OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ebxml-msg] Reliable messaging and intermediaries


I think that a 2-tiered solution should be able to realise the QoS contracts between endpoint as specified in the core spec. If it can not, we will loose, in my opinion important functionality in the multi-hop situation over the end-to-end situation. Also in a current multi-hop situation based on ebMS V2.0 we can realise RM end-to-end, so we might even end up with less functionality than in the current situation. 

Providing these levels of QoS however will require special functionality to be implemented in a MSH component above the RMP. And that functionality will be (almost) a duplicate of the RMP's one, so one could question the need for an RMP if RM is already taken care of in the layers above. A reason to still use RM on each or some legs of the path could be to secure transport over unreliable legs.

Therefor I thought about using the special RM behavior on the intermediaries. I know this might not be the way WS-RM spec expects things to happen. But I assume that the intermediaries are the special cases. So it might be less important that we require special behavior of them. This way for the endpoints the first and last intermediaries look to be the other endpoint and nothing has to be changed to the endpoints. 


On Dec 7, 2007, at 5:40 , Durand, Jacques R. wrote:


From: Sander Fieten [mailto:sander@fieten-it.com]
Sent: Wednesday, December 05, 2007 3:16 PM
To: ebxml-msg@lists.oasis-open.org
Subject: Re: [ebxml-msg] Reliable messaging and intermediaries

My remarks as just made on the call:

* Why use RM on each leg of the route? I don't see any advantage because a =
missing ebMS ACK will lead to a re-send of the message on the ebMS level. (=
Assuming a At-Least-Once contract). At the moment I don't see what the RM o=
n each leg gives us. 
<JD> In my opinion, the ebMS synchronization signals cannot be expected to provide the same level of QoS as protocol-level RM. I would not for instance expect a synchronization exchange - back and forth - to occur for each message sent, or at every second, as the overhead of processing these is quite significant, certainly higher than sequence-based RM signals. I would not expect either to implement duplicate check at ebMS level (that would put a significant burden on endpoint MSHs that lets not forget, should ideally not need implement more than core V3 features), and rely instead on the one in RM (meaning indeed that with per-segment RM, if a duplicate is generated during the transfer through an intermediary, we wouldn't detect it). But at least using segment-level RM provides some RM QoS, that would take care of 50% of message losses/duplication. The only "end-to-end" feature that 2-tier reliability (as previously defined) provides, is message loss awareness and possible remedy. But the more of these losses are taken care of in protocl-level RM, the better.
 There is no question that 2-tier reliability as defined here is  not as good as "flat" end-to-end RM at protocol level.

* If considering special reliability behavior on the intermediaries as is t=
he case with the last one in the 2-tiered solution described by Jacques, co=
uld it be possible to use WS-RM on each leg with the ACK on the current leg=
postponed till the the intermediary receives an ACK on the next leg? I did=
n't have time to look into, just an idea.
<JD> we wish that were possible, but this Ack semantics is not the one specified in WS-RM. It is very unlikely that RM built-in available SOAP stacks will allow this...
Sander Fieten
Sander Fieten
IT Architect

e: sander@fieten-it.com

t:  +31 6 51507886

On Dec 5, 2007, at 3:16 , Durand, Jacques R. wrote:

So we could call this option (already alluded to by Ian in a previous
call in November) the 2-tiered reliability, the main advantage of which
is that it does not require to route anything other than ebMS messages:

Level 1: WS-RM/R only needs be used between pairs of MSHs (so each path
segment is "independently reliable"), in other words the reliability
headers are changing across an intermediary, but not the ebMS header.

Level 2: additional ebMS signals allow for end-to-end doublecheck, by
synchronizing the status on both sides. E.g. sender will periodically
notify a list of "should-have-received"  ebMS IDs to receiver, and a
symmetric synchronization signal sent by receiver MSH, would notify of
what has NOT been received/delivered. Or conversely the receiver will
notify a list of "have-received". Remedial action need not be prescribed
(P-Mode will control) -  could range from just notifying the application
layer on either/both sender or receiver side, to re-issuing the missing
messages (from the ebMS layer, in order to avoid creating RM-level
duplicates that could be eliminated at next RM endpoint).

Some interesting aspects about this solution:
- the status synchronization is a useful feature in itself as we seem to
agree (awareness of loss by a receiver MSH allows better diagnostics on
failed choreographies, etc).
- the ultimate receiving MSH may not have to support this feature in
order to have end-to-end reliability: the last intermediary has to.
Indeed, when getting the "should-have-received" signal, the intermediary
could be required to respond with only those messageIDs that it has
actually successfully forwarded, removing the last possibility of
"intermediary loss". E.g. it could be required to get the RM Ack of
ultimate receiver, before even sending the "have-received" signal. SO
that mode of reliability does not require an ultimate MSH to support
more than core V3 features. This is becoming in the CDC network case,
where MSH hubs serve clusters of endpoint MSHs. Even if last MSH is not
supporting RM, this enables "end-to-previous-to-end" reliability !

I am starting to like it.

So there seems to be two general modes of reliable ebMS multi-hop:

(1) The "flat reliability" mode, supported end-to-end by the RM layer.
Here, only the use of WS-Reliability really makes sense, as the routing
is supposed to be controlled by ebMS header info, even for establishing
RM sequences.

(2) two-tier reliability, where the RM mechanism from WS protocol is
only used per segment. Here both WS-Reliability and WS-ReliableMessaging
can be used between MSH pairs.


-----Original Message-----
From: David RR Webber (XML) [mailto:david@drrw.info]
Sent: Wednesday, November 28, 2007 6:46 AM
To: Durand, Jacques R.
Cc: Pim van der Eijk; ebxml-msg@lists.oasis-open.org; Moberg Dale
Subject: RE: [ebxml-msg] Pim on routing intermediaries,


Yes - I think the ability to do status checks definately beckons

I like what you suggest - good lightweight logical next step.

During the BCM work and then ebBP - we identified the need in extended
collaborations to have a "linking and switching" status tracking

This is way more than what's needed for message delivery of course - but
then again - the types of mechanisms could definately be interchangeable
/ reusable here.

Since right now each ebBP / ebMS is responsible for its own status
tracking - the obvious next logic step is to provide centralized status
checking services.  We've explored this model in BCM - the linking and
switching Appendix B spec' - which uses the Prolog assertion/retraction
predicate based approach.

At some point we will need to get serious about enabling that all -
would be a very cool facility - incredibly useful for all kinds of

; -)

Cheers, DW

-------- Original Message --------
Subject: RE: [ebxml-msg] Pim on routing intermediaries,
From: "Durand, Jacques R." <JDurand@us.fujitsu.com>
Date: Wed, November 28, 2007 9:06 am
To: "David RR Webber (XML)" <david@drrw.info>,  "Moberg Dale"
Cc: "Pim van der Eijk" <pvde@sonnenglanz.net>,


That sounds like re-implementing reliability at ebMS level - something

I'd prefer to avoid until all other options fail to deliver :-)...
Besides guaranteed delivery there is also duplicate detection (based
on sequence numbers or so for the 2 RM specs), so the redundancy is
starting to build-up.

Now, we may consider a mode of multi-hop reliability where RM is
per-segment, and in order to catch the cases of loss during router
forward, a kind of (ebMS) status request where the initial sender MSH
could notify the ultimate receiver MSH of the list of message IDs it
is supposed to have received over the last hour or so, and the
receiver MSH would notify back on what it has not been able to
deliver. Re-sending by the ebMS layer itself may or may not be
mandated - could be left to a re-submit at application level (if no
risk of duplicates). At least that would add awareness of both sender
and receiver of message loss (i.e.
non-delivery), something we do not have today especially with WS-RM.
This awareness by the receiver would in turn allow the choreography
layer to better diagnose failures.


-----Original Message-----
From: David RR Webber (XML) [mailto:david@drrw.info]
Sent: Monday, November 19, 2007 6:42 PM
To: Moberg Dale
Cc: Pim van der Eijk; Durand, Jacques R.;
Subject: RE: [ebxml-msg] Pim on routing intermediaries,


I'm not sold on WS-Reliable messaging - for starters its merely trying

to mimick what ebMS already has for the past five years!

Then - who knows what oversights they've made in the rush to get
something in place. Reading their design and such does not give me
great confidence. My sense is we are well ahead of them - and they
should be adopting ebMS reliable messaging (and actually they are
trying to clone most of it!!!)  Of people using WS the majority could
not careless about reliable delivery - in fact their whole modus
operandi is built assuming unreliable messaging and instant traffic
exchanges (query/response).

OK - so where does that leave us?

Why can we not look at some kind of orchestration agent here?  Seems
to me that what is needed is a very simple component that is tasked
with plugging the gap and acting as an ebMS/SOAP delivery extension
All it has to be able to do is manage SOAP-based exchanges at the
basic transport level.  If its built very dumb and simple - it just
acts as a relay and a pass through - with minimal logic - mostly just
leveraging SOAP acks and errors themselves.

The ebMS then interacts with one or more of these SOAP relay agents -
and will keep trying delivery until it gets an end-to-end SOAP
acknowledgement relayed back to it.

The agent could be designed to use basic WS - and in fact then any
SOAP server could be integrated as a delivery service with the simple
addition of the agent component.  This seems much more like what we
want.  Coopting delivery via SOAP servers.


"The way to be is to do" - Confucius (551-472 B.C.)

-------- Original Message --------
Subject: [ebxml-msg] Pim on routing intermediaries,
From: "Moberg Dale" <dmoberg@axway.com>
Date: Mon, November 19, 2007 3:32 pm
To: "Pim van der Eijk" <pvde@sonnenglanz.net>,  "Durand,  Jacques
<JDurand@us.fujitsu.com>,  <ebxml-msg@lists.oasis-open.org>

[Pim explained the conflict between WS-ReliableMessaging and the
advantages in using routing intermediaries.]

The main options for dealing with the conflict are

0. Use WS-Addressing anonymous for reply-to and acks-to, and have
all intermediaries wait before their HTTP reply is made.
[The above does not scale well, is brittle, and utilizes lots of

1. Use piggybacking (and presumably 1 message long sequences?).
[Still lacks routing advantages. RMSes have to target RMDs, and so
have high lifecycle configurability burdens. Routing intermediary
topology cannot be changed while leaving RMS configuration
Probably destroys advantages of ebMS routing intermediary, as Pim

2. Locate RMD at routing intermediary, and check security at
intermediary also.
[ Loss of end to end reliability.]

Pim has convincingly explained how WS-ReliableMessaging is not very
intermediary friendly and, along with Jacques, reflects a step
backwards in trying to accommodate intermediaries with end-to-end
However, the goal of WS-* technology level convergence seems to
require that we support WS-ReliableMessaging because it is the WS-I
sanctioned solution.

Is option 2 above an option that could be embellished to be
satisfactory? What would it take? Add on an ebBP/RN style
ReceiptAcknowledgment or ReceiptAcknowledgmentException (if we
wanted to be optimistic with respect to WS-ReliableMessaging
terminated at intermediary working most of the time?)

Just some reactions. Good analysis Pim!

- To unsubscribe from this mail list, you must leave the OASIS TC
that generates this mail.  You may a link to this group and all your

TCs in


To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in OASIS

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]