Workflow/Security access to DAL - through Service Control?  
Author Message
Don Cameron





PostPosted: Architecture General, Workflow/Security access to DAL - through Service Control? Top

Hi all, just working on the architecture for an enterprise application. Typical layered approach:

Presentation (MVP)
Service Control
Business Entities
Data Access Layer


All business functions are through service control (single point of contact, security point)

With security, the roles for various functions etc are in the database. Should the security layer go through service control for this, or should it go directly to the data access layer Security is (obviously) in a trusted area, so I am leaning towards having it access the DAL directly.

We are also implementing WorkFlow. Should this as well go through service control or can go through the DAL Again, it is "behind the fence" and trusted so I again tend to favour it going to the DAL directly.

Your advice

thanks
Don



Architecture1  
 
 
C l e m e n s





PostPosted: Architecture General, Workflow/Security access to DAL - through Service Control? Top

why don't you use Azman



 
 
Don Cameron





PostPosted: Architecture General, Workflow/Security access to DAL - through Service Control? Top

We are using siteminder - it filters all request, authenticates users and injects headers with security tickets.

Anyone have any observations on the question at hand Security or workflow directly accessing the DAL versus through Service Control