MHonArc v2.5.2 -->
ebxml-msg message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: [ebxml-msg] RE: Public usage scenario documents
Roger,
I agree with your comment about reliable messaging. This characteristic
was pointed out to me recently by a colleague in IBM. A more succinct way
of stating it is that ebXML reliable messaging is not reliable under system
failure. The possibility you mention can arise as follows:
Party A send a message reliably to Party B.
Party B's MSH receives and persists the message.
Party B's MSH attempt to send the reliable-messaging acknowledgment
but Party B's system goes down before the acknowledgment gets on
the wire.
Party A exhausts its retries and concludes that the message was not
delivered.
Party B eventually comes up and, if Party B saved enough state
information, the destination application processes the persisted message
as prescribed in the MSG specification.
Parties A and B are now out of sync with respect to that transaction
and do not know they are out of sync.
The solution to this problem is not trivial and the MSG team needs to give
it a lot of thought. At a minimum, the following are needed in the spec:
Both parties to the message exchange MUST persist enough state to
allow recovery and getting back in sync. Specific state variables must
be prescribed. They are at least those variables needed to restore
the state of the transaction and conversation after system recovery, such
as the conversation ID, CPA Id, service, action, and perhaps other
parts of the message header.
Timeouts and retries, as prescribed in the MSG spec, are not
sufficient to cover system failures since the failure could last a very
long time.
Instead, if the party that sent the
message doesn't receive a reply in a reasonable time, it must be able
to send a status query to the other party and keep requesting status
periodically
until it receives a response. If the appropriate state information is
persisted at both ends, when party B comes up, it will receive and respond
properly to the status query. The timeouts could be retained in the
spec but their main use would be to signal the "attached human" to make
a phone call.
See the IBM HTTPR 1.1 specification for an example.
The MSG team should consider this a major work item for version 3.
Regards,
Marty
*************************************************************************************
Martin W. Sachs
IBM T. J. Watson Research Center
P. O. B. 704
Yorktown Hts, NY 10598
914-784-7287; IBM tie line 863-7287
Notes address: Martin W Sachs/Watson/IBM
Internet address: mwsachs @ us.ibm.com
*************************************************************************************
"Cutler, Roger
(RogerCutler)" To: "'Duane Nickull'" <duane@xmlglobal.com>, "Cutler, Roger
<RogerCutler@chevron (RogerCutler)" <RogerCutler@chevrontexaco.com>
texaco.com> cc: "'bhaugen'" <linkage@interaccess.com>, eBTWG List
<ebtwg@lists.ebtwg.org>, Randy Clark <Randy.Clark@bakerhughes.com>,
05/27/2002 12:13 PM Christopher Ferris <chris.ferris@sun.com>
Subject: RE: Public usage scenario documents
Thanks for the kind words. I agree that what I am trying to do needs a lot
more work, but I am uncertain that I am capable of providing that on my
own.
That is, I'm saying I could use some help here.
I also agree that the ebXML reliable messaging spec is a good thing, as far
as it goes.
As I see it, however, there are unfortunately possibilities other than the
two you document that are undocumented in the spec. For example, the
message I send may actually be delivered but I am unaware of it. That is,
I
can think that the message transmission was unsuccessful but the recipient
thinks that the transmission was successful and goes ahead based on that
assumption. In some situations this could be quite undesirable. If one
follows these scenarios far enough I think one may be able to reach some
rather disturbing questions about whether one side of the communication can
trick the other side in certain ways. I believe that these possibilities,
if they are real, should be clearly documented.
It seems to me that the spec would be greatly improved if it made a more
clear effort to define an objective that is achievable. Unfortunately,
there are things that are not possible in the context of asynchronous
messaging, basically because the last person to say "goodbye" never can
know
that the "goodbye" got through. On some level it's never possible to get
around that. I believe, however, that with more care it is possible to
state an achievable objective (involving high degrees of confidence, not
certainty) and to define strategies outside the scope of the messaging
mechanism itself to provide higher levels of certainty -- for example,
periodic scheduled reconciliation (where the fact that the mechanism is
scheduled introduces a new factor).
That's not to say the ebXML spec is not valuable, but I don't think it's
really fully baked. Moreover, I seem to recall that there was a HUGE
document of unanswered issues (many of them, it seemed to me, resulting
from
misunderstandings) that has not, to my knowledge, been worked through.
Given the situation I outline, it seems to me -- this is just my personal
opinion here -- that the W3C would be highly unlikely to use the ebXML
reliable messaging spec as a building block or otherwise to endorse it. I
view this as a considerable potential problem, because reliable messaging
is
really important and it would be really nice if everybody were agreeing on
how to achieve it, or at least if there were some reasonable convergence.
On another topic -- Hi, Randy. How did you get on this email thread
address
list? Is this some hat you wear that I didn't know about?