OASIS ebXML Messaging Services TC

 View Only

[ebxml-msg] RE: Public usage scenario documents

  • 1.  [ebxml-msg] RE: Public usage scenario documents

    Posted 05-27-2002 16:08
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    ebxml-msg message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: [ebxml-msg] RE: Public usage scenario documents


    
    Roger,
    
    I agree with your comment about reliable messaging.  This characteristic
    was pointed out to me recently by a colleague in IBM.  A more succinct way
    of stating it is that ebXML reliable messaging is not reliable under system
    failure.  The possibility you mention can arise as follows:
    
         Party A send a message reliably to Party B.
    
         Party B's MSH receives and persists the message.
    
         Party B's MSH attempt to send the reliable-messaging acknowledgment
    but Party B's system goes down before the acknowledgment gets on
         the wire.
    
         Party A exhausts its retries and concludes that the message was not
    delivered.
    
         Party B eventually comes up and, if Party B saved enough state
    information, the destination application processes the persisted message
         as prescribed in the MSG specification.
    
        Parties A and B are now out of sync with respect to that transaction
    and do not know they are out of sync.
    
    The solution to this problem is not trivial and the MSG team needs to give
    it a lot of thought.  At a minimum, the following are needed in the spec:
    
         Both parties to the message exchange MUST persist enough state to
    allow recovery and getting back in sync. Specific state variables must
         be prescribed.  They are at least those variables needed to restore
    the state of the transaction and conversation after system recovery, such
         as the conversation ID, CPA Id, service, action, and perhaps other
    parts of the message header.
    
         Timeouts and retries, as prescribed in the MSG spec, are not
    sufficient to cover system failures since the failure could last a very
    long time.
         Instead, if the party that sent the
         message doesn't receive a reply in a reasonable time, it must be able
    to send a status query to the other party and keep requesting status
         periodically
         until it receives a response.  If the appropriate state information is
    persisted at both ends, when party B comes up, it will receive and respond
         properly to the status query.  The timeouts could be retained in the
    spec but their main use would be to signal the "attached human" to make
         a phone call.
    
    See the IBM HTTPR 1.1 specification for an example.
    
    The MSG team should consider this a major work item for version 3.
    
    Regards,
    Marty
    
    *************************************************************************************
    
    Martin W. Sachs
    IBM T. J. Watson Research Center
    P. O. B. 704
    Yorktown Hts, NY 10598
    914-784-7287;  IBM tie line 863-7287
    Notes address:  Martin W Sachs/Watson/IBM
    Internet address:  mwsachs @ us.ibm.com
    *************************************************************************************
    
    
                                                                                                                                    
                          "Cutler, Roger                                                                                            
                          (RogerCutler)"              To:       "'Duane Nickull'" <duane@xmlglobal.com>, "Cutler, Roger             
                          <RogerCutler@chevron         (RogerCutler)" <RogerCutler@chevrontexaco.com>                               
                          texaco.com>                 cc:       "'bhaugen'" <linkage@interaccess.com>, eBTWG List                   
                                                       <ebtwg@lists.ebtwg.org>, Randy Clark <Randy.Clark@bakerhughes.com>,          
                          05/27/2002 12:13 PM          Christopher Ferris <chris.ferris@sun.com>                                    
                                                      Subject:  RE: Public usage scenario documents                                 
                                                                                                                                    
                                                                                                                                    
                                                                                                                                    
    
    
    
    Thanks for the kind words.  I agree that what I am trying to do needs a lot
    more work, but I am uncertain that I am capable of providing that on my
    own.
    That is, I'm saying I could use some help here.
    
    I also agree that the ebXML reliable messaging spec is a good thing, as far
    as it goes.
    
    As I see it, however, there are unfortunately possibilities other than the
    two you document that are undocumented in the spec.  For example, the
    message I send may actually be delivered but I am unaware of it.  That is,
    I
    can think that the message transmission was unsuccessful but the recipient
    thinks that the transmission was successful and goes ahead based on that
    assumption.  In some situations this could be quite undesirable.  If one
    follows these scenarios far enough I think one may be able to reach some
    rather disturbing questions about whether one side of the communication can
    trick the other side in certain ways.  I believe that these possibilities,
    if they are real, should be clearly documented.
    
    It seems to me that the spec would be greatly improved if it made a more
    clear effort to define an objective that is achievable.  Unfortunately,
    there are things that are not possible in the context of asynchronous
    messaging, basically because the last person to say "goodbye" never can
    know
    that the "goodbye" got through.  On some level it's never possible to get
    around that.  I believe, however, that with more care it is possible to
    state an achievable objective (involving high degrees of confidence, not
    certainty) and to define strategies outside the scope of the messaging
    mechanism itself to provide higher levels of certainty -- for example,
    periodic scheduled reconciliation (where the fact that the mechanism is
    scheduled introduces a new factor).
    
    That's not to say the ebXML spec is not valuable, but I don't think it's
    really fully baked.  Moreover, I seem to recall that there was a HUGE
    document of unanswered issues (many of them, it seemed to me, resulting
    from
    misunderstandings) that has not, to my knowledge, been worked through.
    Given the situation I outline, it seems to me -- this is just my personal
    opinion here -- that the W3C would be highly unlikely to use the ebXML
    reliable messaging spec as a building block or otherwise to endorse it.  I
    view this as a considerable potential problem, because reliable messaging
    is
    really important and it would be really nice if everybody were agreeing on
    how to achieve it, or at least if there were some reasonable convergence.
    
    On another topic -- Hi, Randy.  How did you get on this email thread
    address
    list?  Is this some hat you wear that I didn't know about?