The system should continue to work correctly (performing the correct function at the desired level of performance) even in the face of adversity (hardware or software faults, and even human error). See “Reliability”
Well, that's pretty much impossible. If the service you depend on to tell you the length of a book has failed, you can't calculate whether the user is displaying more than N% of the book.
You can, however, fail gracefully and deliberately. Maybe the book length hasn't changed and you can get it from the cache even if it has expired. Maybe you shrug and say that the user can share that additional bit. Maybe you fail.
Maybe you shrug three times and then start failing.
But, you cannot do all your work without all the services you depend upon, and you have to assume that sometimes they will be down.
Most important, however, is that when everything is running again, your service self-repair -- if you are returning partial information, don't cache it for a long time, etc.
· Flag
Brian
