ISO/IEC 10026-1:1998

INTERNATIONAL ISO/IEC
STANDARD 10026-1
Second edition
1998-10-15
Information technology — Open Systems
Interconnection — Distributed Transaction
Processing —
Part 1:
OSI TP Model
Technologies de l'information — Interconnexion de systèmes ouverts
(OSI) — Traitement transactionnel réparti —
Partie 1: Modèle OSI TP
Reference number
B C
Contents .Page
Foreword.iv
Introduction .v
1 Scope. 1
2 Normative references . 1
3 Definitions . 2
3.1 Terms defined in other International Standards . 2
3.2 Terms defined in ISO/IEC 10026 . 3
4 Abbreviations . 8
5 Conventions . 8
6 Requirements. 8
6.1 Introduction. 8
6.2 User requirements. 9
6.3 Modelling requirements . 9
6.4 OSI TP Service and Protocol requirements . 10
7 Concepts of distributed TP . 10
7.1 Transaction. 10
7.2 Distributed transaction. 10
7.3 Transaction data and coordination level. 10
7.4 Tree relationships. 11
7.5 Dialogue . 11
7.6 Dialogue tree . 12
7.7 Transaction branch. 12
7.8 Transaction tree . 13
7.9 Channel . 13
7.10 Handshake . 13
7.11 Hinterland . 13
8 Model of the OSI TP Service . 14
8.1 Nature of the OSI TP Service.14
8.2 Rules on dialogue trees. 15
8.3 Rules on transaction trees. 16
8.4 Naming . 18
8.5 Data transfer. 19
8.6 Coordination of resources . 19
8.7 Recovery . 24
8.8 Concurrency control and deadlock. 31
8.9 Security. 31
©  ISO/IEC 1998
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced
or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm, without permission in writing from the publisher.
ISO/IEC Copyright Office • Case postale 56 • CH-1211 Genève 20 • Switzerland
Printed in Switzerland
ii
©
ISO/IEC ISO/IEC 10026-1:1998(E)
Annexes
A Relationship of the OSI TP Model to the Application Layer Structure . Erreur! Sig
B Tutorial on concurrency and deadlock control in OSI TP. 34
C Tutorial on the presumed rollback two-phase commit protocol. 35
D Combinations of Commitment Optimisations . 36
E Summary of changes to the second edition. 39
Tables
Table 1 - Permitted combinations of transaction data and coordination levels. 11
Table 2 - Update of log-damage record. 24
Table 3 - Types of failures . 25
Table 4 - Restoration of node state after atomic action data unavailability. 30
Figures
Figure 1 - Transaction hinterland of node A viewed from node B.14
Figure 2 - Transaction branches, dialogues, and application-associations . 18
Figure 3 - Phases of recovery. 29
iii
©
Foreword
ISO (the International Organization for Standardization) and IEC (the International
Electrotechnical Commission) form the specialized system for worldwide
standardization. National bodies that are members of ISO or IEC participate in the
development of International Standards through technical committees established
by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with
ISO and IEC, also take part in the work.
In the field of information technology, ISO and IEC have established a joint
technical committee, ISO/IEC JTC 1. Draft International Standards adopted by
the joint technical committee are circulated to national bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the
national bodies casting a vote.
International Standard ISO/IEC 10026-1 was prepared by Joint Technical
Information technology Open
Committee ISO/IEC JTC 1, , Subcommittee SC 21,
systems interconnection, data management and open distributed processing.
This second edition cancels and replaces the first edition
(ISO/IEC 10026-1:1992), which has been technically revised. It also incorporates
Technical Corrigendum 1:1996.
This part of ISO/IEC 10026 is technically aligned with ITU-T Recommendation
X.860, but is not published as identical text.
ISO/IEC 10026 consists of the following parts, under the general title Information
technology — Open Systems Interconnection — Distributed Transaction
Processing
:
— Part 1: OSI TP Model
— Part 2: OSI TP Service
— Part 3: Protocol specification
— Part 4: Protocol Implementation Conformance Statement (PICS) proforma
— Part 5: Application context proforma and guidelines when using OSI TP
— Part 6: Unstructured Data Transfer
Annex A forms an integral part of this part of ISO/IEC 10026. Annexes B to E are
for information only.
iv
©
ISO/IEC ISO/IEC 10026-1:1998(E)
Introduction
ISO/IEC 10026 is one of a set of standards produced to facilitate the
interconnection of computer systems. It is related to other International Standards
in the set as defined by the Reference Model for Open Systems Interconnection
(ISO/IEC 7498-1). The Reference Model subdivides the area of standardization
for interconnection into a series of layers of specification, each of manageable
size.
The aim of Open Systems Interconnection is to allow, with a minimum of technical
agreement outside the interconnection standards, the interconnection of computer
systems
a) from different manufacturers;
b) under different management;
c) of different levels of complexity; and,
d) of different technologies.
ISO/IEC 10026 defines an OSI TP Model, an OSI TP Service and specifies an
OSI TP Protocol available within the Application Layer of the OSI Reference
Model.
The OSI TP Service is an Application Layer service. It is concerned with
information which can be related as distributed transactions, which involve two or
more open systems.
ISO/IEC 10026 provides sufficient facilities to support transaction processing, and
establishes a framework for coordination across multiple OSI TP resources in
separate open systems.
ISO/IEC 10026 does not specify the interface to local resources or access
facilities that are provided within the local system. However, future enhancement
of the standard may deal with these issues.
v
©
INTERNATIONAL STANDARD  ISO/IEC ISO/IEC 10026-1:1998(E)
Information technology — Open Systems
Interconnection — Distributed Transaction Processing —
Part 1:
OSI TP Model
1 Scope
This part of ISO/IEC 10026:
a) provides a general introduction to the concepts and mechanisms defined in ISO/IEC 10026;
b) defines a model of distributed transaction processing;
c) defines the requirements to be met by the OSI TP Service; and
d) takes into consideration the need to coexist with other Application Service Elements, e.g. RDA
(Remote Database Access), ROSE (Remote Operations Service Element), and non-ROSE
based applications.
This part of ISO/IEC 10026 makes sufficient provisions to allow the specification of transaction-mode
communications services and protocols that meet the properties of: atomicity, consistency, isolation, and
durability (the ACID properties), as defined in ISO/IEC 9804.
This part of ISO/IEC 10026 does not specify individual implementations or products, nor does it constrain the
implementation of entities or interfaces within a computer system.
2 Normative references
The following standards contain provisions which, through reference in this text, constitute provisions of this
part of ISO/IEC 10026. At the time of publication, the editions indicated were valid. All standards are subject
to revision, and parties to agreements based on this part of ISO/IEC 10026 are encouraged to investigate the
possibility of applying the most recent editions of the standards indicated below. Members of IEC and ISO
maintain registers of currently valid International Standards.
ISO/IEC 7498-1:1994, Information technology - Open Systems Interconnection - Basic Reference Model: The
Basic Model.
ISO 7498-2:1989, Information processing systems - Open Systems Interconnection - Basic Reference Model
- Part 2: Security Architecture.
ISO/IEC 7498-3:1997, Information technology - Open Systems Interconnection - Basic Reference Model:
Naming and addressing.
ISO/IEC 8326:1996, Information technology - Open Systems Interconnection - Session service definition.
ISO/IEC 8649:1996, Information technology - Open Systems Interconnection - Service definition for the
Association Control Service Element.
Information technology - Open Systems Interconnection - Presentation service
ISO/IEC 8822:1994,
definition.
©
ISO/IEC 9545:1989, Information technology - Open Systems Interconnection - Application Layer structure.
NOTE - this edition of ISO/IEC 10026 uses the terminology and modelling mechanisms of the first (1989) edition of the
Application Layer Structure (ISO/IEC 9545:1989).
ISO/IEC 9579-1:1993, Information technology - Open Systems Interconnection - Remote Database Access -
Part 1: Generic Model, Service, and Protocol.
ISO/IEC 9594-2:1995, Information technology - Open Systems Interconnection - The Directory: Models.
ISO/IEC 9804:1997, Information technology - Open Systems Interconnection - Service definition for the
commitment, concurrency and recovery service element.
ISO/IEC 10026-2:1998, Information technology - Open Systems Interconnection - Distributed Transaction
Processing - Part 2: OSI TP Service.
Information technology - Open Systems Interconnection - Distributed Transaction
ISO/IEC 10026-3:1998,
Processing - Part 3: Protocol specification.
Information technology - Open Systems Interconnection - Distributed Transaction
ISO/IEC 10026-4:1995,
Processing: Protocol Implementation Conformance Statement (PICS) proforma.
ISO/IEC 10731:1994, Information technology - Open Systems Interconnection - Basic Reference Model -
Conventions for the definition of OSI services.
ISO/IEC 13712-1:1995, Information technology - Remote Operations: Concepts, model and notation.
3 Definitions
For the purposes of ISO/IEC 10026, the following definitions apply.
3.1 Terms defined in other International Standards
3.1.1 ISO/IEC 10026 makes use of the following terms defined in ISO/IEC 7498-1:
a) application-entity;
b) application-process;
c) application-protocol-data-unit;
d) concatenation;
e) open system;
f) presentation-service;
g) presentation-service-access-point;
h) presentation-service-data-unit;
i) real open system; and
j) separation.
3.1.2 ISO/IEC 10026 makes use of the following terms defined in ISO 7498-2:
a) access control;
b) audit;
c) authentication;
d) confidentiality;
e) integrity; and
f) non-repudiation.
3.1.3 ISO/IEC 10026 makes use of the following terms defined in ISO/IEC 7498-3:
a) application-process-invocation-identifier;
b) application-process-title;
c) application-entity-invocation-identifier;
©
ISO/IEC ISO/IEC 10026-1:1998(E)
d) application-entity-qualifier; and
e) application-entity-title.
3.1.4 ISO/IEC 10026 makes use of the following term defined in ISO/IEC 8326:
quality-of-service
3.1.5 ISO/IEC 10026 makes use of the following terms defined in ISO/IEC 10731:
a) request;
b) indication;
c) response;
d) confirm;
e) service primitive; primitive;
f) service-provider; and
g) service-user.
3.1.6 ISO/IEC 10026 makes use of the following terms defined in ISO/IEC 9545:
a) application-association; association;
b) application-context;
c) application-context-name;
d) application-entity-invocation;
e) application-process-invocation;
f) application-service-element;
g) association control service element;
h) multiple association control function;
i) single association control function; and
j) single association object.
3.1.7 ISO/IEC 10026 makes use of the following terms defined in ISO/IEC 9594-2:
a) Directory Information Tree;
b) Directory entry; entry;
c) distinguished name;
d) object class; and
e) relative distinguished name.
3.1.8 ISO/IEC 10026 makes use of the following terms defined in ISO/IEC 9804:
a) atomic action data;
b) atomicity;
c) bound data;
d) consistency;
e) durability;
f) final state;
g) heuristic decision;
h) initial state; and
i) isolation.
3.2 Terms defined in ISO/IEC 10026
3.2.1 application-supported distributed transaction: A transaction where the user of the OSI TP Service
is responsible for the maintenance of the ACID properties.
©
3.2.2 chained sequence: A sequence of related contiguous (provider-supported) transaction branches, on
the same dialogue, that are aimed at achieving a common goal.
3.2.3 Channel Protocol Machine; CPM: The part of an AEI involved in OSI TP that establishes and
terminates TP channels.
3.2.4 channel; Transaction Processing channel: A relationship over an association between two AEIs to
facilitate Transaction Processing Service Provider (TPSP) recovery activity. Channels are not visible to the
TPSUIs.
3.2.5 commit master: The neighbour to which a node has sent a ready signal.
NOTE - with the static commitment procedures, the commit master will be the dialogue superior.
3.2.6 commit slave: A neighbour from which a ready signal has been received.
NOTE - CCR uses the term "commit subordinate"; TP uses the term "commit slave" to avoid confusion with dialogue
subordinate.
NOTE - with the static commitment procedures, a commit slave will be a dialogue subordinate.
NOTE - the terms commit master and commit slave do not apply when a read-only signal or early-exit signal or one-
phase signal is sent.
3.2.7 commitment; transaction commitment: Completion of a transaction with the release of transaction
data in the final state.
NOTE - commitment requires two-phase commitment procedures if bound data are affected; one-phase commitment
procedures may be used if bound data are not affected; see section 8.6.1 for two-phase commitment procedures and
8.6.4 for one-phase commitment procedures.
NOTE - the terms "commitment" and "rollback" have a different scope from that defined in ISO/IEC 9804. ISO/IEC
10026 is concerned with the commitment and rollback of a complete transaction, whereas ISO/IEC 9804 refers to the
commitment and rollback of a single atomic action branch.
3.2.8 commitment coordinator: A TPPM involved in a distributed transaction that arbitrates the final
outcome of the transaction.
NOTE - With the static two-phase commitment procedures, the commitment coordinator will be at the root of the
transaction tree. If the static one-phase commitment procedures are in use in the transaction tree, the commitment
coordinator will either be a leaf node or an intermediate node. With the dynamic two-phase commitment procedures,
the position of the commitment coordinator may be predetermined or may be determined dynamically.
3.2.9 commitment hinterland: A node's current commitment hinterland is the set of nodes in the transaction
tree which include:
a) the neighbouring nodes from which ready signals have been received; and
b) the commitment hinterlands of those neighbouring nodes, and so on recursively.
NOTE - the commitment hinterland excludes those nodes which signal read-only or one-phase or early-
exit.
NOTE - with the static two-phase commitment procedures and no use of either read-only or one-phase
commitment or early-exit, the commitment hinterland of a node will be identical to the transaction subtree
of the node.
3.2.10 commitment order: A statement from a node to a neighbour that has signalled ready, that the
transaction shall be committed.
3.2.11 control: The permission, on a particular dialogue, for a TPSUI to communicate with its partner.
3.2.12 coordination level: An agreement between two TPSUIs on what mechanism will be used to
guarantee the four properties of a transaction; the coordination level may be "commitment", "one-phase
commitment" or "none".
©
ISO/IEC ISO/IEC 10026-1:1998(E)
3.2.13 coordinated dialogue; dialogue is coordinated: A dialogue currently having a coordination level of
"commitment" or "one-phase commitment".
NOTE - a dialogue supporting chained transaction branches is always coordinated and a dialogue supporting unchained
transaction branches is coordinated only when it supports a transaction branch.
3.2.14 dialogue: The relationship between two TPSUIs that communicate with each other. The initiator of
the dialogue is the superior and the recipient is the subordinate.
3.2.15 dialogue tree: A tree consisting of TPSUIs as the entities with dialogues as the relationships between
them.
3.2.16 distributed transaction: A transaction, parts of which may be carried out in more than one open
system.
3.2.17 dynamic commitment procedures: The two-phase commit procedures without the constraints of the
static commitment procedures; subject to optional controls, the commitment coordinator may be a
predetermined node in the transaction tree (not necessarily the root) or may be dynamically determined.
3.2.18 early-exit signal: A statement from a node to a superior that this node and its subtree can make no
contribution to the work of the transaction and so it withdraws from participation in the transaction; conditions
are that the bound data of this node have not been altered by the transaction, that read-only or early-exit
signals have been received from all the node's subordinates in the transaction tree, if there are any, and that
reporting of the transaction outcome is not required.
3.2.19 heuristic-hazard: The condition that arises when, as a result of communication failure with a
subordinate, the bound data of the subordinate's subtree are in an unknown state.
3.2.20 heuristic-mix: The condition that arises when, as a result of one or more heuristic decisions having
been taken, the bound data of the transaction are in an inconsistent state.
3.2.21 intermediate: An entity in a tree which has one superior and one or more subordinates.
3.2.22 leaf: An entity in a tree which has one superior and no subordinates.
3.2.23 local resource: A resource that is resident on the same real open system as the requester of the
resource, or a resource that is managed by an entity residing in the same real open system as the requester
of the resource.
3.2.24 log-commit record: A record written to the recovery log that reflects the transaction's decision to
commit.
3.2.25 log-damage record: A record written to the recovery log that reflects the current inconsistent state of
bound data in the subtree.
3.2.26 log-heuristic record: A record written to the recovery log that reflects the node's heuristic decision.
3.2.27 log-ready record: A record written to the recovery log that records information required for recovery
and that the bound data of this node is ready-to-commit and, if there is more than one neighbour in the
transaction tree, that one of ready signal, one-phase signal or read-only signal or early-exit signal has been
received from all but one of the neighbours in the transaction tree.
3.2.28 long lived data: Data which are accessed and manipulated by the TPSUI within the scope of either a
provider supported transaction or an application supported transaction but for which the TPSUI takes
responsibility for recovery in the event of failures.
NOTE - "long lived data" are not "bound data", and vice versa.
3.2.29 neighbour: An entity in a tree which has a direct relationship with another entity.
NOTE - thus a subordinate and its superior are neighbours, each with the other.
3.2.30 node: A TPSUI together with its TPPM.
3.2.31 node crash: A failure of the node (i.e. TPPM and TPSUI) or of the local environment supporting the
node such that dialogues are aborted and all data not recorded in secure storage may be lost.
©
3.2.32 one-phase signal: A statement from a node to a neighbour that this node has no bound data (in the
strict sense defined by CCR) and that either read-only or early-exit or one-phase signals have been received
from all other neighbours in the transaction tree, if there are any.
3.2.33 polarized control mode: A mode of communication over a dialogue where only one TPSUI involved
in the dialogue is allowed to have control at a time.
3.2.34 Protocol Machine; PM: A generic term to denote either a Transaction Processing Protocol Machine
or a Channel Protocol Machine.
3.2.35 provider-supported distributed transaction: A transaction where the provider of the OSI TP Service
is responsible for the maintenance of the ACID properties.
3.2.36 read-only signal: A statement from a node to a superior that the bound data of this node have not
been altered by the transaction, that read-only or early-exit signals have been received from all the node's
subordinates in the transaction tree, if there are any, and that reporting of the transaction outcome is not
required.
3.2.37 ready signal: A statement from a node (to a neighbour) that a log-ready record has been written. The
neighbour to whom the signal is sent is the one neighbour (if there is more than one) that had not sent a
ready signal or one-phase signal or read-only signal or early-exit signal when the log-ready record was
written.
NOTE - thus ready signal excludes read-only signal or one-phase signal or early-exit signal.
3.2.38 ready-to-commit state: A state of bound data in which, until the transaction has been terminated by
commitment or rollback, the bound data can be released in either their initial or their final state.
3.2.39 recovery: Action taken after a failure to remove undesired consequences of the failure.
3.2.40 recovery log: A repository in secure storage used to record data and state information for the
purposes of restart and recovery.
3.2.41 remote resource: A resource that is resident on a different real open system than the real open
system making the request for resources.
3.2.42 resource: Data and processing capabilities necessary for a TPSUI to carry out the part of a
transaction for which it is responsible.
3.2.43 rollback: transaction rollback: Completion of a transaction with the release of bound data in the
initial state.
NOTE - the terms "commitment" and "rollback" have a different scope from that defined in ISO/IEC 9804. ISO/IEC
10026 is concerned with the commitment and rollback of a complete transaction, whereas ISO/IEC 9804 refers to the
commitment and rollback of a single atomic action branch.
3.2.44 root: The single entity in a tree which has no superior and has one or more subordinates.
3.2.45 secure storage: A reliable non-volatile place where stored information survives any type of
recoverable failure within the real open system.
3.2.46 shared control mode: A mode of communication over a dialogue where both TPSUIs involved in the
dialogue have control.
3.2.47 static commitment procedures: The two-phase commitment procedures constrained such that the
commit decision is made at the root of the transaction tree and is propagated down the tree.
NOTE - this is equivalent to the commitment procedures of 10026:1992 and 10026:1995.
3.2.48 subordinate: The entity which accepts a relationship (from a superior).
3.2.49 subordinate subtree: The subtree of a subordinate node.
3.2.50 subtree: A subset of a tree. The subtree of a particular node contains
a) the node itself, called the root node of the subtree; and
b) the subtrees of each subordinate node of the root node of the subtree, recursively.
A leaf node is its own subtree.
©
ISO/IEC ISO/IEC 10026-1:1998(E)
3.2.51 superior: The entity which initiates a relationship.
3.2.52 transaction: A set of related operations characterized by four properties: atomicity, consistency,
isolation, and durability. A transaction is uniquely identified by a transaction identifier.
NOTE - For reasons of brevity, the term "transaction" is used as a synonym of the term "provider-supported distributed
transaction", from 7.8 onwards.
: The portion of a distributed transaction performed by a pair of TPSUIs sharing a
3.2.53 transaction branch
dialogue.
NOTE - For reasons of brevity, the term "transaction branch" is used as a synonym of the phrase "branch of provider-
supported distributed transaction", from 7.8 onwards.
3.2.54 transaction branch identifier: An unambiguous identifier for a specific branch of a specific
transaction.
3.2.55 transaction data: Data which are accessed and manipulated by the TPSUI within the scope of a
transaction (either a provider-supported transaction or an application-supported transaction); transaction data
is either "bound data" or "long-lived data".
3.2.56 transaction hinterland: The transaction hinterland of node B as viewed from node A is the node B
together with the transaction hinterland (as viewed from node B) of all B's neighbouring nodes except A
which are participating in or have participated in the current transaction on a transaction branch with B.
NOTE - nodes which are no longer participating in the transaction because they have signalled read-only or early-exit,
continue to be part of the transaction hinterland until the transaction is terminated.
3.2.57 transaction identifier: A globally unambiguous identifier for a specific transaction.
3.2.58 transaction logging: The recording of node state information and data in a recovery log.
3.2.59 Transaction Processing Application Service Element; TPASE: That part of a Transaction
Processing Protocol Machine (TPPM) which handles the OSI TP Protocol on a single application-association.
3.2.60 Transaction Processing Protocol Machine; TPPM: The provider of the OSI TP Service for exactly
one TPSUI. A TPPM handles the OSI TP Protocol on all associations that are used for its TPSUI's activity.
: The provider of the OSI TP Service. The TPSP
3.2.61 Transaction Processing Service Provider; TPSP
provides the OSI TP Service to all the TPSUIs involved in a particular dialogue tree. The TPSP spans several
application-process-invocations (APIs) and is the conceptual view of the OSI TP Service as a whole.
3.2.62 Transaction Processing Service User; TPSU: A user of the OSI TP Service: it refers to a specific
set of processing capabilities within an application-process.
3.2.63 TPSU Invocation; TPSUI: A particular instance of a TPSU performing functions for a specific
occasion of information processing.
3.2.64 TPSU-title: A name, unambiguous within the scope of the application-process containing the TPSU,
which denotes a particular TPSU. The TPSU-title implies the type of processing (capabilities) of this TPSU.
3.2.65 transaction recovery: Action taken after a failure in order to put all the bound data of that transaction
into a consistent state.
3.2.66 transaction tree: A tree with nodes as the entities, and transaction branches as the relationship
between them.
3.2.67 tree: A set of linked entities arranged in a hierarchical structure and connected by relationships.
3.2.68 unchained sequence: A sequence of non-contiguous (provider-supported) transaction branches, on
the same dialogue, that are aimed at achieving a common goal.
3.2.69 uncoordinated dialogue; dialogue is not coordinated: A dialogue currently having a coordination
level of "none".
3.2.70 user-ASE: An application-specific ASE.
©
4 Abbreviations
For the purposes of ISO/IEC 10026, the following abbreviations apply:
ACID Atomicity, Consistency, Isolation, and Durability
ACSE Association Control Service Element
AE Application-Entity
AEI Application-Entity Invocation
ALS Application Layer Structure
AP Application-Process
APDU Application-Protocol-Data-Unit
API Application-Process Invocation
ASE Application Service Element
CCR Commitment, Concurrency, and Recovery
CPM Channel Protocol Machine
MACF Multiple Association Control Function
OSI Open Systems Interconnection
OSIE Open Systems Interconnection Environment
PICS Protocol Implementation Conformance Statement
PM Protocol Machine (either a TPPM or a CPM)
PSAP Presentation Service Access Point
PSDU Presentation-Service-Data-Unit
RDA Remote Database Access
ROSE Remote Operations Service Element
SACF Single Association Control Function
SAO Single Association Object
TP Transaction Processing
TPASE Transaction Processing Application Service Element
TPPM Transaction Processing Protocol Machine
TPSP Transaction Processing Service Provider
TPSU Transaction Processing Service User
TPSUI Transaction Processing Service User Invocation
U-ASE User-Application Service Element
5 Conventions
ISO/IEC 10026 is guided by the conventions discussed in ISO/IEC 10731 as they apply to the OSI TP
Service.
6 Requirements
6.1 Introduction
This clause summarizes the requirements for OSI TP. It includes both requirements which are addressed by
ISO/IEC 10026, and also requirements which are not addressed and which require further study; these
additional requirements are candidates for further standardization as amendments and/or additional parts to
ISO/IEC 10026.
©
ISO/IEC ISO/IEC 10026-1:1998(E)
6.2 User requirements
In order to satisfy user needs, ISO/IEC 10026
a) defines procedures which support distributed transactions, as discussed in 7.2. These
procedures
1) allow a distributed transaction to be organized into a transaction tree;
2) provide multi-party coordination (part of which is multi-party commitment), including local
resources;
3) allow restoration to a consistent state, following failure, of the state/context of a distributed
transaction and of bound data;
4) allow the detection of a distributed transaction's failure to achieve ACID properties;
5) allow a distributed transaction to be restarted following successful state restoration; and
6) indicate the completion status of a transaction;
b) provides for the delimitation of a sequence of logically related transactions;
c) allows the grouping of TPSUs within an application-process;
d) allows for one, or more, of the following security requirements:
NOTE - The provision for security is for further standardization as an amendment.
1) access control: it must be possible to support multiple access control policies. At least
those types described in ISO 7498-2 (administration imposed and dynamically selectable,
rule-based and identity-based) should be included;
2) access control granularity: it should be possible to classify OSI TP objects into groups in
order to simplify the specification of access control and allow for distribution of the
authorization database. Such classification should be for optimization, not a substitute for
individual auditing;
3) authentication between:
i) corresponding TPSUIs;
ii) TPPMs;
iii) AEIs; and
iv) TPSUIs and TPPMs. However, this is considered to be a local matter;
4) non-repudiation: prevent denial of having participated in a specific transaction or dialogue;
5) confidentiality: to prevent unauthorized reception of part, or all of the information
exchanged within a dialogue tree;
6) integrity: to detect unauthorized changes to part, or all of the information exchanged within
a dialogue tree; and
7) audit: to record significant security events occurring within a dialogue tree;
e) allows conformance testing of the protocol defined by ISO/IEC 10026-3 and delineate clearly
the static conformance requirements (through the PICS defined in ISO/IEC 10026-4).
6.3 Modelling requirements
The OSI TP Model provides a model of distributed transaction processing and the communications
mechanisms to support it which are consistent with the OSI architecture defined in ISO 7498-1 and ISO/IEC
9545, and that addresses the following requirements:
a) definition of mechanisms for partitioning into transactions the interactions between application-
processes of two or more open systems. In particular, these mechanisms provide for
1) indication of the completion status of a transaction;
2) support of transactions which do not require the full distributed commitment mechanisms to
ensure the ACID properties: the application is responsible for ensuring the ACID
properties; and
3) flexibility in order to match the choice of data transfer method to the semantics of the
transaction;
b) specification of mechanisms to use the services of the Presentation Layer;
©
c) procedures that have acceptable performance and efficiency; and
d) procedures that cover a wide variety of needs (short or long, simple or complex transactions).
NOTE - Some of these procedures are candidates for further standardization.
6.4 OSI TP Service and Protocol requirements
The OSI TP Service and Protocol provide for
a) flexibility to handle changing load conditions;
b) efficient support of operations under high, low or burst conditions;
c) efficient handling of short APDUs;
d) acceptable response time for users;
e) resilience from failure, including the means to recover and restart processing after faults have
been corrected or circumvented;
f) optimal resource usage; and
g) minimization of the dependence of local resource control upon communications.
In order to meet these requirements, the OSI TP Protocol
a) optimizes the use of the Presentation Layer Service;
b) minimizes the communication overhead required for each transaction - in particular, the OSI TP
Protocol limits the number of round trips required by the communication protocols to be no
greater than the number of round trips required by the semantics of the application;
c) optimizes operations to the needs of high volume transaction processing; and,
d) optimizes operations to the needs of the normal case rather than to those of exception cases.
7 Concepts of distributed TP
7.1 Transaction
A transaction is a set of related operations characterized by four properties: atomicity, consistency, isolation,
and durability.
7.2 Distributed transaction
A transaction that spans more than one open system is called a distributed transaction.
A distributed transaction is composed of at least as many parts as there are open systems involved in this
distributed transaction. Within each open system, a part of the distributed transaction relates to an entity
called a TP Service User (TPSU).
The TPSU is the user of the OSI TP Service. It refers to a specific set of processing capabilities within an
application-process. There may be zero, one, or more TPSUs within any given application-process.
NOTE - A TPSU may in turn be distributed within an application-process. ISO/IEC 10026 does not preclude such a
refinement, but does not discuss it, since distribution within an open system lies beyond the scope of OSI.
A TPSU invocation (TPSUI) models, from the perspective of the OSIE, a particular instance of a TPSU,
within an application-process-invocation, performing functions for a specific occasion of information
processing.
To maintain the four properties of transactions, coordination is required among the TPSUIs performing a
distributed transaction. Such coordination requires communication among TPSUIs.
7.3 Transaction data and coordination level
A TPSUI may manipulate data within the scope of a transaction and place that data into their final state or
their initial state depending on whether the transaction commits or rolls back. Such data are called
transaction data.
©
ISO/IEC ISO/IEC 10026-1:1998(E)
The mechanism which is used to coordinate the outcome of a transaction is determined by the coordination
level. Three coordination levels are supported for use by the TPSUI:
a) "commitment" when the TPSP is responsible for the demarcation of transactions and the
reporting of the transaction outcome, including when failures occur during transaction
termination; the TPSP uses a two-phase commit mechanism to support this coordination level;
b) "one-phase commitment" when the TPSP is responsible for the demarcation of transactions
and the reporting of the transaction outcome, except when failures occur during transaction
termination; it is then the responsibility of the TPSUI to determine the outcome and any
necessary recovery by means outside of mechanisms provided by TP; or
c) "none" when the TPSUI is responsible for the demarcation of transactions and any necessary
recovery.
During a transaction, the TPSUI may manipulate transaction data. Transaction data which is protected by
the use of the "commitment" coordination level is called bound data (as defined in ISO/IEC 9804).
Transaction data which is protected by application means is called "long lived data". Table 1 shows the
permitted combinations of transaction data and coordination levels.
Table 1 - Permitted combinations of transaction data and coordination levels
Coordination level
Transaction data commitment one-phase none
commitment
bound data YES NO NO
long lived data YES YES YES
NOTE - The mechanisms, if any, required to maintain the ACID properties for long lived data are beyond the scope of
ISO/IEC 10026.
7.4 Tree relationships
In this specification, a tree is a set of linked entities arranged in a hierarchical structure and connected by
relationships. Two entities which are linked by a relationship are neighbours. An individual relationship
defines roles for the two neighbours:
- the superior of the relationship is the entity which initiated it; and
- the subordinate of the relationship is the entity which accepted it.
Each entity can only have one superior; an entity which is already in one tree can not join in a further tree.
Thus a tree does not contain any loops.
7.5 Dialogue
TPSUIs communicate among themselves in a peer-to-peer relationship; this peer-to-peer relationship
between two TPSUIs is called a dialogue.
In a dialogue, TPSUIs may communicate for the following purposes:
a) transfer of data;
b) error notification;
c) initiation and termination of a transaction;
d) orderly or abrupt termination of their dialogue; and
e) handshake activities.
Dialogues may be controlled in two modes:
a) polarized control, when only one TPSUI has control of the dialogue at a time; and
b) shared control, when both TPSUIs have control of the dialogue simultaneously.
©
In polarized control mode, a TPSUI needs to have control of the dialogue to initiate a request other than
a) error notification;
b) rollback of a transaction;
c) early exit from a transaction;
d) abrupt termination of the dialogue; and
e) request control.
7.6 Dialogue tree
A dialogue tree is a tree with TPSUIs as the entities, and dialogues as relationships between the entities. The
purpose of a dialogue tree is to support a sequence of one or more transactions.
Within the dialogue tree, the TPSUI that establishes the dialogue is referred to as the direct superior of the
TPSUI with which the dialogue is established. The TPSUI with which the dialogue is established is referred to
as the direct subordinate of the adjacent superior TPSUI.
The TPSUI in the dialogue tree that has no superior is called the root TPSUI. A TPSUI that has no
subordinate is called a leaf TPSUI. A TPSUI that has both a superior and at least one subordinate is called
an intermediate TPSUI.
7.7 Transaction branch
When requested, the TPSP provides the TPSUIs with a commitment service for use on a given dialogue. The
value of the coordination level determines which commitment service if any is used on th
...