Conversation Specification:
A New Approach to Design and
Specification of E-Service Composition
T. Bultan
X. Fu
R. Hull
J. Su
University of California at Santa Barbara
Bell Labs, Lucent Technologies
The E-Services Paradigm
E-services : network-resident software services
accessible via standardized protocols
 In e-commerce, telecom, science
 Possibility of automatic discovery, composition, invocation,
monitoring
Primary roots :
 Process description formalisms, including automata and
workflow
 Data management (including models, transforms,
mediation, transactions)
 Distributed computing middleware
May 24, 2003
WWW 2003
2
E-Services Composition
Web  very flexible forms of distributed computing
(SOAP, WSDL)
Composition: distributed, flexible, and complex
More flexible, less structured than CORBA
Data management plays a large role
Increased structure helps understanding
fundamental issues
“Glue” languages: WSFL, XLANG, BPEL4WS, BPML
“Behavioral” signatures: automata-based, WSCL, “session
types”
Formalisms to describe e-services: DAML-S pre- and postconditions
May 24, 2003
WWW 2003
3
Fundamental Issues in Composition
How to build composite e-services from atomic ones?
 Various standards proposed; different disciplines addressed
 Most pursue a procedural approach
 Approaches to “synthesize” (automatic composition)
e-compositions from desired global properties
How to analyze composite e-services?
 “Correctness”, behaviors, composable? compatibility?
 Tools for analysis of compositions
Formal foundations not yet clear
May 24, 2003
WWW 2003
4
Summary of Contributions
 Propose a model of global behaviors for composite e-services
 E-service interactions via messaging (e.g. in the spirit of
JMS, BizTalk): asynchronous + FIFO queue
 Use formal language techniques
 Technical results concerning Mealy machines as participating
e-services:
1.Global behaviors are not always regular languages
2.The “prepone” and “join” closure of every regular language
= global behavior of some composite e-service
3.The converse of 2. is not true
 Implications to composition design:
Top-down is better than bottom-up
Bounded queues vs unbounded
May 24, 2003
WWW 2003
5
Outline
A Model for E-services & Compositions
Conversations
Mealy Peers/Implementations
Conversation Specifications (Top-Down)
Related work
Conclusions
May 24, 2003
WWW 2003
6
E-Composition Schema
An E-C schema is a triple (M, P, C )
Specifies the infrastructure of composition
 M : finite set of
message classes
authorize
ok
store
bank
 P : finite set of peers
(e-services)
 C : finite set of peer
to peer channels
warehouse1
warehouse2
“conservative” “aggressive”
May 24, 2003
WWW 2003
7
Composition Infrastructure
Possible models:
 Peer-to-peer (distributed control)
 Hub-and-spoke (centralized
authorizecontrol)
May 24, 2003
o
k
r
r1
ware- b1
house1
p1
warehouse1 w2
p
s
mediator
b
o1
b
b2
p2
payment2
1
a
bill2
w1
order1
s
receipt
store
Our technical
results dooknot rely onbank
special roles
bank
store
of peers (in the spirit
k’ of P2P)a’
m
wareo2
house2
warew1 house2
b
r2
WWW 2003
w2
8
Communication Channels
Channels are assumed to be reliable
Asynchronous, for example, the following channel:
store
order1
o1
warehouse1
send Order1
…
Queues are FIFO, unbounded length
send Order1
Can simulate synchronous
receive Receipt1
and also bounded queues
…
May 24, 2003
WWW 2003
9
Messages
Messages are classified into classes
Each class is associated with one channel
store
order1
warehouse1
Each message class may have additional attributes
which can carry the contents of messages
 For this paper, analysis involves no contents
 Results immediately apply to “finite domain” contents
May 24, 2003
WWW 2003
10
Peers (E-services)
In the most general case, a peer can be a Turing
machine
 Impossible to analyze
Do until halt
Essence of BPEL4WS,
BPML, etc. standards:
nondeterministic choice:
read an input;
input
to other
messages
Infinite state system
and
send
an thus
outputdifficult
to some to analyze
e-services
other peer;
Our approach:
halt;
end choice
 Finite control + (finite
number of) message classes
 Finite control + data structures
(+ finite domain contents)
 Open to extend to allow data structures (not in this paper)
message log
local store
May 24, 2003
WWW 2003
11
Outline
A Model for E-services & Compositions
Conversations
Mealy Peers/Implementations
Conversation Specifications (Top-Down)
Related work
Conclusions
May 24, 2003
WWW 2003
12
Global Behaviors of Composition
Center around composition (collaboration)
 Rather than individual E-services
 “Behavioral type” checking: composability is an important
issue
Our focus:
Is the specification of a composite E-service “correct”?
 How, when, and what do peers communicate?
 Correctness: properties of communication during possible
executions
Ignore port-level details
May 24, 2003
WWW 2003
13
Conversations
Watcher: “records” the messages (classes) as they
are sent
payment2
1
warehouse1
bank
bill2
order1
receipt
store
authorize
ok
Watcher
a k o1 o2 b1 p1 r1 r2 b2 p2
warehouse2
A conversation is a sequence of messages the
watcher sees in a successful run (or session)
E-composition (ec) language: the set of all possible
conversations
May 24, 2003
WWW 2003
14
Outline
A Model for E-services & Compositions
Conversations
Mealy Peers/Implementations
Conversation Specifications (Top-Down)
Related work
Conclusions
May 24, 2003
WWW 2003
15
Peers Revisited
input
messages
Do until halt
nondeterministic choice:
read an input;
send an output to some
other peer;
halt;
end choice
to other
e-services
message log
Again, ports and storages arelocal
ignored
store
Internal logic of peers : finite state control
May 24, 2003
WWW 2003
16
Mealy Peers
Mealy machines: Finite state machines with input
(incoming messages) & output (outgoing messages)
?o2
!r2
!b2
!b2
!r2
?p2
?p2
!r2
null
warehouse2
May 24, 2003
WWW 2003
17
Executing a Mealy Composition
?o2
!a
k
…
!o2
…
?a
!b2
!k
!r2
o2
?p2
?p2
!r2
a
…
null
…
store
!b2
?o1
?k
!o1
!r2
w1
warehouse2
bank
Execution halts if
 All mealy peers are in final states
 All queues are empty
May 24, 2003
WWW 2003
18
Outline
A Model for E-services & Compositions
Conversations
Mealy Peers/Implementations
Conversation Specifications (Top-Down)
Related work
Conclusions
May 24, 2003
WWW 2003
19
E-Composition Language  Regular
E-C languages are not always regular
Example: ECL  a*b* = anbn
!a
?b
a
?a
b
!b
p2
p1
Not context free for some Mealy compositions
Causes: asynchronous communication & unbounded
queue
Bounded queues or synchronous: ECL always regular
May 24, 2003
WWW 2003
20
Practical Implications
Simply composing peers without a global sense can
make the E-composition behaviors very complicated
Non regular means many model checking tools are
out of reach (for correctness)
Bottom up won’t always work well
May 24, 2003
WWW 2003
21
An Alternative
Given a regular language L as the global behavior,
find Mealy peers so that the ECL = L
A quick answer: no
But, wait…
May 24, 2003
WWW 2003
22
Local Views
Local view of a conversation for a peer: part of the
execution that is related to the peer
Defined as projection: pp(w) for a conversation w
Two conversations cannot be distinguished if they
have exactly the same set of local views
b
a
p1
p2
p3
p4
c
If abc is a part of a conversation, so are bac and bca
ppi(abc) = ppi (bac) = ppi (bca) = a for i = 1, 2
ppi(abc) = ppi (bac) = ppi (bca) = bc for i = 3, 4
May 24, 2003
WWW 2003
23
Join
Given languages Li over Si, 1  i  n
i Li =  w 1  i  n π S i (w)  Li   (i Si )
*
Conversations (ECLs) L are closed under
“projection-join”:
 peers π peer ( L)  L
May 24, 2003
WWW 2003
24
Local Prepone
!b
…
c
π peer ( w)
… a b …
!a
local view at p
a peer p
ppeer(w) should also allow
May 24, 2003
WWW 2003
… b a …
25
A Synthesis Result
Given a regular language L, we can find a Mealy
composition such that its ECL is the closure:
*
 peers LocalPrepo ne (π peer ( L))
Intuitively: given a regular L (e.g., ako1…), we can
find Mealy peers whose conversations are not
arbitrary
 Opportunity for automatic composition
But some Mealy compositions do not relate to any
regular languages in this way
May 24, 2003
WWW 2003
26
The Converse (General Case)
There is an Mealy compositions whose ECL is not
*
 peers LocalPrepo ne (π peer ( L))
for every regular languages L
!b
?b
b
!a
p3
p1
a
May 24, 2003
c
?a
!c
?c
ECL = { aibci | i 0 }
p2
WWW 2003
27
The Tree Case
When the peer-channel graph is a tree, then the
Mealy composition has an ECL equal to
 peers LocalPrepo ne * (π peer ( L))
for some regular languages L
Intuitively: the global behavior of bottom-up
composition is still predictable if the composition
infrastructure is a tree
In particular, adding an mediator (hub-spoke)
isn’t a bad idea!
May 24, 2003
WWW 2003
28
Hub-and-spoke
For every star-shaped E-composition infrastructure,
and every regular language L, we can construct an
Mealy composition whose ECL = L
Good news for hub-and-spoke!
May 24, 2003
WWW 2003
29
Summary of Technical Results
1. ECLs of some Mealy compositions are not regular,
some others not context free
2. The “prepone” and “join” closure of every regular
language = ECL of some composite Mealy E-services
3. The converse of 2. is not true in general, true in
special cases
However: if bounded queue or synchronous:
ECL of every Mealy composition is regular
Design time decision! Need to be explicit in
specifications (BPEL4WS, BPLM, …)
May 24, 2003
WWW 2003
30
Outline
A Model for E-services & Compositions
Conversations
Mealy Peers/Implementations
Conversation Specifications (Top-Down)
Related work
Conclusions
May 24, 2003
WWW 2003
31
Related Work
Similar E-service models:
 BPEL4WS (WSFL, XLANG), BPML, WSCL
 Workflow, 1-safe Petri-nets
p-calculus: synchronous but can simulate
unbounded buffer effect
Other synchronous models
 CSP [Hoare ’85], I/O automata [Lynch-Tuttle ’87],
interface automata [Henzinger et al ’01 ]
Other asynchronous models
 Communicating FSA [Brand-Zafiropulo ’82], Message
Sequence Charts [Alur et al ’00]
May 24, 2003
WWW 2003
32
Conclusions
Conversations are an interesting model for global
behaviors
Only a beginning, more need to be understood (see
also [Hull et al PODS ’03])
 Would like ECLs to be regular, some sufficient conditions
are given in [Fu-Bultan-S. CIAA ’03]
 Infinite domain message contents?
 Design tools, e.g., verification tools?
 Spawning new processes?
…
May 24, 2003
WWW 2003
33