nvflare.private.fed.client.communicator module

class Communicator(client_config=None, secure_train=False, client_state_processors: List[Filter] | None = None, compression=None, cell: Cell | None = None, client_register_interval=2, timeout=5.0, maint_msg_timeout=5.0)[source]

Bases: object

To init the Communicator.

Parameters:

  • client_config – client configuration data

  • secure_train – True/False to indicate if secure train

  • client_state_processors – Client state processor filters

  • compression – communicate compression algorithm

client_registration(client_name, project_name, fl_ctx: FLContext)[source]

Register the client with the FLARE Server.

Note that the client no longer needs to be directly connected with the Server!

Since the client may be connected with the Server indirectly (e.g. via bridge nodes or proxy), in the secure mode, the client authentication cannot be based on the connection’s TLS cert. Instead, the server and the client will explicitly authenticate each other using their provisioned PKI credentials, as follows:

1. Make sure that the Server is authentic. The client sends a Challenge request with a random nonce. The server is expected to return the following in its reply:

  • its cert and common name (Server_CN)

  • signature on the received client nonce + Server_CN

  • a random Server Nonce. This will be used for the server to validate the client’s identity in the

Registration request.

The client then validates to make sure:

  • the Server_CN is the same as presented in the server cert

  • the Server_CN is the same as configured in the client’s config (fed_client.json)

  • the signature is valid

  1. Client sends Registration request that contains:

    • client cert and common name (Client_CN)

    • signature on the received Server Nonce + Client_CN

The Server then validates to make sure:

  • the Client_CN is the same as presented in the client cert

  • the signature is valid

NOTE: we do not explicitly validate certs’ expiration time. This is because currently the same certs are also used for SSL connections, which already validate expiration.

Parameters:

  • client_name – client name

  • project_name – FL study project name

  • fl_ctx – FLContext

Returns:

The client’s token

pull_task(project_name, token, ssid, fl_ctx: FLContext, timeout=None)[source]

Get a task from server.

Parameters:

  • project_name – FL study project name

  • token – client token

  • ssid – service session ID

  • fl_ctx – FLContext

  • timeout – how long to wait for response from server

Returns:

A CurrentTask message from server

quit_remote(servers, task_name, token, ssid, fl_ctx: FLContext)[source]

Sending the last message to the server before leaving.

Parameters:

  • servers – FL servers

  • task_name – project name

  • token – FL client token

  • fl_ctx – FLContext

Returns:

server’s reply to the last message

send_heartbeat(servers, task_name, token, ssid, client_name, engine: ClientEngineInternalSpec, interval)[source]
set_auth(client_name, token, token_signature, ssid)[source]
set_cell(cell)[source]
submit_update(project_name, token, ssid, fl_ctx: FLContext, client_name, shareable, execute_task_name, timeout=None)[source]

Submit the task execution result back to the server.

Parameters:

  • project_name – server project name

  • token – client token

  • ssid – service session ID

  • fl_ctx – fl_ctx

  • client_name – client name

  • shareable – execution task result shareable

  • execute_task_name – execution task name

  • timeout – how long to wait for response from server

Returns:

ReturnCode