[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: interposition requirements
From what I've heard at least Jim and Savas we're
advocating interposition across the board. In general, why should a root
coordinator know of any participants it didn't talk to directly? Why expose such
application implementation/configuration information to it? Certainly if I was a
web services builder I wouldn't want the whole world (or even my own
organisation) to know that I may federate the work between different web
services even though applications come through a single web service initially.
If I have no control over this, and the BTP protocol is simply going to expose
all of this implementation detail to the coordinator (and remember, as far as
I'm concerned as an untrusting guy, the coordinator may very wll expose the
registered participant information externally) then I'm not going to use BTP at
all. In general, registering directly with the root coordinator should be the
sole responsibility of the application services: only they have the necessary
semantic information to know whether this makes sense in terms
of security/trust, recovery, and performance.
I think that if A, B and C decide to register different
web services as participants (A', B', and C') in protocol then they don't need
to be told of the termination at all. However, if A' talks to other web services
at the backend it should coordinate them, and not the root
coordinator.
If B doesn't register with A, then C has no choice but
to register with A. However, this then raises the question: why did A talk to B
in the first place if it's not BTP aware? By being BTP aware, I'm assuming
that a service will participate within the cohesion, i.e., some state changes
will occur that need to be coordinated to either "commit" or "roll back". BTP
aware shouldn't simply mean that a service can receive and propagate a context.
Therefore, I would say that any service that is BTP aware should, either as the
first thing it does when receiving a context for the first time or just before
it propagates the context on, register itself with the coordinator referred to
in the received context (which may not be the root coordinator). It then needs
to modify the context it's about to send to refer to itself (or whatever
sub-coordination web service it uses) such that the services it talks to can
register with that.
To accomodate the case where interposition isn't
required, either because it doesn't make sense in a specific domain, or because
the implementation of the service doesn't support sub-coordinator logic, we
could look at some kind of attribute (on a per service basis) which
essentially says "do interposition" or "don't do
interposition".
Agreed. See above.
Security/trust is a huge whole in the BTP protocol, so
you're making an assumption that just because A recognises the URI means it
trusts C. Given this assumption, if C wants to register directly with A then it
should be allowed to. My point is, though, that this has to be the conscious
decision of C. By default, this shouldn't be the case
though.
Actually, I think A does care if it suddenly starts
coordinating the termination of a participant who shouldn't (e.g., for legal
reasons) be allowed into the protocol. Being involved in the protocol gives you
knowledge about its outcome (snooping), and the capability to adversely affect
it; saying that A shouldn't be concerned about bogus participants is not
sufficient. However, as I said above, security is something that isn't going to
addressed sufficiently in BTP as far as I can see.
I don't think so: as far as a coordinator is concerned,
a sub-coordinator looks *exactly* like a participant. As far as a participant is
concerned, it can't tell the different between a sub-coordinator and a root
coordinator. All we need to say is that if you propagate the context then you
become responsible to coordinate for those subsequent recipients unless (and
this may require thought) some "attribute" set by the application says not to,
and in which case you send the context as you got it (but, as I said before,
this context may not actually refer to the root coordinator
anyway).
Mark.
----------------------------------------------
Dr. Mark Little (mark@arjuna.com) Transactions Architect, HP Arjuna Labs Phone +44 191 2064538 Fax +44 191 2064203 |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC