Merge branch 'main' into self-paced-training-chapter4

NVIDIA · Mar 4, 2025 · 9220719 · 9220719
2 parents f54c686 + 9e77eed
commit 9220719
Show file tree

Hide file tree

Showing 110 changed files with 3,503 additions and 424 deletions.
diff --git a/docs/programming_guide/fed_job_api.rst b/docs/programming_guide/fed_job_api.rst
@@ -120,9 +120,9 @@ These functions have the following parameters which are used depending on the ty
 * ``target`` (str): (For :func:`to<nvflare.job_config.api.FedJob.to>`) The target location of the object. Can be “server” or a client name, e.g. “site-1”.
 * ``**kwargs``: if the object implements the ``add_to_fed_job`` method, ``kwargs`` are additional args to be passed to this function. See the specific object's section for more details.
 
-.. note::
+.. warning::
 
-    In order for the FedJob to use the values of arguments passed into the ``obj``, the arguments must be set as instance variables of the same name (or prefixed with "_") in the constructor.
+    Important: in order for the FedJob to use the values of arguments passed into the ``obj``, the arguments must be set as instance variables of the same name (or prefixed with "_") in the constructor.
 
 Below we cover in-depth how different types of objects are handled when using :func:`to<nvflare.job_config.api.FedJob.to>`:
 

diff --git a/docs/programming_guide/filters.rst b/docs/programming_guide/filters.rst
@@ -71,6 +71,19 @@ Your subclass of DXOFilter benefits from the features of DXOFilter:
     - Filtering history recording. If a DXO node is processed by your filter, your filter's class name will be appended to the DXO's "filter_history"
     - Auditing. If your filter is applied, a job audit event will be created to record the fact that the filter is applied to data.
 
+Filter Behavior in 1-N Communication
+==========
+Based on the design, when a filter is applied to a object, for memory efficiency without making local deep copies, it can modify the object in place.
+This is fine when the object is expected to be sent to only one recipient, as in the case of 1-1 communication, e.g. client to server.
+However, in the case of 1-N communication, e.g. server to clients, the object will be expected by multiple recipients.
+Assuming a common filter is being used, if the object is modified in place, then the object sent to the second and other recipients should not be filtered again,
+otherwise they might be different from the one sent to the first recipient.
+
+Therefore, when designing and implementing filters, such behavior needs to be considered with care:
+
+    - If the object is modified in place, then the filter should be applied only once to the object.
+    - If different filters are expected to be applied to the same object, then the object should not be modified in place. Instead, a deep copy should be created and used by the filter.
+
 Creating a DXO Filter
 ---------------------
 You create a new DXO-based filter by extending the DXOFilter class, and provide the "process_dxo" method.

diff --git a/...ivacy/chapter-6_Security_in_federated_compute_system/06.0_introduction/introduction.ipynb b/...ivacy/chapter-6_Security_in_federated_compute_system/06.0_introduction/introduction.ipynb
@@ -127,7 +127,6 @@
     "\n",
     "All other security concerns must be handled by the site’s IT security infrastructure. The security framework does not operate in vacuum; we assume that physical security is already in place for all participating server and client machines. TLS provides the authentication mechanism within the trusted environments.\n",
     "\n",
-    "\n",
     "--- \n",
     "\n",
     "## Terminologies and Roles\n",
@@ -171,11 +170,8 @@
     "\n",
     "<img src=\"./federated_policy.png\" alt=\"Security Architecture\" width=\"60%\"/>  \n",
     "\n",
-    "\n",
     "<img src=\"./filters_and_privacy_policy.png\" alt=\"Security Architecture\" width=\"60%\"/>\n",
     "\n",
-    "\n",
-    "\n",
     "In this chapter, we will cover all these security mechanisms\n",
     "\n",
     "[6.1 Identity Security](../06.1_identity_security/identity_security.ipynb)\n",
@@ -188,13 +184,7 @@
     "\n",
     "[6.5 Message Serialization](../06.5_message_serialization/message_serialization.ipynb)\n",
     "\n",
-    "[6.6 Trust-based Security](../06.6_trust_based_security/trust_based_security.ipynb)\n",
-    "\n",
-    "\n",
-    " \n",
-    "\n",
-    "\n",
-    "\n"
+    "[6.6 Trust-based Security](../06.6_trust_based_security/trust_based_security.ipynb)\n"
    ]
   },
   {
@@ -206,9 +196,9 @@
  ],
  "metadata": {
   "kernelspec": {
-   "display_name": "nvflare_example",
+   "display_name": "Python 3 (ipykernel)",
    "language": "python",
-   "name": "nvflare_example"
+   "name": "python3"
   },
   "language_info": {
    "codemirror_mode": {
@@ -220,7 +210,7 @@
    "name": "python",
    "nbconvert_exporter": "python",
    "pygments_lexer": "ipython3",
-   "version": "3.10.2"
+   "version": "3.10.0"
   }
  },
  "nbformat": 4,

diff --git a/...ter-6_Security_in_federated_compute_system/06.1_identity_security/identity_security.ipynb b/...ter-6_Security_in_federated_compute_system/06.1_identity_security/identity_security.ipynb
@@ -4,7 +4,7 @@
    "cell_type": "markdown",
    "metadata": {},
    "source": [
-    "# **Indentity Security**  \n",
+    "# **Identity Security**  \n",
     "\n",
     "\n",
     "## Authentication\n",
@@ -51,32 +51,20 @@
     "Let's see above in action\n"
    ]
   },
-  {
-   "cell_type": "code",
-   "execution_count": null,
-   "metadata": {},
-   "outputs": [],
-   "source": []
-  },
   {
    "cell_type": "markdown",
    "metadata": {},
    "source": [
     "First, let's generate a default startup kits using the POC (Proof-Of-Concept) command. The POC command internally calls the provision tool to generate the default startup kits"
    ]
   },
-  {
-   "cell_type": "markdown",
-   "metadata": {},
-   "source": []
-  },
   {
    "cell_type": "code",
    "execution_count": null,
    "metadata": {},
    "outputs": [],
    "source": [
-    "! echo y | nvflare poc prepare\n"
+    "! echo y | nvflare poc prepare"
    ]
   },
   {
@@ -136,7 +124,7 @@
     "\n",
     "### Centralized vs. Federated Authorization\n",
     "\n",
-    "Instead of relying on a centralized (FL Server) to authorizate and authenticate users, NVFLARE now uses federated authorization where each organization defines and enforces its own authorization policy.\n",
+    "Instead of relying on a centralized (FL Server) to authorize and authenticate users, NVFLARE now uses federated authorization where each organization defines and enforces its own authorization policy.\n",
     "\n",
     "Each organization defines its policy in its own authorization.json (in the local folder of the workspace). This locally defined policy is loaded by FL Clients owned by the organization, The policy is also enforced by these FL Clients.\n",
     "\n",
@@ -193,7 +181,7 @@
  ],
  "metadata": {
   "kernelspec": {
-   "display_name": "nvflare_env",
+   "display_name": "Python 3 (ipykernel)",
    "language": "python",
    "name": "python3"
   },
@@ -207,9 +195,9 @@
    "name": "python",
    "nbconvert_exporter": "python",
    "pygments_lexer": "ipython3",
-   "version": "3.10.12"
+   "version": "3.10.0"
   }
  },
  "nbformat": 4,
- "nbformat_minor": 2
+ "nbformat_minor": 4
 }