Once unknown and untrusted parties have discovered each other on Horizon, and have satisfactorily negotiated a contract, the consumer will typically send a code container to the producer in order to consume its data and/or services.
Horizon data and services consumers will typically deliver code (currently in the form of a Docker container) to the edge device to be run locally. This code will then directly consume those data and/or services.
One of the first steps for a Horizon consumer is therefore to develop code for the edge device and package it into a Docker container. This container will normally be run constrained within a Docker container sandbox where it will have limits on its memory and CPU consumption, network access, peripheral hardware access, etc. Typically, specialized hardware (like the Software Defined Radio (SDR) hardware used by some of our Insight applications) will require special Docker flags to enable access. For SDR, a REST service is provided to enable access to the SDR from within their constrained sandboxes.
Once a Docker container is built, it will need to be hashed, tagged, cryptographically signed, and then "seeded" into the Horizon BitTorrent network. Edge devices may then use BitTorrent to download the container. Once downloaded, the container's hash and cryptographic signature will be verified, then the container will be loaded and run in Docker.
Note that the actual details required by the producer in order to execute their contract obligations (i.e., the Docker container's name, its hash, and its signature, so the code can be safely downloaded over BitTorrent and run) should never be written into the (public, open, permanent) Horizon blockchain. Instead these details should be communicated between the consumer and the producer over Whisper (the private peer-to-peer communication system provided on Horizon).
Note also that other blockchain and container technologies are being evaluated for use in Horizon.