RE: Proposed text on reliability in the web services architecture

I was definitely talking about malfunction. I wanted to point out that it
doesn't necessarily have to be malicious or a security violation, or even
failure of the node. The application may be functioning and working with the
best of intents, but without the proper mechanisms in place failure would go
undetected.

But security is an important issue. And I have to say this is an excellent
summary of one of the key points of RM. So for Roger, who has been asking
that we start summarizing our key points: this e-mail is important enough to
be part of the architecture document.

arkin


> -----Original Message-----
> From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On
> Behalf Of Miles Sabin
> Sent: Tuesday, January 21, 2003 3:33 AM
> To: www-ws-arch@w3.org
> Subject: Re: Proposed text on reliability in the web services
> architecture
>
>
>
> Assaf Arkin wrote,
> > From what I recall Byzantine failure (and the larger space of
> > problems around it) describes a trust problem in group communication.
> > Namely: how do I trust that you will process the message I sent you
> > in the proper manner.
>
> Not exactly. Byzantine failures are where nodes/links don't simply fail,
> they malfunction in a way which violates the protocol. The connection
> with trust issues is that an untrustworthy or malicious node is pretty
> much indistinguishable from a malfunctioning one.
>
> I think byzantine failures are definitely worth consideration here,
> especially in connection with intermediaries and gateways ... eg. a
> gateway might accept a SOAP message for forwarding to an internal
> system, forward it to the internal system which fails silently, then
> ack at the SOAP level to the sender.
>
> This is yet another example of why RM is an end to end characteristic of
> a communication mechanism. Gateways are an endpoint wrt WS messaging,
> but aren't endpoints wrt the application, which also includes the
> systems gateway'd to.
>
> Cheers,
>
>
> Miles

Received on Tuesday, 21 January 2003 06:46:04 UTC