W3C home > Mailing lists > Public > www-ws-arch@w3.org > December 2002

RE: Reliable Web Services

From: Cutler, Roger (RogerCutler) <RogerCutler@ChevronTexaco.com>
Date: Thu, 12 Dec 2002 13:52:11 -0600
Message-ID: <7FCB5A9F010AAE419A79A54B44F3718E01624841@bocnte2k3.boc.chevrontexaco.net>
To: "Miles Sabin" <miles@milessabin.com>, www-ws-arch@w3.org

It takes care of the cases where the deliveries from A to B are
routinely working but from B to A not.

I did not claim that it creates a "strong delivery guarantee", just
suggested that it might address at least one class of potential failure

I'm also not a network guy -- I am sure that you folks know much more
about this stuff than I do.

-----Original Message-----
From: Miles Sabin [mailto:miles@milessabin.com] 
Sent: Thursday, December 12, 2002 2:16 AM
To: www-ws-arch@w3.org
Subject: Re: Reliable Web Services

Cutler, Roger (RogerCutler) wrote,
> However, there are clear problems that I think people are calling the 
> "two army" problem (why two armies I have been unable to determine).

It's from Lamport et al.'s 1982 ACM TOPLAS paper "Byzantine Generals 


Details of the impossibility proof for asynchronous systems can be found

in Fischer et al., "Impossibility of Distributed Consensus with one 
Faulty Process",


(unfortunately you'll need an ACM Digital Library subscrption to get the

full text of these)

> Would the situation be changed materially if the spec were changed so 
> that A, at the time of "giving up", sent a "last message" to B saying,

> stated informally, "I've been trying to send you a message with ID xxx

> and I have not gotten an ack.  I'm giving up now.  If in fact you got 
> the message, be warned that I don't know it.  Here is some contact 
> information in case you want to try to explore this situation 
> further"? I believe that this extension would address some of the 
> failure scenarios but not others.

How does this help? This message could be lost too.

Or, to put it another way, if you're able to make strong delivery 
guarantees for the "I'm giving up" message, there's no obvious reason 
why you couldn't have made the same strong delivery guarantees for the 
earlier non-failure messages, in which case the "I'm giving up" message 
would be irrelevant.


Received on Thursday, 12 December 2002 15:37:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:41:01 UTC