OASIS ebXML Messaging Services TC

 View Only

  • 1.  multi-hop / routing: current state of discussions

    Posted 11-16-2007 21:24 
    




    Here is my 
recollection of what are the options on the table, and some requirements on 
which there seems to be consensus so far.
    

    Any more 
addition or update?
    

     
    

    -Jacques
    

     
    

     
    

    General 
assumptions:
    

    ------------------------------
    

     
    

    A1: 
intermediaries must (or "should"?) be 
"transparent", not altering ebMS headers at all.
    

    

    A2: end-to-end reliability case must be supported 
(in addition to other case where the intermediary is itself an RM / Security 
endpoint)
    

    

    A3: the 
Sending MSH should not have to be aware of intermediaries (i.e. not distinguish 
them 
    

    from any receiving MSH, message content-wise). At 
most, some P-mode options might be ruled out. 
    

     
    

    1. Topology 
Requirements
    

    ----------------------------------------
    

     
    

    Different topologies that must be 
supported:
    

     
    

    T1: single intermediary (2 hops), gateway mode serving back-office 
message handlers.
    

    Typically in the DMZ, and likely to be itself a 
reliability/security endpoint.
    

     
    

    T2: single intermediary, a hub serving as a switch 
between a community of MSHs. 
    

    Not a security or reliability 
endpoint.
    

     
    

    T3: Interconnected Hubs (generalization of T2), 
each of them serving a set of local MSHs.
    

    An end-to-end path may involve several hubs. 
Endpoints may have specific constraints
    

    that the hubs do not have, e.g. they may only pull 
from their hub, messages that have been
    

    pushed to this hub.
    

     
    

    2. Traffic Patterns Requirements
    

    ----------------------------------------------
    

     
    

    Different flow patterns that must be 
supported:
    

     
    

    P1: The "unidirectional intermediary":
    

    Case where an Intermediary sits in the DMZ, only 
channeling the incoming
    

    traffic, for security reasons. All outgoing 
requests are not required to use the intermediary, 
    

    and can directly address their destination (or 
another intermediary).
    

     
    

    P2: The "bi-directional intermediary":
    

    Cases where all requests and responses to/from a 
particular ultimate destination,
    

    need use the same intermediary.
    

     
    

    3. Connection Management Requirements
    

    ------------------------------------------------------------
    

     
    

    C1: Synchronous paths:
    

    All intermediaries keep their connections open for 
a request path, and responses
    

    tht the ultimate receiver is sending synchronously, 
are carried over the back-channels
    

    all the way (possibly, piggybacked with some ebMS 
Error-warning from intermediaries,
    

    or with RM acks or other signals, if an 
intermediary is itself a QoS endpoint).
    

     
    

    C2: Asynchronous paths:
    

    At every step, the intermediary closes the 
connection, returning HTTP status, possibly
    

    an ebMS error if the processing of the request 
fails, and possibly other signals in case 
    

    the intermediary is itself a reliability/security 
endpoint.
    

    For any synchronous response received, the last 
intermediary has to either (a) send it in a callback
    

    mode e.g. over a new HTTP request, (b) reuse 
another back-channel available from its
    

    predecessor (e.g. offered by a PullRequest). 

    

     
    

    Routing techniques: (to be discussed)
    

    ----------------------------
    

     
    

    R1. Fully static routing:
    

    In that case, the intermediary is wired to always 
forward everything
    

    to the same destination, no matter what the origin 
is. No routing function required.
    

     
    

    R2. URL-based routing:
    

    In that case, the routing is determined only based 
on URL content, e.g. on which port(s)
    

    the intermediary receives.
    

     
    

    R3. Message-controlled routing:
    

    In that case the routing is entirely determined by 
message content (e.g. ebMS header or
    

    wsa header). These header elements would contain 
the next MSH URL (e.g. as in WS-Routing,
    

    or can be achieved for 2-hops e.g. using wsa:To).
    

     
    

    R4. Message and Table-controlled 
routing:
    

    Routing is determined based on message content + 
routing table that associates next URL
    

    with message content.
    

     
    

    NOTE: 
R4 must be supported, others to be discussed.
    

     
    

     
    

    SOAP header data involved in routing: options to be 
discussed
    

    ------------------------------------------------------------------------------------------
    

     
    

    NOTE: here, only WS-ReliableMessaging and issues 
related to its use are looked at. 
    

    The use of WS-Reliability would not cause the same 
problems as the latter has no 
    

    standalone RM signals to care about.
    

     
    

    H1. None. In that case, other techniques are used, 
e.g. URL-based (see R2, or R1 above).
    

    In that case, fully synchronous paths should be 
used (C1 above). Or, fully async.
    

    Such intermediaries are not ebMS intermediaries, 
not even SOAP intermediaries (no
    

    intelligence of SOAP headers).
    

     
    

    H2. WS-Addressing headers:
    

    - the routing of "RM sequence lifecycle" messages 
(CreateSequence / CreateSequenceResponse,
    

    CloseSequence / ClSR, TerminateSequence / TSR) must 
be controlled by WS-addr, especially
    

    the response signals are controlled by wsa:ReplyTo. 
This is required for compliance with
    

    the behavior expected from RMDs out there. 

    

    - wsa:ReplyTo could be given 3 types of values: 

    

    (a) the URL of ultimate recipient (RMS). That fits 
the traffic pattern P1 above.
    

    (b) the URL of the intermediary. In that case, the 
intermediary must be told how to forward
    

    this further back to the RMS. 
    

    (c) an "anonymous" URI. In that case, the last 
intermediary will receive the response signals 
    

    synchronously, and must be told how to forward back 
to RMS. 
    

    Issue with (c): if RMS has set "anonymous ReplyTo" 
it may expect to get this response
    

    on the back-channel of the related request (and not 
any other backchannel). 
    

    This can't be accommodated by the "first" 
intermediary, unless we are in a synchronous path (C1 above).
    

    - the routing of "forth" RM signals (the RM 
lifecycle requests) is TBD, can use wsa but
    

    tis is not a critical compliance 
issue.
    

    - the routing of ebMS messages could also be based 
on wsa headers, but the routing functions
    

    are then llimited (based on wsa:From, wsa:To, 
wsa:Action, not based on any party info or
    

    eb:Service/Action). NOTE: such intermediaries could just be SOAP intermediaries 
and not understand
    

    ebMS headers. But this cause sever 
restrictions: combinations 
of Push and Pull, where a hub itself is 
    

    the target of pulling, could not be 
handled.
    

     
    

    H3. ebMS headers:
    

    - the routing of "RM sequence lifecycle" request 
messages (CreateSequence ...) could still
    

    be controlled at ebMS level if piggybacked on an 
ebMS message, e.g. a dummy one with
    

    the existing default eb:Service for testing, and a 
new dummy eb:Action value.
    

    Drawback: this requires some control on the RMS 
implementation to be able to piggyback
    

    its signals, and this does not remove the need to 
use wsa:ReplyTo.
    

    Advantage: the routing of "forth" RM signals canbe 
controlled in same way as other ebMS
    

    messages (except based on Service/Action if dummy 
values are needed on the piggyback message).
    

    - the routing of ebMS messages is based on 
their header content (see R3 or R4 above). 

    

    NOTE: This 
understanding of ebMS header is necessary for advanced Intermediary functions 
besides 
    

    routing, like 
handling cases where the intermdiary itself is Pull 
target.
    

     


  • 2.  RE: [ebxml-msg] multi-hop / routing: current state of discussions

    Posted 11-18-2007 16:04 
    Here are some more (unfortunately somewhat pessimistic) thoughts on 
intelligent routing and WS-ReliableMessaging.

If we are talking about routing based on ebMS based on ebMS header
information, a common requirement for and benefit of the intermediary
is that it can serve to decouple the sender and the recipient and
to centralize some configuration change management:

(1) It allows two partners to communicate even they are in different
networks without even a shared DNS.
(2) If the connection properties of Partner B change, it allows B to
just communicate these changes to the Intermediary from which it
receives incoming messages, not to all partners sending via that
intermediary. 
(3) If Partner B distributes its services over multiple MSHs and some
ebMS-aware dispatcher is used to distribute messages to the correct
MSH, B's partners should not have to know how many MSHs B has, but
only the address of the dispatcher. 

The third use case is about giving B the freedom to add MSHs as
traffic patterns evolve.  B should also be able to change the routing
logic without having to tell A. For example, to move from To/PartyId
based routing to Service/Action based routing to routing based on more
dynamic properties, e.g. (RefTo)MessageId or ConversationId. The
latter would support a kind of ebXML load balancing, assuming a
conversation/transaction affinity similar to the way some networking
appliances implement TLS session affinity.

To me it seems there is a basic incompatibility between wanting to
support intelligent ebMS-aware routing by an intermediary and wanting
to implement end-to-end reliability using WS-ReliableMessaging and
WS-A.  The sequence concept of WS-RM requires all messages sent in the
sequence to be delivered to a single MSH. This means that a sending
MSH needs (i) to know all different(ultimate) MSHs it will send
messages to, (ii) to set up sequences with all these MSHs and (iii) to
send each message on the correct sequence. If it knew all this, would
it still need an intelligent intermediary? There is some discussion on
message ordering and multiple recipient MSHs in an early ebXML IIC
document: M. Wang. ebMS Implementation Guidelines. Version 0.2. 2002.
URL:
http://www.oasis-open.org/committees/download.php/2950/ebMS_implementationGu
idelines.doc

If Partner A establishes a sequence with Partner B, and some
intermediary happens to send some messages from the sequence to a
different MSH, the sequence fails. This problem would not occur if we
could have end-to-end reliability without having to use message
ordering, as was possible with ebMS 2.0. There are production ebMS 2.0
deployments that support this. Unfortunately, WS-ReliableMessaging
implements reliability using sequencing. And due to the
CreateSequence, TerminateSequence overhead for every sequence,
WS-ReliableMessaging is not useful when the sequence consists of just
one message to send.

When using an ebMS3 intermediary or any form of intermediary that has
some intelligent routing capability, use of message ordering protocols
like WS-ReliableMessaging imposes a requirement that the end-to-end
association between originating MSH and ultimate MSH is the same for
any message in a sequence. This requirement can be a property of the
way the routing is set up. If routing is based on To/PartyId, and if
there is just one MSH per To/PartyId, and if the sender sets up a
different sequence for all its business partners, this would
work. When using a more fine-grained (routing based on Service) or
dynamic (e.g. load balancing between multiple MSHs) type of routing
the intermediary should probably record the assigned MSH for any
sequence and reuse it for all subsequent messages. I.e. only the first
sequence in the sequence should be inspected to make the routing
decision.

The assignment of a sequence to an MSH should be done at the time the
intermediary first becomes aware of a new sequence being set up. With
WS-ReliableMessaging, this happens when the intermediary observes a
CreateSequence message and the corresponding CreateSequenceResponse
message flowing through. At this point the sequence is established and
the intermediary should set the destination MSH and effectively freeze
it for the sequence. (There may be some more options for
intermediaries other than "the last").  The purpose of an ebMS3
intermediary (or other router with some intelligence) would be to be
able to inspect the ebXML message header to set this destination.
With ebMS 2.0, this is perfectly possible, as the MessageOrder element
is an element in a regular ebMS message that also contains From and To
PartyIds, Service, Action and ConversationId.  WS-Reliability also
supports this.  A second disappointment with WS-ReliableMessaging: the
CreateSequence message is a stand-alone message that occupies the SOAP
body and that is to be sent before the first real, meaningful message
in the sequence is sent. So the intermediary has no information to
base any intelligent routing decisions on.

A solution could be to piggy-back ebMS information with the message
that carries the CreateSequence structure.  If this ebMS information
is a full UserMessage, to allow it to carry all user message
information that a router might want to use, can we risk piggy-backing
it on the CreateSequence message that itself is non-reliable? What
does this message look like?  If it uses the default Service for
testing, what if the intermediary wants to know the intended
meaningful business Service to make a routing decision?

An alternative would be to have two reliability chains (up to the
Intermediary for incoming messages, and from the Intermediary for
forwarded messages) and some way to tie them.  Could we define "Ack on
Delivery" for an Intermediary as: "Ack on successful forward", meaning
that intermediate SOAP nodes in the SOAP path do not send their
acknowledgments until they have delivery confirmation from the next
node (which, if it behaves the same, would also wait, meaning no
intermediary ACKs until the final MSH has ACKed).  If I read 8.2.3 of
ebMS 3.0, it seems to indicate WS-ReliableMessaging does not support
"Ack on Delivery", so "Ack on Forward" probably won't work either ..
 
Perhaps multiple separate but connected reliability chains do provide
enough overall robustness and the end-to-end acknowledgment should
rely on something like an ebBP ReceiptAcknowledgment instead ..


  • 3.  RE: [ebxml-msg] multi-hop / routing: current state of discussions

    Posted 11-19-2007 03:25 
    Interesting analysis. There is a fundamental issue in combining
"ebMS-intelligent" routing, and the need to establish a fixed
reliability path (using RM seq lifecycle messages) prior to all reliable
exchanges to take place between two "multi-hop" parties.

WS-Reliability appears easier to deal with for 3 reasons: (a) no
separate lifecycle messages, (b) there is the option (like in ebMS2) to
*not* use sequence numbers, (c) the Ack semantics is on delivery, which
could mean "forward" for an intermediary. This makes it easier to chain
several reliable path segments.
This is something we will have to seriously consider. At this point it
looks like Part 2 - like Core part - cannot afford to ignore either
reliability spec. 
Reliable (ordered) sequences are still something desirable, because they
allow for high performance and very robust duplicate detection, and loss
detection. But they assume the destination is resolved from the start.
WS-Reliability makes this a little more flexible (i.e. sender only has
to know what messages are for the same destination, vs. knowing the
destination).

With WS-ReliableMessaging, an approach could be: All routing is based on
wsa:To, which identifies the reliable destination (even if the routing
path may change). No ebMS-intelligent routing.

Chains of reliable segments appear unsafe, opening loopholes during
intermediary forward.

In all cases, it seems more important than ever to clarify the
requirements for multi-hop, and the use cases to be addressed.

Jacques
 



    
                                                
    
					
                                                    

        
                                                
				
    
                                                
    
                                                    
                                                        
                                                        Original Message


  • 4.  Pim on routing intermediaries, WS-ReliableMessaging

    Posted 11-19-2007 20:32 
    [Pim explained the conflict between WS-ReliableMessaging and the
advantages in using routing intermediaries.]

The main options for dealing with the conflict are 

0. Use WS-Addressing anonymous for reply-to and acks-to, and have all
intermediaries wait before their HTTP reply is made.
[The above does not scale well, is brittle, and utilizes lots of
resources.]

1. Use piggybacking (and presumably 1 message long sequences?).
[Still lacks routing advantages. RMSes have to target RMDs, and so have
high lifecycle configurability burdens. Routing intermediary topology
cannot be changed while leaving RMS configuration unchanged. Probably
destroys advantages of ebMS routing intermediary, as Pim explained.]

2. Locate RMD at routing intermediary, and check security at
intermediary also.
[ Loss of end to end reliability.]


Pim has convincingly explained how WS-ReliableMessaging is not very
intermediary friendly and, along with Jacques, reflects a step backwards
in trying to accommodate intermediaries with end-to-end acknowledgments.
However, the goal of WS-* technology level convergence seems to require
that we support WS-ReliableMessaging because it is the WS-I sanctioned
solution.

Is option 2 above an option that could be embellished to be
satisfactory? What would it take? Add on an ebBP/RN style
ReceiptAcknowledgment or ReceiptAcknowledgmentException (if we wanted to
be optimistic with respect to WS-ReliableMessaging terminated at
intermediary working most of the time?)

Just some reactions. Good analysis Pim!


  • 5.  RE: Pim on routing intermediaries, WS-ReliableMessaging

    Posted 11-19-2007 21:46 
    The intermediary beeing itself an RM/security endpoint fits the
"gateway" topology use case T1 (in my previous summary)
But  CDC asked for a use case more like T3, where there could be a
"cloud"  of intermediaries (1 or more) between 2 parties that support
end-to-end RM.
Typically: party A --> regional hub 1 --> regional hub 2 --> party B.
With no possibility to bypass the hubs.

So here is some more ideas on the ebMS-routing option:

Regardless of the routing technique, something remains always true in
sequence-based RM
(whether WS-Reliability or WS-ReliableMessaging):
The sender must always know which messages are for the same destination
(i.e. belong to same sequence), even if it does not know this
destination.
That means all these messages have something in common, known from the
sender. This could suggest a possible ebMS-level handshaking to acquire
the Sequence ID, piggybacking an RM CreateSequence over a dummy ebMS
user message that we know will reach this destination.

To be more specific, the "T3" use case has two subcases:
(1)
party A --> regional hub 1 --> regional hub 2 --> party B.
With hub 2  = last intermediary, and party B = RMDestination.
(2)
party A --> regional hub 1 --> regional hub 2 --> party B --> subparty
B1, B2...Bn.
With party B = RMDestination, as well as an intermediary in DMZ. This
case combines T1 (the gateway pattern) with T3, and assumes a lot of
flexibility in adding subparties behind B.

In order to *not* ask anything to the final MSH (e.g. party B in (1), or
subparty B1 in (2)) beyond what the Core spec is requiring, the last
intermediary on the path would have to take care of routing back the
obtained Sequence ID using a similar piggybacking. For this it needs to
know it is the last intermediary on the path (could compare the wsa:From
it gets in response, with the URL it has sent the request to).

So it boils down to two major cases:
- If the final destination is known, then all routing could be based on
just wsa (e.g. wsa:To, and wsa:From or wsa:ReplyTo for the way back) and
obviously nothing more is needed.
- If the final destination is NOT known, some ebMS routing can still be
used, with an ebMS-driven handshake for RM sequence management
(creation, closure). Here too wsa would play some role, even if lesser. 

Jacques


    
                                                
    
					
                                                    

        
                                                
				
    
                                                
    
                                                    
                                                        
                                                        Original Message


Related Content