On completion, on success, on failure inconsistencies

[lucamrgs]

Concerns

• According to the specification, a step handles exceptions in the following way with respect to on_completion, on_success, on_failure, and workflow_exception:
  • Use on_completion only
  • Use on_completion and define workflow_exception
  • Use on_success together with on_failure
  • Use on_success only (without specifying on_failure, nor workflow_exception),
  • Use on_success and define workflow_exception
• There is no explicit indication on how to behave if an “on_completion only” or “on_success only” step “fails” (without there being a “workflow_exception” defined).
• There is no explicit indication on how to behave if an on_completion + workflow_exception step “fails”, but this can happen:
  • Throw the workflow_exception
    • but this makes on_completion superfluous: just use on_success without on_failure
  • continue to the next step anyway
    • plausible, but not explicitly mentioned
  • Either of the two, or up to the implementation
    • flexible, but it may create issues in executing a playbook inconsistently with two different CACAO execution implementations
• The specification says “The determination of a step being successful, failing, or completing is implementation specific and is out of scope for this specification”, but this also favours inconsistent behaviour of how to execute a CACAP playbook in two different playbook execution implementations, or human interpretation.

Possible ways to address

• Make mandatory use of workflow_exception
• Add the concept of “workflow execution failure”, as a execution-level exception.
• add optional “on_exception” property, which overwrites the playbook_exception, for a finer workflow management.
• Make mandatory use of on_failure if on_success is used (and vice versa).
• Clarify uses of on_success and on_failure for OpenC2 use-cases
• Define best practices for uses of on_completion, on_success, on_failure

[jordan2175]

This is currently under discussion