Messages

Envelopes, Content and Correlation IDs

OpenC2 Face to Face, July 2018

The Value of Correlation IDs

• A Correlation ID is a unique identifier value that is attached to requests and messages that allow reference to a particular transaction or event chain.
• The Correlation Pattern, which depends on the use of Correlation ID is a well documented Enterprise Integration Pattern.
• By convention a Correlation ID is passed in the header of a request or message. The often used field name to use in the header is X-Correlation-ID.
• Correlation IDs are particularly powerful when it comes to log activity.

https://blog.rapid7.com/2016/12/23/the-value-of-correlation-ids/

The Value of Correlation IDs (message detail)

​

• Correlation ID is a message header, not included in the content.
• Messaging and logging systems do not dig into content to find a Correlation ID

Oracle Java Message Service - JMS

• When the caller creates a request message, it assigns a unique identifier to the request.
• When the receiver processes the request, it saves the identifier and adds the request's identifier to the reply.
• When the caller processes the reply, it uses the request identifier to correlate the request with the reply.
• A correlation ID is usually put in the header of a message. The ID is not a part of the command or data the caller is trying to communicate to the receiver.

https://docs.oracle.com/cd/E13171_01/alsb/docs25/interopjms/MsgIDPatternforJMS.html

Apache ActiveMQ

• Supports a variety of Cross Language Clients and Protocols
• AMQP v1.0 support
• MQTT v3.1 support allowing for connections in an IoT environment.
• Full support for the Enterprise Integration Patterns both in the JMS client and the Message Broker

http://activemq.apache.org/

http://camel.apache.org/correlation-identifier.html

Microservices Architectures

• Create a correlation ID for each incoming request with an external interface or message, so that this correlation ID can identify the context.
• Once you’ve created a correlation ID, use it everywhere. To use a correlation ID in all log messages, you need to transport it between services.
• Use an X-Correlation-Id header to include correlation IDs in HTTP requests.
• If you’re not using HTTP you probably have an equivalent way to add message metadata, usually as some kind of message envelope properties.

http://hilton.org.uk/blog/microservices-correlation-id

Constrained Application Protocol - RFC 7252

• The Token is used to match a response with a request.
• Every request carries a client-generated token that the server MUST echo (without modification) in any resulting response.
• A token is intended for use as a client-local identifier for differentiating between concurrent requests (see Section 5.3); it could have been called a "request ID".

https://tools.ietf.org/html/rfc7252#section-5.3.1

Network Configuration Protocol - RFC 6241

• 4.1. The <rpc> element is used to enclose a NETCONF request.
• The <rpc> element has a mandatory attribute "message-id", commonly a monotonically increasing integer.
• The receiver does not interpret this string but simply saves it as a "message-id" in any resulting <rpc-reply> message.

https://tools.ietf.org/html/rfc6241#section-4.1

OpenC2 Layering Model

Language Spec and Actuator Profiles define Content.

Transfer Specs define Messages.

Command ID, timestamp, sender, etc, are contained in the message envelope, not the content.