Sure, but at what point do you accept the legal responsibility for the transition with regards to your customer, and how will you handle recovery? Is it OK to replay (a series of) transitions if you keep the state in memory and write the state to disk every five minutes, while keeping a transition log? Do you want/need two-phase commit, where you send a confirmation for each processed transition?

How consistent needs the overall state of the system to be? Is it OK if all transitions for client A were processed but only the first half of the transitions for client B were processed? What if A and B own ultiple machines? What is the processing order of the transitions? Is it OK to process transitions in parallel across different threads? Is it OK to reorder transitions for a single state machine? Can a transition be cancelled or can it time out?

Most of these guarantees should be answered by a proper messaging system, like IBM MQSeries or maybe ZeroMQ nowadays, or alternatively by having all clients write directly to a database. I think you will need one, but I don't have much experience with the advantages or disadvantages of such queue systems.

There is no legal responsibility, but our reputation is at stake. Each "client" is a Web browser, so it doesn't matter if they have multiple machines as we handle the transitions on the server side. The clients won't be logged in multiple times on different machines for the same user context and if they do, they understand there are no guarantees and that they're not supposed to do that. In other words, each user's context can be considered a single-threaded process and each transition happens sequentially, but the state is maintained across HTTP requests.

A transition, once it is triggered, should not be cancelleable or timed out.