http://docs.oasis-open.org/ws-rx/issues/
WS Reliable Messaging Working Issues List
Date: 2005/11/10
Revision: 17
core
soap
wsdl
policy
schema
all
unassigned
active
pending
done
deferred
resolved
closed
dropped
Bilateral sequence negotiation
Restated issue
The current draft of the WS-ReliableMessaging specification
defines the wsrm:Offer element as follows: "This element, if present,
enables an RM source to offer a corresponding Sequence for the reliable
exchange of messages transmitted from RM destination to RM source". As
per the text above, the spec does not constrain what messages an offered
sequence can be used to send, nor does it define when an offer element
must or must not be present.
However, WSRX-ReliableMessagingPolicy document, lines 221-226, states
that an offer element must be present if and only if the endpoint
declares output messages.
"Per WS-ReliableMessaging [WS-RM], a wsrm:CreateSequence request MAY
contain an offer to create an "inbound" Sequence. If the RM policy
assertion is attached to an endpoint declaring only input messages, the
endpoint MUST reject a wsrm:CreateSequence request containing a
wsrm:Offer to create a corresponding Sequence. If the assertion is
attached to an endpoint declaring both input and output messages, the
endpoint MUST reject a wsrm:CreateSequence request that does not contain
a wsrm:Offer to create a corresponding Sequence."
IMO, an offer is an optimization to allow a reverse reliable sequence to
be set up without going through the whole CreateSequence handshake.
Thus, this limitation in the policy documents seems to be unnecessary.
core
design
F2F - Lei Jin
Lei Jin
There are cases when I need to send reliable messages to
an endpoint, but I don't require responses to be sent back reliably.
(see i021) In that case, requiring an offer is unnecessary. There are
also cases when the destination endpoint doesn't declare output
messages, but needs to send messages reliably to the source endpoint in
other types of MEP (eg: oneway, callback MEP). In that case, having an
offer is a useful optimization.
From restated issue
Delete lines 221-226 of WSRX-ReliableMessagingPolicy document.
Proposal 1 accepted on Sept. 1 call.
Completed in CD 01
i021
AckTo EPR and seq lifetime
Should the AckTo EPR be allowed to change during the lifetime of a sequence?
core
design
F2F - Anish Karmarkar
Anish Karmarkar
Raised at F2F
Issue i002 was raised during the 1st F2F. The issue was raised in the
context of long running Sequences where it was possible for the AcksTo
EPR to change. There was also some discussion on unending sequences (I
think Steve Winkler brought this up). In a long running Sequence it is
possible that the AcksTo EPR may change and therefore the RMS needs the
ability to let the RMD know of the new AcksTo.
Subsequently, I have been talking with our mobile folks and they have
brought up a different usecase (but which has the same issue):
In the mobile world there are cases where the RMS is expected to have
different EPRs throughout the life of the Sequence (the device changes
cells/location/countries or is intermitantly offline), therefore it
necessary to provide the capability to change the AcksTo EPR for a
particular Sequence in progress.
Here is the outline of a proposed solution:
See message
See message
Close with no action.
Proposal 2 accepted on Nov 10 TC call
EPRs and sequence scope
Which pair of EPRs define the scope of a sequence?
core
design
F2F - Anish Karmarkar
Anish Karmarkar
Raised at F2F
Close with no action
Proposal 1 accepted at Sept. 22 F2F
wsa:messageID uniqueness requirments for retransmission
What are the uniqueness requirements for the wsa:messageID values used for
messages retransmitted with the same wsrm:{sequenceID, MessageNumber} pair as a
prior transmission of the same reliable message?
core
design
F2F - Steve Winkler
Marc Goodner
Raised at F2F
Close with no change required
Proposal 1 accepted
Source resend of nacks messages when ack already received
Is the sender required to resend a message identified in a Nack, if it has
already received an ack for that same messageNumber?
core
design
F2F - Steve Winkler
Steve Winkler
Raised at F2F
An RMD MUST NOT issue a <SequenceAcknowledgement> containing a <Nack>
for a message(s) that it has previously acknowledged within an <AcknowledgementRange>.
An RMS SHOULD ignore a <SequenceAcknowledgement> containing a <Nack>
for a message(s) that has previously been acknowledged within an <AcknowledgementRange>.
Proposal 1 made and accepted on Sept. 8th TC call.
Completed in CD 01
Source based delivery QoS policy assertion
Is there a requirement that the sender can assert that the receiver must
deliver a particular reliability assurance on a given sequence?
core
design
F2F - Tom Rutt
Tom Rutt
Raised at F2F.
Also raised on list by Tom Rutt.
See mail: close issue with no changes to specfication.
see message
Use the wsrmp:DeliveryAssurance element (as defined in the resolution of i009) in the CS message as follows:
<wsrm:CreateSequence ...="">
<wsrm:AcksTo ...=""> wsa:EndpointReferenceType </wsrm:AcksTo>
<wsrm:Expires ...=""> xs:duration </wsrm:Expires> ?
<wsrm:Offer ...="">
<wsrm:Identifier ...=""> xs:anyURI </wsrm:Identifier>
<wsrm:Expires ...=""> xs:duration </wsrm:Expires> ?
...
</wsrm:Offer> ?
<wsrmp:DeliveryAssurrance ...=""/>?
...
</wsrm:CreateSequence>
This would allow the Application Sender to signal the RMD/AD of the DA. If the DA is something that is not supported or conflict the policy at the RMD/AD, the RMD may send a CreateSequenceRefused fault. This element of course does not change the protocol on the wire, but lets the RMD/AD know exactly the DA that is expected for the Sequence.
WSS 1.0/1.1 token support
Must the ws-reliable messaging spec support tokens produced for both
ws-security 1.0 and ws-security 1.1?
core
design
F2F - Paul Cotton
Marc Goodner
Raised at F2F
From Marc Goodner
To make it explicit that WSS 1.1 is supported I propose the following changes to the
specifications to allow referencing of WSS 1.1. The namespaces and references will need
to be updated with the final dates after public review closes.
WS-ReliableMessaging
Add prefix and namespace for WSS 1.1 to table at line 142:
wsse11 http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-wssecurity-secext-1.1.xsd
Add reference to WSS 1.1 after [WSSecurity] (lines 844-847):
[WSSecurity11]
Web Services Security: SOAP Message Security 1.1 (WS-Security 2005)
http://www.oasis-open.org/committees/download.php/13396/wss-v1.1-spec-pr-SOAPMessageSecurity-01.htm
Anthony Nadalin, Chris Kaler, Ronald Monzillo, Phillip Hallam-Baker, eds, OASIS Standard xxxxxx, final date
WS-ReliableMessagingPolicy
Add reference to WSS 1.1 after [WSS] (lines 306-308):
[WSSecurity11]
Web Services Security: SOAP Message Security 1.1 (WS-Security 2005)
http://www.oasis-open.org/committees/download.php/13396/wss-v1.1-spec-pr-SOAPMessageSecurity-01.htm
Anthony Nadalin, Chris Kaler, Ronald Monzillo, Phillip Hallam-Baker, eds, OASIS Standard xxxxxx, final date
Policy assertions granularity
Is there a need to attach policy assertion to something other than an
endpoint? The current WS-reliable messaging contribution does not support
the application of reliability quality of service at a finer granularity
than port type. F2F minutes identified as "Policy requirements for more
than endpoints".
policy
design
F2F - Tom Rutt
Tom Rutt
Raised at F2F
Also raised on list by Tom Rutt.
From Tom Rutt:
Add the following text after the text added for resolution of Issue 021:
Attaching reliability policy to a wsdl description at a finer level than
endpoint-subject level is outside the scope of this version of the
specification. Such out-of-scope policy attachments are considered
extension points.
Declaration of QoS policies
In the specification, the delivery assurances are part of a private
contract between the RM destination and the application destination.
They are not published and they are not visible to the "outside" world
- i.e. to the source.
core
design
Chris Ferris
Chris Ferris
"I certainly CAN see a use case for giving the client the visibility as to the QoS capabilities
of the service endpoint and using that information to decide whether it wanted to use that
service or select another that offered the desired QoS."
<wsrm:DeliveryAssertion mode="[AtLeastOnce|AtMostOnce|ExactlyOnce]" ordered="[xs:boolean]"? ...="" >
/wsrm:DeliveryAssertion
A policy assertion that makes a claim as to the delivery assurance policy
observed by the destination endpoint.
/wsrm:DeliveryAssertion/@mode
This required attribute specifies whether or not all of the messages
within an RM Sequence will be delivered by the RM Destination to the
Application Destination, and whether or not duplicate messages will be
delivered.
A value of 'AtMostOnce' means that messages received by the RM Destination
will be delivered to the Application Destination at most once, without
duplication. It is possible that some messages in a sequence may not be
delivered.
A value of 'AtLeastOnce' means that every message received by the RM
Destination will be delivered to the Application Destination. Some
messages may be delivered more than once.
A value of 'ExactlyOnce' means that every message received by the RM
Destination will be delivered to the Application Destination without
duplication.
/wsrm:DeliveryAssertion/@ordered
This attribute, of type xs:boolean, specifies whether, or not, the
destination endpoint ensures that the messages within an RM Sequence will
be delivered in order, by the RMD to the AD. Order is determined by the value of the RM message number. Ordered delivery would mean that the messages would be delivered in ascending order of the message number value. A value of 'true' indicates that messages will be
delivered in order. A value of 'false' makes no claims as to the order of
delivery of the messages within a RM Sequence. If omitted, the default
implied value is 'false'.
Proposal 1 accepted at Sept. 22 F2F,
new issue to be opened to define whether the above is an assertion or a parameter.
Completed in CD 01
Sequence port spanning
Is there a need to allow a single sequence to span multiple ports?
core
design
Doug Davis
Doug Davis
"Having a single sequence span multiple ports (much like an MQ queue does)
could be needed as well."
See this email and attachment
See attachment in this message
Proposal 2 accepted on Oct. 27th TC call
Typo in expires P0S
Per the schema spec a zero second duration needs to have the "T" designator - so it should be PT0S not P0S.
core
editorial
Doug Davis
Doug Davis
align with schema spec ( http://www.w3.org/TR/xmlschema-2/#duration )
simple search and replace of P0S with PT0S
Proposal accepted at
July 21st TC meeting, no objections.
Completed in CD 01
Anonymous acksTo
If the AcksTo EPR is set to use the anonymous IRI, then all
subsequent acknowledgements for that reliable sequence will be sent back
synchronously on the http response path of either the application
message or an ack request message.
soap
design
Lei Jin
Lei Jin
From new issue post.
First of all, if an application message is one way (or asynchronous),
a RM source may receive something back on the http response(the WS-RM ack). Nothing
really precludes this usage, but it introduces unnecessary
dependency between WS-RM (acknowledgement messages) and WS-Addressing
(normal MEP).
From new issue post.
Specifically call out that the AcksTo EPR should not use the anonymousIRI.
-- One reason to use an anonymous IRI is so that the acknowledgement may reach
sending endpoints that may be sitting behind a NAT or firewall. But we have to deal
with the same problem with asynchronous response messages anyway.
From new issue post.
Specifically call out that an anonymous IRI in the AcksTo EPR would
indicate acknowledgement message will only be sent back in response to
ack request messages where the ack request message should be a
standalone synchronous invoke.
Response to each proposal above from Chris Ferris, proposal 1 out of scope and proposal 2 not an issue.
Close issue without change to spec.
Proposal 4 made and accepted on Sept. 8 TC call.
Max message number in policy
There is no common way to communicate to an RM Source the highest message
number the RM destination will accept, in case it is lower than the maximum
authorized in the specification.
core
design
Doug Davis
Doug Davis
Without knowing in advance what the highest message number is the
RM source may exceed it, causing the entire sequence to be terminated -
when it may have been able to start a 2nd sequence to continue its work.
By allowing the RM source the option of terminating the sequence gracefully
it can still deliver lost messages for the original sequence.
As it stands now, if the sequence is terminated the lost messages
will not be resent.
Original proposal from raised issue, revised proposal
In the WS-RM Policy doc:
After line 173, add to the normative outline:
?]]>
After line 202, add to the more verbose section of the normative outline:
/wsrm:RMAssertion/wsrm:MaxMessageNumber
A parameter that specifies the maximum message number that the RM Destination will accept.
If omitted, the default value of the maximum unsigned long will be assumed.
/wsrm:RMAssertion/wsrm:MaxMessageNumber/@Number
The maximum message number.
After line 434, add to the schema:
]]>
Friendly
ammendment, in the WS-RM Policy doc, after line 155:
The assertion defines a maximum message number parameter that the RM Destination MAY
include to indicate the maximum message number the RM Destination will accept. This is
useful for RM Destinations that may be running in constrained environments that can not
accept values as large as the default value of a maximum unsigned long.
Proposal 1 accepted at August 11 TC call.
Completed in CD 01
Document Names
Should the "names" of the normative documents remain the same as the
submission documents or should they be changed? This issue applies to
both WS-ReliableMessaging and WS-RM Policy.
core
editorial
Gilbert Pilz
Gilbert Pilz
The name of a document effects a number of things such as
the document identifier, URIs etc.
Link
Preserve the name of the documents as submitted. Changing the names
would increase confusion (already at a high level) around "OASIS and RM"
and result in extra effort. There does not seem to be any reasons for
changing the names forcefull enough to override these concerns. Therefore
the names of the normative documents should be
Web Services Reliable Messaging Protocol (WS-ReliableMessaging) and
Web Services Reliable Messaging Policy Assertion (WS-RM Policy).
First proposal accepted on
Aug. 4th conf call, no objections
Required Artifact Metadata
OASIS guidelines require that the artifacts (documents, schemas, etc.)
produced by a TC should have a minimum set of of metadata that describes these artifacts.
core
editorial
Gilbert Pilz
Gilbert Pilz
OASIS requirement.
Link
We propose the following values for each specification:
WS-ReliableMessaging:
artifactName: TBD
tc: TBD
product: wsreliablemessaging
productVersion: 01
artifactType: spec
stage: wd
descriptiveName: Web Services Reliable Messaging Protocol Specification
WS-RM Policy:
artifactName: TBD
tc: TBD
product: wsrmpolicy
productVersion: 01
artifactType: spec
stage: wd
descriptiveName: Web Services Reliable Messaging Policy Assertion Specification
Note that the product names of these two artifacts differ.
Link
WS-ReliableMessaging:
tc: wsrx
product: wsrm
productVersion: 1.1
artifactType: spec
stage: wd
descriptiveName: Web Services Reliable Messaging Protocol Specification
WS-RM Policy:
tc: wsrx
product: wsrmp
productVersion: 1.1
artifactType: spec
stage: wd
descriptiveName: Web Services Reliable Messaging Policy Assertion Specification
Proposal 2 accepted on TC call on Aug. 18th
i074
Document Identifiers
The artifacts (documents, schemas, etc.) produced by the WS-RX must be
uniquely identified. We need to decide on the identifiers for WS-ReliableMessaging
and WS-RM Policy
core
editorial
Gilbert Pilz
Gilbert Pilz
Self-evident
Link
According to the OASIS guidelines and in light of the proposed artifact metadata,
the documents should currently be identified as:
wsreliablemessaging-01-spec-wd-01.*
wsrmpolicy-01-spec-wd-01.*
Note that some identifiers may have the final sub-version removed. The * indicates
that these documents may be formatted in either HTML (.html) or PDF (.pdf).
Link
wsrm-1.1-spec-wd-01.*
wsrmp-1.1-spec-wd-01.*
Link
Proposal 2 accepted on Aug 18th TC call
i074
XML Namespace URIs
We need to decide upon the normative XML namespace URIs that must be used by implementations of these specifications
schema
editorial
Gilbert Pilz
Gilbert Pilz
Self-evident
Link
The namespace URIs for WS-RX-defined schemas should be URLs that resolve to RDDL documents
that provide information about the schema as well as links to the corresponding specification(s).
Per OASIS guidelines, the RDDL documents must be hosted by OASIS. Therefore the exact URL values
will need to be co-ordinated with OASIS but, in general,
they should look something like the following:
xmlns:wsrm="http://www.oasis-open.org/committees/ws-rx/wsreliablemessaging-200507.html"
xmlns:wsrmp="http://www.oasis-open.org/committees/ws-rx/wsrmpolicy-200507.html"
Note that the 200507 in the URL is represents the schema version as a date (July, 2005).
From Chris Ferris
I propose that we resolve issue i017 [1] as follows:
The namespace URI used for our specs should follow the draft AIR
guidelines. e.g.
http://docs.oasis-open.org/[productname]1
where [productname] is whatever we conclude for issue i015 [2] for the
respective specs. The trailing '1'
signifies the "version" of the *namespace* but is NOT in any way tied to
the version/revision of the corresponding
schema for that namespace (see my previous rants on this subject). This
will allow us to assign a final namespace
URI for the specifications that we are chartered to produce (rather than
having to either guess at a date, or worse
yet, change the namespace name with each successive published draft --
BLECH!)
I would also assert that we do not need to resolve i015 before resolving
that the form of the namespace
URI will be as above... we just fill in the blank once we have settled on
a [productname] for our specs.
Benefits: this yields a nice SHORT namespace URI (see my previous rants)
it allows us to assign a final URI
now, rather than waiting until we are essentially done (good for
implementation as it reduces unnecessary churn
to tweak the namespace URI in code).
[1]
http://www.oasis-open.org/apps/org/workgroup/ws-rx/download.php/13809/ReliableMessagingIssues.xml#i017
[2]
http://www.oasis-open.org/apps/org/workgroup/ws-rx/download.php/13809/ReliableMessagingIssues.xml#i015
From Marc Goodner
The namespace URI used for our specs should follow the draft AIR Guidelines as follows:
http://docs.oasis-open.org/yyyy/mm/[productname]
Where [productname] is the name from the resolution of issue i015 [2] for the respective specs
and yyyy/mm is the date of the published version of the specification.
[1] http://www.oasis-open.org/apps/org/workgroup/ws-rx/download.php/13809/ReliableMessagingIssues.xml#i017
[2] http://www.oasis-open.org/apps/org/workgroup/ws-rx/download.php/13809/ReliableMessagingIssues.xml#i015
Link
http://docs.oasis-open.org/wsrm/yyyymm/
http://docs.oasis-open.org/wsrmp/yyyymm/
Link
Proposal 4 made and accepted on Aug 18th TC call.
i074
Is an implementation supporting a smaller max message number valid?
The existing specification includes the clause "If the
message number exceeds the internal limitations of an RM Source or RM
Destination ...". This allows a source or destination to handle
unexpected failures gracefully. It does not clearly allow, require, or
prevent the implementation to be designed or deployed with a message
number limit. Should we support such a limitation?
core
design
Doug Bunting
Doug Bunting
Issue below presupposes a "yes" answer to this
question. Should decide this larger question before deciding how to
fill gap left if the answer is "yes".
Link
I lean toward "no" but could be convinced otherwise. If
"no" is the answer, the specification could change to make it clear a
WS-RM compliant implementation _must_ support the full unsigned long
range for the message number. That likely requires conformance
terminology not presently in the specification; this issue is not
intended to broach the even-more-general subject of conformance clauses.
My proposal therefore comes down to "close, no action".
Made on Jul 28th TC call
The answer to the question asked in the title is "yes"; an implementation
supporting less than 18 quintillion as the maximum message number is valid.
With regard to the specification at this time, no change seems necessary.
Any clarification necessary to make this lack of an implementation requirement
clear is likely to come from resolutions to i013: Max message number in policy and
/ or Issue i019: Sequence termination on Fault.
Second proposal accepted on
Jul 28th TC call, no objections.
i013
i019
Sequence termination on Fault
The RM Destination imperatively terminates a sequence due to one of these unrecoverable errors:
- wsrm:SequenceTerminated
- wsrm:MessageNumberRollover
- wsrm:LastMessageNumberExceeded
The semantics of sequence termination due to a fault occurrence are not clearly specified.
This uses the
reworded issue
core
design
Jacques Durand
Jacques Durand
Unless an accurate and final acknowledgement status was sent back at the time the
sequence is closed, the Source will not know if some non-acknowledged messages
were actually received before the termination occurs. This gives the source two
unpleasant options: (a) resend all non-acknowledged message in a new sequence,
with the risk of causing undetectable duplicates, (b) not resend any, and these
will be lost.
Link
Two options need be discussed: Option (1): At the time a Destination-controlled
termination gets into effect, a final and accurate Acknowledgement for the entire
sequence is sent back. Option (2): After the fault was notified to Source, simply
rely on regular termination procedure (either expiration-based, or under Source
control, so that the Source can complete its resending of pending messages and get
the final acks), meanwhile reject any message for this sequence that exceeds the
ending number in case of MessageNumberRollover or LastMessageNumberExceeded.
As outlined in message number 76
Proposal 2 accepted on Sept. 15th TC call.
Completed in CD 01
Semantics of "At most once" Delivery assurance
The semantics of the "at most once" delivery assurance are not clear.
One interpretation is that at most once implies that the sender is not
required to retransmit mesages which are not acked.
all
design
Tom Rutt
Tom Rutt
It is important to clarify whether the sender must retransmit unacknowledged
messages when the "at most once" delivery assurance is in use.
Link
Clarify the semantics. There are at least three possible semantics
associated with "at most once"
At most once means that the sender will never retransmit a message,
regardless of whether it is acknolweged by the destination.
The sender may retransmis messages, but is not required to to so,
however the destination will not deliver duplicates
The sender must retransmit messages, however the destination may
drop messages in times of resource saturation, but will never deliver a duplicate.
At line 162 of the WS-ReliableMessaging spec, delete the following
paragraph:
WS-ReliableMessaging provides an interoperable protocol that a Reliable
Messaging (RM) Source and Reliable Messaging (RM) Destination use to provide
Application Source and Destination a guarantee that a message that is sent will be
delivered. The guarantee is specified as a delivery assurance. The protocol supports
the endpoints in providing these delivery assurances. It is the responsibility
of the RM Source and RM Destination to fulfill the delivery assurances, or raise an
error. The protocol defined here allows endpoints to meet this guarantee for the
delivery assurances defined below.
and replace it with the following text:
The WS-ReliableMessaging specification defines an interoperable protocol
that requires a Reliable Messaging (RM) Source and Reliable Messaging (RM)
Destination to ensure that each message transmitted by the RM Source is
successfully received by an RM Destination, or barring successful receipt,
that an RM Source can, except in the most extreem circumstances,
accurately determine the disposition of each message transmitted as perceived by the
RM Destination, so as to resolve any in-doubt status.
In addition, The protocol allows the RM Source and RM Destination to provide their
respective Application Source and Application Destination a guarantee that
a message that is sent by an Application Source will be delivered to the Application
Destination.
This guarantee is specified as a delivery assurance. It is the responsibility of the RM
Source and RM Destination to fulfill the delivery assurances on behalf of
their respective Application counterparts, or raise an error. The protocol defined here
allows endpoints to meet this guarantee for the delivery assurances defined below. Note that
the underlying protocol defined in this specification remains the same regardless of the
delivery assurance. However, the means by which these delivery assurances are manifested by
either the RM Source or RM Destination roles is an implementation concern, and is out of scope of
this specification.
Note that the underlying protocol defined in this specification remains the same regardless of the delivery assurance.
Proposal 2 accepted at Sept. 21 F2F
Completed in CD 01
i009
An RM Policy applies two-way
Refurbished:
Last sentence of Section 2 in RM-Policy spec says that an RM policy MUST apply to all messages
in a binding (when associated to binding). That means applying equally (same timing parameters, etc.)
to both in and out messages of an operation of type request-response. However, clearly the DA
requirements are different for each endpoint (Client and WS), and so are the performance requirements
and capabilities regarding the protocol. For example, a WS may need ExactlyOnce for incoming messages,
and consequently implement the protocol along with its receiving functions (sending Acks), but not
willing to implement the RM sending functions (resending mechanism...) - or at least not with the
same parameter values - if the responses need not be reliable. In addition, when deployed in a
WS-I-compliant (Basic Profile) environment, a reliable Response has to be sent over an HTTP response.
The RMS behavior (which is now the sender of the Response) would need to implement a much more
constrained and context-dependent resending mechanism, as response messages can only be resent as
responses to request resendings.
policy
design
Jacques Durand
Jacques Durand
Enforcing same protocol policies for inbound and outbound messages may create unnecessary burden to a
WS endpoint for which RMD-only functions are sufficient. In addition, the resending behavior for
synchronous responses being more constrained, cannot obey the same parameters.
Link
Even if the scope of an RM Policy remains at port level there could be an additional
scoping attribute stating inbound vs outbound. Yet a cleaner way seems to make use of
finer granularity in the attachment (as allowed by WS-PolicyAttachment).
RM Policy Assertion Model's Base Retransmission Interval Clarification Needed
The RM policy assertions, specifically, InActivityTimeout, BaseRetransmissionInterval and ExponentialBackoff parameters need to be more finely specified.
The following are the areas which need finer specification
a) Default Value for InActivityTimeout, BaseRetransmissionInterval and ExponentialBackoff:
There needs to be a default set for these parameters. Currently the specification says
"If omitted, there is no implied value." Since these parameters dictate the delivery
of the message, an implementation is going to assume a default anyways. Not specifying
this will make implementations assume a different default value and cause unwanted
timeouts.
b) Definition of InActivity
There needs to be a discussion of definition of inactivity. If RMS sends a sequence to
RMD and is waiting for the response which is delayed for whatever reason, is that
inactivity on the link between RMS and RMD counted towards InActivityTimeout? If yes,
then it is entirely possible that while waiting for a sequence response, RMS could
timeout due to InActivity.
c) Applicability of InActivityTimeout:
It needs to be specified to which end this parameter is applicable. It seems like
sequence creator starts the timer for InActivityTimeout. If the intention is that
this timer exists on both ends of a sender and receiver engaged in a RM sequence,
we need to define a method for synchronization of the timer value of this parameter
between them. For example an KeepAlive message would need to be defined for keeping
sequence alive.
d) Corner Case Handling:
There needs to be a discussion of the corner case when the BaseRetransmissionInterval
exceeds InActivityTimeout. This can happen when the RMD is indisposed and
ExponentialBackoff drives up the value of BaseRetransmissionInterval. In this case
my retransmission is schedule later than the timeout that I need to abide to. What
state does the RMS enter in this situation?
e) BaseRetransmissionInterval Needs an Upper Bound:
If an RMD is offline for extended period of time, one can expect the BaseRetransmissionInterval
to be exponentially backed off i.e. become large enough to be not meaningful anymore. Having
an upper bound on this parameter will enable the RMS to stop retransmitting and report a fault.
This is the
revised description
policy
design
Vikas Deolaliker
Vikas Deolaliker
There is no obvious case mentioned in the spec that requires two timers for retransmission
upon timeout.
Original proposal in
raised issue, this is the text of the
revised proposal
1) InActivityTimeout and BaseRetransmissionInterval can be merged into one i.e.
BaseRetransmissionTimeout. Having just one counter on the RMS and RMD will reduce
the run-time resources (much simpler state machine) required to implement RM-Assertions
and avoid confusion (unknown states in state machine) caused by two timeouts. Having a
separate timeout for sequence and retransmission may not be necessary as activity on
the RM link is transmission/retransmission. I believe one timeout i.e.
BaseRetransmissionTimeout does not change the behavior of the system. Once this timeout
occurs the sequence has to timeout as the implication of the timeout is the destination
is either congested or offline.
2) If InActivityTimeout has to be there as a parameter, we need to fully specify it
with mechanisms for synchronization and keepalive. In addition, we need to discuss how
the corner cases and other conflicts that occur when one has two timeout (as discussed
in a-e above) are handled.
See message
Delete all re-transmission parameters as described in the WS-RM Policy specification since they are
unnecessary and unhelpful should the implementer use an algorithm with a different set of controls. Specific modification to documents
See message
SAP favors removing two of the parameters that are part of the wsrmp specification[1] as a step to resolve Issue i022 [2]: BaseRetransmissionInterval and ExponentialBackoff. We agree with Bob's argument that these are more dynamic in nature and should not be specified in the wsrmp document. However, we disagree to remove InactivityTimeout (and Acknowledgement Interval) from the specification.
Acknowledgement Interval is important from RMS's point of view to determine the duration to wait for an ack, hence necessary for RMD to specify.
Inactivity Timeout is important for reclaiming resources. It is important for RMS to know when RMD may recover resources and hence adjust its rate of transmission accordingly.
We propose to remove BTI and EB.
See message
remove lines 137-138, 156-163, 205-206, 282, 389-402 of WS-RMP and the schema
components represented by lines 389-402 in the appendix from the wsrmp XSD (where
are the xsd's hiding?)
Proposal 4 accepted at Nov 3rd TC call
Robust recovery from low-resource conditions
In situations where the RMD is running low on resources, it may want
to provide hints to the RMS of its situation with the expectation that
the RMS pauses or slows down the (re)transmittal of messages and avoid
further straining of RMD resources until recovery. The current solution
of statically associating an ExponentialBackoff policy assertion may not
be timely and sufficient in all the cases and a more dynamic solution
for throttling the message flow may be needed.
core
design
Sanjay Patil
Marc Goodner
In a low-resource situation, it is likely that the RMD would discard
any incoming messages and stop sending any Acks. Since the current
protocol design does not provide for the RMS to become cognizant of the
situation on the RMD side, RMS may simply keep on (re)transmitting
messages resulting into further resource utilization (network bandwidth,
processing power on both ends, etc.) and possibly making the situation
worse. It seems that a better option may be for the RMD to push back on
the RMS in the event of low-resource like situations and request the RMS
for pausing or slowing down any (re)transmissions.
Link
RM Protocol to support RMD pushing back on the RMS for slowing down or
stopping (re)transmission of messages.
See message
Close with no action.
See message
Proposal 2 accepted at Nov 3rd TC call
WS-RX policies not manifested on the wire
Issue i009 asks whether WS-RX should define policy assertions to define
various kinds of QoS properties for a message sequence. This certainly seems
like a good subject for discussion. What worries is something related.
There is a tacit assumption that WS-RX policies will follow WS-Policy
(latest public version Sept. 2004). This specification does not state explicitly
how to tell whether a message conforms to a particular policy. The assumption is
that one can examine the headers in the message and tell what policy is being followed.
Thus, the effect of policies is manifested on the wire.
But neither the suggested QoS assertions nor the existing WS-RX assertion that
declares the retry-interval etc. will appear as message headers. So, how do we
tell what policy is being followed? Clearly, some other mechanism is needed.
One way is for messages to carry the URI of the policy they adhere to. Another
is to define headers in the start-sequence and sequence-started messages that
indicate policy information. I'm sure folks can come up with other good suggestions.
policy
design
Ashok Malhotra
Ashok Malhotra
See description
Close with clarification of meaning of observed to be added to spec.
Proposal 1 accepted at Sept. 21 F2F
Pending text agreed on Oct. 20 TC call:
Change text using email message 144
proposal from Marc Goodner to change "observe" to "in effect".
Amended to add the words "rm assertion parameters do not affect the messages which are sent on the wire"
i009
i013
What is the correct form of SeqAck when RMD has received no messages
Consider the following scenario: an RMS establishes a Sequence with CreateSequence
and transmits a single message that is NOT received by the RMD. It then follows that
with an AckRequested message. What is the correct form of the SequenceAcknowledgement
expected? Should one be sent?
core
design
Chris Ferris
Chris Ferris
The specification and schema require that a SequenceAcknowledgement element
have at least one AcknowledgementRange child element (or a Nack) Yet, MessageNumber
values start at 1 and increment monotonically by 1 for each successive message in a
Sequence. Zero (0) is not a valid MessageNumber.
From raised issue
Recommend that an RMD be required to respond with a SequenceAcknowledgement element
containing exactly one AcknowledgementRange child element that has both the @Upper
and @Lower attributes each carry a value of "0" to signify that no messages have been
received for a given Sequence. e.g.
<wsrm:SequenceAcknowledgement xmlns:wsrm="http://docs.oasis-open.org/whatever">
<wsrm:Identifier>http://example.org/mysequence/1234</wsrm:Identifier>
<wsrm:AcknowledgementRange Upper="0" Lower="0">
</wsrm:SequenceAcknowledgement>
1) Amend the schema to add a third <xs:choice>
element, <wsrm:None/> in
parallel with Nack and AcknowledgementRange.
2) Explain the meaning of this element in the text, i.e.
"/wsrm:SequenceAcknowledgement/wsrm:None -- no messages were received".
3) Editors to clean up the text around AcknowledgementRange (i.e. is it
really optional, etc...)
Proposal 2 accepted at Sept. 22 F2F
Completed in CD 01
better support in handling space-greedy sequences
In case an RM destination expects a large number of concurrent sequences, it may find itself
in a position where maintaining the state of existing sequences takes too much resources. As a
consequence, existing sequences may need to be terminated by the RM Destination, or new
CreateSequence requests may be turned down, and denial of service occurs.
COnsider a rate of message loss (and not RM-recovered) of about one for each million in average,
over a sequence 1 trillion long (about 18,000, 000 times smaller than allowed maximum).
Representing the state of such a sequence would require 1M intervals, with about 12 bytes to code
an interval of (long) integers (long starting number + length on 4bytes) about 12Mb is used for
the sequence state. For am RM Destination with tens of thousands of concurrent long-lasting sequences, it means that potentially terabytes of persistent space will be needed to store the state of these sequences. Also, the SequenceAcknowledgement element for such sequences may become extremely bulky (with such a rate loss above, could reach several Gb once the sequence gets big.)
core
design
Jacques Durand
Jacques Durand
Space needs over time for sequences states is something unpredictable but manageable, (somehow like
cache management). If one wants to ensure the scalability of the RM mechanism, such dynamic
policies as:
(1) deciding to arbitrarily end some existing sequence (e.g. LFU)
(2) dynamically adjust the maximum sequence length of new sequences at creation time
should be supported (though their specification should remain out of scope).
For example, in many cases it is preferable to preventively limit the size of requested new
sequences, and to decide that below a threshold of available memory, the maximum length of new
sequences would get smaller. The RM specification is currently not open to such policies,
mandating a fixed maximum to all sequences created regardless of resource status.
From raised issue
(a) create another fault like "ResourceExhaustion" more explicit than "SequenceTerminated" fault,
that allows the RM Source to understand the reason of such an arbitrary termination by the
RM Destination.
(b) In addition, if a smaller maximum has been dynamically decided by the RM Destination,
communicate it to the RM Source via the CreateSequenceResponse.
Closed with no action at Sept. 21 F2F
InOrder delivery assurance spanning multiple sequences
The InOrder delivery assurance can only be enforced for messages within one sequence. If a new sequence has to be created, for example due to a MessageNumber rollover, the ordering of the messages can not be enforced unless there is a way to link the sequences together.
If this is the intention it should be clarified in the spec.
core
design
Andreas Bjärlestam
Andreas Bjärlestam
InOrder is one of the supported delivery assurances. The scope of the ordering should be clear.
Original message: InOrder Messages will be delivered in the order that they were sent. This delivery assurance may be combined with any of the above delivery assurances. It requires that the messages within a Sequence will be delivered in an order so that the message numbers are monotonically increasing. Note that this assurance says nothing about duplications or omissions. Note also that it is only applicable to messages in the same Sequence. Cross Sequence ordering of messages is not in the scope of this specification.
Proposal 1 accepted on Sept. 15th TC call.
Completed in CD 01
Accurate final acknowledgement of a Sequence with gaps when RMS decides to stop using it
When a Source decides to stop using a sequence, there is no way the RMS can get a sequence
ack that it knows will accurately reflect the final state of the sequence, i.e. the state
the sequence will have at actual termination time. No matter how long an RMS waits after
its last sending and before requesting its last Ack, some past message that was previously
sent and never acknowledged (for which RM Source had stop any resending effort) could be
received late by RMD (e.g. after being stuck in a router), i.e. after the sending of the
last SequenceAcknowledgement and before the sequence is actually terminated so that the
RMD can reclaim resources. This is the twin sister of issue i019 which deals with a
similar problem but in case of sequence fault (which gives no chance to RMS to get this
final seq ack.)
core
design
Jacques Durand
Jacques Durand
An RMS (or SA) may decide to stop using a sequence even though some messages were not
received (not acked). But in all cases, it is important that the RMS gets a final
accurate account of which messages have been received and which have not for this
sequence. The RMS may have to raise an error for those not received. Also if the SA
decides to take remedial action for these (e.g. some resending on its own) it must be
given some means to avoid treating messages that it did not know were already received
in a previous sequence (e.g. avoid resending them later in a new sequence as they would
become undetectable duplicates.)
From Jacques Durand at issue origin
TBD. Outline of a solution:
(a) give an RMS a way to trigger a SeqAck that will be associated with the "closing" of the sequence i.e. no more message will be accepted by the RMD after this Ack is generated.
(b) give an RMS a way to reiterate this trigger in case it is lost, so that it can get this last SeqAck.
As outlined in message number 76
Proposal 2 accepted on Sept. 15th TC call.
Completed in CD 01
Remove dependency on WS-Security
The current draft of the WS-ReliableMessaging specification includes elements that are
defined in WS-Security. This dependency is unnecessary and creates a number of problems for WS-RM
implementations and the organizations that provide such implementations. It should therefore be
removed.
core
design
Gilbert Pilz
Gilbert Pilz
Lines 502-508 of WS-ReliableMessaging-v1.0-wd-01 describes the inclusion of
a <wsse:SecurityTokenReference> as a sub-element of the <wsrm:CreateSequence> element.
The reason for including a SecurityTokenReference in the sequence creation request is to provide
the information necessary to perform authorization checks upon the messages within the sequence.
Such authorization checks are unnecessary as they only serve to defend against a denial-of-service
attack (spoofed sequence identifiers) that can be better defended against by proper protection of the
sequence identifier. In addition to this there are a large number of denial of service attacks that
are not blocked by these authorization checks.
If vendors that provide implementations of WS-RM are required to support the use of the
SecurityTokenReference during sequence creation in order to be deemed compliant (as the current
interopability scenarios indicate), then such vendors must supply an implementation of WS-Security
along with their implementation of WS-ReliableMessaging. This despite the fact that 99% of their
customers may not be interested in using anything more complicated than SSL/TLS to protect their
web services traffic.
Although the use of the SecurityTokenReference element is described as optional, the decision
on whether or not to use this option lies with the RM Source. Since there is no RM-Policy
Assertion that indicates whether or not the RM Destination can accept the use of this option,
negotiating the use of this option requires manual, out of band communications between the
operators of the two systems. This impacts the usability of the systems that use WS-RM.
Delete lines 458-461 of WS-ReliableMessaging-v1.0-wd-01
Delete lines 502-508 of WS-ReliableMessaging-v1.0-wd-01
Remove lines 450-452 and 494-500
Proposal 2 accepted at Sept. 22 F2F
Completed in CD 01
i007
What are the obligations on RMD for use (or not) of Offered Sequence?
When an RMD accepts an offer of a bilateral Sequence, is it Obligated to use that
Sequence for response messages to the endpoint that requested creation of the Sequence
in which the offer was made?
core
design
Chris Ferris
Chris Ferris
The text in section 3.4 makes no mention of the obligations, if any that the RMD has
in accepting a CreateSequence with an Offer. The text at 480(pdf) reads:
/wsrm:CreateSequence/wsrm:Offer
This element, if present, enables an RM Source to offer a corresponding Sequence
for the reliable exchange of messages transmitted from RM Destination to RM Source.
As the wsrm:Offer is intended as an optimization, I believe that the RMD should be
under no obligation to actually use the offered Sequence. Similarly, I believe that it
should be made clear in the spec that the RMS MUST NOT presume that the offered Sequence
will actually be used to ensure that there are no interop issues that might arise from one
implementation making such an assumption and another that chooses not to use the offered
Sequence (for what ever reason). I suppose that we *could* devise a wsrm:Decline child of
wsrm:CreateSequence as a courtesy to the RMS that made the offer so that it could reclaim
the associated resources rather than having to wait until the offered (but unused) Sequence
expired. That would make it abundantly clear that there was no association. If we pursued
the wsrm:Decline, then the text around lines 536-566 will need to be fixed accordingly.
Remove lines 545-546 of WS-RM spec (pdf) [3] so as to not require that
the RMD send a wsrm:Accept in a CSR for a CS with a wsrm:Offer.
Absence of a wsrm:Accept in a CSR for a corresponding CS with wsrm:Offer enables the RMS
to safely reclaim the resources associated with the offered sequence. It isn't clear to
me that the spec need to say anything about that, but if some would prefer it did, I
offer this addendum to my proposal to be inserted immediatly following the deleted
lines above:
Note: If a wsrm:CreateSequenceResponse is returned without a child wsrm:Accept in
response to a wsrm:CreateSequence that did contain a child wsrm:Offer, then the RM
Source MAY immediately reclaim any resources associated with the unused offered Sequence.
[1]
http://www.oasis-open.org/apps/org/workgroup/ws-rx/download.php/14682/ReliableMessagingIssues.xml#i030
[2]
http://www.oasis-open.org/apps/org/workgroup/ws-rx/download.php/14682/ReliableMessagingIssues.xml#i001
[3]
http://www.oasis-open.org/apps/org/workgroup/ws-rx/download.php/14603/wsrm-1.1-spec-wd-03.pdf
Proposal 2 accepted
i001
i030
Inconsistency between spec and schema (AckRequested)
There is an inconsistency between the spec and the schema for the child element of the
<AckRequested> directive. Is the child element wsrm:MaxMessageNumberUsed (as per
the schema) or is it wsrm:MessageNumber as per the spec?
Here's the prose from line 427 (pdf) of the wsrm spec:
/wsrm:AckRequested/wsrm:MessageNumber
This optional element, if present, MUST contain an xs:unsignedLong representing the highest
<MessageNumber> sent by the RM Source within a Sequence. If present, it MAY be treated
as a hint to the RM Destination as an optimization to the process of preparing to transmit a
<SequenceAcknowledgement>.
Here's the relevant fragment from the schema:
<xs:complexType name="AckRequestedType">
<xs:sequence>
<xs:element ref="wsrm:Identifier"/>
<xs:element name="MaxMessageNumberUsed"
type="xs:unsignedLong" minOccurs="0"/>
<xs:any namespace="##other" processContents="lax"
minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:complexType>
schema
editorial
Chris Ferris
Chris Ferris
There is a clear discrepancy between the spec and the schema
I believe the intent was to have the element named as per the schema. Change the text at
line 427 as follows:
/wsrm:AckRequested/wsrm:MaxMessageNumberUsed
This optional element, if present, MUST contain an xs:unsignedLong representing the highest
<MessageNumber> sent by the RM Source within a Sequence. If present, it MAY be
treated as a hint to the RM Destination as an optimization to the process of preparing
to transmit a <SequenceAcknowledgement>.
Change the ws-rx schema AckRequestedType complexType from:
<xs:complexType name="AckRequestedType">
<xs:sequence>
<xs:element ref="wsrm:Identifier"/>
<xs:element name="MaxMessageNumberUsed" type="xs:unsignedLong"
minOccurs="0"/>
<xs:any namespace="##other" processContents="lax" minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
<xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:complexType>
to:
<xs:complexType name="AckRequestedType">
<xs:sequence>
<xs:element ref="wsrm:Identifier"/>
<xs:element name="MessageNumber" type="xs:unsignedLong" minOccurs=
"0"/>
<xs:any namespace="##other" processContents="lax" minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
<xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:complexType>
to bring it into alignment with the specification prose.
Proposal 2 accepted at Sept. 22 F2F
Completed in CD 01
Protocol serialization optimization proposal
I've been thinking a bit about how we might optimize the serialization of the elements in the protocol; doing so without actually changing the abstract properties of the protocol itself.
Here's what we have today:
<wsrm:Sequence
xmlns:wsrm="http://docs.oasis-open.org/wsrx/@@@";>
<wsrm:Identifier>http://example.org/mysequence/1234</wsrm:Identifier>
<wsrm:MessageNumber>1</wsrm:MessageNumber>
<wsrm:LastMessage/>
</wsrm:Sequence>
I think that if the properties were serialized as attributes, we would have a much more compact serialization:
<wsrm:Sequence
xmlns:wsrm="http://docs.oasis-open.org/wsrx/@@@"
seqID="http://example.org/mysequence/1234"; msgNum="1"
last="true"/>
The serilaization savings for a Sequence element is 91 bytes per message.
For the SequenceAcknowledgement, we could collapse the acknowledgement range elements into a single attribute value that was a sequence of integers. e.g in the simplest case, here would be an example SeqAck:
<wsrm:SequenceAcknowledgement
xmlns:wsrm="http://docs.oasis-open.org/wsrx/@@@"
seqID="http://example.org/mysequence/1234"; ranges="1 1 3 10">
where the @ranges attribute is a list of unsignedLongs. e.g.
<xs:simpleType name='rangeType'>
<xs:list itemType='xs:unsignedLong'/>
</xs:simpleType>
The ranges are expressed as "low hi low hi low hi ..."
In the example above, message #2, 3 and 4 are missing. Here's an example of a nack:
<wsrm:SequenceAcknowledgement
xmlns:wsrm="http://docs.oasis-open.org/wsrx/@@@"
seqID="http://example.org/mysequence/1234"; nack="2 3 4">
The savings on the SequenceAcknowledgement are 99 bytes/message using the optimized
serialization for a SequenceAcknowledgement with no gaps, 148 bytes for one with one gap,
195 bytes for one with two gaps, and 242 for one with three. Basically, it boils down to
an additional 47 bytes per gap (in this case using namespace prefix of wsrm) or 42 bytes
using the default namespace.
core
design
Chris Ferris
Chris Ferris
The point of this proposal is not limited to byte savings of serialization.
Rather, it has more to do with the efficiency with which the protocol properties can be
serialized and deserialized. Especially with the @range attribute, there are far fewer nodes
involved.
In terms of creation/serialization performance, I found an average savings in serialization
(using java) of:
Sequence - .0478 ms
SequenceAcknowledgement (with 2 gaps) - .19765 ms
I haven't had a chance to assess parsing performance benefits yet, but I have to imagine that
there would be some benefit.
Sure, scoff if you will, but in the context of an server implementation processing a
gazillion messages, the performance savings are non-trivial.
Think about providing RM support for a customer such as a Ford or FedEx.
The sheer volume of messages that they expect to be able to process daily is mind-boggling.
Of course, in the context of a message with a WS-Security header, the RM performance and
bandwidth overhead pales in comparison for the processing of the overall message, but IMO,
there's no reason that RM should exacerbate the issue. If there is a performance and
bandwidth optimization that we could effect without actually changing the protocol, I think
we should give it serious consideration.
As for extensibility, we could still have the Sequence and SequenceAcknowledgement elements
extensible via both attributes and elements. There's no reason to change that.
This isn't fully fleshed out in terms of line numbers and prose, etc. However, the gist
would be to have the protocol elements be as follows:
<wsrm:Sequence seqID="[xs:anyURI]"
msgNum="[xs:unsignedLong]"
last="[xs:boolean]"? .../>
<xs:simpleType name='rangeType'>
<xs:list itemType='xs:unsignedLong'/>
</xs:simpleType>
<!-- The ranges are expressed as "low hi low hi low hi ..." -->
<wsrm:SequenceAcknowledgement seqID="[xs:anyURI]"
[ranges="[wsrm:rangeType]"|nack="[wsrm:rangeType]"] .../>
<wsrm:AckRequested seqID="[xs:anyURI]"
msgNum="[xs:unsignedLong]"? .../>
Close with no action
Proposal 2 accepted on Nov 10 TC call
Processing model of NACKs
Although it is assumed that a NACK will trigger
retransmission of a given message from the source to the destination
there is no wording in the current version of the spec that describes
this feature adequately.
core
design
Steve Winkler
Steve Winkler
This will clarify to implementers the spirit of the spec
by spelling out in more concrete terms what is currently only implied.
Add the following to the spec directly before the text that is
incorporated as a resolution to i005:
Upon the receipt of a Nack, an RM Source SHOULD retransmit the message
identified by the Nack as soon as possible.
Add the following to the spec directly before the text that is
incorporated as a resolution to i005:
Upon the receipt of a Nack, an RM Source SHOULD retransmit the message
identified by the Nack.
Proposal 2 accepted at Sept. 22nd F2F
Completed in CD 01
If a fault is generated whilst processing a piggy-backed
AckRequested or SequenceAcknowledgement header, should this stop
processing of the entire message?
In Section 3.2 of the spec, it states that 'The
<SequenceAcknowledgment>
header block MAY be transmitted independently,
or included on return messages'. A similar statement is made in Section
3.3, 'The RM Source endpoint requests this Acknowledgment by including
an <AckRequested> header block in the message'. In both cases, the
header can be piggy-backed on a message going to the relevant endpoint.
If during the processing of this header, a fault occurs, the spec does
not state what should happen. Consider the case where an AckRequested
is piggy-backed on a non WS-RM message that happens to be going to the
correct endpoint. If the AckRequested turns out to be for an
UnknownSequence, the spec states that the fault processing should be as
per WS-Addressing, however any EPRs defined in the message are
potentially application EPRs and not WS-RM EPRs, so sending a fault to
the applications FaultTo EPR may not be the correct thing to do.
core
design
Daniel Millwood
Daniel Millwood
The piggy-backing of headers is an optimization and as
such, it is questionable whether their processing should affect the
processing of the original message. The spec should be clear on the
expected behaviour of the RM Source and the RM Destination in these
cases.
Change the wording of the spec to be along the lines of "If a
fault occurs when processing an RM Header that was piggy-backed on
another message, a fault MUST be generated, but the processing of the
original message MUST NOT be affected.
If a non-mustUnderstand fault occurs when processing an RM Header that
was piggy-backed on another message, a fault MUST be generated, but
the processing of the original message MUST NOT be affected.
Proposal 2 accepted at Sept. 22nd F2F
Completed in CD 01
What does 'anon' URI mean when used in AcksTo EPR?
WS-Addressing Core [1], section 2.1 says the following about 'anon':
"Some endpoints cannot be located with a meaningful IRI; this URI is
used to allow such endpoints to send and receive messages. The precise
meaning of this URI is defined by the binding of Addressing to a
specific protocol."
WS-Addressing SOAP binding [2] defines what the 'anon' address means
when used with ReplyTo and FaultTo in SOAP and SOAP/HTTP binding. It
does not say anything about what it means when used in other headers
such as AcksTo.
core
design
Anish Karmarkar
Umit Yalcinalp
WSRM defines AcksTo element of type EndpointReferenceType and allows
'anon' URI for the address. But the meaning of such an anon address is
not defined anywhere.
This can be resolved by:
a) Adding a stmt similar to WS-Addressing SOAP binding. Something like:
"When "http://www.w3.org/2005/08/addressing/anonymous"; is specified as
the address of the wsrm:AcksTo EPR, the underlying SOAP protocol binding
provides a channel to the specified endpoint. Any underlying protocol
binding supporting the SOAP request-response message exchange pattern
provides such a channel. For instance, the SOAP 1.2 HTTP binding[SOAP
1.2 Part 2: Adjuncts] puts the reply message in the HTTP response."
OR
b) we could ask the WS-Addressing WG to fix their SOAP binding to
include not just ReplyTo and FaultTo EPRs but any EPR when used in the
context of SOAP/HTTP binding.
I prefer that we do (b). If they refuse, we can do (a)
i012
Duplicate detection of wsrm:CreateSequence messages
wsrm:CreateSequence messages can be duplicated, delayed a/o resent by the RMS
(for lack of response or lost CreateSequenceResponse). Therefore it is possible that
one RMS create Sequence request message may result in creation of multiple (spurious)
Sequences at the RMD. Each Sequence at an RMD may require resource reservation resulting
in excessive resource utilization or unnecessary refusal from RMD to create new
(legitimate) Sequences.
core
design
Anish Karmarkar
Anish Karmarkar
WSRM spec is created to reliably deliver messages in an unreliable environment,
where message may be lost, duplicated, delayed or received out-of-order.
This unreliable environment applies not only to payload message but also to protocol
signal messages such as wsrm:CreateSequence/wsrm:CreateSequenceResponse messages.
Typically on receiving a wsrm:CreateSequence message, the RMD reserves resources
for the sequence (when it does not generate a fault) and responds with a
wsrm:CreateSequenceResponse.
It is possible that the underlying network duplicates/delays/loses the
wsrm:CreateSequence message OR it is possible that the RMS resends wsrm:CreateSequence
message for a lack of response (or because the wsrm:CreateSequenceResponse message
was delayed or lost). In such a scenario the RMD may end up unnecessarily reserving
resources (till the expiration time/inactivity Timeout of the Sequence) for Sequences
that were never requested. This may result excessive resource utilization or refusal
of legitimate Sequence request because of spurious requests taking up all the RMS resources.
Require that the RMS include the wsrm:Identifier in the wsrm:CreateSequence request.
I.e RMS decides on the identifier for the Sequence rather than the RMD. RMD merely
echos the wsrm:Identifier in the wsrm:CreateSequenceResponse that was present in the
wsrm:CreateSequence message (or faults).
If it is essential that the RMD generate the wsrm:Identifier for the Sequence
(and I would like to understand why that is so -- I have some idea of why that may be
the case, but not sure if that is the reason why it is so), then a different approach
will have to be taken. Something along the lines of:
-- require the RMS to specify a suggested wsrm:Identifier in the CS and allow the RMD
to ok that or override it in the CSR message.
Motion to close with no action passed at 9/22 F2F.
WS-Addressing Endpoint redefined in WSRM
Section 2.1 defines the term 'Endpoint'. This is the same definition used by WS-Addressing [1]
in section 1. Instead of defining this term again in WSRM, just point to the ws-addr document.
core
editorial
Anish Karmarkar
Anish Karmarkar
In the spirit of composability and defining something once and reusing it, it makes sense
to just refer to the WS-Addressing definition. This also protects us from minor changes in
definition in the ws-addr spec (which is not final yet).
Replace the current definition by a reference to the WS-Addr spec.
Insert the current text from ws addressing with "as defined in ws addressing" as a prefix phrase.
Proposal 2 made and accepted on Oct. 13 TC call
2396 is obsoleted by 3986
There are several reference to RFC 2396. This RFC is obsoleted by RFC 3986.
core
editorial
Anish Karmarkar
Anish Karmarkar
RFC 2396 is obsoleted by RFC 3986.
Either replace 2396 with 3986 OR like WS-Addressing, move to IRIs (RFC 3987).
Replace reference to RFC2396 with RFC3986,. and to Open AI to open issue to explore which of the uses of the term URI need to be replaced with IRI.
Proposal 2 made and accepted on Oct. 13 TC call
What does 'have a mustUnderstand attribute' mean?
Lines 270-272 talk about wsrm:Sequence having a mustUnderstand attribute to ensure
that the RMD understands it. What it really should say is: have a mU attribute with a
value of '1/true'.
core
editorial
Anish Karmarkar
Anish Karmarkar
Lines 270-272 in [1]
say:
"... The <wsrm:Sequence>
element MUST have a mustUnderstand attribute from the namespace corresponding to the version
of SOAP to which the <wsrm:Sequence> SOAP header block is bound."
Having a mU attribute does not ensure that the RMD will understand the SOAP header,
since the value of the attribute can be '0/false'.
Change it to say: "... mustUnderstand attribute with a value of 1/true ..."
Proposal 1 accepted at
9/22 F2F.
See proposed-04.
Completed in CD 01
Change 'optional' and 'required' in section 3 to RFC 2119 OPTIONAL and REQUIRED
Section 3 uses 'optional' and 'required' to mean the same thing as 'optional' and 'required' in RFC 2119.
To keep the style consistent, these should be capitalized.
core
editorial
Anish Karmarkar
Anish Karmarkar
Section 3 uses 'optional' and 'required' to mean the same thing as 'optional' and 'required' in RFC 2119.
To keep the style consistent, these should be capitalized.
Change all occurrences of 'required' to 'REQUIRED' and 'optional' to 'OPTIONAL' in section 3.
Proposal 1 accepted at
9/22 F2F.
See proposed-05.
Completed in CD 01
Presence of NACK and ACK range in the same message
Page 15, lines 344-345 say
:
"This element MUST NOT be present if <wsrm:Nack>
is also present as a child of <wsrm:SequenceAcknowledgement>."
Given that there can be multiple SeqAck headers in a message, this is true only for the same header and not across headers.
core
editorial
Anish Karmarkar
Anish Karmarkar
WSRM allows multiple SeqAck headers, therefore one can Nack sequence "A" in one header and Ack Sequence "B" in
another header in the same message.
Replace the sentence in question with "... MUST NOT be present if a sibling <wsrm:Nack> element is also present ..."
Proposal 1 accepted on Oct. 13 TC call
Which version of WS-Addressing spec?
Page 25, lines 664-665 at [1]
says:
"WS-ReliableMessaging faults MUST include as the [action] property the default fault action URI defined in the
version of WS-Addressing used in the message."
This can be interpreted as any version of WS-Addressing is allowed with WSRM. WSRM spec should specify which
version of WS-Addressing is used by the spec.
A related issue is that:
On page 25, lines 664-666 talk about the default "http://schemas.xmlsoap.org/ws/2004/08/addressing/fault"; as the
Fault [action] property. This default is defined only for the SOAP binding and is meant to be used with WS-Addr
faults not WSRM faults.
core
design
Anish Karmarkar
Anish Karmarkar
Without clearly indicating which version of WS-Addressing is required/used by the spec, independent
implementation will not interoperate. WS-Addressing specification has changed substantially
(in certain sections/artifacts of the WS-Addressing spec) over the years.
Use the CR version of the spec [2]
(in this paragraph as well as the normative reference for the spec) for
now and make changes as the addressing spec transitions through the process of becoming a REC. Based on the
WS-Addr schedule and WSRM schedule, WS-Addr is slated to become a REC before WSRM is final.
For the related issue:
change line 664 from --
"WS-ReliableMessaging faults MUST include as the [action] property the default fault"
to --
"WS-ReliableMessaging faults MUST include as the [action] property as defined by WS-Addressing [ref]."
and delete lines 665-667
Defer updating references to WS-A at this time. We should reopen this issue after WS-A
progresses to Proposed Recommendation with the intention of updating the reference when WS-A
reaches REC status.
Given the importance of the version of WS-Addressing for interop, in
deferring this issue I would like to record the sense of the TC (if
TC agrees to do so) that for the Implementation SC and interop
events/efforts, the TC will be cognizant of the changes that have been
made to the WS-Addressing spec by the WS-Addressing WG. For example,
Reference Properties have been removed, the syntactic structure of an
EPR has changed, the default Action value for faults, default Action
algorithm for WSDL, defaulting of wsa:To has changed. Wherever possible
the interop effort will adopt the recent changes that have been made to
WS-Addressing.
Proposal 2 accepted on Oct. 27th TC call
, issue is deferred.
Why is wsa imported in the WSDL?
On page 49, lines 156-1358 in [1],
there is a schema import of the wsa namespace in the wsdl:types section. Why is this needed?
wsdl
editorial
Anish Karmarkar
Anish Karmarkar
The wsa element/types are not used by the schema (embedded in the WSDL) or used in the definition of any of
the message constructs. The only place it is used is for wsa:Action (as a WSDL 1.1 extensible attribute).
To do that, it is not necessary to schema import the namespace.
Remove the xs:import that imports wsa namespace.
Proposal 1 accepted on Oct. 13 TC call
SequenceFault element refers to fault code rather than fault [Subcode]
On page 27, line 745 at [1]
refers to fault code rather than fault [Subcode].
core
editorial
Anish Karmarkar
Anish Karmarkar
Fault codes are either Sender or Receiver which map to S11:Client or S11:Server for SOAP 1.1.
The text in question is actually talking about the fault [Subcode]s that are defined subsequently.
Either:
1) refer to fault [Subcode] instead of fault code
Or:
2) refer to fault [Subcode] instead of fault code and change the element from wsrm:SequenceFault/wsrm:FaultCode to
wsrm:SequenceFault/wsrm:FaultSubcode to match the abstract property that is being conveyed.
I prefer (2).
change sentence line 745 and 746 of WD 03 (9/19) to refer to fault [Subcode] instead of fault code
Proposal 2 made and accepted on Oct. 13 TC call
Why is SecureConversation a normative reference?
SecureConversation is listed as a normative reference, but it is never referenced from anywhere (which needs to be fixed).
More importantly, only the security considerations section talks about SecureConversation but in a non-normative way.
core
editorial
Anish Karmarkar
Anish Karmarkar
A non-normative reference is listed under normative reference.
Include the [SecureConversation] reference wherever the Security Consideration section talks about it
and move it to the non-normative reference section.
Proposal 1 accepted at
9/22 F2F.
See proposed-11.
Completed in CD 01
Schema type of wsrm:FaultCode element can be changed from xs:QName to wsrm:FaultCodes
Page 37, line 1027 of [1]
makes the type of wsrm:FaultCode as xs:QName.
This element is already restricted to the QNames listed in the schema type wsrm:FaultCodes.
Related issues:
Editorial issue about changing wsrm:FaultCodes to wsrm:FaultCodeType, raised in the email at [2]
schema
editorial
Anish Karmarkar
Anish Karmarkar
Although the schema is correct, it would be more appropriate and narrowly/tightly scoped by
using the type wsrm:FaultCodes instead of xs:QName
Replace line 1027 from -
<xs:element name="FaultCode" type="xs:QName"/>
to -
<xs:element name="FaultCode" type="wsrm:FaultCodes"/>
Proposal 1 accepted at
9/22 F2F.
See proposed-12.
Completed in CD 01
Reorder spec sections
The current order in which the RM spec talks about the protocol elements is:
Sequence header
SeqAck header
ReqAck header
CreateSequence
TerminateSequence
CloseSequence
I'd like to reorder them based on how we actually expect people to use them.
core
editorial
Doug Davis
Doug Davis
Helps in understanding the spec.
Change the order to be:
CreateSequence
Sequence header
ReqAck header
SeqAck header
CloseSequence
TerminateSequence
Postpone incorporation until after the first CD
Change the order to be:
CreateSequence
CloseSequence
TerminateSequence
Sequence header
ReqAck header
SeqAck header
Proposal 2 accepted at Sept. 22 F2F,
see proposed-13
CloseSequenceResponse and Acks
Using the CloseSequence operation a RMS will be able to get the true final accounting of the ACKs
for a sequence - sort of. There is one case that could be problematic. Let's say that the
CreateSequence operation is given a bad AcksTo EPR. In this case no Acks will ever be received by the
RMS - and this could be the reason for it closing the sequence. However, if all ACKs are always sent
to the AcksTo EPR then the RMS will have no choice but to eventually Terminate the sequence (or wait
for it to timeout) without ever getting the true final accounting of Acks. This would leave the RMS
and RMD with a very different view of the state of the sequence.
core
design
Doug Davis
Doug Davis
See description.
To solve this I'd like to require that the CloseSequenceResponse message include the "final" Ack.
So, using [1]:
Replace the text on line 608:
Upon receipt of this message the RM Destination MUST send a
SequenceAcknowledgement to the RM Source.
With:
Upon receipt of this message the RM Destination MUST send a
SequenceAcknowledgement to the RM Source in the
CloseSequenceResponse message.
Proposal 1 accepted and further described here.
Allignment and refinement of defintions for DA
I took an action Item to align the Delivery Assurance definition text in
the body document with the resolution of Issue 009.
core
design
Tom Rutt
Tom Rutt
The resolution of Issue 009 is documented here:
It is best if the Delivery assurances are defined in only one place in
the document.
There is a discrepancy with the current text in secton 2 and the
resolution of issue 009, regarding the necessity for raising an error on at least one endpoint.
The definition in the current text of DA in Section 2 :
There are four basic delivery assurances that endpoints can provide:
- AtMostOnce Messages will be delivered at most once without duplication
or an error will be raised on at least one endpoint. It is possible that some
messages in a sequence may not be delivered.
- AtLeastOnce Every message sent will be delivered or an error will be
raised on at least one endpoint. Some messages may be delivered more than once.
- ExactlyOnce Every message sent will be delivered without duplication
or an error will be raised on at least one endpoint. This delivery assurance is the
logical "and" of the two prior delivery assurances.
- InOrder Messages will be delivered in the order that they were sent.
This delivery assurance may be combined with any of the above delivery assurances. It
requires that the sequence observed by the ultimate receiver be non-decreasing.
It says nothing about duplications or omissions.
while the current text for resolution of issue 009 adds the following
for DA policy assertion:
<wsrm:DeliveryAssertion mode="[AtLeastOnce|AtMostOnce|ExactlyOnce]"
ordered="[xs:boolean]"? ...="" >
/wsrm:DeliveryAssertion
A policy assertion that makes a claim as to the delivery assurance policy
observed by the destination endpoint.
/wsrm:DeliveryAssertion/@mode
This required attribute specifies whether or not all of the messages
within an RM Sequence will be delivered by the RM Destination to the
Application Destination, and whether or not duplicate messages will be
delivered.
A value of 'AtMostOnce' means that messages received by the RM Destination
will be delivered to the Application Destination at most once, without
duplication. It is possible that some messages in a sequence may not be
delivered.
A value of 'AtLeastOnce' means that every message received by the RM
Destination will be delivered to the Application Destination. Some
messages may be delivered more than once.
A value of 'ExactlyOnce' means that every message received by the RM
Destination will be delivered to the Application Destination without
duplication.
/wsrm:DeliveryAssertion/@ordered
This attribute, of type xs:boolean, specifies whether, or not, the
destination endpoint ensures that the messages within an RM Sequence will
be delivered in order, by the RMD to the AD. Order is determined by the
value of the RM message number.
Ordered delivery would mean that the messages would be delivered in
ascending order of the message number value.
A value of 'true' indicates that messages will be delivered in order.
A value of 'false' makes no claims as to the order of delivery of the
messages within a RM Sequence.
If omitted, the default implied value is 'false'.
The proposal to resolve this ISSUE is presented in Three Steps.
Step 1) of Proposed Resoluton: Change the use of in line definitions in
the proposal for Issue 009 to references to the definitions in section
Resulting text for Proposal for Issue 009:
<wsrm:DeliveryAssertion mode="[AtLeastOnce|AtMostOnce|ExactlyOnce]"
ordered="[xs:boolean]"? ...="" >
/wsrm:DeliveryAssertion
A policy assertion that makes a claim as to the delivery assurance policy
observed by the destination endpoint.
/wsrm:DeliveryAssertion/@mode
This required attribute specifies which delivery assurance is asserted.
A value of 'AtMostOnce' means that the Delivery Assurance “at Most Once,
defined in section xxx, is asserted.
A value of 'AtLeastOnce' means that the Delivery Assurance “At Least Once”,
defined in section xxx, is asserted..
A value of 'ExactlyOnce' means that the Delivery Assurance “Exactly Once”,
defined in section xxx, is asserted.
/wsrm:DeliveryAssertion/@ordered
This attribute, of type xs:boolean, specifies whether, or not, the
“in order” reliability function defined in section xxx is asserted. .
A value of 'true' asserts that the “in order” reliability function is
required.
A value of 'false' asserts that the “in order” reliability function is
not required.
If omitted, the default implied value is 'false'.
Step 2) of Proposed Resolution: Clarify Definitions of Delivery
assurances, including the requirment for error indication.
We need to align the two definitions and put the resulting agreed text
in section 2:
- the definitions of AtLeastOnce and of ExactlyOnce from Issue 009 do
not mention the possibility
of an error (delivery failure) while they do in the current core spec
definition. Is that intentional, or a lapse?
It seems the the same reasons that may lead an RMD to drop received
messages under AtMostOnce,
may also apply under AtLeastOnce (e.g. some resource shortage).
The difference seems to be about proper error raising/notification when
a received message is not delivered..
- Similarly, AtMostOnce as defined in the resolution to issue 009
assumes that duplicates are never delivered -
that seems stronger than the original requirement in the core spec that
says
"... or else an error will be raised". These need to be aligned one way
or the other.
spec talks about delivery assurances but does not clearly relate them to the protocol
The WS-ReliableMessaging specification talks about delivery assurances but does not clearly relate them to the protocol.
core
design
Stefan Batres
Marc Goodner
This vague definition of the relationship between delivery assurances and the protocol has caused (extreme) confusion and does not clearly describe how the protocol is intended to be used.
One proposal that has been kicked around by the TC consists of:
a) Remove all references to delivery assurances from the WS-RM spec.
b) Describe, in detail, DA's in the policy spec (since we're adding an Assurances element to that document anyway).
c) Create a new deliverable for the TC; a profiles document. The profiles would describe how the protocol should be used to implement the various delivery assurances.
Other variants on this have been proposed as well. The point is to make it more obvious that DA's are a contract between RMS/RMD and apps whereas the protocol is about guaranteed transfer between RMS and RMD and enables the implementation of DA's between RMS/RMD and apps.
Presence of multiple <SequenceAcknowledgement> headers for same Sequence in the same message
Anish has a proposal[2]
for resolving i041[1].
I think that his proposed resolution clears up the
ambiguity of the co-occurance of a <Nack/> and an <AckRange> in the same <SeqAck>,
and that makes the prose consistent with the schema which uses an xs:choice.
However, reading the issue itself lead me to consider that the spec says nothing about the presence
of multiple <SeqAck> header blocks that might share the same <Identifier> in a given message.
core
editorial
Chris Ferris
Chris Ferris
I don't believe that it was never intended to permit multiple <SequenceAcknowledgement>
elements belonging to the same sequence in a given message.
Add the following language to the spec after line 340 (pdf wd 03)[3]:
A message MUST NOT contain multiple <SequenceAcknowledgement>
header blocks that share the same value for <Identifier>.
Accepted proposal 1 on Oct. 13 TC call
i041
Should DA be separate assertion or parameter
The resolution to issue i009, created an element for DeliveryAssurance: <wsrm:DeliveryAssertion mode="[AtLeastOnce|AtMostOnce|ExactlyOnce]" ordered="[xs:boolean]"? ...="" >
The question that was not resolved as part of that discussion is whether the element should be a
child of <wsrm:RMAssrtion> or whether it should be a separate assertion.
policy
design
Chris Ferris
Umit Yalcinalp
We need to make a decision
i009
Which occurances within the specs, if any, of the term "URI" need to be replaced with "IRI"?
In closing i038, we determined that it would be necessary to review each use of the term URI to
determine whether it needed to be replaced with "IRI" and thus require the addition of a reference
to RFC3987.
core
editorial
Chris Ferris
Umit Yalcinalp
Ensure correct use of the terminology within the spec wherever a URI could be an IRI.
Here are the references to URI that should and should not be updated to IRI... see message
After reviewing our previous proposal for i053 we have come to the conclusion that the only URI references that
need to be updated to IRI are those that are inherited from WS-Addressing. There are three of these changes from
URI to IRI are all around WS-A Action, two are in the same paragraph saying that unless there is a value (a IRI)
for Action derived from WS-A rules it is a value defined in WS-RM (a URI). The other is about using the default
value for Fault (a IRI) from WS-A in Action.
It is not necessary to change the sequence identifier to IRI as we previously proposed. Therefore we propose the
following changes to satisfy i053...
See message for line number details of changes
Proposal 2 accepted with amendment that line 321 be IRI so that WSA action is consistently IRI
on Nov 10 TC call
i038
Target of RM Assertion parameters are confusing with respect to how they are specified
and attached
Currently the WS-RM Policy Assertion
describes four distinctive parameters in Section 2.1: Base Retransmission Interval, Exponential Backoff, Inactivity Timeout and Acknowledgement Interval. Further, these parameters are scoped with respect to two distinct roles as summarized below:
RMS:
-- Base Retransmission Interval (BRI)
-- Exponential Backoff (EB)
-- Inactivity Timeout (IT)
RMD:
-- Inactivity Timeout (IT)
-- Acknowledgement Interval (AI)
Clearly there is a separation between which roles these assertions would apply in the
specification. However, the definition of the RM assertion includes ALL of the parameters
regardless of the role. This causes a problem in interpreting what is being intended in
Section 2.3 [1] which describes attachment of the policy.
From the perspective of WSDL, the service is always described from the perspective of the
provider and lists the requirements of the provider. Hence the WS-Policy attachment of
RM Assertion will appear to apply to RMD alone. If we were to take this assumption into
consideration, semantics of supplying all the 4 parameters in a RM Assertion is not
very clear.
There are two possible interpretations:
(1) Although, there are two separate roles of RMS and RMD, it is the RMD who owns the
WSDL and dictates all these parameters. This means the BRI, EB although are defined for RMS,
are not really defined by RMS. RMS in essence has no control over these parameters. Note
that this interpretation appears to contradict the Lines 112-113 and 117-119.
(2) All the parameters appearing in a WSDL for RMD are applicable for the RMD only.
However each parameter is scoped to request and/or response. For example, the BRI, EB and
IT will apply when the RMD acts in a sender role (for a response message), and only the
IT and AI apply in the RMD's receiver role (for a request message). RMS is free to use
its own parameters. Note that this interpretation appears to conflict with the example
provided in Section 2.3, lines 225-227 where RMS is mentioned, but it is not stated that
the RMD will be in the role of sender when these parameters apply.
It is not clear which of the above interpretations is correct. Further, different
sections of the specification are in conflict with each other regardless of the interpretation
assumed as illustrated above.
policy
design
Umit Yalcinalp
Umit Yalcinalp
It should be clear in the specification where the assertion parameters apply and how.
Currently, there are two distinct and possible interpretations leading to confusion. Further, not
making the clarification affects resolution of issues that pertain to attachment of policy in general since it is not obvious how the RM Assertion parameters apply with respect to the roles that are acknowledged in the specification.
Clarify and explicitly state in the specification that each role manages its own parameters.
Update the example to include in the WSDL only the parameters that are applicable to RMD: IT and AI. In addition, clarify whether the parameters that apply to RMS may be used within the content of RM Assertions and when.
See message
As indicated for the proposal for resolving i022 [1], we favor retaining InactivityTimeout and AcknowledgementInterval in the WS-RM Policy specification.
If we retain these two parameters, we think that the values that are specified in the policy document are applied to RMD only to resolve i054[2]. The attachment of values apply to the endpoint/binding hence they should pertain to RMD.
Note that we acknowledge that RMS may also have an InactivityTimeout which may be internal to the RMS, but it is not
specified in the policy document. As far as the Policy Attachment is concerned, we would like to see Inactivity Timeout
(as well as Acknowledgement Interval) to apply to RMD configuration. This is basically a variation of proposal 1 in
the original issue posting.
See message, line numbers refer to wsrmp-1.1-spec-cd-01.
Change lines 148-149 from:
"The assertion defines an inactivity timeout parameter that either the RM Source or RM
Destination MAY include."
To:
"The assertion defines an inactivity timeout parameter that the RM
Destination MAY include."
i021
i006
Whose Inactivity Timeout is it anyway?
Currently the WS-RM Policy Assertion describes four distinctive parameters in Section 2.1:
Base Retransmission Interval, Exponential Backoff, Inactivity Timeout and Acknowledgement Interval.
Further, these parameters are scoped with respect to two distinct roles as summarized below:
RMS:
-- Base Retransmission Interval (BRI)
-- Exponential Backoff (EB)
-- Inactivity Timeout (IT)
RMD:
-- Inactivity Timeout (IT)
-- Acknowledgement Interval (AI)
The current WS-RM Policy Specification allows the specification of the Inactivity Timeout,
however it is not clear who actually "owns" this value. Is it the RMS or the RMD that
specifies the value of the Inactivity Timeout?
Currently the specification indicates the following in Lines 108-111:
{The assertion defines an inactivity timeout parameter that either the RM Source or
RM Destination MAY include. If during this duration, an endpoint has received no application
or control messages, the endpoint MAY consider the RM Sequence to have been terminated due to
inactivity.} If either of the parties can include this value, which party does the
WS-RM Policy Attachment refer to? If it applies to, say RMD, shouldn't the RMS be able to
specify this in some fashion?
policy
design
Umit Yalcinalp
Marc Goodner
Simply, it is not clear from the specification which party it applies to. This must be clarified. Further, if either of the parties can include this value, it should be stated when RMS or RMD may specify this value.
See message for full description of proposal rationale
We propose to add the following two attributes to the definition of InactivityTimeout at Line 158 [4] and move the specified value as the content value of the element as follows:
Remove the lines 154-155 [4]
/wsrmp:RMAssertion/wsrm:InactivityTimeout/@Milliseconds
The inactivity timeout duration, specified in milliseconds.
Replace the lines 151-153 with
/wsrmp:RMAssertion/wsrm:InactivityTimeout
A parameter that specifies a period of inactivity for a Sequence. If omitted, there is no
implied value. The value of the element indicates the default inactivity timeout duration in milliseconds.
Add the lines:
/wsrmp:RMAssertion/wsrm:InactivityTimeout/@minValue
A parameter that specifies a minimum value of inactivity for a Sequence. If omitted, there is no
implied value. This attribute is only present when the @maxValue is present.
/wsrmp:RMAssertion/wsrm:InactivityTimeout/@maxValue
A parameter that specifies a maximum value of inactivity for a Sequence. If omitted, there is no
implied value.
Close with no action (based on proposal 3 for i054)
i054
How can RMS communicate the Base Retransmission Interval, Exponential Backoff and
Inactivity Timeout values?
Currently the WS-RM Policy Assertion
specification describes four distinctive assertion parameters in Section 2.1:
Base Retransmission Interval, Exponential Backoff, Inactivity Timeout and Acknowledgement Interval.
Further, these parameters are scoped with respect to two distinct roles as summarized below:
RMS:
-- Base Retransmission Interval (BRI)
-- Exponential Backoff (EB)
-- Inactivity Timeout (IT)
RMD:
-- Inactivity Timeout (IT)
-- Acknowledgement Interval (AI)
The specification makes the above distinction and allows both the RMS and the RMD to
include their respective parameters. However, it is not clear "where" these parameters
would be included and "how" they would be communicated between the RMS and RMD.
Specifically, the current RM Assertion element appears to apply only to a WSDL which enables
the RMD to communicate it assertions. However, it is not clear how the RMS can express and
communicate its RM Assertion parameters.
policy
design
Umit Yalcinalp
Chris Feris
Although the specification defines certain parameters with respect to a role, namely the RMS,
it is not clear how they would be expressed and communicated. This makes the
specification incomplete and unusable from the perspective of RMS. For example, it is
impossible for an RMS to configure its system once with parameters that suits its own
needs and allow these parameters to be negotiated with the RMD.
Scope the RM Assertion parameters on a per Sequence basis and utilize the CreateSequence message exchange for communicating RM Assertion parameters between the RMS and the RMD.
See message for complete proposal rationale
Add the following section to the wsrmp specification (which may be subject to further editorial modification)
Section XX: Optimization for specifying parameters within WS-RM Protocol
When RMS needs to specify the InactivityTimeout value for a sequence, the selection of the inactivity timeout may be part of the create sequence protocol as specified in Section 3.4 of [WS-RM]. RMS MAY include the wsrmp:InactivityTimeout element as a child of wsrm:CreateSequence element to designate the Inactivity Timeout value. When specified as such, the maxValue and minValue attributes MUST not be present.
<wsrm:CreateSequence ...="">
<wsrm:AcksTo ...=""> wsa:EndpointReferenceType </wsrm:AcksTo>
<wsrm:Expires ...=""> xs:duration </wsrm:Expires> ?
…
<wsrmp:InactivityTimeout>600000</wsrmp:InactivityTimeout>
</wsrm:CreateSequence>
This specific optimization may be rejected by the RMD and the RMD MUST use the CreateSequenceResponse Fault as the response to the Create Sequence request. In this case, the RMD MAY include the specified InactivityTimeout element as part of the [Detail] to indicate that the inactivity timeout value specified by RMS is not valid.
Close with no action
Classification of References (normative vs. non-normative) is needed
Currently our working draft references are all over the map.
--
WS-RM
: Lists most references as Normative, except those that are related to WS-Policy.
--
WS-RM Policy Assertion
: All references are non-normative. As one of the editors of this spec, to put all references as non-normative was deliberate on my part. IMO, the tc should make the decision about the references and which bucket they belong to. This is not an editorial decision and other TCs, such as WS-RF, went through each reference and determined where they belong to.
core
design
Umit Yalcinalp
Obvious :-). We need normative and non-normative references clearly delineated.
Review each reference by the tc and determine whether the reference is normative. This must be done before we go to public draft (PD).
I think we can live with this issue right now and should not affect our first CD. For the first CD, I propose we leave everything as is and put a note stating that the decision on classifying references is pending.
State Transition Table
The current specification has an example of message exchange between two ends.
The example represents a subset of possible states that the protocol can transition to.
It is left to the reader/implementor to verify all the possible states of the protocol.
core
editorial
Abbie Barbir
Tom Rutt
A full state transition table is needed in order to ensure proper design of the reliable protocol.
Retransmission behavior
The Core specification depends on message retransmission by the RMS of unacknowledged messages in order
for a reliable exchange to be accomplished, yet does not describe this behavior in any way. Discuss
and conclude the manner and the location for such an exposition in the core specification.
core
design
Bob Freund
Bob Freund
See description.
See mail, this
proposal is relative to Web Services Reliable Messaging Committee Draft 01
Insert after line 265:
The RM Source will expect to receive acknowledgements from the RM Destination during the
course of a message exchange at occasions described in Section 3 below. Should the
acknowledgement not be received timely, the RM Source MUST re-transmit the request
since either the request or the associated acknowledgement may have been lost.
Since the nature and dynamic characteristics of the underlying transport and potential
intermediaries are unknown in the general case, the timing of re-transmissions cannot be
specified. Additionally, over-aggressive re-transmissions have been demonstrated to cause
transport or intermediary flooding which are counterproductive to the intention of providing
a reliable message exchange. Consequently, implementers are encouraged to utilize adaptive
mechanisms that dynamically adjust re-transmission time and the back-off intervals that are
appropriate to the nature of the transports and intermediaries envisioned. For the case of
TCP/IP transports, a mechanism similar to that described as RTTM in RFC 1323 [RTTM] should
be considered.
Delete lines 951-952 reason: reference is not used; besides it is a book that may not remain in print
Insert before line 953:
[RTTM]
V Jacobson et alia, “RFC 1323 TCP/IP High Performance Extensions” 1992
Proposal 1 acepted on Nov 10 TC call
Definition for "Reliable Message"
There are several references to "reliable message" (section 1, 2 intro, 2.1, 2.3) that are not backed
by a clear definition.
core
editorial
Jacques Durand
Jacques Durand
A full state transition table is needed in order to ensure proper design of the reliable protocol.
1- Add a terminology entry. It could be:
Reliable message: a message submitted by the Application Source to an RM Source via the "Send" operation,
for transmission over the protocol defined in this specification.
2- In 3.1: associate the main protocol requirement (Sequence element) with the definition of
"reliable message" instead of with a vague requirement of being subject to some DA:
Replace:
"Messages for which the delivery assurance applies MUST contain a <wsrm:Sequence> header block."
With:
"Reliable Messages MUST contain a <wsrm:Sequence> header block."
(DA and protocol being in fact separately defined, DA should now more abstractly mandate the use of
"reliable messages" if we still want to pre-req one to the other.)
Anonymous AcksTo
Add text, similar to above, to the spec. It should be placed in the Sequence Ack section.
core
design
Doug Davis
Doug Davis
See description.
After the first paragraph in the SeqAck section (currently section 3.2) add something like:
Sending Sequence Acknowledgement Header blocks back to the AcksTo EPR could have an impact on current
SOAP implementations. While this specification discusses the ability to add, or piggy-back, a Sequence
Acknowledgement Header block to a message that is targetted to the AcksTo EPR, the precise mechanism
for determining when any particular message is targetted, or not, to the AcksTo EPR is out of scope
for this specification. However, WS-Addressing does give some guidance on EPR comparision.
Using the WS-Addressing's anonymous IRI in the AcksTo EPR may further impact implementations. When
the AcksTo EPR uses the anonymous IRI, Sequence Acknowledgements MUST be sent on the appropriate
protocol binding-specific channel. For example, in the HTTP case, Sequence Acknowledgements would
be expected to flow on the HTTP response flow. It is worth noting that this may result in new SOAP
messages being generated and sent in certain situations. For example, if on an HTTP request flow
the SOAP message contained a wsa:ReplyTo that didn't use the anonymous IRI, then it is possible to a
new SOAP message may need to flow back on the HTTP response flow for the sole purpose of carrying a
Sequence Acknowledgement. Because the anonymous IRI is a general purpose IRI that can be used by
many concurrent RM Sequences, Sequence Acknowledgements that are sent to the AcksTo EPR using these
protocol binding-specific channels SHOULD only be sent when it can be determined that the channel is
related to the RM Sequence. For example, Sequence Acknowledgements should only be piggy-backed on
HTTP response flows where the message that was sent on the HTTP request flow referenced the Sequence
in question through the use of a Sequence or AckRequested Header block.
Maybe we should say that they should compare EPRs per WSA's rules? thoughts?
Another option for the anon AcksTo is to encourage people to use ref-p's to disamiguate anonymous
EPRs - but I still like the idea of restricting back-channel flows.
None AcksTo
Disallow the use of the 'none' IRI
core
design
Doug Davis
Doug Davis
W/o disallowing it Acks can not be sent back to the RM Source
After the first paragraph in the SeqAck section (currently section 3.2) add something like:
Implementations MUST NOT use an IRI in the AcksTo EPR that would prevent the sending of Sequence Acknowledgements back to the RM Source. For example, using the WS-Addressing "none" IRI would make it impossible for the RM Destination to ever send Sequence Acknowledgements.
Proposal 1 accepted on Nov 10 TC call
SeqAck - None and Final
In [1]
current schema and pseudo schema doesn't allow None and Final on the same SeqAck - and they should be.
schema
editorial
Doug Davis
Doug Davis
Its possible that a sequence could be closed w/o any Acks.
Make schema and pseudo schema support None and Final - like this:
<wsrm:SequenceAcknowledgement ...="">
<wsrm:Identifier ...=""> xs:anyURI </wsrm:Identifier>
[ [ <wsrm:AcknowledgementRange ...=""
Upper="xs:unsignedLong"
Lower="xs:unsignedLong"/> *
| <wsrm:None/> ]
<wsrm:Final/> ?
| <wsrm:Nack> xs:unsignedLong </wsrm:Nack> + ]
...
</wsrm:SequenceAcknowledgement>
Note: changed the + to a * on the AckRange element. since Final can appear w/o any AckRanges.
See message for complete details
2. disallow Final without either None or an AcknowledgementRange
sequence; I do not know what Final alone means, could you point me
to the defining text in the specification:
<wsrm:SequenceAcknowledgement ...="">
<wsrm:Identifier ...=""> xs:anyURI </wsrm:Identifier>
[ [ <wsrm:AcknowledgementRange ...=""
Upper="xs:unsignedLong"
Lower="xs:unsignedLong"/> +
| <wsrm:None/> ]
<wsrm:Final/> ?
| <wsrm:Nack> xs:unsignedLong </wsrm:Nack> + ]
...
</wsrm:SequenceAcknowledgement>
In either case, line 385[1]
must change from "when sending AcknowledgementRanges" to "when sending AcknowledgementRange sequences or None".
Proposal 1 amended with point 2 from Proposal 2 on
Nov 10 TC call
Create Sequence Refused Fault is too restrictive
In WS-RM specification
, the Create Sequence Refused fault requires [Detail] to be empty (lines 836-842) as follows:
4.7 Create Sequence Refused
This fault is sent in response to a create sequence request that cannot be satisfied.
Properties:
[Code] Sender
[Subcode] wsrm:CreateSequenceRefused
[Reason] The create sequence request has been refused by the RM Destination.
[Detail] empty
We think that this is too restrictive and should allow any content to be part of [Detail]. The specification should
not dictate interpretation of content of the [Detail], but should not restrict its contents.
core
design
Umit Yalcinalp
Umit Yalcinalp
There may be many reasons to indicate why Create Sequence may be refused by RMD. Further, sequence creation may be
composed by security or other extensibility as CreateSequence element allows today. Disallowing [Detail] to contain any
element, we are restricting extensibility and ways for tools to interpret the reasons for create sequence to fail. We
think that the [Detail] element content may be used for including additional information which may be specific to a
platform, composition or extension.
Allow [Detail] to contain any content, instead of requiring it to be empty.
Reword "Closing a Sequence" section
Section 3.6 "Closing a Sequence" contains in introduction to the close operation, and its justification. I think that the
current text would benefit from a rework. Lines 625 - 648 of working draft 05 say:
There may be times during the use of an RM Sequence that the RM Source or RM Destination will wish to discontinue using a
Sequence even if some of the messages have not been successfully delivered to the RM Destination.
In the case where the RM Source wishes to discontinue use of a sequence, while it can send a TerminateSequence to the RM
Destination, since this is a one-way message and due to the possibility of late arriving (or lost) messages and A
cknowledgements, this would leave the RM Source unsure of the final ranges of messages that were successfully delivered
to the RM Destination.
To alleviate this, the RM Source can send a <wsrm:CloseSequence>
element, in the body of a message, to the RM Destination to indicate that RM Destination MUST NOT receive any new messages
for the specified sequence, other than those already received at the time the <wsrm:CloseSequence>
element is interpreted by the RMD.
Upon receipt of this message the RM Destination MUST send aSequenceAcknowledgement to the RM Source. Note, this
SequenceAcknowledgement MUST include the <wsrm:Final>
element.
While the RM Destination MUST NOT receive any new messages for the specified sequence it MUST still process RM protocol
messages. For example, it MUST respond to AckRequested, TerminateSequence as well as CloseSequence messages. Note,
subsequent CloseSequence messages have no effect on the state of the sequence.
In the case where the RM Destination wishes to discontinue use of a sequence it may 'close' the sequence itself. Please
see wsrm:Final above and the SequenceClosed fault below. Note, the SequenceClosed Fault SHOULD be used in place of the
SequenceTerminated Fault, whenever possible, to allow the RM Source to still receive Acknowledgements
core
editorial
Matthew Lovett
Matthew Lovett
The above text could be clearer.
Replace the above text (lines 625 - 648) with the following:
There may be times during the use of an RM Sequence that the RM Source or RM Destination will wish to discontinue
using a Sequence. Simply terminating the Sequence discards the state managed by the RM Destination, leaving the RM
Source unaware of the final ranges of messages that were successfully delivered to the RM Destination. To ensure that
the Sequence ends with a known final state both the RM Source and RM Destination may choose to 'close' the Sequence
before terminating it.
If the RM Source wishes to close the Sequence then it sends a <wsrm:CloseSequence>
element, in the body of a message, to the RM Destination. This message indicates that the RM Destination MUST NOT
receive any new messages for the specified sequence, other than those already received at the time the <wsrm:CloseSequence>
element is interpreted by the RMD. Upon receipt of this message the RM Destination MUST send a SequenceAcknowledgement
to the RM Source. Note, this SequenceAcknowledgement MUST include the <wsrm:Final> element.
While the RM Destination MUST NOT receive any new messages for the specified sequence it MUST still process RM
protocol messages. For example, it MUST respond to AckRequested, TerminateSequence as well as CloseSequence messages.
Note, subsequent CloseSequence messages have no effect on the state of the sequence.
In the case where the RM Destination wishes to discontinue use of a sequence it may close the sequence itself.
Please see wsrm:Final above and the SequenceClosed fault below. Note, the SequenceClosed Fault SHOULD be used in
place of the SequenceTerminated Fault, whenever possible, to allow the RM Source to still receive Acknowledgements.
Remove LastMessage
The LastMessage element, as part of a Sequence header element, appears superfluous. It seems to serve 2 purposes:
1 - force a SeqAck to be sent back from the RMD
2 - force the RMD to reject any messages with a higher message #
#1 can be done with an AckReq header. We should avoid having multiple ways to do the same thing.
#2 is really only an issue if someone tries to hijack the sequence - and to protect against that we should be using a
real security mechanism like WS-SC/Trust, not the LastMessage element.
When an RMS is done with a sequence it is free to simply Close or Terminate it (whether or not it has all of the Acks
it wants - but normally it will wait) - having an additional message exchange to send a LastMessage is unnecessary.
core
design
Doug Davis
Doug Davis
See above
Remove all references to LastMessage (and related Fault) from the spec. See attached diff/pdf file for the
specific changes.
Replace 'response'
under figure 2, for step 7 replace:
7.The RM Destination acknowledges receipt of message numbers 1 and 3 in response to the RM Source's <wsrm:LastMessage>
token.
with
7.The RM Destination acknowledges receipt of message numbers 1 and 3 as a result of receiving the RM Source's <wsrm:LastMessage>
token.
core
editorial
Doug Davis
Doug Davis
"response" could be misleading since some may think of it as a request/response thing.
Basically just a minor editoral change. We need easy ones for our conf calls :-)
see above
Proposal 1 accepted on Nov 10 TC call
Remove 'correlation' text
In section 2.2 the spec says:
The RM Source MUST have an endpoint reference that uniquely identifies the RM Destination endpoint; correlations across messages addressed to the unique endpoint MUST be meaningful.
Does anyone know what correlations its talking about? If not this text seems pretty useless and should be moved as it could be misleading for some people to think we're talking about WS-Addressing correlation or something.
core
editorial
Doug Davis
Doug Davis
Leads to confusion
Remove the text after the semi-colon
Proposal 1 accepted on Nov 10 TC call
MessageNumber on AckReq
The spec says:
This OPTIONAL element, if present, MUST contain an xs:unsignedLong representing the highest
<wsrm:MessageNumber> sent by the RM Source within the Sequence. If present, it MAY be
treated as a hint to the RM Destination as an optimization to the process of preparing to
transmit a <wsrm:SequenceAcknowledgement>.
This additional element seems to provide no real value. I'd like to understand the
motivation behind it. What kind of optimizations are we talking about? If the optimization
is related to "when" to send back the Ack then we have a problem since the spec says that the
RMD MUST respond with a SeqAck - and while not explicitly stated I think its implied that it
should return it as soon as possible. So, what additional value is this providing? I fear
that, like LastMessage, people may read more into this than intended and make assumption
about its purpose that are not true. If it provides no additional value, that we can
specify in the spec, we should remove it.
core
design
Doug Davis
Doug Davis
See description
Remove MessageNumber from AckRequested element
Proposal 1 accepted on Nov 10 TC call
Receive is defined twice in wsrm-1.1-spec-cd-01
Receive is defined twice and differently each time on lines 206-207 and 215.
Line 215 is from the original spec. Lines 206 and 207 are new. I can not find the
issue/resolution that resulted in this new text.
core
editorial
Marc Goodner
Marc Goodner
It's wrong to define the same term twice, especially differently each time.
Editorial nits for wsrm-1.1-spec-cd-01
There are a number of editorial issues with the CD document wsrm-1.1-spec-cd-01. These are described fully in the proposal below.
core
editorial
Marc Goodner
Marc Goodner
Self evident
Please see original message for complete list of nits.
Proposal 1 accepted on Nov 10 TC call
Editorial nits for wsrmp-1.1-spec-cd-01
There are a number of editorial issues with the CD document wsrmp-1.1-spec-cd-01. These are described fully in the proposal below.
policy
editorial
Marc Goodner
Marc Goodner
Self evident
Please see original message for complete list of nits.
Proposal 1 accepted on Nov 10 TC call
Descriptive text of removed parameters also needs to be removed
In the resolution to i022 the line numbers specified neglected to include the descriptive text on the parameters (BaseRetransmission and ExponentialBackoff) that were removed.
policy
editorial
Marc Goodner
Marc Goodner
No need to describe things that aren’t there.
Delete the descriptive text on BaseRetransmission and ExponentialBackoff, lines 112 -119 of wsrmp-1.1-spec-wd-01
Proposal 1 accepted on Nov 10 TC call
i022
Use of [tcShortName] in artifact locations namespaces, etc
The TC Administrator advised the TC to ensure use of
[tcShortName] as the first token after domain name as part of the
various artifact location, namespace, etc, strings pertaining to this
TC.
all
editorial
Sanjay Patil
Sanjay Patil
Use of [tcShortName] as the first token after domain name
allows each TC to create their own artifact locations, namespaces, etc,
that would not collide with similar strings owned by other TCs.
See attachment
Proposal 1 accepted on Nov 10 TC call
i015
i016
i017