Next: Conventions, INetlet, INode, IService Up: Facets and interfaces Previous: Mediation and security Contents
As we know, use of a warrant creates a local netlet to access that service. A descriptor tells the node how to create and run this netlet.
The descriptor may be embedded in the warrant, but usually it will contain a URL reference to it; this allows the descriptor to be created on the fly if necessary. For example, it may contain parameters specific to current circumstances, or the codebase may even be different.
The node fetches the descriptor across the network using a binding protocol. If the URL is just an HTTP reference then of course the binding protocol is a simple HTTP fetch. But the URL may be anything, and may be a special protocol that allows negotiation--for example exchanging private keys, establishing resource availability, and so on.
Furthermore, when the binding server delivers the descriptor it may deliver additional data alongside it. Data embedded in the descriptor may be digitally signed, but the additional data is not: it is unsigned data. When the netlet is created and run it is given both kinds separately, and it can treat them each appropriately.
Unsigned data allows the server to send dynamic data without the overhead of compiling it into a descriptor. Also, descriptors are language-dependent (currently only Java), but unsigned data is language independent. This also explains why it is presented to netlets as a byte array; anything else is language-specific.