Distributed data for security
Robert Hurlbut continues the thread about distributed computing with reference to data security. The thrust of the piece is about providing additional security in depth by physically distributing the data access tier of your application.
At a high level I sort of agree with this and my comments may really be a difference of terminology rather than something more fundamental.
First of all, I’d be reluctant to make the distribution break purely at the data access level. For me, the data access tier is all about dealing with the storage of entities. Each component deals with only one entity and as such each method only reads or writes to one entity type at a time. (By entity I typically mean the nouns in your system and these tend to tie to the main tables in a database - things like a person, product, or order.) The next layer up uses business rules to combine these entity operations together into meaningful business transactions (e.g. creating an order might create an order entity and add line item entities to it, etc.). I am more inclined to provide a distributed service using a business facade over these business rules and for that to be the security barrier. This helps to ensure that data integrity is maintained by the business rules and promotes reuse of the service in more robust manner. As I said, I’m not sure if this is what Robert means or whether we differ here.
Secondly, and Robert suggests this but I want to be more explicit, I think you should work hard to build a secure network boundary at these service points between the consuming applications and the underlying facade with its data store. In practical terms this often means some kind of firewall or filtering router/switch.
Robert talks in depth about the choice of communication channel for interacting with these services. My comment to this is really about the future: the message I took away from the PDC is that if you’re looking towards Indigo you want to think web services (my preference) or COM+/ES. In other words, Remoting isn’t the way forward.
Update: Robert clarifies that we do see eye to eye on much of this topic.