WARNING: This server provides a static reference view of the NetKernel documentation. Links to dynamic content do not work. For the best experience we recommend you install NetKernel and view the documentation in the live system .

NKP prevents any request resolving to an endpoint that is marked as private.

It is therefore relatively simple to prevent external NKP requests accessing complete sets of endpoints simply by importing them into your NKP server/client space and marking the import as private.

However the symmetrical nature of NKP means that sometimes it is essential to have a client-side endpoint that is public but which you do not wish to be accessible to a server-side initiated NKP callback.

In order to add an additional level of protection to your address spaces you may enable the on either the client and/or the server side of the NKP connection. (See config)

When the NKP Resolvable Filter is enabled it will only allow NKP requests access to public endpoints that have explicitly declared that they should be resolvable to NKP requests. Endpoints may mark themselves as NKP resolvable by supplying the following endpoint metadata...

<endpoint>
  <meta>
    <NKPResolvable>true</NKPResolvable>
  </meta> ...regular endpoint configuration...
</endpoint>

The NKP Resolvable Filter is symmetrical and can be deployed on both server and client sides. It may be enabled on the server-side to add extra constraints for the resolution of external NKP requests. Equally, if the request scope is exposed, it may be enabled on the client side (both one-shot and mounted modes) to constrain resolution of server-side initiated NKP callback requests.

During development of distributed systems it is generally sufficient to simply use the default protection of the filter. But when allowing callbacks from untrusted parties it is advisable to enable the NKP Resolvable Filter to miminize and make auditable the exposed surface area of your client-side address space.