OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

bt-models message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Coordinator interface

As promised, here is the proposed coordinator interface, which will allow interoperable coordinator web services to be provided. What we are after is a service that handles the creation and management of atom coordinators. Although there are several possible ways in which this can be accomplished, I'll propose just one, which I believe is the simplest and most intuitive:
 
(i) begin: creates and begins a new atom and returns the id for it. If the creator of the atom would like it to have a default lifetime then a timeout parameter could be supplied: if after this timeout the atom has not been completed (got past prepare) then it will automatically be undone. This allows the service to automatically manage its own resources (atoms), especially in the cases of failure and potential denial of service attacks, i.e., I would find it hard to believe that any publicly available service would simply allow a user to create atoms that live forever as it would then be relatively straightforward to deliberately call this service many times in order to restrict access from other users and (eventually) use up all available resources. Suggestion: we have a General exception that can be returned if non-specific errors occur; this method may throw this exception.
 
(ii) prepare: takes an atom id and attempts to prepare it. Returns the result of this. Depending on the outcome of the timeouts discussion, it is possible that prepare could result in a heuristic outcome, and so this method should throw corresponding exceptions (TwoPhaseViolation). In addition, if the id refers to an atom that the service does not know about, the InvalidAtom exception is thrown.
 
(iii) confirm: takes an id of a previously prepared atom and attempts to confirm it. If the atom has not been previously prepared then the NotPrepared exception is thrown. If a heuristic occurs, then the TwoPhaseViolation exception is thrown. In addition, if the id refers to an atom that the service does not know about, the InvalidAtom exception is thrown.
 
(iv) undo: takes an atom id and attempts to undo it (the atom need not have been previously confirmed). If a heuristic occurs, then the TwoPhaseViolation exception is thrown. In addition, if the id refers to an atom that the service does not know about, the InvalidAtom exception is thrown.
 
(v) getStatus: takes an atom id and returns its status. Possible status values are:
        StatusUnknown: the service cannot determine the status at this point. This should (hopefully) be a transient condition, and a subsequent call to getStatus should eventually result in a different outcome.
        StatusActive: the atom is currently in its active phase.
        StatusPrepared: the atom is in the prepared phase.
        StatusPreparing: the atom is currently preparing.
        StatusConfirming: the atom is currently confirming.
        StatusConfirmed: the atom has been confirmed. Since the service may discard an atom once it has completed, this value is not guaranteed to be returned forever. If an application wants to guarantee that it knows the outcome of an atom then it should enlist its own participant.
        StatusUndoing: the atom is currently undoing.
        StatusUndone: the atom has been undone. Since the service may discard an atom once it has completed, this value is not guaranteed to be returned forever. If an application wants to guarantee that it knows the outcome of an atom then it should enlist its own participant.
        StatusNoAtom: the service has know knowledge about the supplied atom. This may mean that is never existed, or has finished and tidied-up. If the caller was a previously enlisted participant then it can know that the atom was undone, since otherwise the service (atom) would either be active, or maintaining a durable log of participants it had not yet told to confirm (c.f., a transaction's intentions list/log).
 
(vi) enlistParticipant: takes an atom id and a participant reference (url), and enlists that participant in the desired atom. If the atom is no longer in the active phase then the Inactive exception is thrown. If the service has no record of the atom then the InvalidAtom exception is thrown.
 
(vii) recover: takes an atom id and an old participant reference, and a new participant reference. This instructs the service to run recovery on the specified atom and to replace the specified old participant with the new one. This is used when a failed participant recovers at a different location and can be used to try to drive recovery quicker than would otherwise be the case, i.e., drive it from the recovering participant. [This really depends upon what we think the failure scenarios are, but in our experience this is useful: even if we allow a participant to re-register itself in, say, UDDI, it requires the atom to periodically check that service to find the new location. "Periodically" may not be fast enough in some cases, and a hint from a recovered participant to drive recovery now would be desirable.]
 
Mark.
 
----------------------------------------------
Dr. Mark Little (mark@arjuna.com)
Transactions Architect, HP Arjuna Labs
Phone +44 191 2064538
Fax   +44 191 2064203
 
 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC