Delivering Promises for Web Service Applications

SchoolofITTechnicalReportDELIVERINGPROMISESFORWEBSERVICESAPPLICATIONSTECHNICALREPORT605JULIANJANGCSIROICTCENTREALANFEKETE,PAULGREENFIELDSCHOOLOFIT,THEUNIVERSITYOFSYDNEYDECEMBER,2006DeliveringPromisesforWebServicesApplicationsJulianJangCSIROICTCentrePOBox76EppingNSW1710Australia+61293724658julian.jang@csiro.auAlanFeketeSchoolofInformationTechnologiesUniversityofSydneyNSW2006Australia+61293514287fekete@it.usyd.edu.auPaulGreenfieldSchoolofInformationTechnologiesUniversityofSydneyNSW2006Australia+61295604952p.greenfield@computer.orgABSTRACTOneofthemanyproblemsfacingthedesignerofcomplexmulti-participantWebservices-basedapplicationsisdealingwiththeconsequencesofthelackofsuitableisolationmechanisms.Thisdeficiencymeansthatconcurrentapplicationscaninterferewitheachother,resultinginraceconditionsandlostupdates.Thispaperbrieflydiscussesaproposedsolutiontothisproblembasedon‘promises’andshowthatthispromisesmodelcanbeimplementedinpractice.Wediscusssomeoftheimplementationissuesthatneedtoberesolvedinpromise-basedsystemsanddiscusshowwebuiltaproof-of-conceptprototypeofaPromiseManagerthatsupportedpromise-basedisolationwithoutrequiringchangestoexistingapplicationsandresources.1.INTRODUCTIONTheWebservicesmodelhasdeveloperscreatingbusinessapplicationsbyputtingtogetherautonomousandopaquebuildingblockscalledservices.Theseservicesinteractwitheachotherbyexchangingrequestandresponsemessages.Theseinteractionscanextendoveraconsiderableperiodoftime,especiallywhentheseapplicationsareimplementinglong-runningbusinessprocesses.Amajordifficultyfacedbythedesignersofsuchapplicationsismaintainingtheintegrityofthedistributedinformationthatmakesupthestateofthesystem.Thetraditionalmechanismusedtoensureconsistencyandintegrityinintra-enterpriseapplicationsisdistributedACIDtransactions.Thismechanismisfoundedonassumptionsoftimelinessandtrust,andsoisnotsuitableforensuringtheintegrityoflong-runningbusinessprocessescomposedfromautonomous,semi-trustingservices.Astraditionaldistributedtransactionscannotbeused,applicationdesignersneedtofindotherwaystodealwiththeproblemscausedbythelackofisolationbetweenconcurrentbusinessprocesses,suchasraceconditionsandlostupdates.Inthispaper,wediscusstheWebengineeringsupportneededforonerecentlyproposedapproach,called‘Promises’[8]thatletsapplicationdesignersavoidtheproblemscausedbyisolationfailures.The“Promises”conceptisconcernedwiththoseserviceswherethesuccessorfailureofanexportedoperationisdependentontheinternalstateofthatservice.Forexample,inahotelbookingservice,theoutcomeofarequesttobookagivenroomonaparticulardatedependsontheavailabilityoftheroom,andthisavailabilityinformationisrepresentedbystateheldwithinthehotelbookingservice.Suchaservicewilltypicallyalsoprovidequeryoperationswhichprovidetheclientwithinformationaboutspecifiedaspectsoftheinternalstateoftheservice.Forexample,ourhotelbookingservicemightsupportaCheckAvailabilityoperationthatwillsaywhetheragivenroomisavailableonaspecifieddate.However,withoutadditionalsupport,aclientC1cannotassumethatapositiveresultfromCheckAvailabilitymeansthatafollowingBookRoomrequestwillalwayssucceed.SomeotherclientcouldhavebookedtheroomafterC1wastoldthattheroomwasavailableandbeforethearrivalofC1’srequesttobookit.ThistypeofisolationfailurecannothappenintraditionaltransactionaldatabaseapplicationsbecauseC1canrunboththequeryandbookingoperationswithinasingletransaction.ThelocksobtainedontheroomrecordduringthequeryoperationensurethatC1hassolerightstoupdatetheavailabilityofthisroom,andtheserightswillpersistuntilC1endsthetransaction.Theproblemwiththissolutionisthatitisbasedonlocks,andlocksareonlyfeasiblewhenitcanbeguaranteedthatclientswillalwaysreleasethemfairlyquickly;andthisisnotaguaranteethatcanbegivenwithuntrustedclientsandlong-runningbusinessprocesses.Thetraditionalbusinessworldhaslongknownaboutandusedapproachesthatcanpreventsuchisolationproblems,withouttheriskstoautonomyandavailabilitythatwouldcomefromusingtraditionalACIDtransactions.Evencommonbusinessprocesses,suchasquotationsandreservations,canbeseenassolutionstoisolationproblems.Theseprocessesaresometimesimplementedusingtechniques,suchas‘softlocks’,whichuseshortdurationsystem-enforcedtransactionlockstoobtainlongerbutfixeddurationapplication-enforcedallocationmarkersoveraspecificresource.Thesetechniquescanpreventotherclientsallocatinganalready-committedresource,but,unlikeastandardlock,resourceallocationscanbeobservedandhavealimitedduration.Severalresearchershaverecentlyputforwardabstractionsthatgeneralisethesetechniques,allowingtheconstructionofservice-basedsystemsinwhichaclientcanensurethataresourceremainsavailableafteravailabilityhasbeenchecked,withoutthedisadvantagesthatcomefromtheuseoflocks.IntheGridComputingcommunity,‘Options’havebeenproposed[5].IntheWebservicesspace,‘Promises’allowaservertoofferassurancestoaclientabouttheavailabilityofresourcesandtheserver’sabilitytosatisfyarbitrarypredicates[8].Sofar,however,theseproposalsareconceptual;wearenotawareofanypublicationthatshowshowtoengineeraservicetosupporttheseabstractions.Themainco