Trust relationships

A netlet which is signed by a certain principal may be given privileges by a particular node and which are not available to unsigned netlets. These privileges may allow the netlet to perform administrative functions for the node, either directly through the native language API, or indirectly through the node-netlet control interfaces.

Before a descriptor is passed to a node in response to a binding request, the binding server may obtain signed certificates from the node as part of the binding mechanism. Services which must apply particular constraints to the nodes upon which they execute may use these certificates to ensure that the node meets these criteria. Depending on the certificates held by the node, the service may respond to the binding request with different descriptors, or may refuse the binding request.

The opportunity for this evaluation is not present when the warrant for a service contains the netlet descriptor, bypassing the binding protocol. Thus this technique must be used with care to ensure that security is not compromised.

The base API provides facilities for one netlet to access the descriptor signatures of a netlet with which it has a service connection. Clients may access the signatures of servers, and vice versa.