OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

bt-models message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: recovery and redirection followup

Given my earlier recovery and redirection email, I'd like to make the
following specific suggestions:

(i) that each entity address has the capability for being a compound
address, such that if the first entry in the address (call it the primary)
is non-responsive, subsequent entries may be sent the same message. If used
at the slightest failure indication then the user and system may fall into a
virtual-partition situation, whereby multiple active instances of an entity
(coordinator/participant) co-exist in the same environment; solving this
problem is not trivial, and relies upon replication techniques. However, the
following pragmatic approach could be taken: each entry in the compound
address could have a "use" criteria, such that, for example, entry 2 is only
used if n COMM_FAILURES are observed and entry 3 is used if m
TRANSIENT_FAILURES are observed. The probability of a virtual partition is
still non-zero, but it is up to the application/BTP implementer to
configure. And obviously an address need not be compound in the first place.

(ii) there is no implicit assumption that the end-points of each part of a
composite address are identical. The primary may well be a coordinator, for
example, whereas a backup may be a redirecor that uses a UDDI service to
locate an alternate (recovered) coordinator.

(iii) a REDIRECT (or REPLACE/SUBSTITUTE) message that contains two fields
exists. The first field is the original (compound or uni-) address, and the
second field is a compound name. When received, an entity replaces all
instances of the original address with the new address. Obviously this
raises some (more) interesting security situations for us to consider in the
long term! This message can be sent at any time, including during the normal
execution of a BTP.

(iv) the REPLACE (or whatever) message has an acknowledgement possibility,
such that a recipient can indicate to the sender that it has received and
processed the message, and the sender can tidy up an logs. Obviously this is
optional, and need not be used for all redirections.

If we agree on something along these lines then it would be useful to put
examples of coordinator and participant recovery into the final document to
illustrate its use.


Dr. Mark Little (mark@arjuna.com)
Transactions Architect, HP Arjuna Labs
Phone +44 191 2064538
Fax   +44 191 2064203

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC