W3C home > Mailing lists > Public > www-ws-arch@w3.org > April 2002

RE: Infinite Loops and webservices

From: Fraser David <david_a_fraser@hotmail.com>
Date: Fri, 19 Apr 2002 08:04:46 -0400 (EDT)
To: www-ws-arch@w3.org
Message-ID: <F50osESlSVwJ5Pm0y3K0000243b@hotmail.com>
Maybe I should have been more explicit in my original message. I.e. In 
dynamically created graphs of interconnected systems how can one be sure 
that one is not completing a loop somewhere. In the 
Java-Object-Serialization mechanism for instance I think that the thread 
that executes the object-to-byte translation keeps a record of each object 
it serializes checking the list before it serializes the next one. This way 
the thread will not get caught in a loop if in the object graph there is a 
circular reference somewhere.
I could make an example that does not involve purchasing.

Company A has a quasi-public webservice that allows one(i.e. a human) to 
search for companies who provide the cheapest widgets. (i.e. Not to puchase 
them but just to seach for them.)
Evil Person A wants to annoy the &*@#$& out of people in the widget industry 
and those using Company A's seach tool.
Evil Person A creates a webservice and registers(UDDI) it as a widget 
manufacturer. Evil Person A's webservice is programmed to invoke Company A's 
webservice when Company A's webservice invokes it. This is extremely nasty 
for many reasons. Evil Person A could claim that s/he uses Company A's 
search mechanism as part of his/her web service and not be guilty of 
anything. (Although s/he might loose all credibility.) Also Company A was 
the one who invoked Evil Person A's webservice first. Also since there is no 
standardized way to know trace the 'thread stack' of webservice executions 
so to speak Evil Person A might be able to cover his/her tracks somewhat.
If I am way off please let me know.
D.


>From: "Cutler, Roger (RogerCutler)" <RogerCutler@chevrontexaco.com>
>To: "'Fraser David'" <david_a_fraser@hotmail.com>
>CC: "'www-ws-arch@w3.org'" <www-ws-arch@w3.org>
>Subject: RE: Infinite Loops and webservices
>Date: Thu, 18 Apr 2002 09:55:39 -0700
>
>Congratulations for a really great example.  The wonderful thing about it 
>is
>the plausibility.
>
>In my personal opinion, this sort of thing is exactly why the vision of
>totally automated procurement via UDDI is EXTREMELY unlikely to take place
>in the real world.  I cannot imagine a company that would be willing to
>accept this kind of exposure, and I think that it would be very, very
>difficult to convince real-world people (particularly the sort of person
>that is involved in purchasing, who tend to be rather careful) that any
>totally automated system could not fail in this sort of expensive way.
>
>In practice, I think that mature EDI systems provide a useful model for 
>what
>is likely to happen.  In these systems the purchasing links are set up by
>humans with explicit, highly controlled agreements.  The communication of
>the transactions, then, proceeds automatically, but there are always people
>involved at each step of the process.  The VAN acts like a mail service, 
>not
>a purchasing service.  The web services version of this replaces the
>proprietary VAN's with communication via the web, but I think that the
>business logic, which has been worked out as a result of tons of 
>experience,
>is likely to remain very similar or at most to evolve slowly.  The cost
>savings comes from the efficiency of the communications and in the
>standardization of the information transmitted so that it can be processed
>easily into and out of backend systems, not from eliminating people 
>entirely
>from the process.
>
>Incidentally, I talked to our EDI people about the scenario you suggest.
>Apparently there is nothing in the EDI systems themselves that would
>automatically prevent such a catastophe.  They found your scenario rather
>amusing, in fact.  In the real world the protection comes from the fact 
>that
>a human being is involved in each transaction and, one hopes, would notice
>that something was amiss after a while.
>
>-----Original Message-----
>From: Fraser David [mailto:david_a_fraser@hotmail.com]
>Sent: Wednesday, April 17, 2002 7:57 AM
>To: www-ws-arch@w3.org
>Subject: Infinite Loops and webservices
>
>
>I have an idiot question:
>Given how loosely coupled webservices and their clients can be and the high
>degree of dynamicity(?) there can be in choosing webservices could it be
>possible that infinite loops could occur between companies? e.g. Company X
>manufactures widgits Company Y manufactures widgits Company Z is a retailer
>of widgits
>
>Company Z runs out of widgits and through dynamically searching through a
>UDDI registry determines that Company X has the best price for widgets.
>Company X does not have enough widgets to immediately fulfill the order but
>instead informing the client of this Company X's webservice has been
>programmed to search for another widget manufacturer (Company Y) in the 
>UDDI
>
>registry and buy the widgets at
>cost thereby keeping the business of Company Z. Company Y only has 1 widget
>left. Unfortunately its webservice has been programmed to search for the
>cheapest widget manufacturer in the UDDI registry if it does not have 
>enough
>
>widgets to complete a sale. As Company X has the
>cheapest widgets it invokes it's webservice. This completes the loop and
>Company X and Y end up ordering 6 bazillion widgets from each other to
>fulfill Company Z's need for only a couple of widgets.
>
>D.
>
>
>_________________________________________________________________
>Join the world's largest e-mail service with MSN Hotmail.
>http://www.hotmail.com
>
>


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
Received on Monday, 22 April 2002 07:55:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:24:57 GMT