Services Application Frame

- J.D. Meier, Alex Homer, Jason Taylor, Prashant Bansode, Lonnie Wall, Rob Boucher Jr, Akshay Bogawat

The following table lists the key areas to consider as you develop services architecture. Use the key issues in the table to understand where mistakes are most often made. The sections following this table provide guidelines for each of these areas.

Area Key issues
Authentication and Authorization Lack of authentication across trust boundaries
Lack of authorization across trust boundaries
Granular or improper authorization
Communication Incorrect choice of transport protocol
Chatty communication with the service
Failing to protect sensitive data
Data Consistency Failing to check data for consistency
Improper handling of transactions in a disconnected model
Exception Management Using exceptions to control application flow
Not logging exceptions
Compromising message integrity when an exception occurs
Revealing sensitive information in the exception
Failing to implement a strategy for unhandled exceptions
Message Construction Not appreciating that message contents may be time-sensitive
Incorrect message construction for the operation
Passing too much data in a single message
Message Endpoint Not supporting idempotent operations
Implementing filters to handle specific messages
Subscribing to an endpoint while disconnected
Message Protection Not protecting sensitive data
Failing to use message layer protection for messages that cross multiple servers
Not considering data integrity
Message Transformation Unnecessary use of transformations
Implementing transformations at the wrong location
Using a canonical model when not necessary
Message Exchange Patterns Using complex patterns when not necessary
Using the Request/Response pattern for one-way messages
REST Overuse of POST operations against resources
Putting actions into the URI with QueryString values
Using session state within a Representational State Transfer (REST) service
SOAP Not choosing the appropriate security model
Not planning for fault conditions
Using complex types in the message schema
Validation Not validating message structures sent to the service
Failing to validate data fields associated with the message

Last edited Feb 2, 2009 at 5:38 PM by prashantbansode, version 1

Comments

No comments yet.