The TSA describes the set of underlying principles by which a Tornado system is constructed. These principles govern the overall structure of a Tornado system, the behavior of its component subsystems relative to the overall system, and the means of interaction with legacy systems.
A Tornado project is a continually evolving design and implementation effort which, over its lifetime, will introduce a number of new tools and connect various new and existing systems. These tools, the tangible result of the development effort, are important to their users. However, none of these tangible tools can be produced without a model of system construction to render the Tornado objectives achievable and provide a basis for defining and understanding the Tornado Software Architecture. This model, called CRISP, establishes a rigid separation of five core functional areas which together support the execution of any group of related systems. These functional areas are: Communication, Representation, Interaction, Storage, and Presentation (hence the acronym).
In Tornado, these five functional areas:
The following sections describe the CRISP model in more detail. A system is the combination of all of the parts of a Tornado system, and a subsystem is one of its parts.
This section has introduced two very important concepts. The first, related to the system's construction, is that Tornado uses a common language -- the Representation -- to pass messages among subsystems. The second concept, related to data organization and its use, is that Tornado uses online descriptive data (see Interaction, above) to actively interpret requests for data and services. These concepts will be reinforced and elaborated throughout this document.
The TSA does not specify formats, standards, or other implementation details -- any instances or suggestions of same in this document are for illustration only.
References to the Tornado Software Architecture Requirements (TSAR) document take the form {3, 4, 7, 8}, where the numbers refer to the numbered objectives in the TSAR.
+---------------------------------------------------------------+
| |
| +---------------------------------------------------------+ |
| | | |
| | Human Interface | |
| | | |
| +---------------------------------------------------------+ |
| | ________|___________|___________|_____ ... ___|___ |
| | / | / | / IPC | / | / |
| | / | / | / | / | / |
| +-------+ +-------+ +-------+ +-------+ +-------+ |
| | | | | | | | | | | |
| | f (x) | | f (x) | | f (x) | | f (x) | ... | f (x) | |
| | 1 | | 2 | | 3 | | 4 | | n | |
| +-------+ +-------+ +-------+ +-------+ +-------+ |
| | | | | | |
| | | | | | |
| | | | | | |
| +---------------------------------------------------------+ |
| | | |
| | Database | |
| | | |
| +---------------------------------------------------------+ |
| |
+---------------------------------------------------------------+
Figure 1
Simplified Do-Everything Tool
The use of a message bus is very important to managing the complexity of the overall system as new subsystems are introduced. Each Tornado subsystem connects only to the message bus; this involves a (relatively) constant amount of work to connect a new subsystem. On the other hand, a system which is not organized around a message bus must potentially interact with every other system; the Nth subsystem may have to interface with N-1 existing subsystems, all of which may have to change to interact properly with the Nth subsystem. In the general case, N subsystems can have up to
N (N - 1)
---------
2
interactions. Table 1 shows how the number of interactions grows for both a bus oriented system and a system with N-way communication paths.
# of Subsystems N-way Interactions Bus Interactions
2 1 2
3 3 3
4 6 4
5 10 5
6 15 6
7 21 7
8 28 8
9 36 9
10 45 10
11 55 11
12 66 12
13 78 13
14 91 14
15 105 15
16 120 16
17 136 17
18 153 18
19 171 19
20 190 20
Table 1
Interaction Complexity
The CRISP model extends the simplified model by clearly showing the communications paths between subsystems, and by explicitly condoning the use of multiple components for HI, database, computers, and networks. {1, 2, 13}
The Representation determines the format and protocol of messages in the CRISP model. As shown in Figure 2, the Communications channel carries data in a format specified by the Representation.
---- ... --------------------------------------------- ... ----
~ ~
~ +------------+ +----------------+ +-------+ ~
~ | | | | | | ~
~ C | R | | R | | R | C ~
~ | | | | | | ~
~ +------------+ +----------------+ +-------+ ~
~ ~
---- ... --------------------------------------------- ... ----
Figure 2
Information (R) Carried by a Channel (C)
+---------------------------------------------------------------+
| |
| Machine |
| |
| +---------------------------------------------------------+ |
| | P | |
| | Human Interface | |
| | | |
| +---------------------------------------------------------+ |
| | |
| | |
| | |
| ...=======================================================... |
| | | | | R/C | |
| | | | | | |
| | | | | | |
| I | I | I | I | I | |
| +-------+ +-------+ +-------+ +-------+ +-------+ |
| | | | | | | | | | | |
| | data | | f (x) | | f (x) | | f (x) | ... | f (x) | |
| |access | | 1 | | 2 | | 3 | | n | |
| +-------+ +-------+ +-------+ +-------+ +-------+ |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | R/C | |
| ...=======================================================... |
| | |
| | |
| | |
| +---------------------------------------------------------+ |
| | S | |
| | Database | |
| | | |
| +---------------------------------------------------------+ |
| |
+---------------------------------------------------------------+
Figure 3
A Single-Machine Implementation Under the CRISP Model
Most of the Interaction components provide a computational service -- these are the boxes labeled f(x) in the figure. The remaining Interaction component provides the data access service.
Figure 3 can be rearranged to show the individual subsystems implemented on different machines, communicating via an actual network. This is shown in Figure 4.
+---------------------------------------------------------------+
| |
| Machine 1 |
| |
| +---------------------------------------------------------+ |
| | P | |
| | Human Interface | |
| | | |
| +---------------------------------------------------------+ |
| | |
+------------------------------|--------------------------------+
|
Network |
...=======================================================...
| | | | R/C |
| | | | |
+------|-----------|--------+ | +--------|-------------|------+
| | | | | | | | |
| | | M | | | M | | |
| | | a | | | a | | |
| I | I | c | | | c I | I | |
| +-------+ +-------+ h | | | h +-------+ +-------+ |
| | | | | i | | | i | | | | |
| | f (x) | | f (x) | n | | | n | f (x) | ... | f (x) | |
| | 1 | | 2 | e | | | e | 3 | | n | |
| +-------+ +-------+ | | | +-------+ +-------+ |
| 2 | | | 3 |
| | | | |
+---------------------------+ | +-----------------------------+
|
+------------------------------|--------------------------------+
| | |
| Machine 4 +--------------+---------------+ |
| | | |
| +------------------------+ +--------------------------+ |
| | S | | I | |
| | Database | | Data Access | |
| | | | | |
| +------------------------+ +--------------------------+ |
| |
+---------------------------------------------------------------+
Figure 4
A Multiple-Machine Implementation Under the CRISP Model
+--------------------+ +---------------------------------------+
| | | |
| Machine 1 | | Machine n |
| | | |
| +--------------+ | | +--------------+ +--------------+ |
| | | | | | | | | |
| | Human Int. 1 | | | | Human Int. 2 | | Human Int. n | |
| | | | | | | | | |
| +--------------+ | | +--------------+ +--------------+ |
| P | | | P | P | |
| | | | +-------------+----+ |
| | | | | |
+---------|----------+ +------------------------|--------------+
| |
| Network 1 | Network n
...=================...===[Bridge]===...==================...
| R/C |\_________ / R/C |
+------|-----------|--------+ \ | +---------|------+
| | | | | | | | |
| | | M | | | | M | |
| | | a | | | | a | |
| I | I | c | | | | c I | |
| +-------+ +-------+ h | | | | h +-------+ |
| | | | | i | | | | i | | |
| | f (x) | | f (x) | n | | | | n | f (x) | |
| | 1 | | 2 | e | | | | e | n | |
| +-------+ +-------+ | | | | +-------+ |
| 2 | | | | 3 |
| | | | | |
+---------------------------+ | | +----------------+
| \_____________
+------------------------------|-----+ +--------------\-------+
| | | | | |
| Machine 4 | | | Machine 5 [A] |
| +----------------+ | | | |
| | | | | S | |
| +--------------+ +-----------+ | | +----------------+ |
| | S | | I | | | | | |
| | Database 1 | | Data | | | | Database n | |
| | | | Access | | | | | |
| +--------------+ +-----------+ | | +----------------+ |
| | | |
+------------------------------------+ +----------------------+
Figure 5
A General Implementation Under the CRISP Model
Think of agents as an integration tool rather than as a required part. You will need agents to connect existing systems, tools, or code to a Communications channel. If you're implementing a new subsystem, you may decide instead to make its API be the Representation specified by the CRISP model. Or not -- you may find it easier to build a traditional API and add an Agent later. We treat the agent as an implementation detail and an enabling technology, rather than as a full-fledged part of the architecture. {3}
Figure 6 illustrates several of the ways that agents may be used in a system conforming to the CRISP model. In Case 1, the agent is distinct from the subsystem. The connection between the agent and the subsystem could be a procedural API, a network connection, or something else. Case 2 shows an agent closely coupled to its associated subsystem; in this case the subsystem almost certainly communicates with the agent via a procedural API. Case 3 shows a subsystem communicating directly with the R/C channel; no agent is required. Case 4 is similar to Case 1, but illustrates that an agent could be shared by multiple subsystems. {1, 3}
+--------+ +--------+ +--------+ +--------+
| sub- | | sub- | | sub- | | sub- |
| system | | system | | system | | system |
| | | | | | . | |
| | | [A] | | | . | |
+--------+ +---|----+ +--------+ . +--------+
| | | | |
| | | +-----++-...
[A] | | |
| | | [A]
| R/C | R/C | R/C | R/C
=======... ======... ======... ======...
Case 1 Case 2 Case 3 Case 4
Separate Integral No Shared
Agent Agent Agent Agent
Figure 6
Possible Agent Arrangements
+--------------+ +--------------+ +--------------+
| Machine | | Machine | | Machine |
| +--------+ | | +--------+ | | +--------+ |
| | | | | | | | | | | |
| | sub- | | | | sub- | | | | sub- | |
| | system | | | | system | | | | system | |
| | | | | | | | | | | |
| +--------+ | | +--------+ | | +--------+ |
| | | | | | | | |
| | | +------|-------+ +------|-------+
| [A] | | |
| | | /===========================/
| | | | Network
+------|-------+ | (not R/C)
| +-----------|--+
| | Machine | |
...=========... | [A] |
R/C | | | Case 2
+-----------|--+ Different
Case 1 | Machines
Same Machine |
as Subsystem ...=========...
Figure 7
Possible Physical Locations of Agents
One possible format for a Representation could be a fully parenthesized nested list syntax combined with an object based slot-value semantics. (See Figure 8 for an example.) Here, ``object based'' means that every data object has a type name, and ``slot-value semantics'' means that the attributes of each object are identified by name. The fully parenthesized notation supports the specification of arbitrary hierarchical relationships between data objects. The object based slot-value semantics ensures that new object types and attributes can be introduced without revising the syntax recognized by existing parsers; such a parser will be able to receive all messages produced by the system now or in the future, but will not need to take any special action to skip over messages that are not relevant to the task of the subsystem served by the parser.
(#1 (node)
(description
((product-info)
(product-country 10001 )
(product-base-pc
((product-code)
(pc-number 68690 ) ) )
(product-description "6525" )
(nest-list (
((nest-description)
(nest-pc
((product-code)
(pc-number -92081528 ) ) )
(slot-info-list (
((slot-entry)
(card-family 6525 )
(card-pc
((product-code)
(pc-number 68500 ) ) )
(card-backplane-pc
((product-code)
(pc-number 68906 ) ) )
(card-port-options-list (
((port-options-entry)
(port-option-pc
((product-code)
(pc-number 503435 ) ) )
(port-option-is-cable 0 )
(port-option-ports (1 2 ) ) ) ) )
) ) )
(card-options-list (
((card-option-entry)
(option-pc
((product-code)
(pc-number 68805 ) ) )
(option-slot-numbers-list (1 ) ) ) )
)
(power-supply-list (
((power-supply-entry)
(power-supply-pc
((product-code)
(pc-number 68994 ) ) ) ) ) ) ) )
) ) ) )
Figure 8
Sample Representation Format
Regardless of the chosen Representation format, the same parser can be used by all subsystems (Figure 9).
---- ... --------------------------------------------- ... ----
~ ~
~ +------------+ +----------------+ +-------+ ~
~ | | | | | | ~
~ C | R | | R | | R | C ~
~ | | | | | | ~
~ +------------+ +----------------+ +-------+ ~
~ Communications Channel ~
---- ... --------------------------------------------- ... ----
| |
| |
| |
+------------|------------+ +------------|------------+
| | | | | |
| +-------------------+ | | +-------------------+ |
| | network interface | | | | network interface | |
| |-------------------| | | |-------------------| |
| | parser |<====\ /=====>| parser | |
| |-------------------| | same | |-------------------| |
| | | | | code | | | | |
| | sub- | sub- | | | | sub- | sub- | |
| | system ... system | | | | system ... system | |
| | 1 | n | | | | 1 | n | |
| | | | | | | | | |
| +-------------------+ | | +-------------------+ |
| | | |
| Machine 1 | | Machine 2 |
+-------------------------+ +-------------------------+
Figure 9
Shared Code for Representation Parser
...============================================================...
| R/C |
| |
| |
+--------------------|---------------------------------|---------+
| Machine | | |
| | | |
| +---------------------------------+ | |
| | | | |
| | Parser | +------------------+ |
| |---------------------------------| | | |
| | |<<<<|semantics metadata| |
| | Translator | +------------------+ |
| |---------------------------------| |
| | | +------------------+ |
| | Database Server |<<<<| | |
| +---------------------------------+ | data dictionary | |
| | | +------------------+ |
+----------|--------------------|----------------------|---------+
| | |
| ------------|---------------------/
| / | /
---------- / ---------- /
/ \/ / \/
/ disk \ / disk \
\ drive / \ drive /
|\ /| |\ /|
| ---------- | | ---------- |
| | | | ... | | | |
| | | | | | | |
\ | | / \ | | /
\| |/ \| |/
---------- ----------
Figure 10
An Implementation of a Storage Subsystem
A system built according to the TSA adds a software layer to translate between the data and control operations of the databases and the subsystems that must access the databases. The translation layer understands the TSA Representation on one side, and the native language of the database on the other side. The important distinction between this approach and a traditional SQL approach is that the TSA subsystems always speak their own language -- the Representation. The benefits are that (1) the Representation language can be matched to the needs of the system, (2) the Representation is independent of evolutionary changes in the actual database systems, and (3) the TSA approach does not require that all data be structured in a relational or tabular format. {1, 5}
The TSA allows related data to be distributed in physically or logically separate databases. Tornado is able to use data wherever it exists; metadata used by the TSA pulls together multiple data sources into one coherent whole that accurately represents the state of the business. Even when the metadata must change to meet changing business needs (for example, changing how data is related or what rules apply), the underlying data remains intact. Traditional systems involve conversions, translations, imports/exports, and other transfers which may produce a loss of information in the transition from one system to its successor or even between versions of the same system; this does not happen in a TSA system. {5, 14}
O a +---------------
/ \ | | |
/ \ |---------------
b O ... O c a | |b@ |c@
/ / \ |-------\-----\-
/ / \ | | \ | \ +---------------
O O ... O |---------\--- >c |c@ | |
/ \ \ | | \| |---------------
/ \ . |-----------\--- | | |
O ... O . | | |\
/ \ . \
. . \ +---------------
. . >b |b@ | |
. . |--------|------
| | | |
.
.
.
Figure 11
A Mapping from Hierarchical to Relational Data
...=======... ...=======... ...=======... ...=======...
| R/C | R/C | R/C | R/C
| | | |
+-----------+ +-----------+ +-----------+ +-----------+
| | | | | Comm Host | | |
| Macintosh | | PC | |-----------| | Unix Box |
| | | | | Xlation SW| | |
+-----------+ +-----------+ +-----------+ +-----------+
| | | | | | |
keyboard | printer | /|\ | ... |
| | . | . | |
mouse wand . | . process-1 |
| |
modems process-n
^ |
PDA ^ /| VT-220
+---+ ^ | +---+
| | RF | | |
| |---modem modem---| |
+---+ +---+
|-------|
\ +++++ /
Figure 12
Some Sample Presentation Components
The Interaction component may also respond to requests for computational services, either by accessing such services through descriptive specifications or by providing the service directly.
How can a Macintosh and a character-oriented terminal present the same data to the user? The Macintosh user interface is based on windows, icons, a mouse, and a pointer (the WIMP paradigm). The character terminal can present a set of about 96 characters at fixed locations on a screen, and accepts only keyboard input from the user. We reconcile these differences by defining a Representation format that supports generic graphical attributes (generic, rather than Macintosh-specific, because we may want to support yet another WIMP system at some future time). The Macintosh Presentation software will translate user gestures into commands in the system Representation, and data objects received in that format into screen drawing and other user interface commands. The character terminal will, through a software translation layer, send keyboard commands via the system Representation, and present data objects without their graphical attributes -- perhaps using a forms-based approach rather than the icons presented to the Macintosh user. {15}
API Always specific to the implementation
Logical AppleTalk, TCP/IP, native IPC, ...
Physical 10-T, LocalTalk, shared memory, ...
Table 2
Some Possibilities for Communications
A traditional information system has only one kind of data: its operational data. The operational data is the data that the overall system manipulates in support of the user's needs. Familiar data objects such as a customer record, a billing record, and an order detail line are all operational data. The traditional information system manipulates this operational data according to rules built into the program code of the system; even systems built using data dictionary tools translate the data dictionary into executable declarations in some programming language -- once the program is finally compiled and installed in the system, the information about the structure and use of the operational data is unchangeable and unknowable without reference to the data dictionary tool and the source language text of the program.
The presence of large numbers of personal computers in a modern information system adds complexity to data administration procedures and simultaneously negates the benefits of a traditional data dictionary by introducing uncontrolled local copies of data. Building personal applications according to a corporate data dictionary has apparent benefits, but these benefits are quickly overwhelmed by several practical problems:
Descriptive data, implemented according to the TSA, does not replace data dictionaries. Rather, the TSA augments a data dictionary by requiring that its contents be available online, reflecting the current operational state of its database. The descriptive data, much of which can be derived automatically from the contents of a data dictionary, is presented to the system in a format specified according to the needs of the system, rather than the implementation of the DBMS. When multiple DBMSs are involved, this normalized format for descriptive data hides the differences among data dictionaries from different vendors. {5, 14}
The TSA places certain demands on the structure and interpretation of descriptive data, summarized by the following points:
Our simple (but unrealizable) model behaves as if every data object (a) has some unique, unchanging name and (b) directly stores or computes the answer to any question we may conceivably want to ask of the object. Remember, this model is the basis of our understanding of the descriptive data in the TSA, not of any implementation!
This gives us everything we need to describe any possible information system -- we can reference data uniquely, and we can get any information related (directly or indirectly) to some object that we know about. Let's start building a usable realization of this idea by expanding upon the second point: if we have a data object, we can get any related information. This gives us (conceptually, if not in fact) containment relationships, classification hierarchies, inheritance, names, values, and attributes. We also know that we can attach code to the data object to compute derived answers. This gives us ordering predicates (for sorting) and all manner of computed results. What's missing is how to get a reference to a particular data object in the first place.
The root object is an important concept. It is present, at least in spirit, in every information system. In most systems, the root object is a second-class citizen compared to the operational data; the operational data is stored in files or in named tables in a relational database -- the root object is implicit in the program that binds together all the pieces of data that the system uses. The TSA allows data storage to be reconfigured without affecting the proper operation of all the subsystems; to support this we require the root object to be explicitly accessible in the same manner as all other data in the system. This has two important consequences: (a) the root is manipulable as data, which means that we never have to alter any programs to change references to other objects from the root, and (b) every subsystem needs to know about only one fixed piece of data, namely the location or address of the root.
The requirement for a single root can be satisfied efficiently in a distributed computing environment by storing copies of the root object at multiple locations (e.g. corporate mainframes, departmental servers, and desktop machines) and updating each copy from its reference location as dictated by the design requirements of the system. Note that this implies a mechanism to keep track of reference locations and viability of copied data.
Aggregation is the grouping together of related data. We make a technical distinction between aggregation and containment (see below). Aggregation defines complex data types, whereas containment is used to represent physical or logical containment of one data object within another. An aggregate structure is composed of slots, each with its own name, data type, contents, and attributes.
Data objects can have attributes that provide additional information about the object. Attributes are not essential to understanding or using the data object. Typically, an attribute describes some aspect of the object's presentation to the user.
We use type inheritance to classify data through specialization of other data types. A new type can inherit the structure of one or more supertypes. The new type can supplement the supertype(s) with additional slots, or can redefine the meaning of existing slots. The system designer must specify rules for conflict resolution when the new type inherits the same slot from multiple supertypes.
Containment describes how one data object is enclosed by another. This enclosure can represent a real-world containment relationship (e.g. some product's CPU module installed in a cabinet) or a logical data relationship (such as a detail line within a customer's order). Containment always implies subordination -- where one piece normally appears within another -- in contrast to aggregation (above) which implies an association of some kind other than enclosure.
Type inheritance and containment define structural relationships in the system's data. The descriptive data should also define named relationships between data objects where these relationships can be helpful to navigate the data. All data must be accessible via a named path from the root object. The requirement for named relationships means that data names must be chosen according to system standards and catalogued in a central location. Association of specialized meanings with particular data names simplifies the navigation of data, and allow the construction of generalized queries.
Data objects may be related to each other according to a lexicographic order. The descriptive data may define an order over a particular type of data object. This ordering can be used by the storage subsystem to define sort keys and indices for efficiency. However, the ordering is only required to define comparison operators for equivalence, predecessor, and successor. If the descriptive data does not define a sorting order for a particular data type, the type is said to be unordered and its order predicates are unavailable.
A slot may have an attached procedure instead of (or in addition to) a value. The procedure may be triggered by read or write access, and may be used to provide a value for its slot upon reading, or to use the value written to the slot (perhaps to check validity, to update dependent values, or to generate an audit entry).
An attached procedure is itself stored as data according to the needs of the system. One possibility is to retrieve the procedure's object code from a library according to the platform upon which the code will execute. Another possibility is to store the procedure in a source text form designed for the system and execute the procedure remotely, and store its access protocol (typically some form of RPC) in lieu of the procedure description for the slot.
Use of descriptive data will promote consistency, timeliness, and accuracy of online information and procedures, which will in turn encourage the construction or mass customization of many small subsystems designed to meet individual users' requirements for function and presentation without compromising underlying corporate data or business rules.
The primitive operations are expressed without reference to a programming language syntax. Each operation has a name, parameters, a functional description, a brief note on intended use, and a list of exceptions which may be raised during execution. Part of the system design process is to bind these primitives to functions in a programming language. The bindings need not have identical names or parameter lists in different programming languages, but the function must be equivalent.
Exceptions may be handled according to the capabilities of the programming language and the requirements of the subsystem design. Possibilities include the use of exception handlers (as in Common Lisp or Ada) or function status values (possible in any language).
This set of primitives operates on data structured according to the following containment hierarchy:
Object
Slot
Value
Object
Collection
Attribute
Value
Object
Collection
Collection
Object
Process
Objects, slots, attributes, values, collections, and processes are
identified by references which have the property of unique identity.
A reference always identifies the same thing, has indefinite lifetime,
and may be copied or stored.
The object/slot/attribute distinction provides useful semantic information. An API that specifies only objects loses expressive power. Similarly, while control and signal primitives could be generalized by giving certain slots an associated action, exposing the intention through the API adds expressiveness. Both cases are akin to using data types in a programming language as opposed to treating memory as an undifferentiated sequence of addressable storage locations.
Access paths, names, and searches are described by specifiers. The representation of these is not fixed by the architecture, but by the detailed system design.
ROOT OBJECT
Name: Get Root Object
Parameters: (none)
Results: reference to root object
Description: Return a reference to the system's root object. The
reference may be to a cached or local copy so long as
it ultimately derives from the one true root.
Application: This should be the first thing done by a subsystem.
There's not much point in continuing if the subsystem
can't access the root.
Exceptions: insufficient privilege
failed to get root object
REFERENCE PATHS
Name: Get Object Using Access Path
Parameters: access path specifier
Results: reference to specified object
Description: Return a reference to the object named by the given
access path.
Application: This is the canonical way to get to an object in one
step, if you know its name within the system.
Exceptions: object does not exist
access path specifier is not well formed
insufficient privilege
object can not be reached
Name: Get Object Path From Reference
Parameters: reference to an object
Results: access path specifier
Description: Return an access path to the given object. Where
multiple access paths exist to a single object, only
one path is returned.
Application: This is a way to recover an access path specifier
from an object reference.
Exceptions: object does not exist
insufficient privilege
can not get object path from reference
OBJECT CREATION AND DESTRUCTION
Name: Create Object
Parameters: (none)
Results: reference to a new empty object
Description: Create a reference to a new empty object. The object
reference is guaranteed unique within the system.
The object is not attached to any other system data.
Application: This is the only way to create a new object.
Exceptions: couldn't create object
Name: Destroy Object
Parameters: reference to an object
Results: (none)
Description: Destroy the given object, its slots (but not their
referents), and its slots' attributes (but not any
referred values). All references to the object, its
slots, and their attributes become invalid. The
system does not attempt to invalidate copied
references; the invalidation is detected at time of
access.
Application: This is the only way to destroy an object.
Exceptions: insufficient privilege
couldn't destroy object
SLOTS
Name: Add Named Slot To Object
Parameters: reference to an object
slot name specifier
Results: reference to an uninitialized slot
Description: Add a named slot to an existing object. If the slot
is created, it is explicitly marked as uninitialized.
If the slot already exists, its value is unaffected
(but doing so is an exception condition).
Application: This is the only way to add content to an object.
Exceptions: object doesn't exist
slot name specifier is not well formed
a slot already exists with this name
insufficient privilege
couldn't add named slot to object
Name: Get Named Slot
Parameters: reference to an object
slot name specifier
Results: reference to the named slot
Description: Return a reference to a named slot in an object.
Application: This is the only way to access content in an object.
Exceptions: object doesn't exist
slot name specifier is not well formed
named slot does not exist
insufficient privilege
couldn't get named slot
Name: Remove Slot From Object
Parameters: reference to a slot in an object
Results: (none)
Description: Remove a slot from an object. This destroys any
attributes attached to the slot. References to the
slot and its attributes become invalid, but the
system does not attempt to invalidate copied
references; this invalidation is performed at the
time of access.
Application: This is the only way to remove content from an object.
Exceptions: slot doesn't exist
insufficient privilege
couldn't remove slot
Name: Get Slot Value
Parameters: reference to a slot
Results: reference to slot's value
Description: Get the value of an existing slot.
Application: This is the only way to access an object's contents.
Exceptions: slot doesn't exist
slot is uninitialized
insufficient privilege
couldn't get slot value
Name: Set Slot Value
Parameters: reference to a slot
reference to a value
Results: (none)
Description: Set the value of an existing slot. The value can not
itself be a slot reference.
Application: This is the only way to change an object's contents.
Exceptions: slot doesn't exist
value can't be a slot reference
insufficient privilege
couldn't set slot value
Name: Get Object Slots List
Parameters: reference to an object
Results: a list of references to slots in the object
Description: Get a list of slots in an object. The list may be
empty.
Application: This is the only way to enumerate an object's contents.
Exceptions: object doesn't exist
insufficient privilege
couldn't get object slots list
Name: Get Slot Name
Parameters: reference to a slot
Results: slot name specifier
Description: Given a slot reference, return the slot's name.
Application: Use this to get a name for a slot obtained from Get
Object Slots List.
Exceptions: slot doesn't exist
insufficient privilege
couldn't get slot name
ATTRIBUTES
Name: Add Named Attribute To Slot
Parameters: reference to a slot
attribute name specifier
Results: reference to the named attribute
Description: Add a named attribute to a slot. The attribute is
created with the given name and an explicitly
uninitialized value. Note that the returned value is
the entire attribute, not just its value. The
attribute's value should be set by passing its
reference to Set Attribute Value.
Application: This is the only way to associate an attribute with a
slot. This creates the attribute, but does not give
it a value.
Exceptions: slot doesn't exist
attribute already exists
insufficient privilege
couldn't add named attribute to slot
Name: Get Named Attribute From Slot
Parameters: reference to a slot
attribute name specifier
Results: reference to the named attribute
Description: Get a reference to a slot's named attribute. If the
attribute does not already exist, it is created with
the given name and an explicitly uninitialized value.
Note that the returned value is the entire attribute,
not just its value. The attribute's value should be
set by passing its reference to Set Attribute Value.
Application: This is the only way to associate an attribute with a
slot. This creates the attribute if needed, but does
not give it a value.
Exceptions: slot doesn't exist
insufficient privilege
couldn't get named attribute from slot
Name: Get Attribute Value
Parameters: reference to an attribute
Results: reference to the attribute's value
Description: Given a reference to an attribute, extract its value.
Application: This is the only way to get an attribute's value.
Exceptions: attribute doesn't exist
insufficient privilege
couldn't get attribute value
Name: Get Attribute Name
Parameters: reference to an attribute
Results: reference to the attribute's name
Description: Given a reference to an attribute, extract its name.
Application: This is the only way to recover the name of an
attribute.
Exceptions: attribute doesn't exist
insufficient privilege
couldn't get attribute name
Name: Set Attribute Value
Parameters: reference to an attribute
reference to attribute value
Results: (none)
Description: Replace any existing value of an attribute. The
reference to an attribute is obtained using Get Named
Attribute From Slot.
Application: The is the only way to set an attribute's value.
Exceptions: attribute doesn't exist
value doesn't exist
insufficient privilege
couldn't set attribute value
Name: Get Attributes List From Slot
Parameters: reference to a slot
Results: a list of references to attributes for the slot
Description: Get a list of all the attributes associated with a
given slot. The list may be empty.
Application: This is the only way to enumerate all the attributes
for a slot.
Exceptions: slot doesn't exist
slot doesn't have any attributes
insufficient privilege
couldn't get attributes list from slot
Name: Remove Attribute
Parameters: reference to an attribute
Results: (none)
Description: Remove an attribute from a slot.
Application: This is the only way to remove an attribute.
Exceptions: attribute doesn't exist
insufficient privilege
couldn't remove attribute
COLLECTIONS
Name: Create Collection
Parameters: (none)
Results: reference to a collection
Description: Create a new collection. A collection holds an
unspecified number of elements (objects). The
collection is created without any elements. The
collection is not attached to any other system data.
Application: Use a collection to group information which has
common characteristics but distinct values. Examples
include the set of all customer records, line items
on a purchase order, or rules for configuring a
certain product.
Exceptions: couldn't create collection
Name: Destroy Collection
Parameters: reference to a collection
Results: (none)
Description: Destroy the given collection. Its elements are not
destroyed. All references to the collection become
invalid. The system does not attempt to invalidate
copied references; the invalidation is detected at
time of access.
Application: This is the only way to destroy a collection.
Exceptions: collection doesn't exist
insufficient privilege
couldn't destroy collection
Name: Add Object To Collection
Parameters: reference to a collection
reference to an object to add to collection
Results: (none)
Description: Add an object's reference to a collection. A
collection may contain only objects and other
collections.
Application: This is the only way to add an object reference to a
collection.
Exceptions: collection doesn't exist
object is a slot, attribute, or process
object doesn't exist
insufficient privilege
couldn't add element to collection
Name: Remove Object From Collection
Parameters: reference to a collection
reference to an object in the collection
Results: (none)
Description: Remove an object from a collection. This does not
affect the existence of the object or of any
references to the object.
Application: This is the only way to remove an object.
Exceptions: collection doesn't exist
object doesn't exist
object isn't in collection
insufficient privilege
couldn't remove object from collection
Name: Start Collection Enumeration
Parameters: reference to a collection
Results: enumeration ID
Description: Return an enumeration ID that can be used with the
other collection enumeration functions.
Application: Use with the other collection enumeration functions
to access all the elements in a collection.
Exceptions: collection doesn't exist
insufficient privilege
couldn't start collection enumeration
Name: Get Next Collection Object
Parameters: enumeration ID
Results: reference to an object in the collection
Description: Returns a reference to the next object in the
collection. The sequence of subsequent objects
obtained from Get Next Collection Element must not be
affected by passing this reference to Remove Object
From Collection.
Application: This is the only way to get to all the objects in a
collection.
Exceptions: enumeration ID is not valid
no more objects in collection
collection was changed by another user
insufficient privilege
couldn't get next collection object
TRANSACTIONS
Name: Begin Transaction
Parameters: (none)
Results: transaction ID
Description: Begin a series of operations in which shared objects
will be modified. Objects to be modified must be
flagged by Reserve Object For Update. All modified
objects are committed to their reference source upon
execution of Commit Transaction. If Commit
Transaction fails, all objects are left unchanged.
Uncommitted modifications can be canceled using
Cancel Transaction. Processes with sufficient
privileges may forcibly cancel transactions initiated
by other processes.
Application: This is how we handle concurrent data access.
Exceptions: insufficient privilege
couldn't begin transaction
Name: Commit Transaction
Parameters: transaction ID
Results: (none)
Description: see Begin Transaction
Application: see Begin Transaction
Exceptions: transaction doesn't exist
transaction was forcibly canceled
insufficient privilege
couldn't commit transaction
Name: Cancel Transaction
Parameters: transaction ID
Results: (none)
Description: see Begin Transaction
Application: see Begin Transaction
Exceptions: transaction doesn't exist
insufficient privilege
couldn't cancel transaction
Name: Reserve Object For Update
Parameters: reference to an object
transaction ID
Results: (none)
Description: see Begin Transaction
Application: see Begin Transaction
Exceptions: object doesn't exist
transaction doesn't exist
insufficient privilege
couldn't reserve object for update
Name: Reserve Object For Reading
Parameters: reference to an object
transaction ID
Results: (none)
Description: Mark an object for reading, so other users can't
change the object while it is being read. Other
users can read this object concurrently.
Application: Use this with the iterators (Get Next Collection
Object and Get Next Search Match) if the exception
caused by some other user changing the object would
be problematic.
Exceptions: object doesn't exist
transaction doesn't exist
insufficient privilege
couldn't reserve object for reading
Name: List Object Transactions
Parameters: reference to an object
Results: list of transaction IDs
Description: Return a list of all transactions currently open on
the given object. The list may be empty.
Application: A sufficiently privileged process can use this with
Cancel Transaction to remove all user reservations on
an object.
Exceptions: object doesn't exist
insufficient privilege
can't list object open transactions
Name: Get Transaction Details
Parameters: transaction ID
Results: transaction owner ID
list of reserved objects w/ update/read status
Description: Return the identification of the given transaction's
owner, and a list of objects reserved under the
transaction. Each object is flagged according to its
reservation type: read or update.
Application: This may have application in deadlock detection and
resolution.
Exceptions: transaction doesn't exist
insufficient privilege
can't get transaction details
SEARCHES
Name: Start Search
Parameters: search specifier
Results: search ID
Description: Create a search procedure based upon the search
specifier, and return an identifier that can be used
to access this procedure. The search ID is valid
only for the life of the process which called Start
Search.
Application: This is the mechanism used to construct a query.
Exceptions: insufficient privilege
couldn't specify search
Name: Get Next Search Match
Parameters: search ID
Results: reference to found object
Description: Given a search ID, return the next object which meets
the search criteria.
Application: Use this repeatedly to retrieve query results.
Exceptions: not a valid search ID
another user changed target data
insufficient privilege
no more objects to search
Name: Reset Search
Parameters: search ID
Results: (none)
Description: Reset the given search so the next call to Get Next
Search Match will return the first matching object.
Application: Use this to restart a search if its search procedure
was already created by Start Search.
Exceptions: not a valid search ID
insufficient privilege
couldn't reset search
PROCESSING
Name: Connect Process
Parameters: process specifier
Results: reference to a process
Description: Return a reference to a specified process. The
process specifier provides all of the information
needed to identify the desired process.
Application: This is the only way to obtain a process to do
computation. All interaction with this process
identifies the process using the returned reference.
Exceptions: not a valid process specifier
process is unavailable for use
insufficient privilege
couldn't connect process
Name: Inquire Process
Parameters: reference to a process
Results: process status
Description: Get information about the status of a process.
Application: Use this to obtain general information about a process.
Exceptions: process does not not exist
insufficient privilege
couldn't inquire process
Name: Disconnect Process
Parameters: reference to a process
Results: (none)
Description: Invalidate the given process reference and take
whatever actions are necessary to release process
resources.
Application: Use this when you won't be sending any more requests
to the given process.
Exceptions: process does not exist
insufficient privilege
couldn't disconnect process
Name: Request Action
Parameters: reference to a process
action specifier
Results: action ID
Description: Request that a process initiate a specified action,
and return an identifier for the request. The action
specifier includes any needed data.
Application: Use this to request services from a process.
Exceptions: process does not exist
invalid action specifier
insufficient privilege
couldn't request action
Name: Inquire Action
Parameters: action ID
Results: action status
Description: Return the current status of the given action.
Application: Use this to discover whether an action has completed
or is still in progress.
Exceptions: not a valid action ID
insufficient privilege
couldn't inquire action
Name: Request Action Completion Notification
Parameters: action ID
Results: (none)
Description: Request a notification signal upon completion of an
action. The notification is transferred via an
implementation-dependent interface.
Application: Use this in lieu of Inquire Action if you'd prefer
not to poll for completion.
Exceptions: not a valid action ID
insufficient privilege
couldn't request action completion notification
Name: Abort Action
Parameters: action ID
Results: (none)
Description: Stop an action that is still in progress. No results
will be available.
Application: Use this to cancel a service request.
Exceptions: not a valid action ID
action is not in progress
insufficient privilege
couldn't abort action
Name: Get Action Results
Parameters: action ID
Results: action results
Description: Return a (possibly empty) result of the specified
action. The action must have completed.
Application: Use this to retrieve the results of a service
request.
Exceptions: not a valid action ID
action is still in progress
insufficient privileges
couldn't get action results
Name: Acknowledge Action
Parameters: action ID
Results: (none)
Description: Acknowledge completion of the specified action, and
invalidate the action ID.
Application: Call this after you have retrieved any action results.
Exceptions: not a valid action ID
insufficient privileges
couldn't acknowledge action
SERVICE PROVIDERS
Service providers use an implementation-dependent
interface compatible with the messages sent by
PROCESSING interfaces.
MISCELLANEOUS
Name:
Parameters:
Results:
Description:
Application:
Exceptions:
In this section, we will describe data access paths as a series of names joined by a < character. The names represent Objects, Slots, Values, Attributes, and Collections. The < character represents containment -- XYZ<PQR means that PQR is contained in XYZ. Later in this section, names are chosen to evoke the meaning of the associated data; a system may choose other names if needed.
All data in a system is accessible from a root object, named ROOT. ROOT is always the leftmost name in a complete data access path. A system may allow specification of partial access paths relative to some basis path which begins at ROOT; the complete pathname is formed by appending the relative path specification to the basis path. For example:
Basis path: ROOT<LMN<PQR<TUV
Relative path: XYZ<ABC
Complete path: ROOT<LMN<PQR<TUV<XYZ<ABC
The ROOT description, below, is typical of the format we use to
describe all of the sample system-level data.
Name: ROOT
Kind: Object
Access path: ROOT
Description: The topmost item in the system's containment
hierarchy; all data in the system can be reached by
following some access path that starts at ROOT.
Kind is either Object or Collection. As with everything else in this
section, the Kind may be different in an actual system implementation.
Where appropriate, the description may mention typical Slots,
Attributes, and Values; although not shown, the access path for these
is constructed according to their containment relationships.
Some data may have more than one access path. For example, a network design may be contained in a collection of all network designs in the system, as well as in the collection of all data used by one or more Systems Engineers, and in the collection of data representing the customer for whom the network is designed. This allows flexible access to data, but is not a requirement of a system design. Where the details of the access path are unimportant, or obvious from context, we may replace portions of the path with an ellipsis.
Name: SERVERS
Kind: Collection
Access path: ROOT<SERVERS
Description: A collection of all the servers in the system. In
this context, servers are generic providers of
services -- computation, storage, hardcopy, etc.
Name: SERVER
Kind: Object
Access path: ROOT<SERVERS<SERVER
Slots: NAME, IP_ADDRESS, SERVICES, ...
Description: A description of a physical or logical server having
a distinct name and IP address and providing one or
more services. The SERVICES slot contains a
collection (see SERVICE).
Name: SERVICE
Kind: Object
Access path: ROOT<SERVERS<SERVER<SERVICES<SERVICE
Slots: NAME, PORT_NUMBER, COST, PERFORMANCE, ...
Description: A description of a logical service provided by a
server.
Name: PROCEDURES
Kind: Collection
Access path: ROOT<PROCEDURES
Description: A collection of all the procedures used by a system.
These procedures may encapsulate business knowledge,
product rules, report generation, etc. In addition
to a machine-independent specification of each
procedure, the collection may store machine-dependent
derivations for efficient execution on multiple
target machines.
Name: PROCEDURE
Kind: Object
Access path: ROOT<PROCEDURES<PROCEDURE
Slots: NAME, DESCRIPTION, CODE, ...
Attributes: CODE<FORMAT, CODE<OS, CODE<CALLING_SEQUENCE,
CODE<LAST_REVISED, DESCRIPTION<CLASSIFICATION, ...
Description: A description of a single procedure encoded for one
particular execution environment. The procedure is
classified according to its purpose to facilitate
global searches for procedures suitable to a task.
Name: TYPES
Kind: Collection
Access path: ROOT<TYPES
Description: Descriptions of all objects in the system; how they
are composed and what kind of data they contain.
Name: TYPE
Kind: Object
Access path: ROOT<TYPES<TYPE
Slots: NAME, DESCRIPTION, TEMPLATE, ...
Attributes: TEMPLATE<LAST_REVISED, DESCRIPTION<CLASSIFICATION, ...
Description: A description of a single data type. The TEMPLATE is
a Collection of DESCRIPTORs; taken as a whole, these
describe the data type. Like PROCEDUREs, TYPEs are
classified to facilitate search for a type that
fulfills a particular role in a system.
Name: DESCRIPTOR
Kind: Object
Access path: ROOT<TYPES<TYPE<DESCRIPTOR
Slots: NAME, DESCRIPTION, REPRESENTATION, ...
Attributes: REPRESENTATION<RANGE, REPRESENTATION<PRINT_FUNCTION,
REPRESENTATION<VALIDATION_FUNCTION, ...
Description: A description of a single data element; not the
element itself. The REPRESENTATION, which is the
basis of the type, is taken from a system-wide
library. Depending upon the system design, the
representation could be descriptive of a storage
format (integer, floating point, counted string,
etc.). Some common attributes are also specified:
range, print function, validation, function, etc.
Name: USERS
Kind: Collection
Access path: ROOT<USERS
Description: A collection of all the system users who need to
retain some personal association with other data in
the system.
Name: USER
Kind: Object
Slots: NAME, DEPARTMENT, TELEPHONE_EXTENSION, ...
Access path: ROOT<USERS<USER
Description: The description of a system user.
Name: PRODUCTS
Kind: Collection
Access path: ROOT<PRODUCTS
Description: A collection of descriptions of all the products
known to the system.
Name: PRODUCT
Kind: Object
Access path: ROOT<PRODUCTS<PRODUCT
Slots: NAME, DESCRIPTION, PRODUCT_CODE, FAMILY, BUILD_RULES,
VALIDATION_RULES, CONFIGURATION_RULES,
PRODUCT_MANAGER, SERVICE_LEVELS, TRANSFER_COST,
RETAIL_COST, LEASE_FACTOR, INTRODUCTION_DATE,
OBSOLETE_DATE, SUNSET_DATE, ...
Description: A description of one product.
Name: CUSTOMERS
Kind: Collection
Access path: ROOT<CUSTOMERS
Description: A collection of all customers known to the system.
Name: CUSTOMER
Kind: Object
Access path: ROOT<CUSTOMERS<CUSTOMER
ROOT<USERS<...<CUSTOMER
Slots: NAME, ADDRESS, TELEPHONE, CONTACTS, CLOSED_ORDERS,
OPEN_ORDERS, PENDING_PROPOSALS, ...
Description: A description of a single customer.
Name: DESIGNS
Kind: Collection
Access path: ROOT<DESIGNS
Description: A collection of all the designs known to the system.
Name: DESIGN
Kind: Object
Access path: ROOT<DESIGNS<DESIGN
ROOT<CUSTOMERS<...<DESIGN
ROOT<USERS<...<DESIGN
Slots: NAME, DESCRIPTION, ACCOUNT_MANAGER,
SYSTEMS_ENGINEERS, REQUIREMENTS, TRAFFIC_PROFILES,
PRIOR_ITERATIONS, CURRENT_DESIGN, ...
Description: A description of a single design.
Name:
Kind:
Access path:
Description:
Created 1994 02 16 by DBL
Draft 1994 03 07 by DBL - initial partitioned model
Draft 1994 03 22 by DBL - separated figures, added data architecture
Draft 1994 03 23 by DBL - edited data architecture; added primitive
API skeleton; added builder's guide
Draft 1994 04 01 by DBL - added some detail to primitive API
Draft 1994 04 04 by DBL - added inquiry functions to transaction API;
added sample system-level data
Draft 1994 04 13 by DBL - incorporate editorial review comments from
JDS, RWS, RGF, and BB; rework for improved
organization according to RGF; clarify roles
of Interaction, Presentation, and Agent
Draft 1994 04 15 by DBL - rework API section per RGF review; add refs
to TSAR
Inspected 1994 04 27-28 by DSTG
Draft 1994 05 05 by DBL - rework per inspection
Converted 1997 03 03 by DBL - converted to HTML