W3C home > Mailing lists > Public > www-ws-arch@w3.org > January 2003

RE: Proposed text on reliability in the web services architecture [lo ng]

From: Peter Furniss <peter.furniss@choreology.com>
Date: Thu, 9 Jan 2003 15:12:42 -0000
To: "Champion, Mike" <Mike.Champion@SoftwareAG-USA.com>, <www-ws-arch@w3.org>
Message-ID: <LLEBILBKKFJFAFMCFCHJKECCDMAA.peter.furniss@choreology.com>

Very helpful summary.

I still hold the difference between reliable messaging and "higher level"
reliability is largely
just a question of what the receiving party has agreed to - in other words
that it depends on
the over-arching contract.


> But in the case of reliable messaging, it seems that you should be able to
> use, for example, SOAP over HTTPR on one hop, and SOAP over JMS
> on the next
> hop, and still be able to support reliable messaging end-to-end. (The
> message goes reliably from A to C iff it goes reliably from A to
> B and from
> B to C - for example, B waits until it gets the transport-level ack from C
> before sending its transport-level ack to A).
> In fact, I think this was the rationale when IBM designed HTTPR,
> so that you
> could go from Internet to intranet (and vice versa), using SOAP over HTTPR
> on the Internet, and then switching to SOAP over MQSeries (or other MOM)
> once inside the intranet.

Would it have been acceptable for B to (reliably) store and then forward to
C later ?
Would A be expected to be able to tell ? It really depends on the A:B
contract (which
may be expressed in various ways). And the A:B contract could equally insist
that B doesn't
give an acknowledgement until there is assurance that C (or D) has found the
syntax acceptable;
or the goods are unambigously identified; or that they are in stock and will
be delivered to A.


The comparison with TCP is interesting, but there some points that weren't
mentioned the first time - in
particular that TCP "reliablity" is constrained to the epoch of the
connection - which has to be
established before any application data flows, and which provides a
numberspace for identifying the
messages. End-system crash invariably (afaik) causes connection termination.
To do the equivalent
with higher reliability (surviving system crash etc) requires various rules
about identifiers and their persistence which are essentially similar
whatever the acknowledgement of receipt means.

> RESTful Application-Level Protocols in lieu of RM
>
> To some extent, the absence of a reliable messaging layer in the
> infrastructure can be alleviated or superceded by employing
> application-level protocols that are designed to work with an unreliable
> substrate.

Which would also describe a BTP-style approach

>              REST is the obvious example here: to the extent that one can
> model a web service using the resource/representation framework,
> design the
> interaction pattern so that retrievals are "safe" (having no side effects)
> and storage operations are "idempotent" (they can be repeated
> multiple times
> without changing the state of the resource being updated), then an
> application can simply repeat an operation that fails or whose status is
> uncertain.
>
> [elaboration by a RESTifarian is solicited]

Yes please.  If Mike's description here of the approach is on the right
lines, it would seem
to run the risk of holding the form of REST but denying the substance. There
could be more
statefulness here, and held for longer than in the other approaches. Making
a URI-distinguished
resource to hold what is really session state (relevant only to the
particular client that requested
the update) doesn't seem to gain much in reality.

> While these are good points to make in the WSA document, there are some
> downsides that must be noted:
>
> * It's not clear how this would work in an environment where messages span
> different protocols, which may not have the fine-grained and well-defined
> error reporting and redirection features of HTTP.
>
> * It requires the web service system to be designed from the
> ground up to be
> RESTful; it's hard to see how legacy procedural code can, in general, be
> wrapped up in a layer that exposes it using the resource/representation
> framework, makes updates idempotent, etc.
>
> * It forces application developers to think about transport
> issues much more
> than they generally want to.  There's a middle ground between hiding the
> unreliable infrastructure behind "magic" IDEs and protocols and making
> application developers be aware of all the complex issues involved in
> distributed computing. 

It ought to be possible to confine the awareness to just
reversing/undoing/not finalising
the might-have-been changes at this end (for either end) when the
failure/cancellation
is reported. The magic has to give clear signals, and the application
respond appropriately (for
its sense of appropriately)

Peter

------------------------------------------
Peter Furniss
Chief Scientist, Choreology Ltd

   Cohesions 1.0 (TM)
   Business transaction management software for application coordination

web: http://www.choreology.com
email:  peter.furniss@choreology.com
phone:  +44 20 7670 1679
direct: +44 20 7670 1783
mobile: +44 7951 536168
13 Austin Friars, London EC2N 2JX
Received on Thursday, 9 January 2003 10:13:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:12 GMT