Consider the following architecture:
Users log into a website and issue commands to the website.
In parallel, separate software processes ("agents") on different computers connect to the website and wait for these commands to be issued.
The agents log into the website separately and programmatically, the user logging into the website has no day-to-day interaction with them (conceivably there could be some interaction at, say, install time).
The website determines where to send each command - any one typical user may have n agents waiting for commands.
The command and therefore the work that the agent performs may be destructive. For example, data on the computer where the agent sits may be deleted.
How can we validate each command such that we know the command was sent by a authenticated user?
I am trying to avoid the vulnerability whereby, if a credential list was compromised, "fake" commands could be issued to agents. If an attacker impersonated the server, how could we avoid the messages being passed to the agent being executed?
As I am a little new to security I don't know what sort of keywords I should be searching for...