Whatever your innermost feelings about the < and > symbols, and however fondly you remember debugging network infrastructures with nothing more than a LAN sniffer and an uncanny ability to interpret 4k blocks of hex, it is fairly safe to say that Web services are here to stay. With the industry-wide support for the concept, and corresponding legions of emerging and released standards, they aren't going anywhere soon.

One raft of Web service standards that is currently a little closer to the dock than many is that discussing the concept of cohesions, or business transactions. On this raft float such passengers as OASIS' BTP, WS-Transaction, WS-Coordination, and a few others, all of which are trying to address the notion that multiple operations can be conceptually related, even if all the operations affect different back-end systems. Or to put it another way; transactions.

Many people start to feel more than a little queasy when they think of two-phase commits flowing in glorious XML over an HTTP wire, and perhaps this isn't unreasonable - none of these elements is exactly synonymous with lightning speed and efficiency in the millisecond order of magnitude - but to have that thought and decide transactional behavior and Web services don't mix is to put the cart before the horse. The point here isn't the fancy plumbing (let's face it, from a business perspective the point is seldom fancy plumbing) but the value attached to the ability to coordinate multiple independent applications in such a way that their whole is greater than the sum of their parts. After all, if a set of linked applications is no more functional than all the same applications standing alone, the whole notion of Web services is starting to hemorrhage credibility faster than a steam-powered rocket booster in the space shuttle.

It is only a short leap from saying we need to link applications together - which Web services does, implicitly - to saying that from a business perspective we need to know how much of some composite transaction has completed (and in the limit, that we can not only say "do it!" but "undo it!" to our composite system, with some expectation that the "it" that we do and undo is a meaningful business operation with some level of assurance about all-or-nothing results, and all that other good stuff that transactions have given us for so long).

How to Design for the Web Service World
So, given that you're about to design a new application (a rare luxury in this day and age, I confess) what should you do to make sure it will play nicely in the world of Web services (and thus guarantee that it has the respectable shelf life of a useful system rather than being just another here today, gone tomorrow mirage). Much has been written about putting Web service interfaces onto systems that are coarse-grained, loosely coupled, and asynchronous. Some systems have even been engineered in ways that conform to the spirit of these commandments, rather than just some skewed version of the letter, but not much mention has been made of transactional semantics. No doubt this is in large part due to the relative immaturity of industry standards in this area. But just because an implementation of a standard isn't out there doesn't mean that there aren't a set of "right things" to do when thinking about possible future participation in a transactional context for your application. After all, loose coupling and the other mantras aren't exactly standards themselves, just best practice aspirations.

To try and arrive at another mantra, let us think about an architecture use case where some notion of transactions might be useful. Let's take an imaginary banking system. Someone hits the bank Web site, registers, and requests that an account be set up. Now, cards need to be produced, dispatched, received, and acknowledged; welcome packs need to be sent; security credentials need to be gathered; local branches need to be notified; and so on and so on. It is simple to imagine that all the systems responsible for these piece parts of the single business transaction "create new account" are independent. It is also clear that there is a complex web of relationships between them - when is the account considered to be created? When the card is acknowledged, when it's dispatched, when a credit check succeeds? The answer depends on the business rules. And let's think about the process of closing an account. The action we will need to take in this event will depend on what we have done to set it up - maybe we just failed a credit check and nothing else happened. Maybe we issued the cards, so we need to stop them, maybe... I could go on, but I might get a cramp in my typing fingers. All of this detail underlies the simple business transaction "close account."

What we are beginning to see is that each component of an aggregate system has some set of states in its life cycle - at its simplest, nonexistent, pending, active - and the composite system has a set of states that is some matrix multiplication of all the components' possible states. This complexity starts to explain why it's so easy to design and implement a "new account" process flow with a tool like BEA WebLogic Integration, but so complex to build all the correct exception-handling logic.

In essence, all the emerging choreography standards aim to do for this complexity what the transaction manager did for the complexity of applications that need to access multiple resources, each of which might fail. And like the transaction manager, implementations of the standards - as they become available - will need a set of hooks into the applications they are coordinating to allow them to move the composite application between business-meaningful states.

Yes, No, and Maybe
At a minimum, I would propose that a best practice would be to design all systems to have their operations come in threes - doItTentatively, doIt, and undoIt. And associate an externally supplied identifier of some sort with the tentative actions. That way, the composite system can put its toe into your application's water by creating a pending account (or whatever) and then allow it to be activated at some later time when the rest of the world (that loose coupling states you should not know or care about) decides that all is well (or deleted, if everything turned to dust for reasons outside your control). This clearly implies that you need to think through the semantics of pending operations from a business perspective too, which can only aid robustness.

Let's face it, with service-oriented architecture we're building communities of components, not monolithic applications. Systems architects these days are nearly as likely as computers themselves to think in binary. Try to imagine a human society where everything had an instant yes or no answer; how would negotiations happen? How many times a day do you use maybes to soften the yeses and nos that you know, ultimately, you will need to settle on when dealing with groups of people? We are building components that will interoperate like a society - they will increasingly need this kind of interface subtlety.

I claim that if you build in this kind of pattern you have a flying chance of integrating your services with others, whatever the eventual choreography standard that emerges says. In the meantime, writing compensating transactions using a process engine becomes much easier, so the pragmatists and the crystal ball gazers will all be happy.