1. 14
  1. 4

    I like the example of passing sockets over (Unix domain) sockets! I use this pattern in a DB to send a server-side cursor to the client as a socket over a “session socket” (the client’s connection to the server). This is a much cleaner model than multiplexing multiple cursors over a single session socket. On the server, a dedicated (transient) thread keeps the cursor socket’s send buffer full. Not very scalable, but hides any IPC latency from the client while keeping the client single-threaded and async-free.

    I think it’s also a really common pattern in large distributed systems for the control plane to “introduce” a client to a node in the data plane, so all further communication takes place without involving the control plane (see GFS etc.). Some load balancers work this way as well (“direct server return”).

    1. 1

      the control plane to “introduce” a client to a node in the data plane, so all further communication takes place without involving the control plane (see GFS etc.)

      Can you elaborate, or point to any documentation, on the GFS example? I’m curious what terminology they use

      1. 1

        From “The Google File System” (https://static.googleusercontent.com/media/research.google.com/en//archive/gfs-sosp2003.pdf):

        “Clients never read and write file data through the master. Instead, a client asks the master which chunkservers it should contact. It caches this information for a limited time and interacts with the chunkservers directly for many subsequent operations.”

    2. 1

      Hmm, I think the distinction between “introduction” and “service discovery” is a bit too fine for me. Can you elaborate a bit? Is DNS resolution a kind of “introduction”?

      1. 3

        Service discovery and DNS resolution are both kinds of introduction, yes. But not all introduction is service discovery - there are some examples of that in the article.

      2. 1

        Maybe related to one server giving you credentials to access another, as in Kerberos and (more generally) capability systems.

        1. 1

          I recall discussing this topic with the author over the past week. One interesting note is that some of these examples are introductions, but not three-way introductions. The examples with genuine three-way introduction require Alice, Bob, and Carol to all be the same sort of agent. There are only three examples on the page, and they are all fundamental and interesting:

          • DNS queries are three-way when the query comes from a nameserver and asks for NS records; recursive DNS resolution is built from three-way introductions.
          • File-descriptor transfers are three-way when the FD being transferred is pointing to the same sort of services that hold the FDs for either end of the transfer.
          • Objects calling each other is three-way introduction. Like the article says, this leads directly to object capabilities.

          This is required for iterative introduction; without this, introductions don’t compose well enough. We discussed two other examples on IRC, SAML and magic-wormhole. SAML permits limited introduction, but it is not directly designed to delegate authority from one identity provider to another, and I’ve not been able to do it in the past when integrating with third-party SAML providers. magic-wormhole could do introduction, if it were possible for a wormhole recipient to get not just files but references to future wormhole sessions which deliver more files; however, today this isn’t a feature.

          I would augment the link at the bottom with one to Capability-based Financial Instruments, also known as the “Ode to the Granovetter Diagram”.