Distributed data for security


Robert Hurlbut continues the thread
about distributed computing
with reference to data security. The thrust of the piece is about
providing additional security in depth by physically distributing
the data access tier of your application.

At a high level I sort of agree with this and my comments may
really be a difference of terminology rather than something more
fundamental.

First of all, I’d be reluctant to make the distribution break
purely at the data access level. For me, the data access tier is
all about dealing with the storage of entities. Each component
deals with only one entity and as such each method only reads or
writes to one entity type at a time. (By entity I typically mean
the nouns in your system and these tend to tie to the main tables
in a database – things like a person, product, or order.) The next
layer up uses business rules to combine these entity operations
together into meaningful business transactions (e.g. creating an
order might create an order entity and add line item entities to
it, etc.). I am more inclined to provide a distributed service
using a business facade over these business rules and for that to
be the security barrier. This helps to ensure that data integrity
is maintained by the business rules and promotes reuse of the
service in more robust manner. As I said, I’m not sure if this is
what Robert means or whether we differ here.

Secondly, and Robert suggests this but I want to be more
explicit, I think you should work hard to build a secure network
boundary at these service points between the consuming applications
and the underlying facade with its data store. In practical terms
this often means some kind of firewall or filtering
router/switch.

Robert talks in depth about the choice of communication channel
for interacting with these services. My comment to this is really
about the future: the message I took away from the PDC is that if
you’re looking towards Indigo you want to think web services (my
preference) or COM+/ES. In other words, Remoting isn’t the way
forward.

Update:

Robert clarifies
that we do see eye to eye on much of this
topic.