Transaction Internet Protocol:
Facilitating Distributed Internet Applications
Compaq Computer Corporation
Cupertino, CA, U.S.A.
Today’s standard transaction protocols employ a one-pipe model which renders them complex and hard to implement, and limits the choice of application communications protocols. Hence they are not widely deployed and are of little practical value. Use of proprietary transaction protocols inhibits interoperability and flexibility. These factors restrict the widespread use of the transaction programming paradigm, and limit development of new distributed business applications on the internet.
TIP is a lightweight transaction protocol employing the two-pipe model. Being useful and simple to implement, TIP is expected to be widely deployed. It will facilitate the widespread use of the transaction model, simplifying distributed applications programming. TIP frees the application from the limits imposed by TP monitor communications services, and enables the exploitation of new communications paradigms (while preserving transaction semantics). TIP includes methods which render it particularly applicable for use with the internet.
The net of this is to increase business application opportunities. Particularly, TIP will enable new internet business transactions which involve access to multiple web servers.
In the absence of any other practical widely-implemented standard transaction protocol, TIP represents a realistic opportunity for ubiquitous heterogeneous distributed transaction processing.
Keywords: Distributed Internet Application Transaction Protocol
There are de-facto and de-jure standards for heterogeneous transaction propagation and coordination (SNA LU6.2 Synclevel 2, OSI TP, CORBA OTS). All of these standards employ a tightly-coupled transaction protocol and application communications mechanism. i.e. they use a one-pipe model. The primary characteristic of this model is that the transaction protocol flows over the same conduit (pipe) as the application to application communications. The transaction tree is built implicitly as an application component communicates with another application component. This is achieved by the provision of a transaction protocol embedded within the communications services provided to the application (usually by a TP monitor).
The use of a one-pipe model has the following consequences:
a) If an application wishes to compose distributed work within the context of a single transaction, it may use only the communications services supported with the transaction protocol. Work is required to invent a transaction protocol for each new communications protocol which comes along. This limits the possible distributed communications mechanisms which may be used by an application.
b) To support the transaction protocol, a product must also implement the communications protocol. This significantly increases the complexity, which inhibits implementation. Hence, none of the standards is widely-deployed. Instead, numerous proprietary transaction protocols have been invented, which only work between themselves. This restricts interoperability.
The effect of all this is that transactions may realistically only be used where each component of a distributed application is running under the same TP monitor software, using only the communications services supported by that TP monitor, with a proprietary transaction protocol. This implies it must always be known in advance which application components are to be involved in a transaction, such that the user can arrange things to ensure all applications are written to use the same TP monitor software.
To limit the availability of the transaction paradigm in this way is undesirable since transactions greatly simplify distributed applications programming. When transactions are not used, a distributed application must be explicitly programmed to recover from any number of communications related errors, which may result in work being partially completed, or not performed at all at some sites, but fully completed at others. Such recovery programming is very complex and error-prone. With transactions, the number of possible outcomes is reduced to two - either all of the work is completed everywhere, or none of the work is completed anywhere. Recovery in the event of failure is taken care of by the transaction service, and the distributed system is always left in one of these two consistent states.
As things currently stand then, development of new business applications is throttled by: a) the restrictions imposed if transactions are to be used, and, b) the complexity of writing distributed applications without them.
This is especially true in the case of Internet transactions. There is no standard “transactional HTTP” protocol. And it is contradictory to the flexibility of the internet that it be known in advance which components will be involved in a distributed transaction, and hence to arrange it such that all components use the same transactional communications mechanism.
In summary, today’s standard transaction protocols have failed to become ubiquitous and consequently are of little practical use, and proprietary solutions are too restrictive to encourage use of the internet for distributed transaction processing. This limits exploitation of the inherent benefits of the internet for new business applications (with the concomitant reduction in potential business opportunity and growth).
What is required is not a transactional version of HTTP, but a simple standard transaction propagation and coordination protocol which is independent of the application to application communications mechanism, and which may be employed with any such mechanism (present or future), including HTTP. This model of separation of transaction control and application communications is known as a two-pipe model. Leveraging this experience to specify a standard two-pipe transaction protocol is appropriate (and overdue).
The Transaction Internet Protocol (TIP), is a very simple two-phase commit protocol employing the two-pipe model, which operates over TCP/IP connections. It achieves its simplicity by specifying only how different sites agree on the outcome of a transaction; it requires that applications communicate via other protocols. While this transaction protocol may not replace existing ones, it is expected to be relatively easy for many existing transaction managers to implement, thereby enabling interoperability in a heterogeneous environment. TIP has been published by the IETF as a Proposed Internet Standard RFC [2, 3].
TIP offers two innovations compared to the current standard protocols which are particularly relevant to internet applications:
a) The pull method of transaction propagation: where a new participant requests an existing participant to add it to the transaction (the existing participant becomes the superior of the new participant). Among other things, this method allows a client to access an arbitrary set of servers and include them within the same transaction (this is a typical web usage model).
b) A method whereby transaction demarcation is controlled by the client application, but the client node does not participate in transaction commitment and recovery. This is known as delegated commit: commit coordination is delegated to another participant. This mechanism obviates the need for a full transaction manager implementation on the client system (i.e. with a transaction log etc). This is most appropriate for internet applications where the client is typically running on a desktop machine using a web browser, with no local recoverable resources. It would be disastrous for server system resources to be made unavailable because of the failure of such a client.
2.1 TIP URL and APIs
In order to facilitate the application use of TIP, a TIP URL is specified which defines the information necessary to propagate TIP transactions. This URL is passed between cooperating applications as the transaction context. The URL specifies the listening endpoint of the superior transaction manager, and a transaction identifier by which the superior knows the transaction. This is all a subordinate application needs to supply in order for a local transaction manager to either pull a TIP transaction, or to put the application into the context of a previously pushed TIP transaction. Being architected, the TIP URL is also something an arbitrary application may look for in order to determine whether it should join a TIP transaction or not.
So that applications may utilise TIP, a TIP-compliant transaction manager provides a set of application programming interfaces (APIs), which may be used by applications to perform TIP operations (e.g. to join a TIP transaction, to create a TIP URL, etc).
The TIP protocol itself has characteristics that support high-performance. e.g. multiple TIP transactions may be multiplexed over a single TCP connection; multiple TIP commands may also be pipelined together to reduce network latency and resource consumption.
TIP enables the development of web agency type applications, which act as brokers for the services of other providers. This is an excellent model for web-based transactional applications, where the agency acts as the transaction coordinator. The agency provides screens to web browser clients, enabling them to open and close an electronic shopping basket, and in between to fill the basket with items selected from the various services offered. e.g. a travel agency which enables a client to select the components of a travel itinerary from services offered by airline and hotel servers, and then execute (confirm) that itinerary as a transactional unit. On confirm, the agency application starts a TIP transaction, works with the airline and hotel servers to update their database records (within the context of the TIP transaction), and if ok (there are flights/rooms available etc), commit the transaction.
Providers to the agency simply need to write their service applications to recognise a TIP URL (present in an HTTP data-stream), and employ APIs provided by the local TIP-compliant transaction manager to join the transaction. The various distributed transaction managers then take care of transaction completion, and either the whole travel itinerary is confirmed, or none of it is (and all the changes associated with it are backed-out). Should a failure occur, the TIP recovery protocol is run between the agency and the provider servers (since the client is not a recoverable participant, and does not participate in the two-phase commit process, it is not involved).
Note that communication between the TIP transaction managers takes place via means totally independent from communication between the application components (which in this example is HTTP between the web browser and agency server, and between the agency and the airline/hotel servers).
The use of TIP confers the following benefits over current standard and proprietary transaction protocols:
a) An application may choose whatever protocol mechanism is most appropriate to communicate with a partner.
b) There is no predetermination regarding which application components are to participate in a transaction. The only requirements are that:
· each distributed system supports a TIP compliant transaction manager, which manages the coordination of local resource managers with remote TIP transaction managers (the transaction managers on each system do not have to be the same).
· co-operating applications agree about their communications data formats and protocol (part of which includes propagation of the TIP URL). TIP transaction trees can therefore be built-up involving many arbitrary “TIP URL aware” applications, using many different communications mechanisms, and many different transaction managers.
c) As new communications protocols are developed, these can be used together with TIP to provide transactional versions of such protocols. The need for development and implementation of a new transaction protocol for every new communications scheme is obviated. An application can avail itself of a new communications paradigm immediately (and obtain transactional semantics).
d) Because of its simplicity and utility, it is expected that TIP will be widely implemented. TIP therefore offers a practical solution for very heterogeneous transactional interoperability.
 X/Open Guide. 1993. “Distributed Transaction Processing: Reference Model Version 2”. X/Open Company Ltd., U.K.
 Evans, K., J. Klein, and J. Lyon. 1998. “Transaction Internet Protocol – Requirements and Supplemental Information”.
IETF RFC 2372.
 Evans, K., J. Klein, and J. Lyon. 1998. “Transaction Internet Protocol Version 3.0”. IETF RFC 2371. http://www.ietf.org/rfc/rfc2371.txt
 Gray, J. N., and A. Reuter. 1992. Transaction Processing: Concepts and Techniques. San Francisco: Morgan Kaufmann.
 In X/Open TP model terms, a Communications Resource Manager (CRM) cooperates with a local Transaction Manager to implicitly propagate transactions, the application uses the API of the CRM to communicate with other applications .
 Or at least to use the same communications protocol when employing a standard transaction protocol (e.g. CORBA IIOP with OTS).
 The two-phase commit protocol is a proven distributed transaction paradigm, whereby changes to resources are first prepared, then committed (written). This two-stage process minimizes the failure opportunity such that resources could be left in an inconsistent state.
See  for more details.
 Whether a flat or hierarchical transaction tree is built depends upon which superior transaction manager listening end-point is passed via the TIP URL. i.e. it could be my own, or my superior’s, end-point.
 See  for details of the TIP protocol and URL.