Update to neofs-api v0.7.4

2020-05-08 10:49:23 +03:00 · 2020-05-08 10:49:23 +03:00 · d8cc00b54c
commit d8cc00b54c
parent 2abcfb7219
8 changed files with 448 additions and 532 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-PROTO_VERSION=v0.7.3
+PROTO_VERSION=v0.7.4
 PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz
 B=\033[0;1m
--- a/docs/service.md
+++ b/docs/service.md
@ -17,6 +17,7 @@
    - [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
    - [Token](#service.Token)
    - [Token.Info](#service.Token.Info)
    - [TokenLifetime](#service.TokenLifetime)
 - [service/verify_test.proto](#service/verify_test.proto)
@ -129,10 +130,21 @@ User token granting rights for object manipulation
 | OwnerID | [bytes](#bytes) |  | OwnerID is an owner of manipulation object |
 | verb | [Token.Info.Verb](#service.Token.Info.Verb) |  | Verb is a type of request for which the token is issued |
 | Address | [refs.Address](#refs.Address) |  | Address is an object address for which token is issued |
-| Created | [uint64](#uint64) |  | Created is an initial epoch of token lifetime |
+| Lifetime | [TokenLifetime](#service.TokenLifetime) |  | Lifetime is a lifetime of the session |
 | ValidUntil | [uint64](#uint64) |  | ValidUntil is a last epoch of token lifetime |
 | SessionKey | [bytes](#bytes) |  | SessionKey is a public key of session key |
 <a name="service.TokenLifetime"></a>
 ### Message TokenLifetime
 TokenLifetime carries a group of lifetime parameters of the token
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Created | [uint64](#uint64) |  | Created carries an initial epoch of token lifetime |
 | ValidUntil | [uint64](#uint64) |  | ValidUntil carries a last epoch of token lifetime |
 <!-- end messages -->
--- a/docs/session.md
+++ b/docs/session.md
@ -30,22 +30,13 @@
 ```
-rpc Create(stream CreateRequest) returns (stream CreateResponse);
+rpc Create(CreateRequest) returns (CreateResponse);
 ```
 #### Method Create
-Create is a method that used to open a trusted session to manipulate
+Create opens new session between the client and the server
 an object. In order to put or delete object client have to obtain session
 token with trusted node. Trusted node will modify client's object
 (add missing headers, checksums, homomorphic hash) and sign id with
 session key. Session is established during 4-step handshake in one gRPC stream
 - First client stream message SHOULD BE type of `CreateRequest_Init`.
 - First server stream message SHOULD BE type of `CreateResponse_Unsigned`.
 - Second client stream message SHOULD BE type of `CreateRequest_Signed`.
 - Second server stream message SHOULD BE type of `CreateResponse_Result`.
 | Name | Input | Output |
 | ---- | ----- | ------ |
@ -56,13 +47,13 @@ session key. Session is established during 4-step handshake in one gRPC stream
 <a name="session.CreateRequest"></a>
 ### Message CreateRequest
-
+CreateRequest carries an information necessary for opening a session
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| Init | [service.Token](#service.Token) |  | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
+| OwnerID | [bytes](#bytes) |  | OwnerID carries an identifier of a session initiator |
-| Signed | [service.Token](#service.Token) |  | Signed Init message response (Unsigned) from server with user private key |
+| Lifetime | [service.TokenLifetime](#service.TokenLifetime) |  | Lifetime carries a lifetime of the session |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@ -70,13 +61,13 @@ session key. Session is established during 4-step handshake in one gRPC stream
 <a name="session.CreateResponse"></a>
 ### Message CreateResponse
-
+CreateResponse carries an information about the opened session
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| Unsigned | [service.Token](#service.Token) |  | Unsigned token with token ID and session public key generated on server side |
+| ID | [bytes](#bytes) |  | ID carries an identifier of session token |
-| Result | [service.Token](#service.Token) |  | Result is a resulting token which can be used for object placing through an trusted intermediary |
+| SessionKey | [bytes](#bytes) |  | SessionKey carries a session public key |
 <!-- end messages -->
--- a/service/verify.pb.go
+++ b/service/verify.pb.go
@ -236,12 +236,10 @@ type Token_Info struct {
 	Verb Token_Info_Verb `protobuf:"varint,3,opt,name=verb,proto3,enum=service.Token_Info_Verb" json:"verb,omitempty"`
 	// Address is an object address for which token is issued
 	Address Address `protobuf:"bytes,4,opt,name=Address,proto3,customtype=Address" json:"Address"`
-	// Created is an initial epoch of token lifetime
+	// Lifetime is a lifetime of the session
-	Created uint64 `protobuf:"varint,5,opt,name=Created,proto3" json:"Created,omitempty"`
+	TokenLifetime `protobuf:"bytes,5,opt,name=Lifetime,proto3,embedded=Lifetime" json:"Lifetime"`
 	// ValidUntil is a last epoch of token lifetime
 	ValidUntil uint64 `protobuf:"varint,6,opt,name=ValidUntil,proto3" json:"ValidUntil,omitempty"`
 	// SessionKey is a public key of session key
-	SessionKey           []byte   `protobuf:"bytes,7,opt,name=SessionKey,proto3" json:"SessionKey,omitempty"`
+	SessionKey           []byte   `protobuf:"bytes,6,opt,name=SessionKey,proto3" json:"SessionKey,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@ -283,73 +281,116 @@ func (m *Token_Info) GetVerb() Token_Info_Verb {
 	return Token_Info_Put
 }
-func (m *Token_Info) GetCreated() uint64 {
+func (m *Token_Info) GetSessionKey() []byte {
 	if m != nil {
 		return m.SessionKey
 	}
 	return nil
 }
 // TokenLifetime carries a group of lifetime parameters of the token
 type TokenLifetime struct {
 	// Created carries an initial epoch of token lifetime
 	Created uint64 `protobuf:"varint,1,opt,name=Created,proto3" json:"Created,omitempty"`
 	// ValidUntil carries a last epoch of token lifetime
 	ValidUntil           uint64   `protobuf:"varint,2,opt,name=ValidUntil,proto3" json:"ValidUntil,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
 }
 func (m *TokenLifetime) Reset()         { *m = TokenLifetime{} }
 func (m *TokenLifetime) String() string { return proto.CompactTextString(m) }
 func (*TokenLifetime) ProtoMessage()    {}
 func (*TokenLifetime) Descriptor() ([]byte, []int) {
 	return fileDescriptor_4bdd5bc50ec96238, []int{2}
 }
 func (m *TokenLifetime) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
 }
 func (m *TokenLifetime) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	b = b[:cap(b)]
 	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
 	return b[:n], nil
 }
 func (m *TokenLifetime) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_TokenLifetime.Merge(m, src)
 }
 func (m *TokenLifetime) XXX_Size() int {
 	return m.Size()
 }
 func (m *TokenLifetime) XXX_DiscardUnknown() {
 	xxx_messageInfo_TokenLifetime.DiscardUnknown(m)
 }
 var xxx_messageInfo_TokenLifetime proto.InternalMessageInfo
 func (m *TokenLifetime) GetCreated() uint64 {
 	if m != nil {
 		return m.Created
 	}
 	return 0
 }
-func (m *Token_Info) GetValidUntil() uint64 {
+func (m *TokenLifetime) GetValidUntil() uint64 {
 	if m != nil {
 		return m.ValidUntil
 	}
 	return 0
 }
 func (m *Token_Info) GetSessionKey() []byte {
 	if m != nil {
 		return m.SessionKey
 	}
 	return nil
 }
 func init() {
 	proto.RegisterEnum("service.Token_Info_Verb", Token_Info_Verb_name, Token_Info_Verb_value)
 	proto.RegisterType((*RequestVerificationHeader)(nil), "service.RequestVerificationHeader")
 	proto.RegisterType((*RequestVerificationHeader_Signature)(nil), "service.RequestVerificationHeader.Signature")
 	proto.RegisterType((*Token)(nil), "service.Token")
 	proto.RegisterType((*Token_Info)(nil), "service.Token.Info")
 	proto.RegisterType((*TokenLifetime)(nil), "service.TokenLifetime")
 }
 func init() { proto.RegisterFile("service/verify.proto", fileDescriptor_4bdd5bc50ec96238) }
 var fileDescriptor_4bdd5bc50ec96238 = []byte{
-	// 541 bytes of a gzipped FileDescriptorProto
+	// 567 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x92, 0x4d, 0x8e, 0xd3, 0x4c,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x53, 0x4d, 0x6f, 0xd3, 0x40,
-	0x10, 0x86, 0xa7, 0x1d, 0x27, 0x4e, 0x6a, 0x7e, 0x3e, 0x7f, 0x0d, 0x0b, 0x13, 0x21, 0x27, 0x8a,
+	0x10, 0xed, 0x26, 0xce, 0xd7, 0xf4, 0x03, 0xb3, 0x20, 0x64, 0x22, 0x94, 0x44, 0x11, 0x87, 0x54,
-	0x58, 0x64, 0x24, 0x62, 0x4b, 0x19, 0x09, 0x21, 0xb1, 0x9a, 0x10, 0xc1, 0x44, 0x20, 0x88, 0xda,
+	0x22, 0x8e, 0x94, 0x4a, 0x08, 0x09, 0x2e, 0x0d, 0x11, 0x34, 0xa2, 0x82, 0x6a, 0x53, 0x7a, 0xe0,
-	0x43, 0x16, 0xec, 0x1c, 0xbb, 0xe2, 0x58, 0x04, 0x77, 0xe8, 0x76, 0x82, 0x72, 0x13, 0xce, 0xc0,
+	0xe6, 0xd8, 0x63, 0x77, 0x45, 0xeb, 0x0d, 0xbb, 0x9b, 0xa0, 0xfe, 0x13, 0x7e, 0x03, 0xbf, 0x83,
-	0x39, 0x58, 0xcc, 0x72, 0x96, 0xc0, 0x22, 0x42, 0xe1, 0x0a, 0x1c, 0x00, 0xb9, 0xed, 0xfc, 0x20,
+	0x43, 0x8f, 0x3d, 0x22, 0x24, 0x22, 0x14, 0xfe, 0x04, 0x47, 0xe4, 0xb5, 0x93, 0xb8, 0x12, 0xdc,
-	0xc1, 0xee, 0xad, 0xa7, 0xaa, 0xde, 0xaa, 0x6e, 0x15, 0xdc, 0x95, 0x28, 0x96, 0x71, 0x80, 0xee,
+	0xde, 0xbc, 0x99, 0x37, 0xef, 0x65, 0xe2, 0x85, 0xfb, 0x0a, 0xe5, 0x9c, 0xfb, 0xd8, 0x9b, 0xa3,
-	0x12, 0x45, 0x3c, 0x59, 0x39, 0x73, 0xc1, 0x53, 0x4e, 0x8d, 0x82, 0xd6, 0x4d, 0x81, 0x13, 0xe9,
+	0xe4, 0xe1, 0x95, 0x3b, 0x95, 0x42, 0x0b, 0x5a, 0xc9, 0xd8, 0xba, 0x2d, 0x31, 0x54, 0x3d, 0x7d,
-	0xa6, 0xab, 0x39, 0xca, 0x3c, 0x55, 0xef, 0x44, 0x71, 0x3a, 0x5d, 0x8c, 0x9d, 0x80, 0xbf, 0x77,
+	0x35, 0x45, 0x95, 0xb6, 0xea, 0xdd, 0x88, 0xeb, 0xf3, 0xd9, 0xc4, 0xf5, 0xc5, 0x65, 0x2f, 0x12,
-	0x23, 0x1e, 0x71, 0x57, 0xe1, 0xf1, 0x62, 0xa2, 0x22, 0x15, 0x28, 0x95, 0x97, 0xb7, 0xbe, 0x10,
+	0x91, 0xe8, 0x19, 0x7a, 0x32, 0x0b, 0x4d, 0x65, 0x0a, 0x83, 0xd2, 0xf1, 0xf6, 0x37, 0x02, 0x0f,
-	0xb8, 0xc7, 0xf0, 0xc3, 0x02, 0x65, 0x3a, 0xca, 0x26, 0xc4, 0x81, 0x9f, 0xc6, 0x3c, 0xb9, 0x42,
+	0x19, 0x7e, 0x9a, 0xa1, 0xd2, 0x67, 0x89, 0x03, 0xf7, 0x3d, 0xcd, 0x45, 0x7c, 0x84, 0x5e, 0x80,
-	0x3f, 0x44, 0x41, 0x5f, 0x02, 0x78, 0x71, 0x94, 0xf8, 0xe9, 0x42, 0xa0, 0xb4, 0x48, 0xb3, 0xd4,
+	0x92, 0x1e, 0x03, 0x8c, 0x79, 0x14, 0x7b, 0x7a, 0x26, 0x51, 0x39, 0xa4, 0x55, 0xec, 0x6c, 0xf7,
-	0x3e, 0xee, 0x3e, 0x74, 0x8a, 0xe1, 0xce, 0x3f, 0xfb, 0x9c, 0x5d, 0x13, 0x3b, 0xe8, 0xa7, 0x0f,
+	0x9f, 0xb8, 0x99, 0xb9, 0xfb, 0x5f, 0x9d, 0xbb, 0x16, 0xb1, 0x9c, 0x9e, 0x3e, 0x86, 0xd2, 0xa9,
-	0xa0, 0x7c, 0xcd, 0xdf, 0x61, 0x62, 0x69, 0x4d, 0xd2, 0x3e, 0xee, 0x9e, 0xed, 0x8c, 0x14, 0x65,
+	0xf8, 0x88, 0xb1, 0x53, 0x68, 0x91, 0xce, 0x76, 0x7f, 0x6f, 0xbd, 0xc8, 0xb0, 0x2c, 0x6d, 0xd6,
-	0x79, 0xb2, 0x7e, 0x01, 0xb5, 0x5d, 0x0f, 0xa5, 0xa0, 0x67, 0x81, 0x45, 0x9a, 0xa4, 0x7d, 0xc2,
+	0x0f, 0xa0, 0xb6, 0xd6, 0x50, 0x0a, 0x56, 0x52, 0x38, 0xa4, 0x45, 0x3a, 0x3b, 0xcc, 0xe0, 0x84,
-	0x94, 0xce, 0xd8, 0x10, 0x51, 0x28, 0x97, 0x13, 0xa6, 0x74, 0xeb, 0x5b, 0xa9, 0xf0, 0xa6, 0x4f,
+	0x3b, 0x41, 0x94, 0x66, 0xcb, 0x0e, 0x33, 0xb8, 0xfd, 0xb3, 0x98, 0xed, 0xa6, 0xcf, 0xa1, 0x66,
-	0xa0, 0xa6, 0xc4, 0x20, 0x99, 0x70, 0xd5, 0x76, 0xdc, 0xbd, 0xf3, 0xe7, 0x20, 0x27, 0x4b, 0xf5,
+	0xc0, 0x28, 0x0e, 0x85, 0x91, 0x6d, 0xf7, 0xef, 0xdd, 0x36, 0x72, 0x93, 0xd6, 0xa0, 0x7a, 0xbd,
-	0xaa, 0x37, 0xeb, 0xc6, 0xd1, 0xed, 0xba, 0x41, 0xd8, 0xbe, 0x9e, 0xde, 0x3f, 0x98, 0x6d, 0x55,
+	0x68, 0x6e, 0xdd, 0x2c, 0x9a, 0x84, 0x6d, 0xe6, 0xe9, 0xa3, 0x9c, 0xb7, 0x53, 0x35, 0xfb, 0x37,
-	0x95, 0xff, 0x1e, 0xd4, 0x7f, 0x69, 0xa0, 0xab, 0xb2, 0x06, 0x68, 0x83, 0x7e, 0xbe, 0x53, 0xef,
+	0x44, 0xfd, 0x4f, 0x01, 0x2c, 0x33, 0xd6, 0x84, 0xc2, 0x68, 0x98, 0x66, 0x1a, 0xdc, 0x49, 0xf6,
-	0xbf, 0xcc, 0xe7, 0xfb, 0xba, 0x61, 0xe4, 0x2e, 0x7d, 0xa6, 0x0d, 0xfa, 0xf4, 0x1c, 0x8c, 0xd7,
+	0xfc, 0x58, 0x34, 0x2b, 0xe9, 0x96, 0x21, 0x2b, 0x8c, 0x86, 0x74, 0x1f, 0x2a, 0xef, 0x3e, 0xc7,
-	0x1f, 0x13, 0x14, 0x83, 0x7e, 0xbe, 0xe5, 0xbe, 0xaa, 0xc0, 0x6c, 0x2b, 0xe8, 0x23, 0xd0, 0x97,
+	0x28, 0x47, 0xc3, 0x34, 0xe5, 0x66, 0x2a, 0xa3, 0xd9, 0x0a, 0xd0, 0xa7, 0x60, 0xcd, 0x51, 0x4e,
-	0x28, 0xc6, 0x56, 0xa9, 0x49, 0xda, 0x67, 0x5d, 0xeb, 0x2f, 0xab, 0x3a, 0x23, 0x14, 0xe3, 0x5e,
+	0x9c, 0x62, 0x8b, 0x74, 0xf6, 0xfa, 0xce, 0x3f, 0xa2, 0xba, 0x67, 0x28, 0x27, 0x83, 0xea, 0x72,
-	0x75, 0xb3, 0x6e, 0xe8, 0x99, 0x62, 0xaa, 0x9e, 0x3e, 0x06, 0xe3, 0x32, 0x0c, 0x05, 0x4a, 0x69,
+	0xd1, 0xb4, 0x12, 0xc4, 0xcc, 0x3c, 0x7d, 0x06, 0x95, 0xc3, 0x20, 0x90, 0xa8, 0x94, 0x63, 0x99,
-	0xe9, 0xea, 0x95, 0xa7, 0x4e, 0x76, 0x0b, 0x4e, 0x01, 0xf7, 0x13, 0x0b, 0xc0, 0xb6, 0x82, 0x5a,
+	0x5f, 0xb9, 0xeb, 0x26, 0xdf, 0x82, 0x9b, 0x91, 0x1b, 0xc7, 0x8c, 0x60, 0x2b, 0x40, 0x5f, 0x40,
-	0x60, 0x3c, 0x15, 0xe8, 0xa7, 0x18, 0x5a, 0xe5, 0x26, 0x69, 0xeb, 0x6c, 0x1b, 0x52, 0x1b, 0x60,
+	0xf5, 0x98, 0x87, 0xa8, 0xf9, 0x25, 0x3a, 0x25, 0x23, 0x7d, 0x70, 0xdb, 0x75, 0xd5, 0xcd, 0xdd,
-	0xe4, 0xcf, 0xe2, 0xf0, 0x4d, 0x92, 0xc6, 0x33, 0xab, 0xa2, 0x92, 0x07, 0x24, 0xcb, 0x7b, 0x28,
+	0x68, 0xad, 0xa0, 0x0d, 0x80, 0x31, 0x2a, 0xc5, 0x45, 0xfc, 0x06, 0xaf, 0x9c, 0xb2, 0xb9, 0x51,
-	0x65, 0xcc, 0x93, 0x17, 0xb8, 0xb2, 0x0c, 0xf5, 0x3f, 0x07, 0xa4, 0x75, 0x0d, 0x6a, 0x43, 0x6a,
+	0x8e, 0x69, 0x9f, 0x82, 0x49, 0x49, 0x2b, 0x50, 0x3c, 0x99, 0x69, 0x7b, 0x2b, 0x01, 0xaf, 0x51,
-	0x40, 0x69, 0xb8, 0x48, 0xcd, 0xa3, 0x4c, 0x3c, 0xc7, 0xd4, 0x24, 0xb4, 0x0a, 0x7a, 0x76, 0x1a,
+	0xdb, 0x84, 0x56, 0xc1, 0x4a, 0x3e, 0x0f, 0xbb, 0x40, 0x01, 0xca, 0x63, 0xf4, 0xa4, 0x7f, 0x6e,
-	0xa6, 0x46, 0x01, 0x2a, 0x1e, 0xfa, 0x22, 0x98, 0x9a, 0xa5, 0x4c, 0xf7, 0x71, 0x86, 0x29, 0x9a,
+	0x17, 0x13, 0x3c, 0xc4, 0x0b, 0xd4, 0x68, 0x5b, 0xb4, 0x06, 0x25, 0xe6, 0xc5, 0x11, 0xda, 0x25,
-	0x3a, 0xad, 0x41, 0x99, 0xf9, 0x49, 0x84, 0x66, 0x99, 0x9e, 0x42, 0x4d, 0xc9, 0x2b, 0x5f, 0x4e,
+	0xba, 0x0b, 0x35, 0x03, 0x8f, 0x3c, 0x75, 0x6e, 0x97, 0xdb, 0x23, 0xd8, 0xbd, 0x15, 0x8d, 0x3a,
-	0xcd, 0x4a, 0xcf, 0xbb, 0xd9, 0xd8, 0xe4, 0x76, 0x63, 0x93, 0xaf, 0x1b, 0x9b, 0xfc, 0xd8, 0xd8,
+	0x50, 0x79, 0x29, 0xd1, 0xd3, 0x18, 0x98, 0xff, 0xc1, 0x62, 0xab, 0x32, 0x09, 0x78, 0xe6, 0x5d,
-	0xe4, 0xd3, 0x4f, 0xfb, 0xe8, 0xed, 0xf9, 0xc1, 0x9d, 0x27, 0x72, 0x1e, 0x04, 0x9d, 0x10, 0x97,
+	0xf0, 0xe0, 0x7d, 0xac, 0xf9, 0x85, 0x39, 0xbf, 0xc5, 0x72, 0xcc, 0x60, 0x7c, 0xbd, 0x6c, 0x90,
-	0x6e, 0x82, 0x7c, 0x22, 0x3b, 0xfe, 0x3c, 0xee, 0x44, 0xdc, 0x2d, 0xbe, 0xf2, 0xb3, 0xf6, 0xff,
+	0x9b, 0x65, 0x83, 0x7c, 0x5f, 0x36, 0xc8, 0xaf, 0x65, 0x83, 0x7c, 0xf9, 0xdd, 0xd8, 0xfa, 0xb0,
-	0x2b, 0xe4, 0xcf, 0x3c, 0xe7, 0x72, 0x38, 0x70, 0xbc, 0x9c, 0x8d, 0x2b, 0xea, 0xfc, 0x2f, 0x7e,
+	0x9f, 0x7b, 0x36, 0xb1, 0x9a, 0xfa, 0x7e, 0x37, 0xc0, 0x79, 0x2f, 0x46, 0x11, 0xaa, 0xae, 0x37,
-	0x07, 0x00, 0x00, 0xff, 0xff, 0xea, 0xcf, 0xa5, 0xdd, 0x60, 0x03, 0x00, 0x00,
+	0xe5, 0xdd, 0x48, 0xf4, 0xb2, 0x1b, 0x7d, 0x2d, 0xdc, 0x7d, 0x8b, 0xe2, 0xd5, 0xd8, 0x3d, 0x3c,
 	0x19, 0xb9, 0xe3, 0x94, 0x9b, 0x94, 0xcd, 0x6b, 0x3a, 0xf8, 0x1b, 0x00, 0x00, 0xff, 0xff, 0x13,
 	0xf0, 0xba, 0xcc, 0xaf, 0x03, 0x00, 0x00,
 }
 func (m *RequestVerificationHeader) Marshal() (dAtA []byte, err error) {
@ -519,18 +560,18 @@ func (m *Token_Info) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 		copy(dAtA[i:], m.SessionKey)
 		i = encodeVarintVerify(dAtA, i, uint64(len(m.SessionKey)))
 		i--
-		dAtA[i] = 0x3a
+		dAtA[i] = 0x32
 	}
-	if m.ValidUntil != 0 {
+	{
-		i = encodeVarintVerify(dAtA, i, uint64(m.ValidUntil))
+		size, err := m.TokenLifetime.MarshalToSizedBuffer(dAtA[:i])
-		i--
+		if err != nil {
-		dAtA[i] = 0x30
+			return 0, err
-	}
+		}
-	if m.Created != 0 {
+		i -= size
-		i = encodeVarintVerify(dAtA, i, uint64(m.Created))
+		i = encodeVarintVerify(dAtA, i, uint64(size))
 		i--
 		dAtA[i] = 0x28
 	}
 	i--
 	dAtA[i] = 0x2a
 	{
 		size := m.Address.Size()
 		i -= size
@ -569,6 +610,43 @@ func (m *Token_Info) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 func (m *TokenLifetime) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 func (m *TokenLifetime) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 func (m *TokenLifetime) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.XXX_unrecognized != nil {
 		i -= len(m.XXX_unrecognized)
 		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.ValidUntil != 0 {
 		i = encodeVarintVerify(dAtA, i, uint64(m.ValidUntil))
 		i--
 		dAtA[i] = 0x10
 	}
 	if m.Created != 0 {
 		i = encodeVarintVerify(dAtA, i, uint64(m.Created))
 		i--
 		dAtA[i] = 0x8
 	}
 	return len(dAtA) - i, nil
 }
 func encodeVarintVerify(dAtA []byte, offset int, v uint64) int {
 	offset -= sovVerify(v)
 	base := offset
@ -655,16 +733,30 @@ func (m *Token_Info) Size() (n int) {
 	}
 	l = m.Address.Size()
 	n += 1 + l + sovVerify(uint64(l))
 	l = m.TokenLifetime.Size()
 	n += 1 + l + sovVerify(uint64(l))
 	l = len(m.SessionKey)
 	if l > 0 {
 		n += 1 + l + sovVerify(uint64(l))
 	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
 	return n
 }
 func (m *TokenLifetime) Size() (n int) {
 	if m == nil {
 		return 0
 	}
 	var l int
 	_ = l
 	if m.Created != 0 {
 		n += 1 + sovVerify(uint64(m.Created))
 	}
 	if m.ValidUntil != 0 {
 		n += 1 + sovVerify(uint64(m.ValidUntil))
 	}
 	l = len(m.SessionKey)
 	if l > 0 {
 		n += 1 + l + sovVerify(uint64(l))
 	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
@ -1192,10 +1284,10 @@ func (m *Token_Info) Unmarshal(dAtA []byte) error {
 			}
 			iNdEx = postIndex
 		case 5:
-			if wireType != 0 {
+			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Created", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field TokenLifetime", wireType)
 			}
-			m.Created = 0
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowVerify
@ -1205,31 +1297,26 @@ func (m *Token_Info) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Created |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			if msglen < 0 {
 				return ErrInvalidLengthVerify
 			}
 			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthVerify
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if err := m.TokenLifetime.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 6:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field ValidUntil", wireType)
 			}
 			m.ValidUntil = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowVerify
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				m.ValidUntil |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 		case 7:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field SessionKey", wireType)
 			}
@ -1288,6 +1375,98 @@ func (m *Token_Info) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
 func (m *TokenLifetime) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
 		preIndex := iNdEx
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
 			if shift >= 64 {
 				return ErrIntOverflowVerify
 			}
 			if iNdEx >= l {
 				return io.ErrUnexpectedEOF
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
 			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
 		}
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
 			return fmt.Errorf("proto: TokenLifetime: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
 			return fmt.Errorf("proto: TokenLifetime: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Created", wireType)
 			}
 			m.Created = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowVerify
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				m.Created |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 		case 2:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field ValidUntil", wireType)
 			}
 			m.ValidUntil = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowVerify
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				m.ValidUntil |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 		default:
 			iNdEx = preIndex
 			skippy, err := skipVerify(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
 			if skippy < 0 {
 				return ErrInvalidLengthVerify
 			}
 			if (iNdEx + skippy) < 0 {
 				return ErrInvalidLengthVerify
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
 	if iNdEx > l {
 		return io.ErrUnexpectedEOF
 	}
 	return nil
 }
 func skipVerify(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
--- a/service/verify.proto
+++ b/service/verify.proto
@ -58,14 +58,11 @@ message Token {
        // Address is an object address for which token is issued
        refs.Address Address = 4 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];
-        // Created is an initial epoch of token lifetime
+        // Lifetime is a lifetime of the session
-        uint64 Created = 5;
+        TokenLifetime Lifetime = 5 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
        // ValidUntil is a last epoch of token lifetime
        uint64 ValidUntil = 6;
        // SessionKey is a public key of session key
-        bytes SessionKey = 7;
+        bytes SessionKey = 6;
    }
    // TokenInfo is a grouped information about token
@ -75,6 +72,15 @@ message Token {
    bytes Signature = 8;
 }
 // TokenLifetime carries a group of lifetime parameters of the token
 message TokenLifetime {
    // Created carries an initial epoch of token lifetime
    uint64 Created = 1;
    // ValidUntil carries a last epoch of token lifetime
    uint64 ValidUntil = 2;
 }
 // TODO: for variable token types and version redefine message
 // Example:
 // message Token {
--- a/session/service.go
+++ b/session/service.go
@ -1,11 +1 @@
 package session
 // NewInitRequest returns new initialization CreateRequest from passed Token.
 func NewInitRequest(t *Token) *CreateRequest {
 	return &CreateRequest{Message: &CreateRequest_Init{Init: t}}
 }
 // NewSignedRequest returns new signed CreateRequest from passed Token.
 func NewSignedRequest(t *Token) *CreateRequest {
 	return &CreateRequest{Message: &CreateRequest_Signed{Signed: t}}
 }
--- a/session/service.pb.go
+++ b/session/service.pb.go
@ -28,13 +28,12 @@ var _ = math.Inf
 // proto package needs to be updated.
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 // CreateRequest carries an information necessary for opening a session
 type CreateRequest struct {
-	// Message should be one of
+	// OwnerID carries an identifier of a session initiator
-	//
+	OwnerID OwnerID `protobuf:"bytes,1,opt,name=OwnerID,proto3,customtype=OwnerID" json:"OwnerID"`
-	// Types that are valid to be assigned to Message:
+	// Lifetime carries a lifetime of the session
-	//	*CreateRequest_Init
+	service.TokenLifetime `protobuf:"bytes,2,opt,name=Lifetime,proto3,embedded=Lifetime" json:"Lifetime"`
 	//	*CreateRequest_Signed
 	Message isCreateRequest_Message `protobuf_oneof:"Message"`
 	// RequestMetaHeader contains information about request meta headers (should be embedded into message)
 	service.RequestMetaHeader `protobuf:"bytes,98,opt,name=Meta,proto3,embedded=Meta" json:"Meta"`
 	// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@ -73,59 +72,15 @@ func (m *CreateRequest) XXX_DiscardUnknown() {
 var xxx_messageInfo_CreateRequest proto.InternalMessageInfo
-type isCreateRequest_Message interface {
+// CreateResponse carries an information about the opened session
 	isCreateRequest_Message()
 	MarshalTo([]byte) (int, error)
 	Size() int
 }
 type CreateRequest_Init struct {
 	Init *service.Token `protobuf:"bytes,1,opt,name=Init,proto3,oneof" json:"Init,omitempty"`
 }
 type CreateRequest_Signed struct {
 	Signed *service.Token `protobuf:"bytes,2,opt,name=Signed,proto3,oneof" json:"Signed,omitempty"`
 }
 func (*CreateRequest_Init) isCreateRequest_Message()   {}
 func (*CreateRequest_Signed) isCreateRequest_Message() {}
 func (m *CreateRequest) GetMessage() isCreateRequest_Message {
 	if m != nil {
 		return m.Message
 	}
 	return nil
 }
 func (m *CreateRequest) GetInit() *service.Token {
 	if x, ok := m.GetMessage().(*CreateRequest_Init); ok {
 		return x.Init
 	}
 	return nil
 }
 func (m *CreateRequest) GetSigned() *service.Token {
 	if x, ok := m.GetMessage().(*CreateRequest_Signed); ok {
 		return x.Signed
 	}
 	return nil
 }
 // XXX_OneofWrappers is for the internal use of the proto package.
 func (*CreateRequest) XXX_OneofWrappers() []interface{} {
 	return []interface{}{
 		(*CreateRequest_Init)(nil),
 		(*CreateRequest_Signed)(nil),
 	}
 }
 type CreateResponse struct {
-	// Types that are valid to be assigned to Message:
+	// ID carries an identifier of session token
-	//	*CreateResponse_Unsigned
+	ID TokenID `protobuf:"bytes,1,opt,name=ID,proto3,customtype=TokenID" json:"ID"`
-	//	*CreateResponse_Result
+	// SessionKey carries a session public key
-	Message              isCreateResponse_Message `protobuf_oneof:"Message"`
+	SessionKey           []byte   `protobuf:"bytes,2,opt,name=SessionKey,proto3" json:"SessionKey,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte                   `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32                    `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 func (m *CreateResponse) Reset()         { *m = CreateResponse{} }
@ -157,51 +112,13 @@ func (m *CreateResponse) XXX_DiscardUnknown() {
 var xxx_messageInfo_CreateResponse proto.InternalMessageInfo
-type isCreateResponse_Message interface {
+func (m *CreateResponse) GetSessionKey() []byte {
 	isCreateResponse_Message()
 	MarshalTo([]byte) (int, error)
 	Size() int
 }
 type CreateResponse_Unsigned struct {
 	Unsigned *service.Token `protobuf:"bytes,1,opt,name=Unsigned,proto3,oneof" json:"Unsigned,omitempty"`
 }
 type CreateResponse_Result struct {
 	Result *service.Token `protobuf:"bytes,2,opt,name=Result,proto3,oneof" json:"Result,omitempty"`
 }
 func (*CreateResponse_Unsigned) isCreateResponse_Message() {}
 func (*CreateResponse_Result) isCreateResponse_Message()   {}
 func (m *CreateResponse) GetMessage() isCreateResponse_Message {
 	if m != nil {
-		return m.Message
+		return m.SessionKey
 	}
 	return nil
 }
 func (m *CreateResponse) GetUnsigned() *service.Token {
 	if x, ok := m.GetMessage().(*CreateResponse_Unsigned); ok {
 		return x.Unsigned
 	}
 	return nil
 }
 func (m *CreateResponse) GetResult() *service.Token {
 	if x, ok := m.GetMessage().(*CreateResponse_Result); ok {
 		return x.Result
 	}
 	return nil
 }
 // XXX_OneofWrappers is for the internal use of the proto package.
 func (*CreateResponse) XXX_OneofWrappers() []interface{} {
 	return []interface{}{
 		(*CreateResponse_Unsigned)(nil),
 		(*CreateResponse_Result)(nil),
 	}
 }
 func init() {
 	proto.RegisterType((*CreateRequest)(nil), "session.CreateRequest")
 	proto.RegisterType((*CreateResponse)(nil), "session.CreateResponse")
@ -210,31 +127,32 @@ func init() {
 func init() { proto.RegisterFile("session/service.proto", fileDescriptor_b329bee0fd1148e0) }
 var fileDescriptor_b329bee0fd1148e0 = []byte{
-	// 380 bytes of a gzipped FileDescriptorProto
+	// 386 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x52, 0x4f, 0x4f, 0xe2, 0x40,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x64, 0x91, 0xcf, 0x6e, 0xda, 0x40,
-	0x14, 0x67, 0x08, 0x29, 0xec, 0x6c, 0x96, 0x64, 0x27, 0xfb, 0xa7, 0xe9, 0xa1, 0x6c, 0xc8, 0x1e,
+	0x10, 0xc6, 0x59, 0xab, 0x02, 0xb4, 0xa5, 0xad, 0xba, 0xea, 0x1f, 0xcb, 0x07, 0x1b, 0x71, 0x82,
-	0xd8, 0x64, 0xdb, 0x1a, 0xbc, 0x78, 0xf1, 0x20, 0x1a, 0x03, 0x07, 0x8c, 0x69, 0xd5, 0x83, 0xb7,
+	0x83, 0x6d, 0x89, 0x5e, 0x5a, 0xa9, 0x97, 0x52, 0xab, 0xaa, 0xd5, 0xe6, 0x9f, 0x89, 0x72, 0xc8,
-	0xb6, 0x3c, 0xea, 0x44, 0x99, 0xa9, 0x9d, 0x29, 0x89, 0xdf, 0xc4, 0xcf, 0xe0, 0x27, 0xe1, 0xc8,
+	0xcd, 0x36, 0x63, 0x67, 0x15, 0xe1, 0x75, 0xbc, 0x0b, 0x11, 0x6f, 0x92, 0x67, 0xc8, 0x93, 0x70,
-	0xd1, 0x13, 0x31, 0xf5, 0xe6, 0xa7, 0x30, 0x4c, 0x07, 0x82, 0x12, 0x6e, 0x7d, 0xbf, 0x3f, 0xef,
+	0xe4, 0x18, 0xe5, 0x80, 0x22, 0xe7, 0x25, 0x72, 0x8c, 0x58, 0xaf, 0x11, 0x09, 0xb7, 0x9d, 0xdf,
-	0xbd, 0x5f, 0xdf, 0xe0, 0x9f, 0x02, 0x84, 0xa0, 0x9c, 0x79, 0x02, 0xb2, 0x29, 0x8d, 0xc1, 0x4d,
+	0xec, 0xf7, 0x69, 0xbe, 0x19, 0xfc, 0x99, 0x03, 0xe7, 0x94, 0x65, 0x2e, 0x87, 0x62, 0x4e, 0x63,
-	0x33, 0x2e, 0x39, 0xa9, 0x6b, 0xd8, 0x22, 0x1a, 0xf7, 0x26, 0x20, 0xc3, 0x92, 0xb4, 0x7e, 0xac,
+	0x70, 0xf2, 0x82, 0x09, 0x46, 0x5a, 0x0a, 0x1b, 0x44, 0x71, 0x77, 0x0a, 0x22, 0xac, 0x9a, 0xc6,
-	0xb0, 0x29, 0x64, 0x74, 0xfc, 0xa0, 0x51, 0x27, 0xa1, 0xf2, 0x26, 0x8f, 0xdc, 0x98, 0x4f, 0xbc,
+	0xa7, 0x9a, 0xcd, 0xa1, 0xa0, 0xc9, 0x42, 0x51, 0x3b, 0xa5, 0xe2, 0x62, 0x16, 0x39, 0x31, 0x9b,
-	0x84, 0x27, 0xdc, 0x53, 0x70, 0x94, 0x8f, 0x55, 0xa5, 0x0a, 0xf5, 0x55, 0xca, 0xdb, 0x6f, 0x08,
+	0xba, 0x29, 0x4b, 0x99, 0x2b, 0x71, 0x34, 0x4b, 0x64, 0x25, 0x0b, 0xf9, 0xaa, 0xbe, 0xf7, 0x9e,
-	0x7f, 0x3b, 0xce, 0x20, 0x94, 0xe0, 0xc3, 0x7d, 0x0e, 0x42, 0x92, 0xbf, 0xb8, 0x36, 0x60, 0x54,
+	0x10, 0x7e, 0xf7, 0xbb, 0x80, 0x50, 0x40, 0x00, 0x57, 0x33, 0xe0, 0x82, 0x0c, 0x70, 0xeb, 0xe8,
-	0x9a, 0xe8, 0x0f, 0xea, 0x7c, 0xed, 0x36, 0xdd, 0xd5, 0x46, 0x17, 0xfc, 0x16, 0x58, 0xbf, 0xe2,
+	0x3a, 0x83, 0xc2, 0xf7, 0x74, 0xd4, 0x45, 0xfd, 0xce, 0xe8, 0xc3, 0x72, 0x6d, 0x35, 0xee, 0xd7,
-	0x2b, 0x96, 0x74, 0xb0, 0x11, 0xd0, 0x84, 0xc1, 0xc8, 0xac, 0xee, 0xd0, 0x69, 0x9e, 0x1c, 0xe0,
+	0x56, 0x8d, 0x83, 0xfa, 0x41, 0x7e, 0xe2, 0xf6, 0x7f, 0x9a, 0x80, 0xa0, 0x53, 0xd0, 0xb5, 0x2e,
-	0xda, 0x10, 0x64, 0x68, 0x46, 0x4a, 0x67, 0xad, 0x75, 0x7a, 0xde, 0x92, 0xeb, 0x43, 0x38, 0x82,
+	0xea, 0xbf, 0x1d, 0x7e, 0x71, 0xea, 0x00, 0xa7, 0xec, 0x12, 0xb2, 0xba, 0x3b, 0x6a, 0x6f, 0x3c,
-	0xac, 0xd7, 0x98, 0x2d, 0x5a, 0x95, 0xf9, 0xa2, 0x85, 0x7c, 0xe5, 0x20, 0x27, 0xd8, 0xb8, 0x52,
+	0x56, 0x6b, 0x0b, 0x05, 0x5b, 0x05, 0xf9, 0x8e, 0xdf, 0x1c, 0x80, 0x08, 0xf5, 0x48, 0x2a, 0x8d,
-	0xd1, 0xcc, 0x58, 0x79, 0xdb, 0x9f, 0xbd, 0x8a, 0xa5, 0x71, 0x28, 0x29, 0x67, 0x5b, 0x3d, 0xb4,
+	0xad, 0x52, 0x0d, 0xb2, 0xe9, 0xfd, 0x85, 0x70, 0x02, 0xc5, 0x8e, 0x5a, 0x2a, 0x88, 0x87, 0x9b,
-	0xb7, 0xf7, 0x05, 0xd7, 0x87, 0x20, 0x44, 0x98, 0x40, 0x5b, 0xe0, 0xe6, 0x2a, 0xab, 0x48, 0x39,
+	0x67, 0x32, 0xb3, 0x1e, 0x4b, 0x6d, 0xef, 0xb5, 0x56, 0x76, 0x69, 0x1c, 0x0a, 0xca, 0xb2, 0x3d,
-	0x13, 0x40, 0xfe, 0xe3, 0xc6, 0x25, 0x13, 0x65, 0x90, 0x5d, 0x81, 0xd7, 0x8a, 0x65, 0x68, 0x1f,
+	0x0f, 0xa5, 0xed, 0x9d, 0xe0, 0xf7, 0x75, 0x72, 0x9e, 0xb3, 0x8c, 0x03, 0xb1, 0xb0, 0xb6, 0x9f,
-	0x44, 0x7e, 0x27, 0x77, 0x87, 0x2e, 0xf9, 0x8d, 0xa1, 0xdd, 0x3e, 0xae, 0x07, 0xe5, 0x15, 0xc9,
+	0x5a, 0x06, 0xf1, 0xbd, 0x40, 0xf3, 0x3d, 0x62, 0x62, 0x3c, 0xae, 0x2e, 0xf2, 0x0f, 0x16, 0x32,
-	0x21, 0x36, 0xca, 0xf9, 0xe4, 0x97, 0xab, 0x2f, 0xeb, 0x7e, 0xf8, 0xf9, 0xd6, 0xef, 0x2d, 0xbc,
+	0x72, 0x27, 0xd8, 0x21, 0x43, 0x0f, 0xb7, 0x54, 0x45, 0x7e, 0xe0, 0x66, 0xe5, 0x4e, 0x36, 0x3b,
-	0x5c, 0xb4, 0x83, 0xf6, 0x50, 0x2f, 0x98, 0x15, 0x36, 0x9a, 0x17, 0x36, 0x7a, 0x2e, 0x6c, 0xf4,
+	0x91, 0xcc, 0x79, 0xb1, 0x68, 0xe3, 0xeb, 0x1e, 0xaf, 0xc6, 0x18, 0x8d, 0x97, 0xa5, 0x89, 0x56,
-	0x52, 0xd8, 0xe8, 0xf1, 0xd5, 0xae, 0x5c, 0xff, 0xdb, 0x38, 0x38, 0x13, 0x69, 0x1c, 0x3b, 0x23,
+	0xa5, 0x89, 0xee, 0x4a, 0x13, 0x3d, 0x94, 0x26, 0xba, 0x79, 0x34, 0x1b, 0xe7, 0x83, 0x9d, 0xc3,
-	0x98, 0x7a, 0x0c, 0xf8, 0x58, 0x38, 0x61, 0x4a, 0x9d, 0x84, 0x7b, 0xba, 0xe7, 0x53, 0xf5, 0xfb,
+	0x66, 0x3c, 0x8f, 0x63, 0x7b, 0x02, 0x73, 0x37, 0x03, 0x96, 0x70, 0x3b, 0xcc, 0xa9, 0x9d, 0x32,
-	0x19, 0xf0, 0xd3, 0xc0, 0x3d, 0x3a, 0x1f, 0xb8, 0x7a, 0xa7, 0xc8, 0x50, 0xef, 0x60, 0xff, 0x3d,
+	0x57, 0xf9, 0xdd, 0x6a, 0x1f, 0x0f, 0x81, 0xfd, 0x19, 0x3b, 0xbf, 0x8e, 0x7d, 0x47, 0xcd, 0x13,
-	0x00, 0x00, 0xff, 0xff, 0x70, 0x53, 0x71, 0xf3, 0x82, 0x02, 0x00, 0x00,
+	0x35, 0xe5, 0xbd, 0xbf, 0x3d, 0x07, 0x00, 0x00, 0xff, 0xff, 0xf5, 0x66, 0xc9, 0x19, 0x6a, 0x02,
 	0x00, 0x00,
 }
 // Reference imports to suppress errors if they are not otherwise used.
@ -249,17 +167,8 @@ const _ = grpc.SupportPackageIsVersion4
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
 type SessionClient interface {
-	// Create is a method that used to open a trusted session to manipulate
+	// Create opens new session between the client and the server
-	// an object. In order to put or delete object client have to obtain session
+	Create(ctx context.Context, in *CreateRequest, opts ...grpc.CallOption) (*CreateResponse, error)
 	// token with trusted node. Trusted node will modify client's object
 	// (add missing headers, checksums, homomorphic hash) and sign id with
 	// session key. Session is established during 4-step handshake in one gRPC stream
 	//
 	// - First client stream message SHOULD BE type of `CreateRequest_Init`.
 	// - First server stream message SHOULD BE type of `CreateResponse_Unsigned`.
 	// - Second client stream message SHOULD BE type of `CreateRequest_Signed`.
 	// - Second server stream message SHOULD BE type of `CreateResponse_Result`.
 	Create(ctx context.Context, opts ...grpc.CallOption) (Session_CreateClient, error)
 }
 type sessionClient struct {
@ -270,102 +179,61 @@ func NewSessionClient(cc *grpc.ClientConn) SessionClient {
 	return &sessionClient{cc}
 }
-func (c *sessionClient) Create(ctx context.Context, opts ...grpc.CallOption) (Session_CreateClient, error) {
+func (c *sessionClient) Create(ctx context.Context, in *CreateRequest, opts ...grpc.CallOption) (*CreateResponse, error) {
-	stream, err := c.cc.NewStream(ctx, &_Session_serviceDesc.Streams[0], "/session.Session/Create", opts...)
+	out := new(CreateResponse)
 	err := c.cc.Invoke(ctx, "/session.Session/Create", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
-	x := &sessionCreateClient{stream}
+	return out, nil
 	return x, nil
 }
 type Session_CreateClient interface {
 	Send(*CreateRequest) error
 	Recv() (*CreateResponse, error)
 	grpc.ClientStream
 }
 type sessionCreateClient struct {
 	grpc.ClientStream
 }
 func (x *sessionCreateClient) Send(m *CreateRequest) error {
 	return x.ClientStream.SendMsg(m)
 }
 func (x *sessionCreateClient) Recv() (*CreateResponse, error) {
 	m := new(CreateResponse)
 	if err := x.ClientStream.RecvMsg(m); err != nil {
 		return nil, err
 	}
 	return m, nil
 }
 // SessionServer is the server API for Session service.
 type SessionServer interface {
-	// Create is a method that used to open a trusted session to manipulate
+	// Create opens new session between the client and the server
-	// an object. In order to put or delete object client have to obtain session
+	Create(context.Context, *CreateRequest) (*CreateResponse, error)
 	// token with trusted node. Trusted node will modify client's object
 	// (add missing headers, checksums, homomorphic hash) and sign id with
 	// session key. Session is established during 4-step handshake in one gRPC stream
 	//
 	// - First client stream message SHOULD BE type of `CreateRequest_Init`.
 	// - First server stream message SHOULD BE type of `CreateResponse_Unsigned`.
 	// - Second client stream message SHOULD BE type of `CreateRequest_Signed`.
 	// - Second server stream message SHOULD BE type of `CreateResponse_Result`.
 	Create(Session_CreateServer) error
 }
 // UnimplementedSessionServer can be embedded to have forward compatible implementations.
 type UnimplementedSessionServer struct {
 }
-func (*UnimplementedSessionServer) Create(srv Session_CreateServer) error {
+func (*UnimplementedSessionServer) Create(ctx context.Context, req *CreateRequest) (*CreateResponse, error) {
-	return status.Errorf(codes.Unimplemented, "method Create not implemented")
+	return nil, status.Errorf(codes.Unimplemented, "method Create not implemented")
 }
 func RegisterSessionServer(s *grpc.Server, srv SessionServer) {
 	s.RegisterService(&_Session_serviceDesc, srv)
 }
-func _Session_Create_Handler(srv interface{}, stream grpc.ServerStream) error {
+func _Session_Create_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	return srv.(SessionServer).Create(&sessionCreateServer{stream})
+	in := new(CreateRequest)
-}
+	if err := dec(in); err != nil {
 type Session_CreateServer interface {
 	Send(*CreateResponse) error
 	Recv() (*CreateRequest, error)
 	grpc.ServerStream
 }
 type sessionCreateServer struct {
 	grpc.ServerStream
 }
 func (x *sessionCreateServer) Send(m *CreateResponse) error {
 	return x.ServerStream.SendMsg(m)
 }
 func (x *sessionCreateServer) Recv() (*CreateRequest, error) {
 	m := new(CreateRequest)
 	if err := x.ServerStream.RecvMsg(m); err != nil {
 		return nil, err
 	}
-	return m, nil
+	if interceptor == nil {
 		return srv.(SessionServer).Create(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/session.Session/Create",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(SessionServer).Create(ctx, req.(*CreateRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 var _Session_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "session.Session",
 	HandlerType: (*SessionServer)(nil),
-	Methods:     []grpc.MethodDesc{},
+	Methods: []grpc.MethodDesc{
 	Streams: []grpc.StreamDesc{
 		{
-			StreamName:    "Create",
+			MethodName: "Create",
-			Handler:       _Session_Create_Handler,
+			Handler:    _Session_Create_Handler,
 			ServerStreams: true,
 			ClientStreams: true,
 		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "session/service.proto",
 }
@ -417,60 +285,29 @@ func (m *CreateRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	dAtA[i] = 0x6
 	i--
 	dAtA[i] = 0x92
-	if m.Message != nil {
+	{
-		{
+		size, err := m.TokenLifetime.MarshalToSizedBuffer(dAtA[:i])
-			size := m.Message.Size()
+		if err != nil {
-			i -= size
+			return 0, err
 			if _, err := m.Message.MarshalTo(dAtA[i:]); err != nil {
 				return 0, err
 			}
 		}
 		i -= size
 		i = encodeVarintService(dAtA, i, uint64(size))
 	}
 	i--
 	dAtA[i] = 0x12
 	{
 		size := m.OwnerID.Size()
 		i -= size
 		if _, err := m.OwnerID.MarshalTo(dAtA[i:]); err != nil {
 			return 0, err
 		}
 		i = encodeVarintService(dAtA, i, uint64(size))
 	}
 	i--
 	dAtA[i] = 0xa
 	return len(dAtA) - i, nil
 }
 func (m *CreateRequest_Init) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 func (m *CreateRequest_Init) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	if m.Init != nil {
 		{
 			size, err := m.Init.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
 			i -= size
 			i = encodeVarintService(dAtA, i, uint64(size))
 		}
 		i--
 		dAtA[i] = 0xa
 	}
 	return len(dAtA) - i, nil
 }
 func (m *CreateRequest_Signed) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 func (m *CreateRequest_Signed) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	if m.Signed != nil {
 		{
 			size, err := m.Signed.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
 			i -= size
 			i = encodeVarintService(dAtA, i, uint64(size))
 		}
 		i--
 		dAtA[i] = 0x12
 	}
 	return len(dAtA) - i, nil
 }
 func (m *CreateResponse) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@ -495,60 +332,26 @@ func (m *CreateResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 		i -= len(m.XXX_unrecognized)
 		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if m.Message != nil {
+	if len(m.SessionKey) > 0 {
-		{
+		i -= len(m.SessionKey)
-			size := m.Message.Size()
+		copy(dAtA[i:], m.SessionKey)
-			i -= size
+		i = encodeVarintService(dAtA, i, uint64(len(m.SessionKey)))
 			if _, err := m.Message.MarshalTo(dAtA[i:]); err != nil {
 				return 0, err
 			}
 		}
 	}
 	return len(dAtA) - i, nil
 }
 func (m *CreateResponse_Unsigned) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 func (m *CreateResponse_Unsigned) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	if m.Unsigned != nil {
 		{
 			size, err := m.Unsigned.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
 			i -= size
 			i = encodeVarintService(dAtA, i, uint64(size))
 		}
 		i--
 		dAtA[i] = 0xa
 	}
 	return len(dAtA) - i, nil
 }
 func (m *CreateResponse_Result) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 func (m *CreateResponse_Result) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	if m.Result != nil {
 		{
 			size, err := m.Result.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
 			i -= size
 			i = encodeVarintService(dAtA, i, uint64(size))
 		}
 		i--
 		dAtA[i] = 0x12
 	}
 	{
 		size := m.ID.Size()
 		i -= size
 		if _, err := m.ID.MarshalTo(dAtA[i:]); err != nil {
 			return 0, err
 		}
 		i = encodeVarintService(dAtA, i, uint64(size))
 	}
 	i--
 	dAtA[i] = 0xa
 	return len(dAtA) - i, nil
 }
 func encodeVarintService(dAtA []byte, offset int, v uint64) int {
 	offset -= sovService(v)
 	base := offset
@ -566,9 +369,10 @@ func (m *CreateRequest) Size() (n int) {
 	}
 	var l int
 	_ = l
-	if m.Message != nil {
+	l = m.OwnerID.Size()
-		n += m.Message.Size()
+	n += 1 + l + sovService(uint64(l))
-	}
+	l = m.TokenLifetime.Size()
 	n += 1 + l + sovService(uint64(l))
 	l = m.RequestMetaHeader.Size()
 	n += 2 + l + sovService(uint64(l))
 	l = m.RequestVerificationHeader.Size()
@ -579,38 +383,17 @@ func (m *CreateRequest) Size() (n int) {
 	return n
 }
 func (m *CreateRequest_Init) Size() (n int) {
 	if m == nil {
 		return 0
 	}
 	var l int
 	_ = l
 	if m.Init != nil {
 		l = m.Init.Size()
 		n += 1 + l + sovService(uint64(l))
 	}
 	return n
 }
 func (m *CreateRequest_Signed) Size() (n int) {
 	if m == nil {
 		return 0
 	}
 	var l int
 	_ = l
 	if m.Signed != nil {
 		l = m.Signed.Size()
 		n += 1 + l + sovService(uint64(l))
 	}
 	return n
 }
 func (m *CreateResponse) Size() (n int) {
 	if m == nil {
 		return 0
 	}
 	var l int
 	_ = l
-	if m.Message != nil {
+	l = m.ID.Size()
-		n += m.Message.Size()
+	n += 1 + l + sovService(uint64(l))
 	l = len(m.SessionKey)
 	if l > 0 {
 		n += 1 + l + sovService(uint64(l))
 	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
@ -618,31 +401,6 @@ func (m *CreateResponse) Size() (n int) {
 	return n
 }
 func (m *CreateResponse_Unsigned) Size() (n int) {
 	if m == nil {
 		return 0
 	}
 	var l int
 	_ = l
 	if m.Unsigned != nil {
 		l = m.Unsigned.Size()
 		n += 1 + l + sovService(uint64(l))
 	}
 	return n
 }
 func (m *CreateResponse_Result) Size() (n int) {
 	if m == nil {
 		return 0
 	}
 	var l int
 	_ = l
 	if m.Result != nil {
 		l = m.Result.Size()
 		n += 1 + l + sovService(uint64(l))
 	}
 	return n
 }
 func sovService(x uint64) (n int) {
 	return (math_bits.Len64(x|1) + 6) / 7
 }
@ -680,9 +438,9 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Init", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field OwnerID", wireType)
 			}
-			var msglen int
+			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowService
@ -692,30 +450,28 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			if byteLen < 0 {
 				return ErrInvalidLengthService
 			}
-			postIndex := iNdEx + msglen
+			postIndex := iNdEx + byteLen
 			if postIndex < 0 {
 				return ErrInvalidLengthService
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			v := &service.Token{}
+			if err := m.OwnerID.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			m.Message = &CreateRequest_Init{v}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Signed", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field TokenLifetime", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@ -742,11 +498,9 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			v := &service.Token{}
+			if err := m.TokenLifetime.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			m.Message = &CreateRequest_Signed{v}
 			iNdEx = postIndex
 		case 98:
 			if wireType != 2 {
@ -870,9 +624,9 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Unsigned", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
 			}
-			var msglen int
+			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowService
@ -882,32 +636,30 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			if byteLen < 0 {
 				return ErrInvalidLengthService
 			}
-			postIndex := iNdEx + msglen
+			postIndex := iNdEx + byteLen
 			if postIndex < 0 {
 				return ErrInvalidLengthService
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			v := &service.Token{}
+			if err := m.ID.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			m.Message = &CreateResponse_Unsigned{v}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Result", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field SessionKey", wireType)
 			}
-			var msglen int
+			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowService
@ -917,26 +669,25 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			if byteLen < 0 {
 				return ErrInvalidLengthService
 			}
-			postIndex := iNdEx + msglen
+			postIndex := iNdEx + byteLen
 			if postIndex < 0 {
 				return ErrInvalidLengthService
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			v := &service.Token{}
+			m.SessionKey = append(m.SessionKey[:0], dAtA[iNdEx:postIndex]...)
-			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if m.SessionKey == nil {
-				return err
+				m.SessionKey = []byte{}
 			}
 			m.Message = &CreateResponse_Result{v}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
--- a/session/service.proto
+++ b/session/service.proto
@ -11,42 +11,29 @@ option (gogoproto.stable_marshaler_all) = true;
 service Session {
-    // Create is a method that used to open a trusted session to manipulate
+    // Create opens new session between the client and the server
-    // an object. In order to put or delete object client have to obtain session
+    rpc Create (CreateRequest) returns (CreateResponse);
    // token with trusted node. Trusted node will modify client's object
    // (add missing headers, checksums, homomorphic hash) and sign id with
    // session key. Session is established during 4-step handshake in one gRPC stream
    //
    // - First client stream message SHOULD BE type of `CreateRequest_Init`.
    // - First server stream message SHOULD BE type of `CreateResponse_Unsigned`.
    // - Second client stream message SHOULD BE type of `CreateRequest_Signed`.
    // - Second server stream message SHOULD BE type of `CreateResponse_Result`.
    rpc Create (stream CreateRequest) returns (stream CreateResponse);
 }
-
+// CreateRequest carries an information necessary for opening a session
 message CreateRequest {
-    // Message should be one of
+    // OwnerID carries an identifier of a session initiator
-    oneof Message {
+    bytes OwnerID = 1 [(gogoproto.nullable) = false, (gogoproto.customtype) = "OwnerID"];
-        // Init is a message to initialize session opening. Carry:
+
-        // owner of manipulation object;
+    // Lifetime carries a lifetime of the session
-        // ID of manipulation object;
+    service.TokenLifetime Lifetime = 2 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
-        // token lifetime bounds.
+
        service.Token Init = 1;
        // Signed Init message response (Unsigned) from server with user private key
        service.Token Signed = 2;
    }
    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
 }
 // CreateResponse carries an information about the opened session
 message CreateResponse {
-    oneof Message {
+    // ID carries an identifier of session token
-        // Unsigned token with token ID and session public key generated on server side
+    bytes ID = 1 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
-        service.Token Unsigned = 1;
+
-        // Result is a resulting token which can be used for object placing through an trusted intermediary
+    // SessionKey carries a session public key
-        service.Token Result = 2;
+    bytes SessionKey = 2;
    }
 }