The logical design of an application is based largely on identifying the business objects that will later be turned into classes within your application. Depending on the type of application—data-oriented, functional, or behavioral—there are different techniques for determining likely candidates.
Data-oriented systems, which usually have heavy data entry and retrieval components, contain objects based on the nouns within use case scenarios, conceptual database design, external entities, and events that need to be remembered. Functional systems, which are focused on performing a well-defined task, tend to revolve around the verbs in user requirements. The business objects defined in behavioral systems, which monitor and act on events, are usually based on the events themselves.
For all three systems, once the business objects have been identified, developers should go through the list to weed out any unlikely candidates. Unlikely candidates are usually those who are very loosely related to the actual purpose of the application and serve little or no useful purpose. You will often find that these objects can be encapsulated inside other, related objects with no loss in functionality and no decrease in maintainability.
The logical database design can be constructed straight from the ORM conceptual model. In order to create a proper logical model (called a database schema), you need to decide which type of database your application will be using. In most cases, this will be a relational database; but depending on the application and your unique circumstances, you can choose to use a purely object-oriented database or even a flat-file database. Database schemas usually contain the relevant details regarding the table and field names, data types, and keys within a database. This is the last step before a database actually gets physically created.
The final step of logical design is validation. The overall logical design needs to be examined with a critical eye to ensure that all business requirements are being met. At this stage, we are usually able to identify the components of the application that will require special attention by the developer. For instance, if a single component will need to respond quickly to the requests of hundreds of users, performance might be an issue; or if a component will be relied upon by hundreds of scattered tools and components, some thought should be given during physical design to future maintainability. The purpose of this stage of logical design is simply to make sure the logical design makes sense.
The first step of logical design is to identify the business objects of the application.
There are three types of applications: data-oriented, functional, and behavioral.
Data-oriented applications usually revolve around data entry and reporting. Business objects usually come from nouns within the user requirements, conceptual database design, external entities, and events that need to be remembered.
Functional applications usually need to perform a well-defined task reliably. Objects usually come from verbs within the user requirements.
Behavioral applications usually monitor a real-time system watching for certain events and intelligently acting on them. Objects usually come from the events that are being monitored.
The second step of logical application design is to identify the behaviors (actions) of the business objects.
The third step of logical application design is to identify the attributes (properties) of the business objects.
The fourth step of logical application design is to establish the logical relationships between the business objects.
Auditing is used to record system activity for after-the-fact security.
Logging is generally not used for security. It is used to record other system events, such as errors or statistical events.
The Microsoft Event Logger is a logging tool built into Windows that can be used to handle all application, system, and security events in one place.
Within .NET applications, errors should be handled by using exceptions.
When an exception occurs, Windows attempts to find an object to handle that exception.
Exception handling is done through a technique called bubbling, where the exception is passed back to the previous object until it is finally handled.
Localization is the process of designing an application to accommodate the different needs of other languages and cultures around the world.
Application security should be included during the logical design phase because attempting to include it later could result in a lot more time and effort.
Security in .NET can be role based, web application, or evidence based.
Role-based security can be integrated into the Windows security model using the WindowsPrincipal class.
The GenericPrincipal class allows applications to handle their own security, or custom security classes can be developed.
Many forms of web application security are integrated into ASP.NET. These security techniques are designed to work over an HTTP connection such as the Internet.
ASP.NET can even integrate into the Microsoft Passport security model.
Evidence-based security allows components to decide which components can and cannot be trusted, based on developer-designed rules. It is code-specific security.
Data privacy is a basic human right and is the notion that user’s personal information should be kept private, unless the user explicitly authorizes it to be shared.
The Windows Forms classes, located in the System.Windows.Forms namespace, provide graphical user controls, such as buttons and text boxes, for .NET applications.
The Web Forms classes, located in the System.Web.UI namespace, provide graphical controls, such as buttons and text boxes, for ASP.NET web-based applications.
Console applications have a text-based user interface provided by the System.Console namespace.
Web services have a user interface as well, although it is purely in XML format.
Logical user interface design involves designing an overall look for the user interface, and usually involves creating a small number of screen shots as examples for the users to approve.
Synchronous applications always wait for a task to finish before the application continues on with other work. This could be a potential application performance bottleneck for tasks that take more than a few seconds to complete.
Asynchronous applications create separate threads for tasks to execute. The application can then go on and process other work, and the thread will notify the application when it is complete.
A component is a self-contained object that performs a specific task.
Components are building blocks that are combined with other code to form applications.
A service is an application that provides its functionality to other applications over a distributed network such as the Internet.
Web services use widely accepted standards such as XML and SOAP to communicate with other applications.
Session state is a snapshot of all the data in memory for a particular user session. Server-side applications are able to save and restore this state information, which allows them to be much more scalable.
The Object Role Modeling (ORM) conceptual design model can easily be turned into a logical database model.
In ORM, a simple key is a fact type whose uniqueness constraint spans only one role. In the ORM diagram, this is represented by an arrow spanning only one role box.
Likewise, a composite key is a fact type whose uniqueness constraint spans more than one role.
Simple keys become the attributes (or columns) of a table, while composite keys become their own tables.
A primary key is a column (or set of columns) that uniquely identifies the contents of a table. By definition, primary keys must be unique within a table.
A foreign key is a column that refers to the primary key of another table for the purposes of referential integrity.
Logical design is validated primarily by comparing it with the business requirements document.
Another useful technique is to run through each of the use cases to ensure that the business objects support the required functionality.
A proof-of-concept (POC) is a small application developed solely to test out risky technical requirements.
The following questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully because there might be more than one correct answer. Choose all correct answers for each question.
1. | Which of the following types of applications best describes a type of application that is focused on performing a specific, well-defined task?
|
|
2. | Which of the following are useful techniques for identifying the business objects in a data-oriented system? (Choose all that apply.)
|
|
3. | Which of the following events would likely trigger an entry in an audit log?
|
|
4. | What is the name of the system process that passes unhandled exceptions back to previous objects?
|
|
5. | What is the process of ensuring that an application can be altered easily for other languages and cultures?
|
|
6. | Which of the following should be taken into consideration when developing an application that will need to support users in different countries? (Choose all that apply.)
|
|
7. | Which of the following is almost always a tradeoff that has to be made in order to achieve tight security?
|
|
8. | Which of the following .NET security models require the application to run entirely in the user’s Windows security context?
|
|
9. | Which of the following .NET security models is most likely to use Secure Sockets Layer (SSL) over a Hypertext Transfer Protocol (HTTP) connection?
|
|
10. | Which statement best describes data privacy?
|
|
11. | Which .NET Framework namespaces contain the classes needed to create a user interface? (Choose all that apply.)
|
|
12. | What type of user interfaces do web services provide?
|
|
Answers
1. | C. Functional applications center on the performance of a well-defined task, such as Microsoft Windows Calculator. |
2. | A, C, and D. These three tasks all help identify objects in a data-oriented system. |
3. | D. The goal of auditing is to track the changes to key database tables as a means of after-the-fact security. This identifies the changes specific users made to the database. |
4. | B. Exception bubbling is the system process that passes unhandled exceptions back to previous objects. |
5. | C. Localization is the process of ensuring that an application can be altered for different locales. |
6. | A, B, and D. Localizing an application involves translation, properly formatting dates and numbers, and ensuring that the content is still relevant to each culture. |
7. | D. The most common tradeoff made to achieve tight security is user convenience. |
8. | A. Role-based security forces application components to run in the user’s security context. |
9. | B. SSL over HTTP is an ideal method for encrypting the connection between a web browser and a web server. |
10. | D. Data privacy aims to protect sensitive user information from being shared without the user’s knowledge. |
11. | C and D. System.Windows.Forms and System.Web.UI are two of the namespaces that provide user interface support in .NET. |
12. | C. Web services provide interfaces to other applications using XML. |
13. | Which of the following best describes the concept of a simple key in ORM relational mapping?
|
|
14. | Assume the conceptual data model contains three objects: Candidate, Skill, and SkillLevel. These three objects are linked together using a single role, such that they form a composite key. Using the ORM relational mapping methodology, which of the following best reflects the tables required by this application?
|
|
15. | Which of the following relational database features is used primarily to enforce referential integrity?
|
|
Answers
13. | B. A simple key is any uniqueness constraint in the ORM conceptual model that spans exactly one role. |
14. | D. Because the ternary fact that links the three tables together has uniqueness that spans two roles, a new table will have to be created to map Candidates and Skills, called CandidateSkill. The other objects exist as their own tables. |
15. | C. Foreign keys are primarily used to enforce referential integrity. |
16. | What is the best way to validate a proposed logical design?
|
|
Answers
16. | A. The best way to validate a logical design is to compare it to the business and user requirements identified during an earlier phase to ensure that all requirements are being handled. |
1. | Acme Corporation is a manufacturing company that creates and distributes over 300 products to hundreds of clients around the world. It is currently using a Microsoft Excel spreadsheet to manually manage the catalog of products it carries. Acme would like to create a small catalog application that will allow users to browse the catalog of items in stock. The company’s business requirements are fairly simple:
Based on the preceding list of business requirements, what business objects will this catalog application need to support? |
|
Answers
1. | The catalog application will likely contain the following business objects. Also included is the list of object behaviors (methods) for each object, divided by security role.
|