Privacy preserving minimal observability for composite transactional services

For complex services composed of many (component) services, logging is an integral middleware aspect, especially for providing transactions and monitoring. In the event of a failure, the log allows us to deduce the cause of failure (diagnosis) and recover by compensating the executed services (atomicity). However, for heterogeneous services with parts of the functionality provided by multiple organizations, logging details of all executed services is often impracticable due to privacy/security constraints. Also, logging is expensive in terms of both time and space. Thus, we are interested in determining the minimal number of services that need to be logged, and which is still sufficient to know with certainty the actual sequence of executed services from any given log. Further to privacy issues, the complexity of determining a minimal set of such services to log is actually NP-Complete. To solve both issues, we resort to considering each component service as a grey box. Logs are recorded and kept local to each component, and a black-box view of the implementation details of each component is provided. In particular, a service which is reused as a component several times (often observed in real-life services) need not be re-computed each time. We show that this dramatically decreases the complexity up to 2 exponentials. For large monolithic component services that cannot be decomposed simply, we also provide heuristics to compute a small (but not necessarily minimal) number of services to log, and experimentally analyze their accuracy and performance.