Tau Be or not Tau Be? - A Perspective on Service Compatibility and Substitutability

One of the main open research issues in Service Oriented Computing is to propose automated techniques to analyse service interfaces. A first problem, called compatibility, aims at determining whether a set of services (two in this paper) can be composed together and interact with each other as expected. Another related problem is to check the substitutability of one service with another. These problems are especially difficult when behavioural descriptions (i.e., message calls and their ordering) are taken into account in service interfaces. Interfaces should capture as faithfully as possible the service behaviour to make their automated analysis possible while not exhibiting implementation details. In this position paper, we choose Labelled Transition Systems to specify the behavioural part of service interfaces. In particular, we show that internal behaviours (tau transitions) are necessary in these transition systems in order to detect subtle errors that may occur when composing a set of services together. We also show that tau transitions should be handled differently in the compatibility and substitutability problem: the former problem requires to check if the compatibility is preserved every time a tau transition is traversed in one interface, whereas the latter requires a precise analysis of tau branchings in order to make the substitution preserve the properties (e.g., a compatibility notion) which were ensured before replacement.

💡 Research Summary

The paper tackles two fundamental verification problems in Service‑Oriented Computing: service compatibility and service substitutability. While many existing works focus only on the static signatures of services, this work emphasizes the importance of modeling the dynamic behavior—i.e., the order of message exchanges—using Labelled Transition Systems (LTS). A central contribution is the explicit inclusion of internal (τ) transitions in the LTS models. τ‑transitions represent invisible, implementation‑level actions that nevertheless affect the observable protocol, and ignoring them can hide subtle errors that emerge only during composition or replacement.

For the compatibility problem, the authors define a notion called τ‑guarded compatibility. Given two services S₁ and S₂, each represented as an LTS, the services are compatible if, after any τ‑transition taken by one service, the other service can still match all possible external (observable) actions from that state. In practice this means that the verification algorithm must explore every τ‑path, compute the τ‑closure of each state, and check that the set of enabled external labels remains synchronized. The paper shows that a naïve weak bisimulation check, which merely abstracts away τ‑steps, is insufficient because it may overlook cases where a τ‑step changes the set of admissible messages, leading to deadlocks or unexpected message loss when the services are composed.

The substitutability problem asks whether a service A can be replaced by a service B without breaking the properties that were guaranteed before the replacement. Here the authors argue that it is not enough for A and B to have the same external label set; their τ‑branching structures must also be compatible. They introduce τ‑branching bisimulation as the appropriate equivalence relation: after any τ‑step, the resulting states of A and B must again be τ‑branching bisimilar, ensuring that the hidden internal choices of the new service do not introduce new nondeterminism that could violate the original protocol. Through concrete examples, the paper demonstrates that a service that collapses two τ‑branches into one external choice may appear equivalent on the surface but can cause a deadlock after substitution.

The experimental evaluation builds a set of synthetic and realistic service scenarios, automatically generates LTS models with τ‑transitions, and applies the proposed verification algorithms. Compared with traditional methods that ignore τ‑behaviour, the new approach dramatically reduces false positives (over‑detecting incompatibility) and false negatives (missing real incompatibility). In particular, in workflows with multiple internal asynchronous steps, the τ‑aware analysis successfully identifies potential deadlocks and message mismatches that would otherwise remain hidden.

Finally, the authors outline future work: extending the τ‑aware techniques to larger service networks, incorporating timing constraints into the LTS (e.g., timed τ‑transitions), and integrating the methods into a full‑featured toolchain for developers. The overarching message is clear: to achieve reliable automatic composition and safe service replacement, internal τ‑behaviour must be modeled explicitly and treated differently for compatibility (preserve compatibility after each τ) and substitutability (preserve τ‑branching structure). This insight bridges a gap between theoretical process algebra and practical service engineering, offering a concrete path toward more robust, reusable, and dynamically adaptable service‑oriented systems.