International Symposium on Parallel and Distributed Processing with Applications

Distributed Transactions for Semantic Web

Workflows
Overcoming the CAP Limitations on Virtual Organizations

Daniel J. Buehrer and Chun-Yao Wang

Institute of Computer Science and Information Engr.
National Chung Cheng University
Chiayi, Taiwan 621
[email protected]; [email protected]

Abstract—Short term and long term transactions will become
very important for both personal and cooperative work involving
workflows that use ontologies of the Semantic Web. We describe
a way to get around the CAP theorem (the impossibility of
simultaneous consistency, availability, and the possibility of
network partitioning) and the worst-case infinite delay for any
distributed decision-making.
Keywords-CAP theorem, transactions, cooperative engineering,
virtual synchrony
I. INTRODUCTION
In 2000, Eric Brewer [1] made a conjecture which was later
proven by Nancy Lynch [2] in 2002 as the “CAP theorem”.
This theorem states that in a distributed environment it is
impossible to simultaneously have consistency, availability,
and the possibility of network partitioning (e.g. due to mobile
devices or wide-area network overloading). Another theorem
is that any distributed decision can always be delayed for an
arbitrarily long time by having processors fail at inappropriate
times.
In this paper we describe the methodology which is being
used in the Cadabia middleware system. We first define the
implementation of short-term transactions [3] with fixed
participants. These short-term transactions are then used to
implement long-term transactions which guarantee that all
current participants will be notified of any changes to the data
which they have viewed since the last checkpoint.
The use of virtual synchrony [4] for short-term transactions
provides a stable platform for performing distributed
computations. In particular, the long-term transactions provide
allow for changing memberships where all current members
are guaranteed of being notified of changes to any data that
they have read since the last transaction checkpoint. The
participants are also guaranteed to be notified of changes in
participants of the long-term transaction. It is then quite easy
to implement consistent systems for security, load-balancing
and failover, and consistent upper-level workflows based on
cooperation of many users, such as updates to hierarchical
command and control systems based on performance
measurements. Moreover, cloud computing must synchronize
its copies and switch-overs for load balancing and failovers.
In Section 2 we describe the CAP Theorem and worst-case
infinite delay of distributed decisions. We then discuss the
assumptions of Cadabia’s model in Section 3. Sections 4 and
5 describe the short-term and long-term transactions. Section 6
compares Cadabia’s solution to other solutions. Section 7
describes how distributed workflows are used to implement
Web-based vertical organizations. Finally, in Section 8 we
summarize and give some conclusions.
II. CAP THEOREM AND INABILITY TO MAKE DISTRIBUTED
DECISIONS
A. CAP Theorem
Distributed computations involve at least two theoretical
limitations. The CAP theorem states that it is impossible to
simultaneously have consistency, availability, and the
possibility of network partitioning. That is, the possibility of
network partitioning will, in general, cause copies of data to
either become inconsistent or unavailable. Many real-time
systems, such as airplane seat assignments or online
acquisitions may prefer to show users inconsistent data rather
than have the system become unavailable. It is quite easy to
see how copies of data will become out-of-date in the presence
of network failures.
As mentioned in the article on “Virtual Synchrony” on
Wikipedia [4], there are basically three approaches to dealing
with the CAP Theorem:
1. One-copy serializability. Usually transactional
replication implementations use transaction logs which

978-0-7695-4190-7/10 $26.00 © 2010 IEEE 465

DOI 10.1109/ISPA.2010.17
 may cause inconsistencies if the failure occurs as the
logs (i.e. updates) are being transmitted.
2. Virtual Synchrony – Extremely high performance and
wide use in existing systems. Usually hidden from
end-users because it is difficult to implement correctly.
3. Paxos – state machine – seldom used except by
Google’s “Chubby” locking service.
Actually, an extended version of virtual synchrony was
already developed in 1996 for the Transis Project [6,7]. Like
our short-term transactions [3], they used multicasting to pass
the “current” states of each process group to implement an
extended version of virtual synchrony. We discuss the
comparison in more detail in Section 6.
How does virtual synchrony help to solve the CAP
problems? The application-layer broadcast mechanism is used
to reach other members of the transaction as soon as they
become reachable. There are no ack’s or event-based replies to
wait for. The only “blocked wait” occurs after all nodes have
pre-committed and have ack’ed recently within a given time
period. Although it is possible that one of the servers will go
down at this time and generate an abort due to timeout, it is
unlikely.
The main idea is that the state of each participant of the
transaction has an associated clock or counter, so that messages
from different partitions can be easily merged to get the most
recent state of all participants.
B. Possibility of Delaying Distributed Decisions Forever
There is another theorem about distributed systems. It
states the impossibility of reaching a consensus in a distributed
system which has a faulty process [8]. If that faulty process
fails at just the times that are necessary for making a decision,
then the decision can be postponed indefinitely. There is
really no way around this other than to assume that it won’t
happen. That is, we assume that it will be possible for all
members of a transaction to be reachable for long enough
periods for them to agree to commit or abort the transaction.
III. CADABIA’S ENVIRONMENT
Cadabia is based on the idea of a “personal” Semantic
Web. The ontology of class, attribute, relation definitions are
shared. However, each user has his own data stored on either
his own machine or his own server(s) in either SQL tables or
XML files.
Cadabia was originally based on peer-to-peer networks, but
with the advent of Web-based computation, we have shifted
the focus of the project to include the possibility of Web
servers. These Web servers are assumed to be always
available. However, we would prefer to keep the servers
“local”, so that users will still be able to control which servers
will be allowed to store backup copies of their non-shared
data.
466
We assume that Web servers will be on a cluster of servers
which is always running. It would be very difficult to
maintain consistency of backup copies where users are
constantly turning their machines on/off. The cluster will be
responsible for most tasks of backup and failover. The use of
a cluster will help get rid of most of the problems of network
partitioning, since local area networks are fairly stable. We
plan to use OpenSSI [9], Single System Image for Linux
clusters, where any machine can be used to redistribute the
load balance or do failover by making appropriate system
calls. The transactions will guarantee that all users and all
processes see a common view of the “current state”.
Cadabia is based on the ideas of the Semantic Web. It
stores all data, including all data typing information, in the
form of triples (i.e. object-attribute-value or object-relation-
objectSet). Every binary relation has an inverse relation, and
short-term transactions are used to maintain their consistency.
Relations can refer to objects on other machines via a URL,
class name, and object name. “PartOf” relations inherit the
owners from the surrounding objects, and they are “cascade
deleted” when the surrounding independent objects of a given
class are deleted. When objects are deleted, all of the inverse
pointers to that object are also deleted within a short-term
transaction. Otherwise, if any of the inverse relations are
unreachable, the transaction fails. That is, no inconsistencies
are ever allowed to enter into the Cadabia data.
Cadabia is now aimed at vertical workflows. The vertical
work flows contain common definitions of messages, events,
error conditions, and message queues that are necessary to
describe a complete system and its users and documents.
The workflows take the place of traditional programming
involving subroutine calls. It is fairly well-recognized that
distributed applications are not well-suited for traditional
subroutines calls, which require the caller to block and wait
until the subroutine finishes. Rather, a workflow is a better
representation of the possible flow of control, using events,
messages, and error conditions that are defined in a shared
ontology. The workflows are also more flexible, allowing
dynamic modification based on perceived problems or feature
additions. Of course, such updates must be coordinated so
that all members of a transaction are using the same version of
the ontology. The OWL ontology, for instance, represents the
relationships between the various versions of the ontology,
and which versions are compatible.
Moreover, Cadabia keeps track of which users are using
which ontologies, so that all of the users who have
downloaded a particular ontology can be located by following
the binary “include” relation or its inverse “includedBy”
relation for ontologies. Cadabia queries can be used to find a
suitable set of similar ontologies for queries based on shared
objects of other users. That is, the query “environment” can
be set by limiting the number of inclusion levels, the number
of servers, the number of objects returned by queries, etc.
This environment is also part of the query kernel, and it is like
a global setting for the kinds and sizes of answers that are
desired.
 IV. SHORT-TERM TRANSACTIONS
The key point is that all of Cadabia’s typing constraints,
security constraints, and cloud descriptions are stored in a
form which can be queried in the same way as user-defined
objects. Therefore, once there is a means of “locking”
attributes and binary relations, this can be used by both end
applications and by kernel-level implementations, such as
security and cloud kernel layers. That is, the short-term
transactions provide read/write locks for attributes and
relations. These transactions can be aborted in case of
possible deadlock or timeout. The short-term transactions
have a fixed set of members.
The short-term transactions are sufficient to implement
long-term transactions, where the participants can change.
Any current participant of the long-term transaction will be
guaranteed that he will be notified of any changes to either the
participants of the transaction or to the attributes or relations
which have been viewed by the transaction since the last
checkpoint.
The implementation of short-term transactions has been
described elsewhere [3], so we will not go into detail here.
Basically, application-layer multicasting is used to transmit a
vector of clock times and current states, where all participants
use a common finite-state automaton to describe their current
states. Any application-layer topology may be used, such as a
tree of bi-directional rings. A timer is also used to send out
messages in case all other messages are lost due to process or
network failures. Each participant merges the messages by
taking the values associated with the maximum vector clock
values. Therefore, network partitioning and different arrival
times will not cause inconsistencies in the definition of
“current” states, and a partial order of state changes is
sufficient to allow the participants to agree. Once all of the
participants have all pre-committed a transaction, they will all
eventually discover this condition, and commit the transaction.
If desired, before committing the transaction, an extra round of
messages can make sure that all participants are still
reachable, or else the transaction can be aborted. It is assumed
that any such crashed process will eventually recover, and be
able to check on the final abort/commit decision for that
transaction. When it recovers, after finding out the transaction
outcome, it will first process its transaction log to update or
restore the database before accepting any new messages.
V. LONG-TERM TRANSACTIONS
The short-term transactions of Cadabia are used to
read/write lock attributes or binary relations that are being
viewed/updated by Cadabia queries. This is then used to
implement various communications mechanisms where
memberships are allowed to change. For example, all users
and processes that share the queues of a workflow diagram can
be guaranteed to have a consistent view.
The basic purpose of our long-term transactions is to
enable cooperative decision-making and cooperative editing of
Cadabia data. As members join and leave the transaction, the
other members of the transaction will be notified. The
467
changes in membership will alternate with notifications of
changes to the data that have been queried so far.
That is, one purpose of the long-term transactions is to
eliminate “dirty reads”. The long-term transaction will
guarantee that all “current participants” of the transaction will
have been notified of changes to any attributes or relations
since the last checkpoint. Those participants will thus know
which attributes or relations may have become out-of-date.
The applications can then choose whether or not to re-query,
or simply to “gray out” those parts of the data in their user
interface.
Typically, a Web app may involve a flow of documents,
events, error messages, and control operations among various
participants of a virtual organization. For example, a school
Web app involves teachers, students, and an IT manager. It
may also involve, however, the invocation of apps in other
clouds. For example, we have an app which uses Google’s
GWT to translate student addresses into X,Y coordinates for
mapping out minimal routes for the school’s bus drivers.
Although the app runs on the local school’s cluster, it is able
to interact with other apps on other clouds via standard http
messages.
The main idea of Cadabia’s long-term transactions is that
once changes of membership are controlled, it is fairly easy to
get consistent views of the data for making group decisions.
For example, all participants know how many participants are
currently online, and how many votes are needed for a simple
majority. If participants join or leave the transaction during
the voting process, the majority requirement can be
automatically re-adjusted. The long-term transaction basically
guarantees that the results will not be committed unless all
members of the transaction have been notified of all changes
in membership as well as all changes in votes.
Basically, virtual synchrony has been used by the short-
term transactions to prevent undetected changes in
membership. These notifications can be mixed with other
messages in one of several ways:
1. Old messages from dead processes may sometimes be
received, but there is a way to ignore them based on
something like vector time counts.
2. Old messages from dead processes will be thrown
away if their vector counts skip; i.e. if there were
missed messages.
3. “Extended virtual synchrony” will send all messages
to current participants only after sending notifications
of membership changes to all current members.
4. “Safe mode”: Messages will be completely serialized
into a FIFO queue, with all messages in the queue to
be received by all active participants. Again, changes
in membership have priority, with all new members
being guaranteed to receive all messages, including the
notifications of change in membership. A message
which is not acked cannot be delivered. Therefore, a
short-term transaction is used to guarantee that all acks
are received, or else a new notification of change of
membership is sent before sending the message.
 VI. COMPARISON TO TRANSIS
In terms of the Transis Project [6,7], four kinds of
communication may be used to make sure that all members are
informed of all updates. Consider, for example, an application
which allows many users to decide on what each of them will
take to a picnic. The four Transis modes below take increasing
amounts of time, and they correspond to the four modes
described in the previous section.
FIFO mode - failed process’s message may or may not be
sent
Causal mode - maintains causal order between messages;
won’t send messages of failed processes.
Agreed mode - messages are delivered in the same order at
all processes. This order is consistent with causal order.
Safe mode - delivers messages only if all other group
members' machines have all received the message.
The communication mode is specified in the Transis send
command. Different communication modes can be used
concurrently.
The main difference with Transis is that Cadabia
implements the four solutions using stateless, RESTful HTTP
transactions, which either read/write single or multiple objects
in the database, with no intermediate state stored in the
messages themselves. The guarantee of notification of changes
in transaction participants allows the processes involved to re-
adjust to such changes, as when voting or determining
authorizations of users.
VII. EFFECT ON VIRTUAL ORGANIZATIONS
Once an ontology for a virtual organization has been
defined, a flow diagram can also be defined for the
participants, their apps, and the messages, events, and errors
sent by those apps to each other. The model of the
organization then becomes the organization. This allows easy
experimentation with “better” organizations. Should the
chairman of the board be more than one person? How many
people should be on the board? What should be their
membership requirements? What are the processes used in the
acquisitions department to prevent kick-backs? Should more
than one secretary read incoming/outgoing correspondence?
What is the best login mechanism for preventing attacks?
Web 3.0 may be defined in terms of individuals and
organizations having more control over their own private data
while being able to use shared ontologies. That is, individuals
and individual organizations can improve on existing
organizational structures. Second-order Science [14] is
sometimes defined as scientific models which model the
process of modeling things in the real world, such as
organizations or scientific theories. Science 2.0 extends
traditional science by including the effects of the observers on
the model. That is, the models of reality are modified in order
to better match some evaluation criteria. This theory can help
us learn how to build better organizational structures. In
particular, these financial regulatory structures might help us to
468
avoid future financial woes similar to those that occurred in
2009.
VIII. SUMMARY AND CONCLUSIONS
In this paper we have described the methodology which is
being used in the Cadabia middleware system. As mentioned
above, there are many middleware systems that are also based
on virtual synchrony and application-layer multicast
mechanisms, like Cadabia. Cadabia’s rather unique feature is
that the short-term transactions are based on non-changing
memberships. This is sufficient to provide consistency when
there are changes to any binary relation. By using stateless
RESTful HTTP transactions, programmers can be guaranteed
that all members of the process group (i.e. workflow members)
will see the “current” state of the database, since they will be
notified of any changes to attributes or binary relations that
they have viewed since the last checkpoint. This includes the
“current” members of the workflow, the “current” workflow
branch conditions, the “current” list of users who are
authorized to do something, or the “current” list of users who
are online for some Web app group, etc.
Cadabia will also guarantee that even if the current Web
server or its cluster loses power, the service and its state will be
rolled over to another cluster backup provider. The cluster
provides the roll-over capabilities locally, while an ack-based
wide-area network transaction checkpoint is used between
clusters.
REFERENCES
[1] Eric Brewer, Towards robust distributed systems. (Invited Talk).
Principles of Distributed Computing, Portland, Oregon, July 2000.
[2] Nancy Linch and Gilber Seth. “Brewer’s conjecture and the feasibility of
consistent, available, partition-tolerant web services.” ACM SIGACT
News, v. 33 issue 2, 2002, p. 51-59.
[3] Chun-Yao Wang, Daniel J. Buehrer, “A Ring-Based Decentralized
Collaborative Non-Blocking Atomic Commit Protocol”, The 2008
IEEE/WIC/ACM International Conference on Web Intelligence (WI'08),
Held in conjunction with International Conference on Intelligent Agent
Technology (IAT’08), December 9-12, 2008, Sydney, Australia.
[4] http://en.wikipedia.org/wiki/Virtual_synchrony last modified on 25
January 2010 at 11:07.
[5] K. P. Birman., Reliable Distributed Systems Technology, Web Service
and Application, Springer-Verlag, 2005, ISBN:0-387-21509-3.
[6] Danny Dolev and Dahlia Molki, “The Transis Approach to High-
Availability Cluster Communication”, CACM Special Issue on Group
Communications, Vol. 39, April, 1996.
[7] Transis Project Home Page http://www.cs.huji.ac.il/labs/transis/
[8] Michael Fischer, J., Nancy A. Lynch, and Michael S. Paterson,
“Impossibility of Distributed Consensus with One Faulty Process”, 2nd
ACM Symposium on Principles of Database Systems, March 1983. Also
in Journal of ACM, vol. 32, no. 2, pp.374-382, 1985.
[9] OpenSSI (Single System Image) Clusters for Linux
http://openssi.org/cgi-bin/view?page=openssi.html
[10] Stefan B¨ottcher, Le Gruenwald, Sebastian Obermeier, “A Failure
Tolerating Atomic Commit Protocol for Mobile Environments”, In
Proceedings of the The 8th International Conference on Mobile Data
Management (MDM 2007), Mannheim, Germany, 2007.
[11] S. Frølund and R. Guerraoui, “E-Transactions: End-to-End Reliability
for Three-Tier Architectures,” IEEE Trans. Software Eng., vol. 28, no.
4, pp.378-395, 2002.
[12] Paolo Romano, Francesco Quaglia, “Providing e-Transaction [14] S2ES 2010 International Symposium on Science 2 and the Expansion of
Guarantees in Asynchronous Systems with Inaccurate Failure Science, http://www.iiis2010.org/wmsci/website/default.asp?vc=37
Detection”, Fifth IEEE International Symposium on Network Computing
and Applications (NCA'06), pp.155-162, 2006.
[13] C.K. Yeo, B.S. Lee and M.H. Er, A survey of application level multicast
techniques, Computer Communications 27 (2004), pp. 1547–1568.

469