To:
"Hollenbeck, Scott" <shollenbeck@verisign.com>
CC:
"'Thomas Corte'" <Thomas.Corte@knipp.de>, Sheer El-Showk <sheer@saraf.com>, ietf-provreg@cafax.se
From:
Klaus Malorny <Klaus.Malorny@knipp.de>
Date:
Tue, 18 Sep 2001 15:31:17 +0200
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: interpretation of 'EPP idempotency'
"Hollenbeck, Scott" wrote:
>
> No, this can't happen. Every contact object has an associated identifier
> (see the <contact:id> element described in sections 3.1.2 and 3.2.1 of
> contact-02) that MUST be unique. In the scenario you described, the first
> command will succeed. The repeat will fail.
>
> <Scott/>
Hi Scott,
your solution surely works, but, from a design perspective, this is IMHO a bad
solution. Each request has to take care for itself not to violate the
idempotency constraint. E.g. the contact create command e.g. requires to
specify a <contact:id> to solve the idempotency problem, but the renew command
requires something quite different, namely the current expiration date, which
does not make any sense for the semantics of the command itself. There is no
uniform handling in the protocol. There is no chance to write software that
deals with a communication interruption without knowing in detail what a
specific request does and what the possible answers of the server are. This is
just a pain. There is no way to ask the server "did you perform the command I
sent to you?". Even if the replay of a command does not change the state of
the server, the client will get different answers. And these answers are
indistinguishable. What does a "domain exists" message really mean to the
client? The client cannot determine whether the domain was created by himself
or by another instance running in parallel that accidentically wants to create
the very same domain? How should the client determine whether to create a
mirror object in the own database? The only solution would be that the client
issues a inquire command and compares the data returned with the own data,
e.g. compare all the contacts and hosts. Even in this case it is not
guaranteed that the client's database becomes corrupted.
Instead of building upon idempotency constraints which affect the design of
each command, it would be better to have a separate layer that deals with
problems that appear in a client-server architecture. The way we do it in the
CORE SRS Protocol is one solution, it is quite simple and it works.
Klaus Malorny
___________________________________________________________________________
| |
| knipp | Knipp Medien und Kommunikation GmbH
------- Technologiepark
Martin-Schmeisser-Weg 9
Dipl. Inf. Klaus Malorny 44227 Dortmund
Klaus.Malorny@knipp.de Tel. +49 231 9703 0