locked
Workflow/Security access to DAL - through Service Control? RRS feed

  • Question

  • Hi all,   just working on the architecture for an enterprise application.  Typical layered approach:

    Presentation (MVP)
    Service Control
    Business Entities
    Data Access Layer


    All business functions are through service control (single point of contact, security point)

    With security, the roles for various functions etc are in the database.  Should the security layer go through service control for this, or should it go directly to the data access layer? Security is (obviously) in a trusted area, so I am leaning towards having it access the DAL directly.

    We are also implementing WorkFlow.  Should this as well go through service control or can go through the DAL?  Again, it is "behind the fence" and trusted so I again tend to favour it going to the DAL directly.

    Your advice?

    thanks
    Don

    Thursday, February 15, 2007 4:06 PM

All replies

  • why don't you use Azman?

    Thursday, February 15, 2007 5:53 PM
  • We are using siteminder - it filters all request, authenticates users and injects headers with security tickets.

    Anyone have any observations on the question at hand?  Security or workflow directly accessing the DAL versus through Service Control?
    Monday, February 19, 2007 3:17 PM