Motivation
The aggregation layer will authorize that a user has the required privileges for the requested resource in the tap request URL. If the user is authorized, then the request will be passed to the tap controller.
Once the tap controller receives the authorized tap request, it unpacks the request body and taps the resources specified by those parameters. There is a possibility that these resources could be different, so the tap controller should first make sure that they are the same.
If the requested body resources are different from the request URL, then the request should be failed