Modifications for DPoP tokens (!10) · Merge requests · atlas-tdaq-software / RunControl

Reiner Hauser requested to merge dpop into master Nov 28, 2024

Add a "rc://partition/recipient" operation to each acquire() and verify() call. For acquire() it is taken from the given argument, for verify() from m_commanded_application.id()

This prevents a captured token to be used anywhere else except the original recipient (i.e. a token meant for root controller cannot be replayed against a child controller with different arguments).

The replay cache prevents that the token is used against the original recipient with different arguments.

Edited Nov 28, 2024 by Reiner Hauser

Modifications for DPoP tokens

Merge request reports