- From: David Hull <dmh@tibco.com>
- Date: Mon, 13 Jun 2005 12:27:46 -0400
- To: "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>
- Message-id: <42ADB402.1060404@tibco.com>
The main argument I've heard for making Message ID mandatory is that
there are several well-known use cases which require some form of
message ID. One problem with this argument, as should be clear from the
discussion on the message ID uniqueness thread, is that while each of
the cases requires /some form/ of message ID, the exact form varies from
case to case. In particular:
* Reliability protocols require message ID scoped to a session,
including a small integer ID for scalability of acknowledgments.
* Logging requires an ID based on what the particular logger is
interested in. This might include just source and destination, or
it might include hops from intermediary to intermediary, it might
or might not include retransmissions for reliability, and so
forth. Given that logging is often used in tracing errors, the
logging facility should /not/ generally depend on the messages
being logged adhering to any particular rules.
* Message correlation may or may not require message ID at all, and
in any case the scope of uniqueness depends on the deployment.
* An ID for the purpose of detecting replay attacks has various
cryptographic requirements (e.g., it should include some form of
securely random bits).
It seems clear from the discussion so far that there is no
"one-size-fits-all" solution, and that the reasons for this are
fundamental. However, if we do wish to pursue a requirement for unique
message IDs, we at least need to be clear and explicit about what the
requirements are and why they exist.
Received on Monday, 13 June 2005 16:27:53 UTC