From c0759041b42ed62ea82caf3e1ef75a2431de3dbb Mon Sep 17 00:00:00 2001 From: Karn Seth Date: Wed, 18 Mar 2026 12:24:09 -0700 Subject: [PATCH] No public description PiperOrigin-RevId: 885727851 --- willow/proto/willow/BUILD | 14 +++++++++ willow/proto/willow/auth_token.proto | 33 ++++++++++++++++++++ willow/proto/willow/committee_selector.proto | 2 ++ 3 files changed, 49 insertions(+) create mode 100644 willow/proto/willow/auth_token.proto diff --git a/willow/proto/willow/BUILD b/willow/proto/willow/BUILD index 0fe42d5..c700537 100644 --- a/willow/proto/willow/BUILD +++ b/willow/proto/willow/BUILD @@ -36,6 +36,20 @@ cc_proto_library( deps = [":committee_selector_proto"], ) +proto_library( + name = "auth_token_proto", + srcs = ["auth_token.proto"], + deps = [ + "@protobuf//:timestamp_proto", + + ], +) + +cc_proto_library( + name = "auth_token_cc_proto", + deps = [":auth_token_proto"], +) + proto_library( name = "aggregation_config_proto", srcs = ["aggregation_config.proto"], diff --git a/willow/proto/willow/auth_token.proto b/willow/proto/willow/auth_token.proto new file mode 100644 index 0000000..8b99dd0 --- /dev/null +++ b/willow/proto/willow/auth_token.proto @@ -0,0 +1,33 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +edition = "2023"; + +package secure_aggregation.willow; + +import "google/protobuf/timestamp.proto"; + +option features.field_presence = IMPLICIT; + +// The body of the token authorizing requests to the Willow multidecryptor. +// This message is serialized and then authenticated with a MAC. +message AuthTokenPayload { + // The time at which this token becomes invalid. + google.protobuf.Timestamp expiration = 1; + + // Add any other relevant data to bind the token to a specific context, + // for example, a user ID, session ID, or specific resource. + // string user_id = 2 ; + // string session_id = 3 ; +} diff --git a/willow/proto/willow/committee_selector.proto b/willow/proto/willow/committee_selector.proto index a8e6b76..40bb314 100644 --- a/willow/proto/willow/committee_selector.proto +++ b/willow/proto/willow/committee_selector.proto @@ -45,6 +45,8 @@ message VolunteerForCommitteeRequest { // The name of the population that the client belongs to. string population_name = 3 ; + // Authorization token for this request. + string auth_token = 4 ; } // A record of a client who volunteered for a committee.