Re: Syntax options for Async from David Hull on 2005-11-17 (public-ws-addressing@w3.org from November 2005)

From: David Hull <dmh@tibco.com>
Date: Thu, 17 Nov 2005 15:37:06 -0500
To: "Rogers, Tony" <Tony.Rogers@ca.com>
Cc: Neil Hudson <nahudson@sqc.co.uk>, public-ws-addressing@w3.org
Message-id: <437CE9F2.9010500@tibco.com>
(Tony modestly downplays his role in producing "Tony's timeline
<http://www.flickr.com/photos/psd/9877189/in/photostream/>" at the async
meeting in Palo Alto)

I'm becoming more convinced that talking about a "backchannel" muddies
the waters.  We've been using the term for a while, but with only an
intuitive notion of what it means.  I would prefer to talk about
"sending to the anonymous address" at the application level and
"request-response" at the SOAP or wire level, as I think these are both
better defined.  The link is that sending to an anonymous address at the
application level means using request-response at the SOAP or wire level.

In terms of the proposal I previously sent out
<http://lists.w3.org/Archives/Public/public-ws-addressing/2005Nov/0051.html>,
the anonymous endpoint (if available) MAY (or possibly MUST) be /used/
for faults in any MEP until the wsa:FaultTo header is understood.  The
rest should work OK, with appropriate changes to the non-normative
notes.  In particular, even an in-only may manifest as a
request-response in the context of SOAP/HTTP (e.g., if an in-only
message contains an unrecognized MustUnderstand header, the receiver MAY
(or possibly MUST) send back a fault as a response).

Or at least, that's how I read the timeline.  If we want some other
reasonable semantics, we should be able to define it just as briefly and
clearly in the framework I gave.

Rogers, Tony wrote:

> The fact that a fault may be sent on the backchannel in a number of
> cases (you identified one not previously discussed - the idea of an
> intermediate non-WSA node) was one of the more hotly discussed topics
> on the async task force. It was not agreed that a fault on the
> backchannel could be ignored, however. Indeed, it was agreed that the
> sender should be prepared to accept a fault on the backchannel for
> some period. Ideally this period would be until the 202 was received
> (sending a fault on the backchannel after that is, um, problematic!).
> Should the implementation close the connection early, however, the
> fault would get dropped on the floor (I don't like this - I think
> closing the connection before receiving the response is just asking
> for trouble, but there are timeout questions here).
>  
> I don't believe there was overall agreement on how to describe this.
> Some believe this belongs to the protocol binding, because it's
> talking of HTTP 202s. Others believe it can be discussed at a more
> abstract level, in terms of whether the underlying protocol supports a
> backchannel (without a backchannel the discussion becomes moot). I'd
> like to think that it can be described in general terms at a more
> abstract level, with the specifics (eg: returning a 202) left to the
> binding.
>  
> -----Original Message-----
> *From:* public-ws-addressing-request@w3.org on behalf of Neil Hudson
> *Sent:* Thu 17-Nov-05 15:30
> *To:* public-ws-addressing@w3.org
> *Cc:*
> *Subject:* Re: Syntax options for Async
>
>
>     I would like to raise an observation on the proposal : Async
>     Extension for
>     SOAP1.1/HTTP
>     http://lists.w3.org/Archives/Public/public-ws-addressing/2005Oct/att-0116/Pr
>     oposalTake3.htm
>
>     The observation relates to how the rules for routing messages when a
>     separate HTTP return connection is being specified for example with:
>         <wsaw:Async wsdl:required="true"/>full<wsaw:Async>
>     or possibly:
>         <wsaw:Async wsdl:required="true"/>always<wsaw:Async>
>     apply to Fault messages.
>
>     In the first case "full" section 3.1.1 states that the consumer
>     can cause a
>     separate connection to be used by specifying an explicit reply EPR
>     rather
>     than using the anonymous URI.  When this is done the specification
>     states
>     that the initial consumer connection receives a Null 202 response
>     without a
>     SOAP body and that replies are sent to the EPR on another connection
>     initiated by the provider.
>
>
>
>     [1] Question on the Null 202 Response?
>
>     Does the reply have to have an empty HTTP body or is it just that
>     there is
>     no Soap Body inside the reply?  What meaningful information could be
>     contained in a non empty HTTP body?  The BP 1.1 states that for
>     one-way
>     operation there is no Soap Envelope in the response, should these two
>     patterns be consistent?
>
>
>
>     [2] Exceptional Cases - Sending Faults to the 'Wrong' Place
>
>     The text as currently written could be interpreted as stating that
>     if "full"
>     operation is an option and the consumer specifies an EPR for
>     Faults then the
>     initial connection, if successful, would never get a Fault Message
>     back but
>     would always get the Null 202 response.  I believe there could be
>     exceptional cases where the node that receives the initial request
>     could not
>     guarantee that a Fault reply will not be sent back on the initial
>     connection.  Some possible cases where this could occur are:
>     (a) The SOAP envelope has become so corrupted that it can not be
>     parsed and
>     a Fault is generated in response.  The parser has two
>     alternatives, don't
>     send any Fault information or send  a Fault back on the open
>     connection.
>     The later is the general case.
>     (b) The Reply EPR and Fault EPR attributes have been lost from the
>     message.
>     A Fault is generated.  It could be argued that the sensible thing
>     is to send
>     it back over the initial connection.
>     (c) The initial connection is to an intermediate node that is not
>     WS-A aware
>     and a Fault is generated / returned from this node.
>     (d) The message does not map to a recognised operation and the
>     lower level
>     dispatcher implementation is not WS-A aware.
>
>     The examples above illustrate three basic types of issue:
>     (a) Corruption of messages that prevent the use of the Fault EPR
>     even if the
>     layer of the service stack is fully capable of dealing with a
>     Fault EPR were
>     the information present.
>     (b) Lower level protocols within the stack, that are not
>     necessarily WS-A
>     aware, and that generate Faults and return them immediately whilst
>     aborting
>     the higher level processing.
>     (c) Connection through intermediate nodes which may not be WS-A
>     aware and
>     may view WS-A data as payload.
>
>     Note that on point (b) it could be argued that a compliant
>     implementation
>     needs to address the WS-A Fault EPR at all levels.  So for example
>     if the
>     SOAP protocol layer detects a Fault it should check for the Fault
>     EPR in the
>     message it has received and if so send the Fault to this EPR. 
>     However this
>     would increase coupling between layers and goes against the
>     implementation
>     of stacks in layers.  Implementation could be easier / cleaner if a
>     'generic' SOAP implementation is used and WS-A protocols are
>     implemented as
>     a higher layer in the stack.  The present wording would mean a
>     well behaved
>     implementation would have to implement Fault EPR routing in the
>     SOAP layer
>     and even this would not guarantee that the Fault EPR would always
>     be used
>     and that no Fault message would ever come back on the initial
>     channel (due
>     to
>     message corruption).
>
>     In theory a compliant consumer could ( should? ) simply ignore
>     Faults it
>     received back instead of a Null 202 reply and carry on, however:
>     (a) Consumer implemented based on this assumption could be vulnerable.
>     Software that gets something it is not expecting has a long track
>     record of
>     malfunctioning badly.  It would be better to spell out what could
>     happen so
>     that consumer developers know it is coming - eventually.
>     (b) Lower level, 'middleware' faults could be lost because they
>     are not sent
>     to the Fault EPR.  If the service is a Robust-In-Only, "You will
>     be told if
>     something has gone wrong.", this increases the risk of the request
>     failing
>     without the consumer being informed.
>     (c) Application monitoring systems / event logs may miss faults
>     resulting in
>     a lower quality of service.
>
>     Maybe one approach worth considering  is that the provider will be
>     making
>     best efforts to send Faults to the EPR specified by the consumer
>     but that
>     this will not always be the case and the consumer needs to be
>     aware of this.
>     Putting this into concrete requirements is messy but one stab is
>     illustrated
>     below:
>
>     [1] The consumer MUST be able to receive a Fault reply on the initial
>     connection in the response to the initial HTTP request without
>     malfunction.
>     [2] The consumer MUST be able to receive Fault replies at the
>     Fault EPR
>     without malfunction.
>     [3] The consumer MUST be able to receive Fault replies at the
>     Reply EPR
>     without malfunction.
>     [4] The provider MAY send Generic SOAP and WS-A faults on either
>     the initial
>     connection or to the Fault EPR( or to the Reply EPR if no Fault EPR is
>     present.).
>     [5] The provider SHOULD send WS-A faults to the Fault EPR where
>     this can be
>     identified as the consumers selection( or to the Reply EPR if no
>     Fault EPR
>     is present.).
>     [6] The provider MUST send Faults for protocols that sit above the
>     WS-A
>     level to the Fault EPR( or to the Reply EPR if no Fault EPR is
>     present.)
>     [7] The provider MUST send explicitly declared Operation Faults to
>     the Fault
>     EPR( or to the Reply EPR if no Fault EPR is present.)
>
>     I am less clear about suggesting the following:
>
>     [8]  The consumer MUST respond identically to Generic SOAP and
>     WS-A faults
>     received in either the response to the initial HTTP request or on the
>     specified Fault EPR ( which could be the Reply EPR if no Fault EPR was
>     specified in the request).
>     [9] When the consumer specified a separate Fault EPR it SHOULD
>     respond to
>     Faults received on the Reply EPR in a way identical to Faults
>     Received on
>     the Fault EPR. - deals with lost Fault EPR
>
>     I don't think these state the obvious - for example that a Fault
>     EPR needs
>     to deal with Faults that are sent to it.
>
>     Explicitly stating that the consumer needs to expect the
>     unexpected, particularly for lower level Faults will make for more
>     robust
>     less tightly coupled systems.
>
>     Best regards
>
>     Neil
>
>     --
>     ------------------------------------------------------------
>     Neil Hudson CEng MBCS MIEEE
>     ------------------------------------------------------------
>     SQC Technology Limited
>     Phone : +44(0)1283 763632
>     Fax   : +44(0)1283 763631
>     Email : nahudson@sqc.co.uk
>     Web   : http://www.sqc.co.uk
>     ------------------------------------------------------------
>
>
>
>
Received on Thursday, 17 November 2005 20:39:43 UTC