Finally, a complete set of protocols!
I’m enchanted with Carl Ellison’s paper proposing the concept of a “ceremony” as a sort of meta-protocol design that incorporates all eight layers. This is something I have to do nearly every day when fixing a broken business process or reviewing the design of an application—use cases generally only take into account what the user might click on, but not what might cause them to do so.
I think there’s just one thing missing from Ellison’s list here:
Those differences aside, the design process for a ceremony is the same as the process for a network protocol. Each node in the ceremony has:
1. state, held in the node’s memory in one or more locations
2. secrets, protected by tamper resistance and subject to access control
3. a state machine
4. input messages that are parsed and sometimes pre-processed, including
a. messages from other nodes
b. events (like a timer or, within a human node, a “desire”)
5. for each (input message, state) pair:
a. output messages
b. changes in state
6. service response times and communication bandwidth
7. probability of processing errors
8. probability of node death or loss of memory
I might add (9), the certainty of node replacement on a semi-regular basis, if you’re looking at a ceremony that involves human nodes that are part of organizations. You could call this “loss of memory,” but I don’t think that covers all the cases that designers absolutely have to plan for. (This is why we have documentation, but this is also why you have to make sure the documentation is available, accurate, and complete.) Nothing breaks a good protocol faster than having a key memory component take a better-paying job across the street.
I think someone now has an open headcount.