Monthly Archives: November 2007

Users and self-description

I’ve had a couple of conversations recently – one online and one off – that both centered around an important aspect of distributed computing that is often overlooked: the role of users in determining message semantics. When we write and deploy software, either client or server, it is easily forgotten that this software has been deployed on behalf of some user, either us, our employer, a customer, etc.. For example, Web browsers act on behalf of the users sitting right in front of them, while Web servers act on behalf of the publishers. We even have a special name for this software – though only typically used to refer to clients – user agents. The name drives home the point that they do our bidding alone. When a user initiates an action which requires messages to be sent, then the message needs to reflect the intent of the user. For example (the subject of the aforementioned online discussion) when a user clicks a link in a browser it is with the intent of dereferencing that link, an action which is by definition safe. Therefore, any message sent as a result of a clicked link must be a safe message, otherwise it would be misrepresenting the user. Another scenario where this issue pops up is in the context of application/session state. My friend Bob Haugen and I recently discussed whether the canonical Web shopping cart was stateful or stateless. After a few back-and-forths, we had boiled down the discussion – I thought it was stateful, Bob wasn’t sure – to this same issue. Bob thought that the POST message that gets sent in response to a “purchase” action by the user had the meaning “Purchase what’s in that shopping cart”. And if that was the case, he’d be right, it would be stateless. But my point was that the message can’t mean that because pretty much every user wants to be explicit about what they’re purchasing, and so include the details about the purchase – items, quantity, price, shipping terms, etc.. – in the message sent to the server. In explaining my position, I pointed out that pretty much every shopping cart service I’ve ever used notifies users if prices changes between the time the item was added to the shopping cart, and when the purchase is initiated. This is done because the service understands that it is the user’s intent to be specific about what they’re buying, it’s just that the technology in use – a Web browser – doesn’t easily permit that kind of information to be maintained on the client so that it can be sent over in the POST message. Food for thought, I hope.