Certification Summary | MCSD Analyzing Requirements and Defining .NET Solutions Architectures Study Guide (Exam 70-300 (Certification Press)

The logical design of an application is based largely on identifying the business objects that will later be turned into classes within your application. Depending on the type of application—data-oriented, functional, or behavioral—there are different techniques for determining likely candidates.

Data-oriented systems, which usually have heavy data entry and retrieval components, contain objects based on the nouns within use case scenarios, conceptual database design, external entities, and events that need to be remembered. Functional systems, which are focused on performing a well-defined task, tend to revolve around the verbs in user requirements. The business objects defined in behavioral systems, which monitor and act on events, are usually based on the events themselves.

For all three systems, once the business objects have been identified, developers should go through the list to weed out any unlikely candidates. Unlikely candidates are usually those who are very loosely related to the actual purpose of the application and serve little or no useful purpose. You will often find that these objects can be encapsulated inside other, related objects with no loss in functionality and no decrease in maintainability.

The logical database design can be constructed straight from the ORM conceptual model. In order to create a proper logical model (called a database schema), you need to decide which type of database your application will be using. In most cases, this will be a relational database; but depending on the application and your unique circumstances, you can choose to use a purely object-oriented database or even a flat-file database. Database schemas usually contain the relevant details regarding the table and field names, data types, and keys within a database. This is the last step before a database actually gets physically created.

The final step of logical design is validation. The overall logical design needs to be examined with a critical eye to ensure that all business requirements are being met. At this stage, we are usually able to identify the components of the application that will require special attention by the developer. For instance, if a single component will need to respond quickly to the requests of hundreds of users, performance might be an issue; or if a component will be relied upon by hundreds of scattered tools and components, some thought should be given during physical design to future maintainability. The purpose of this stage of logical design is simply to make sure the logical design makes sense.

Two-Minute Drill

Creating a Logical Design

The first step of logical design is to identify the business objects of the application.
There are three types of applications: data-oriented, functional, and behavioral.
Data-oriented applications usually revolve around data entry and reporting. Business objects usually come from nouns within the user requirements, conceptual database design, external entities, and events that need to be remembered.
Functional applications usually need to perform a well-defined task reliably. Objects usually come from verbs within the user requirements.
Behavioral applications usually monitor a real-time system watching for certain events and intelligently acting on them. Objects usually come from the events that are being monitored.
The second step of logical application design is to identify the behaviors (actions) of the business objects.
The third step of logical application design is to identify the attributes (properties) of the business objects.
The fourth step of logical application design is to establish the logical relationships between the business objects.
Auditing is used to record system activity for after-the-fact security.
Logging is generally not used for security. It is used to record other system events, such as errors or statistical events.
The Microsoft Event Logger is a logging tool built into Windows that can be used to handle all application, system, and security events in one place.
Within .NET applications, errors should be handled by using exceptions.
When an exception occurs, Windows attempts to find an object to handle that exception.
Exception handling is done through a technique called bubbling, where the exception is passed back to the previous object until it is finally handled.
Localization is the process of designing an application to accommodate the different needs of other languages and cultures around the world.
Application security should be included during the logical design phase because attempting to include it later could result in a lot more time and effort.
Security in .NET can be role based, web application, or evidence based.
Role-based security can be integrated into the Windows security model using the WindowsPrincipal class.
The GenericPrincipal class allows applications to handle their own security, or custom security classes can be developed.
Many forms of web application security are integrated into ASP.NET. These security techniques are designed to work over an HTTP connection such as the Internet.
ASP.NET can even integrate into the Microsoft Passport security model.
Evidence-based security allows components to decide which components can and cannot be trusted, based on developer-designed rules. It is code-specific security.
Data privacy is a basic human right and is the notion that user’s personal information should be kept private, unless the user explicitly authorizes it to be shared.
The Windows Forms classes, located in the System.Windows.Forms namespace, provide graphical user controls, such as buttons and text boxes, for .NET applications.
The Web Forms classes, located in the System.Web.UI namespace, provide graphical controls, such as buttons and text boxes, for ASP.NET web-based applications.
Console applications have a text-based user interface provided by the System.Console namespace.
Web services have a user interface as well, although it is purely in XML format.
Logical user interface design involves designing an overall look for the user interface, and usually involves creating a small number of screen shots as examples for the users to approve.
Synchronous applications always wait for a task to finish before the application continues on with other work. This could be a potential application performance bottleneck for tasks that take more than a few seconds to complete.
Asynchronous applications create separate threads for tasks to execute. The application can then go on and process other work, and the thread will notify the application when it is complete.
A component is a self-contained object that performs a specific task.
Components are building blocks that are combined with other code to form applications.
A service is an application that provides its functionality to other applications over a distributed network such as the Internet.
Web services use widely accepted standards such as XML and SOAP to communicate with other applications.
Session state is a snapshot of all the data in memory for a particular user session. Server-side applications are able to save and restore this state information, which allows them to be much more scalable.

Building a Data Model for Your Application

The Object Role Modeling (ORM) conceptual design model can easily be turned into a logical database model.
In ORM, a simple key is a fact type whose uniqueness constraint spans only one role. In the ORM diagram, this is represented by an arrow spanning only one role box.
Likewise, a composite key is a fact type whose uniqueness constraint spans more than one role.
Simple keys become the attributes (or columns) of a table, while composite keys become their own tables.
A primary key is a column (or set of columns) that uniquely identifies the contents of a table. By definition, primary keys must be unique within a table.
A foreign key is a column that refers to the primary key of another table for the purposes of referential integrity.

Validating the Proposed Logical Design

Logical design is validated primarily by comparing it with the business requirements document.
Another useful technique is to run through each of the use cases to ensure that the business objects support the required functionality.
A proof-of-concept (POC) is a small application developed solely to test out risky technical requirements.

Self Test

The following questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully because there might be more than one correct answer. Choose all correct answers for each question.

Creating a Logical Design

1.	Which of the following types of applications best describes a type of application that is focused on performing a specific, well-defined task? Data-oriented applications Behavioral applications Functional applications Microsoft Windows Calculator
2.	Which of the following are useful techniques for identifying the business objects in a data-oriented system? (Choose all that apply.) Locating the nouns in the user requirements Locating the verbs in the user requirements Considering external entities that interact with the system Identifying events to be remembered
3.	Which of the following events would likely trigger an entry in an audit log? The system calendar changing to a new day An asynchronous thread completing a task The database encountering a serious error A user deleting a data record
4.	What is the name of the system process that passes unhandled exceptions back to previous objects? Exception passing Exception bubbling Error handling Exception raising
5.	What is the process of ensuring that an application can be altered easily for other languages and cultures? Translation Culturization Localization Personalization
6.	Which of the following should be taken into consideration when developing an application that will need to support users in different countries? (Choose all that apply.) Translation Formatting of dates, times, and numbers Maintaining a different code set for each country Replacing examples that may not be relevant to each culture
7.	Which of the following is almost always a tradeoff that has to be made in order to achieve tight security? User friendliness Data privacy The ability for the application to work over the Internet User convenience
8.	Which of the following .NET security models require the application to run entirely in the user’s Windows security context? Role-based security Web application security Implementing the IPrincipal interface Evidence-based security
9.	Which of the following .NET security models is most likely to use Secure Sockets Layer (SSL) over a Hypertext Transfer Protocol (HTTP) connection? Role-based security Web application security Implementing the IPrincipal interface Evidence-based security
10.	Which statement best describes data privacy? Applications that support data privacy always implement a strict Windows-based security model. Applications that support data privacy do not require a user’s permission before sharing their personal information with others. Applications that support data privacy never share a user’s information with others under any circumstances. Data privacy requires the proper treatment of sensitive personal information and user passwords, and reasonably protects sensitive data from being intercepted during transmission.
11.	Which .NET Framework namespaces contain the classes needed to create a user interface? (Choose all that apply.) System.Windows.UserInterface System.Web.Forms System.Windows.Forms System.Web.UI
12.	What type of user interfaces do web services provide? HTML web forms Either web forms or Windows forms based on the type of client XML None of the above

Answers

1.	C. Functional applications center on the performance of a well-defined task, such as Microsoft Windows Calculator. x A is incorrect because data-oriented applications center on a database. B is incorrect because behavioral applications tend to monitor the events of a system and react accordingly. D is incorrect because, although Windows Calculator is an example of a functional application, it is not one of the three application types defined earlier in this chapter.
2.	A, C, and D. These three tasks all help identify objects in a data-oriented system. x B is incorrect because verbs are used to identify objects in a functional application and not a data-oriented one.
3.	D. The goal of auditing is to track the changes to key database tables as a means of after-the-fact security. This identifies the changes specific users made to the database. x A is incorrect because the changing of the calendar day is not something that needs to be audited, although you may want to include that event in some type of log. B is incorrect because routine application events do not get audited, although they, too, might end up in a log. C is incorrect because system errors should be saved to an error log.
4.	B. Exception bubbling is the system process that passes unhandled exceptions back to previous objects. x A is incorrect because exception passing is not the correct term. B is incorrect because error handling is the process of handling errors. D is incorrect because exception raising is the process of creating exceptions.
5.	C. Localization is the process of ensuring that an application can be altered for different locales. x A is incorrect because localization involves more than just translation. B is incorrect because there is no such term as culturization. D is incorrect because personalization describes the process of creating different views of an application based on the user.
6.	A, B, and D. Localizing an application involves translation, properly formatting dates and numbers, and ensuring that the content is still relevant to each culture. x C is incorrect because, ideally, only the presentation layer should change for different countries while the vast bulk of the code should remain unchanged.
7.	D. The most common tradeoff made to achieve tight security is user convenience. x A is incorrect because an application can still be friendly while having tight security. B is incorrect because data privacy is usually enhanced, not lost, with tighter security. C is incorrect because properly designed and configured applications can be very secure and still operate over the Internet.
8.	A. Role-based security forces application components to run in the user’s security context. x B is incorrect because web applications are made secure using protocols better suited to the openness of the Internet. C is incorrect because using the IPrincipal interface allows you to handle your own security model, which can be handled any way you wish. D is incorrect because the evidence-based model deals with the ability of applications to run specific code and doesn’t deal with the security context of the components themselves.
9.	B. SSL over HTTP is an ideal method for encrypting the connection between a web browser and a web server. x A is incorrect because SSL over HTTP is not part of the role-based security model. C is incorrect because implementing IPrincipal is not the best way to implement SSL over HTTP. D is incorrect because as SSL over HTTP protects the connection, it does not assure privileges that the evidence-based model requires.
10.	D. Data privacy aims to protect sensitive user information from being shared without the user’s knowledge. x A is incorrect because data privacy can be achieved with any type of security model and with no security model. B is incorrect because applications that support data privacy have an obligation to keep a user’s sensitive data private. C is incorrect because data privacy does not preclude an application from sharing a user’s data with others, as long as the user is aware of what is being shared.
11.	C and D. System.Windows.Forms and System.Web.UI are two of the namespaces that provide user interface support in .NET. x A and B are incorrect because these namespaces do not exist in .NET.
12.	C. Web services provide interfaces to other applications using XML. x A is incorrect because, although an HTML application may ultimately use a web service, the HTML web form is not the web service’s interface. B is incorrect because, although a Windows form or web form application may ultimately use a web service, such an application would not be the web service’s interface. D is incorrect because C is correct and therefore the answer cannot be “none of the above.”

Building a Data Model for Your Application

13.

Which of the following best describes the concept of a simple key in ORM relational mapping?

A primary key
A uniqueness constraint spanning exactly one role
A uniqueness constraint spanning multiple roles
A mandatory constraint

14.

Assume the conceptual data model contains three objects: Candidate, Skill, and SkillLevel. These three objects are linked together using a single role, such that they form a composite key. Using the ORM relational mapping methodology, which of the following best reflects the tables required by this application?

Candidate and Skill
Candidate, Skill, and SkillLevel
Candidate, Skill, and CandidateSkill
Candidate, Skill, CandidateSkill, and SkillLevel

15.

Which of the following relational database features is used primarily to enforce referential integrity?

Table indexes
Primary keys
Foreign keys
Database triggers

Answers

13.	B. A simple key is any uniqueness constraint in the ORM conceptual model that spans exactly one role. x A is incorrect because a table can have only one primary key, while it can have any number of ORM simply keys. C is incorrect because uniqueness constraints that span multiple roles are moved to separate tables. D is incorrect because mandatory constraints do not become keys.
14.	D. Because the ternary fact that links the three tables together has uniqueness that spans two roles, a new table will have to be created to map Candidates and Skills, called CandidateSkill. The other objects exist as their own tables. x A is incorrect because the SkillLevel table is missing. B is incorrect because a fourth table is required to map Candidates to Skills. C is incorrect because the SkillLevel table is missing.
15.	C. Foreign keys are primarily used to enforce referential integrity. x A is incorrect because table indexes cannot be used in referential integrity. B is incorrect because, although referential integrity relies on the existence of primary keys in the table being referenced, the primary key does not enforce that integrity. D is incorrect because, although complex database triggers can be written to enforce referential integrity, they are primarily used to enforce other business rules. Triggers are also slower and less efficient than foreign keys, making them less useful for that purpose.

Validating the Proposed Logical Design

16.

What is the best way to validate a proposed logical design?

Compare the logical design with the business and user requirements to ensure everything is covered.
Compare the logical design with the database schema to ensure consistency.
Develop a fully-working proof-of-concept of the application.
Send the system design documents to the users for approval.

Answers

16.

A. The best way to validate a logical design is to compare it to the business and user requirements identified during an earlier phase to ensure that all requirements are being handled.
x B is incorrect because objects from the conceptual data model were used to identify the business objects, making that model less useful for validating the end design. C is incorrect because, although you may want to develop a limited proof-of-concept to vet certain ideas, by definition a proof-of-concept cannot be a fully working version of the application. D is incorrect because users are not likely to understand the logical system design. Although they might have some role in the process, the job of validating system design lies squarely with the development team.

Lab Question

Acme Corporation is a manufacturing company that creates and distributes over 300 products to hundreds of clients around the world. It is currently using a Microsoft Excel spreadsheet to manually manage the catalog of products it carries. Acme would like to create a small catalog application that will allow users to browse the catalog of items in stock. The company’s business requirements are fairly simple:

A database will exist that will contain a detailed listing of all of the products in the catalog, sorted by ID.
Each of the products must belong to one and only one product category.
The product category assigned to each product will be one of a predefined list of twelve categories.
Users should be able to browse the catalog with the products sorted by category.
Choosing any item from the catalog will cause a full-page window to display, showing a picture of the product and all of the relevant details.

Based on the preceding list of business requirements, what business objects will this catalog application need to support?

Answers

The catalog application will likely contain the following business objects. Also included is the list of object behaviors (methods) for each object, divided by security role.

Object Name	End User Service	Administrator Service
Catalog	List product categories.	Add/remove product categories to the catalog; create/edit catalog details.
Product Category	List products.	Add/remove products to a category; create/edit product category details.
Product	Retrieve product details.	Create/edit product details.