker) Send(request *objectV2.PutRequest) error {
 
 		useObjectIDFromSession(&reqInfo, sTok)
 
-		if !p.source.checker.CheckBasicACL(reqInfo) || !p.source.checker.StickyBitCheck(reqInfo, ownerID) {
+		if !p.source.checker.CheckBasicACL(reqInfo) || !p.source.checker.StickyBitCheck(reqInfo, &idOwner) {
 			return basicACLErr(reqInfo)
 		} else if err := p.source.checker.CheckEACL(request, reqInfo); err != nil {
 			return eACLErr(reqInfo, err)

pkg/services/object/acl/v2/types.go

@@ -1,7 +1,7 @@
 package v2
 
 import (
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // ACLChecker is an interface that must provide
@@ -16,7 +16,7 @@ type ACLChecker interface {
 	// StickyBitCheck must return true only if sticky bit
 	// is disabled or enabled but request contains correct
 	// owner field.
-	StickyBitCheck(RequestInfo, *owner.ID) bool
+	StickyBitCheck(RequestInfo, *user.ID) bool
 }
 
 // InnerRingFetcher is an interface that must provide

pkg/services/object/acl/v2/util.go

@@ -14,8 +14,8 @@ import (
 	containerIDSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 var errMissingContainerID = errors.New("missing container ID")
@@ -113,27 +113,6 @@ func getObjectIDFromRequestBody(body interface{}) (*oidSDK.ID, error) {
 	return &id, nil
 }
 
-func getObjectOwnerFromMessage(req interface{}) (id *owner.ID, err error) {
-	switch v := req.(type) {
-	case *objectV2.PutRequest:
-		objPart := v.GetBody().GetObjectPart()
-		if part, ok := objPart.(*objectV2.PutObjectPartInit); ok {
-			return owner.NewIDFromV2(part.GetHeader().GetOwnerID()), nil
-		}
-
-		return nil, errors.New("can't get container ID in chunk")
-	case *objectV2.GetResponse:
-		objPart := v.GetBody().GetObjectPart()
-		if part, ok := objPart.(*objectV2.GetObjectPartInit); ok {
-			return owner.NewIDFromV2(part.GetHeader().GetOwnerID()), nil
-		}
-
-		return nil, errors.New("can't get container ID in chunk")
-	default:
-		return nil, errors.New("unsupported request type")
-	}
-}
-
 // sourceVerbOfRequest looks for verb in session token and if it is not found,
 // returns reqVerb. Second return value is true if operation is unknown.
 func sourceVerbOfRequest(tok *sessionSDK.Token, reqVerb eaclSDK.Operation) (eaclSDK.Operation, bool) {
@@ -185,7 +164,7 @@ func tokenVerbToOperation(ctx *sessionSDK.ObjectContext) eaclSDK.Operation {
 	}
 }
 
-func ownerFromToken(token *sessionSDK.Token) (*owner.ID, *keys.PublicKey, error) {
+func ownerFromToken(token *sessionSDK.Token) (*user.ID, *keys.PublicKey, error) {
 	// 1. First check signature of session token.
 	if !token.VerifySignature() {
 		return nil, nil, fmt.Errorf("%w: invalid session token signature", ErrMalformedRequest)
@@ -195,7 +174,11 @@ func ownerFromToken(token *sessionSDK.Token) (*owner.ID, *keys.PublicKey, error)
 	// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
 	tokV2 := token.ToV2()
 
-	tokenIssuerKey := unmarshalPublicKey(tokV2.GetSignature().GetKey())
+	tokenIssuerKey, err := unmarshalPublicKey(tokV2.GetSignature().GetKey())
+	if err != nil {
+		return nil, nil, fmt.Errorf("invalid key in session token signature: %w", err)
+	}
+
 	tokenOwner := token.OwnerID()
 
 	if !isOwnerFromKey(tokenOwner, tokenIssuerKey) {
@@ -218,20 +201,19 @@ func originalBodySignature(v *sessionV2.RequestVerificationHeader) *refsV2.Signa
 	return v.GetBodySignature()
 }
 
-func unmarshalPublicKey(bs []byte) *keys.PublicKey {
-	pub, err := keys.NewPublicKeyFromBytes(bs, elliptic.P256())
-	if err != nil {
-		return nil
-	}
-	return pub
+func unmarshalPublicKey(bs []byte) (*keys.PublicKey, error) {
+	return keys.NewPublicKeyFromBytes(bs, elliptic.P256())
 }
 
-func isOwnerFromKey(id *owner.ID, key *keys.PublicKey) bool {
+func isOwnerFromKey(id *user.ID, key *keys.PublicKey) bool {
 	if id == nil || key == nil {
 		return false
 	}
 
-	return id.Equal(owner.NewIDFromPublicKey((*ecdsa.PublicKey)(key)))
+	var id2 user.ID
+	user.IDFromKey(&id2, (ecdsa.PublicKey)(*key))
+
+	return id2.Equals(*id)
 }
 
 // isVerbCompatible checks that tokenVerb operation can create auxiliary op operation.

pkg/services/object/delete/service.go

@@ -8,7 +8,7 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/util/logger"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.uber.org/zap"
 )
 
@@ -30,7 +30,7 @@ type NetworkInfo interface {
 
 	// Returns user ID of the local storage node. Result must not be nil.
 	// New tombstone objects will have the result as an owner ID if removal is executed w/o a session.
-	LocalNodeID() *owner.ID
+	LocalNodeID() *user.ID
 }
 
 type cfg struct {

pkg/services/object/put/streamer.go

@@ -11,7 +11,7 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/services/object_manager/placement"
 	"github.com/nspcc-dev/neofs-node/pkg/services/object_manager/transformer"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 type Streamer struct {
@@ -91,9 +91,20 @@ func (p *Streamer) initTarget(prm *PutInitPrm) error {
 
 	// In case session token is missing, the line above returns the default key.
 	// If it isn't owner key, replication attempts will fail, thus this check.
-	if sToken == nil && !prm.hdr.OwnerID().Equal(owner.NewIDFromPublicKey(&sessionKey.PublicKey)) {
-		return fmt.Errorf("(%T) session token is missing but object owner id is different from the default key", p)
+	if sToken == nil {
+		ownerObj := prm.hdr.OwnerID()
+		if ownerObj == nil {
+			return errors.New("missing object owner")
+		}
+
+		var ownerSession user.ID
+		user.IDFromKey(&ownerSession, sessionKey.PublicKey)
+
+		if !ownerObj.Equals(ownerSession) {
+			return fmt.Errorf("(%T) session token is missing but object owner id is different from the default key", p)
+		}
 	}
+
 	p.target = &validatingTarget{
 		fmt:              p.fmtValidator,
 		unpreparedObject: true,

pkg/services/object/util/key.go

@@ -6,8 +6,8 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
 	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // SessionSource is an interface tha provides
@@ -19,7 +19,7 @@ type SessionSource interface {
 	// token has not been created, has been expired
 	// of it is impossible to get information about the
 	// token Get must return nil.
-	Get(owner *owner.ID, tokenID []byte) *storage.PrivateToken
+	Get(owner *user.ID, tokenID []byte) *storage.PrivateToken
 }
 
 // KeyStorage represents private key storage of the local node.

pkg/services/object/util/key_test.go

@@ -7,10 +7,12 @@ import (
 
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session"
 	"github.com/nspcc-dev/neofs-node/pkg/services/object/util"
 	tokenStorage "github.com/nspcc-dev/neofs-node/pkg/services/session/storage/temporary"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
+	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
 	"github.com/stretchr/testify/require"
 )
 
@@ -62,13 +64,19 @@ func generateToken(t *testing.T) *session.Token {
 	tok := session.NewToken()
 	tok.SetSessionKey(pubKey)
 	tok.SetID(id)
+	tok.SetOwnerID(usertest.ID())
 
 	return tok
 }
 
 func createToken(t *testing.T, store *tokenStorage.TokenStore, exp uint64) *session.Token {
+	owner := usertest.ID()
+
+	var ownerV2 refs.OwnerID
+	owner.WriteToV2(&ownerV2)
+
 	req := new(sessionV2.CreateRequestBody)
-	req.SetOwnerID(nil)
+	req.SetOwnerID(&ownerV2)
 	req.SetExpiration(exp)
 
 	resp, err := store.Create(context.Background(), req)
@@ -77,6 +85,7 @@ func createToken(t *testing.T, store *tokenStorage.TokenStore, exp uint64) *sess
 	tok := session.NewToken()
 	tok.SetSessionKey(resp.GetSessionKey())
 	tok.SetID(resp.GetID())
+	tok.SetOwnerID(owner)
 
 	return tok
 }

pkg/services/session/storage/persistent/executor.go

@@ -2,13 +2,13 @@ package persistent
 
 import (
 	"context"
-	"encoding/hex"
+	"errors"
 	"fmt"
 
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.etcd.io/bbolt"
 )
 
@@ -18,9 +18,16 @@ import (
 // Returns response that is filled with just created token's
 // ID and public key for it.
 func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody) (*session.CreateResponseBody, error) {
-	ownerBytes, err := owner.NewIDFromV2(body.GetOwnerID()).Marshal()
+	idV2 := body.GetOwnerID()
+	if idV2 == nil {
+		return nil, errors.New("missing owner")
+	}
+
+	var id user.ID
+
+	err := id.ReadFromV2(*idV2)
 	if err != nil {
-		panic(err)
+		return nil, fmt.Errorf("invalid owner: %w", err)
 	}
 
 	uidBytes, err := storage.NewTokenID()
@@ -41,21 +48,15 @@ func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody
 	err = s.db.Update(func(tx *bbolt.Tx) error {
 		rootBucket := tx.Bucket(sessionsBucket)
 
-		ownerBucket, err := rootBucket.CreateBucketIfNotExists(ownerBytes)
+		ownerBucket, err := rootBucket.CreateBucketIfNotExists(id.WalletBytes())
 		if err != nil {
 			return fmt.Errorf(
-				"could not get/create %s owner bucket: %w",
-				hex.EncodeToString(ownerBytes),
-				err,
-			)
+				"could not get/create %s owner bucket: %w", id, err)
 		}
 
 		err = ownerBucket.Put(uidBytes, value)
 		if err != nil {
-			return fmt.Errorf("could not put session token for %s oid: %w",
-				hex.EncodeToString(ownerBytes),
-				err,
-			)
+			return fmt.Errorf("could not put session token for %s oid: %w", id, err)
 		}
 
 		return nil

pkg/services/session/storage/persistent/executor_test.go

@@ -11,7 +11,7 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
-	ownerSDK "github.com/nspcc-dev/neofs-sdk-go/owner"
+	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
 	"github.com/stretchr/testify/require"
 	"go.etcd.io/bbolt"
 )
@@ -22,11 +22,13 @@ func TestTokenStore(t *testing.T) {
 
 	defer ts.Close()
 
-	owner := new(refs.OwnerID)
-	owner.SetValue([]byte{0, 1, 2, 3, 4, 5})
+	owner := usertest.ID()
+
+	var ownerV2 refs.OwnerID
+	owner.WriteToV2(&ownerV2)
 
 	req := new(session.CreateRequestBody)
-	req.SetOwnerID(owner)
+	req.SetOwnerID(&ownerV2)
 
 	const tokenNumber = 5
 
@@ -50,7 +52,7 @@ func TestTokenStore(t *testing.T) {
 	}
 
 	for i, token := range tokens {
-		savedToken := ts.Get(ownerSDK.NewIDFromV2(owner), token.id)
+		savedToken := ts.Get(owner, token.id)
 
 		require.Equal(t, uint64(i), savedToken.ExpiredAt())
 
@@ -64,13 +66,15 @@ func TestTokenStore_Persistent(t *testing.T) {
 	ts, err := NewTokenStore(path)
 	require.NoError(t, err)
 
-	owner := new(refs.OwnerID)
-	owner.SetValue([]byte{0, 1, 2, 3, 4, 5})
+	idOwner := usertest.ID()
+
+	var idOwnerV2 refs.OwnerID
+	idOwner.WriteToV2(&idOwnerV2)
 
 	const exp = 12345
 
 	req := new(session.CreateRequestBody)
-	req.SetOwnerID(owner)
+	req.SetOwnerID(&idOwnerV2)
 	req.SetExpiration(exp)
 
 	res, err := ts.Create(context.Background(), req)
@@ -88,7 +92,7 @@ func TestTokenStore_Persistent(t *testing.T) {
 
 	defer ts.Close()
 
-	savedToken := ts.Get(ownerSDK.NewIDFromV2(owner), id)
+	savedToken := ts.Get(idOwner, id)
 
 	equalKeys(t, pubKey, savedToken.SessionKey())
 }
@@ -123,11 +127,13 @@ func TestTokenStore_RemoveOld(t *testing.T) {
 
 	defer ts.Close()
 
-	owner := new(refs.OwnerID)
-	owner.SetValue([]byte{0, 1, 2, 3, 4, 5})
+	owner := usertest.ID()
+
+	var ownerV2 refs.OwnerID
+	owner.WriteToV2(&ownerV2)
 
 	req := new(session.CreateRequestBody)
-	req.SetOwnerID(owner)
+	req.SetOwnerID(&ownerV2)
 
 	for _, test := range tests {
 		req.SetExpiration(test.epoch)
@@ -144,7 +150,7 @@ func TestTokenStore_RemoveOld(t *testing.T) {
 	ts.RemoveOld(currEpoch)
 
 	for _, test := range tests {
-		token := ts.Get(ownerSDK.NewIDFromV2(owner), test.id)
+		token := ts.Get(owner, test.id)
 
 		if test.epoch <= currEpoch {
 			require.Nil(t, token)

pkg/services/session/storage/persistent/storage.go

@@ -7,7 +7,7 @@ import (
 	"fmt"
 
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
-	ownerSDK "github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.etcd.io/bbolt"
 	"go.uber.org/zap"
 )
@@ -83,16 +83,11 @@ func NewTokenStore(path string, opts ...Option) (*TokenStore, error) {
 // Get returns private token corresponding to the given identifiers.
 //
 // Returns nil is there is no element in storage.
-func (s *TokenStore) Get(ownerID *ownerSDK.ID, tokenID []byte) (t *storage.PrivateToken) {
-	ownerBytes, err := ownerID.Marshal()
-	if err != nil {
-		panic(err)
-	}
-
-	err = s.db.View(func(tx *bbolt.Tx) error {
+func (s *TokenStore) Get(ownerID *user.ID, tokenID []byte) (t *storage.PrivateToken) {
+	err := s.db.View(func(tx *bbolt.Tx) error {
 		rootBucket := tx.Bucket(sessionsBucket)
 
-		ownerBucket := rootBucket.Bucket(ownerBytes)
+		ownerBucket := rootBucket.Bucket(ownerID.WalletBytes())
 		if ownerBucket == nil {
 			return nil
 		}
@@ -102,6 +97,8 @@ func (s *TokenStore) Get(ownerID *ownerSDK.ID, tokenID []byte) (t *storage.Priva
 			return nil
 		}
 
+		var err error
+
 		t, err = s.unpackToken(rawToken)
 		if err != nil {
 			return err

pkg/services/session/storage/temporary/executor.go

@@ -2,19 +2,27 @@ package temporary
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	"github.com/mr-tron/base58"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody) (*session.CreateResponseBody, error) {
-	ownerBytes, err := owner.NewIDFromV2(body.GetOwnerID()).Marshal()
+	idV2 := body.GetOwnerID()
+	if idV2 == nil {
+		return nil, errors.New("missing owner")
+	}
+
+	var id user.ID
+
+	err := id.ReadFromV2(*idV2)
 	if err != nil {
-		panic(err)
+		return nil, fmt.Errorf("invalid owner: %w", err)
 	}
 
 	uidBytes, err := storage.NewTokenID()
@@ -30,7 +38,7 @@ func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody
 	s.mtx.Lock()
 	s.tokens[key{
 		tokenID: base58.Encode(uidBytes),
-		ownerID: base58.Encode(ownerBytes),
+		ownerID: base58.Encode(id.WalletBytes()),
 	}] = storage.NewPrivateToken(&sk.PrivateKey, body.GetExpiration())
 	s.mtx.Unlock()
 

pkg/services/session/storage/temporary/storage.go

@@ -5,7 +5,7 @@ import (
 
 	"github.com/mr-tron/base58"
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 type key struct {
@@ -36,16 +36,11 @@ func NewTokenStore() *TokenStore {
 // Get returns private token corresponding to the given identifiers.
 //
 // Returns nil is there is no element in storage.
-func (s *TokenStore) Get(ownerID *owner.ID, tokenID []byte) *storage.PrivateToken {
-	ownerBytes, err := ownerID.Marshal()
-	if err != nil {
-		panic(err)
-	}
-
+func (s *TokenStore) Get(ownerID *user.ID, tokenID []byte) *storage.PrivateToken {
 	s.mtx.RLock()
 	t := s.tokens[key{
 		tokenID: base58.Encode(tokenID),
-		ownerID: base58.Encode(ownerBytes),
+		ownerID: base58.Encode(ownerID.WalletBytes()),
 	}]
 	s.mtx.RUnlock()