Feeds

Programming constructs in BPEL

Part 3: BPELJ and Compensation

SANS - Survey on application security programs

Compensation - what does it really mean?

So, where does this leave us with Compensation - it is not exception handling and it is not fault handling. However, it is closely related to both concepts, as the above example illustrates. It is an explicit way of representing how we recover from a problem or failure situation; but it is not automated state rollback; nor is it error recovery.

It should also be noted that compensation is not ACID compliant. ACID (or Atomicity, Consistency, Isolation, Durability) is a set of properties that guarantee that a single logical operation is processed reliably to completion or not at all. The term itself is most often used in the contact of database systems. So what do I mean when I say Compensation is not ACID compliant? Well, I mean that compensation does not guarantee any of the core concepts of ACID. Indeed, you can do anything you want within a compensation handler and that "anything" might intentionally not undo the effect of running the associated service.

As an example, consider how you might compensate in a business process for an activity that cannot be easily undone. For example, in a telecommunications environment part of the business process might have been to send an engineer out to install some new hardware. Undoing this may not be cost effective or indeed useful. Thus, the newly installed device may be left where it is.

As another example, if a payment has been made to a third party as part of the business process, you cannot just undo that payment - rather some alternative course of action may be required, such as requesting a credit note or a refund etc.

Of course, compensation was never intended to be based around ACID concepts - as that is not what compensation is about - however, it means that compensation could be very dangerous from a software engineering point of view. Remember, compensation itself does not guarantee anything about the state of the system before or after the compensation activities have executed, it does not guarantee consistency of the resulting data etc.

As an example of the complexities facing a developer working with compensation, consider the how difficult it to test all possible failure modes and paths through the compensation handlers in a large complex system, in order to ensure the resulting overall system state is coherent? I suspect this could be a very difficult task. Taking this further, how difficult is it to actually implement the compensation correctly in the first place? The above example made it look conveniently simple, but in reality it could be much more complex.

My biggest worry is that compensation may provide a nice warm feeling to system designers: that they can use compensation to solve all their problems. Then, not enough thought might go into the actual compensation process, the testing of these processes and their interactions.

Summary

In this final column on BPEL, we've looked at two of the more controversial (in my opinion) areas of BPEL and attempted to consider what they can do and why they may or may not be the right answer to the problem they are trying to address. How they develop in future version of BPEL will, I think, reflect the industry's experience with using them. Currently, both compensation and BPELJ have ardent supporters and vociferous detractors – personally, I'm sceptical of both. ®

Online References

BPELJ White Paper: ftp://www6.software.ibm.com/software/developer/library/ws-bpelj.pdf.

IBM BPELJ: BPEL for Java technology: http://www.ibm.com/developerworks/library/specification/ws-bpelj/.

BEA BPEL and BPELJ Page: http://oreilly-test.bea.com/webservices/bpel/.

3 Big data security analytics techniques

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.