Glossary

An operating system facility for defining which users are allowed to access which system resources.

TIBCO's technology for treaty management fortresses .

Microsoft's pre-.NET programming technology for the presentation fortress, now replaced by ASP.NET.

A fortress that works with another fortress to fulfill a common objective.

Microsoft's .NET programming technology for the presentation fortress.

In .NET terminology, a deployable unit of code.

A component that uses an asynchronous communications protocol, such as message queues, for transmitting information. In the J2EE space, these components are called message-driven beans . In the .NET space, these components are called queued components .

A drawbridge that makes no promises about when it will deliver its infograms or the order in which it will deliver its infograms, and that returns no information to the sender once those infograms have been delivered. Compare synchronous drawbridge .

The guard function of logging infograms.

The guard function of verifying the source of an infogram .

A trusted party that can be used to verify the identity of other, nontrusted parties.

The process for deciding whether or not a fortress is authorized to do what it is trying to do.

A feature of component-oriented middleware (COMWare) by which the system automatically determines transaction boundaries.

The ability of a system to provide some security features administratively rather than through code.

Microsoft's product that is the basis for .NET's equivalent of the treaty management fortress.

To send information from one source to many other places.

A service fortress that receives information from one fortress (the publisher) and broadcasts it to a number of other fortresses (the subscribers).

A human being working at a browser. Also called thin client .

An attack on an Internet fortress in which a hacker tries to send more data into the infogram than the fortress can handle, thereby overriding memory in the fortress. If successful, the hacker can gain control of the trusted processes within the fortress.

An approach to scalability that attempts to predict the eventual workload of a system and build it on a system large enough to handle that workload from the beginning. Compare scale-up and scale-out .

A fortress that processes a major piece of business functionality, such as a human resource system.

In BTP terminology, a loosely coupled transaction that spans Web services.

The standard proposed by OASIS for coordinating loosely coupled transactions across Web services.

A .NET programming language that closely resembles Java. Pronounced "cee sharp."

A request to terminate and undo a transaction (usually loosely coupled) that has been started but not yet committed.

Formally known as the Computer Emergency Response Team Coordination Center, one of the main organizations that tracks and reports on Internet-based attacks on enterprise systems. The Web site is www.cert.org.

A document that can be used to prove a party's identity.

Customer Information Control System, an early transaction processing monitor from IBM that is still widely used in large enterprise systems.

One of possibly many object-oriented implementations of an interface.

A design technique that was first described at an OOPSLA conference by Ward Cunningham and Kent Beck in 1989 and became popularized most notably by Rebecca Wirfs-Brock, Brian Wilkerson, and Lauren Wiener in their book Designing Object-Oriented Software (1990, Prentice-Hall). FAR cards are based on CRC cards.

One who requests a service from another.

The process in which the client, or caller, resides. Compare component process .

A software architecture that recognizes only two tiers: one for the combined client/business logic and one for the database.

A bit of software that stands in for a client in the component process in a component system. Compare component surrogate .

A collection of similarly configured computers designed so that any given work request can be sent to and successfully processed by any one of them.

The process, machine, or other entity of the cluster that decides which machine in the cluster will process the next request.

Microsoft's infrastructure for the business application fortress. COM+ predates .NET but is still considered part of .NET.

The runtime infrastructure used by the .NET programming languages. Compare Java Virtual Machine .

An early distributed-component architecture.

A treaty that requires the coordination of a treaty management fortress. Compare simple treaty .

The smallest unit of packaging and distribution in component-based systems. Component packaging is one of the techniques we use to package compiled code, identify remotely accessible interfaces to that code, and assign processes in which that code will run. In Java, a component is typically an Enterprise JavaBean. In .NET, it is typically a COM+ component. Compare object .

A discrete blob of memory that serves the role of a component and can process requests from a remote client.

A collection of method definitions that a component supports.

The technologies represented by EJB and COM+. These technologies were originally intended to be middle - tier infrastructures for components (hence their name ). They are now used as the infrastructure for business application fortresses.

The process in which one or more instances of one or more components lives.

The data needed by a component to fulfill a request.

A bit of software that stands in for a component instance in the client process in a component system. Compare client surrogate .

In BTP terminology, the process of letting the coordinator know that the end boundary of the transaction has been reached and that the coordinator should start working with the participants to reach the final transactional end game.

The part of an application designed to plug into a treaty management product, such as BizTalk Server.

The third phase of the four-phase commit protocol, which is entered when the transaction initiator informs the coordinator that the end transactional boundary has been reached. In this phase, the coordinator asks the participants how each one feels about its portion of the transactional workload.

In BTP terminology, information that uniquely identifies a specific business transaction.

In BTP terminology, the entity that is coordinating the loosely coupled transaction, analogous to DTC for a tightly coupled transaction.

In the context of a loosely coupled transaction, the request to the transaction coordinator to begin a new transaction and allocate a region of memory to store information about that transaction.

Chief technical officer, the highest position in an IT organization.

A technology specialized for managing data and processing update requests to that data within the context of a tightly coupled transaction.

A logical connection between a database client (typically a process within a fortress) and the database itself.

A technique in which users are temporarily denied access to specific data. This technique is used by databases to coordinate the conflicting data access requirements of different database users.

A service fortress that serves as a shared data repository for two or more other fortresses.

Conceptually, the private data storage facilities used by a fortress. A data strongbox can be implemented, for example, with a dedicated database, a logical partition of a database, or a file system.

The back end of a three-tier architecture. This is the tier in which the database resides.

The process of converting data that had been algorithmically altered to appear garbled back to its original form. Compare encryption .

One of the component protocols used by .NET.

A system that coordinates two or more transactional resources in a tightly coupled multiple-resource transaction.

The fortress that is making a request of another fortress. Compare recipient fortress .

Conceptually, a communications channel that a fortress uses to receive work requests (infograms). A drawbridge can be implemented, for example, with a message queue or a shared logical data partition.

In Pat Helland's software fiefdom model, code that runs on the browser to prepare requests for a software fortress.

The process of algorithmically altering data to appear garbled. Compare decryption .

The process by which a participant in a transaction (either loosely coupled or tightly coupled) informs the coordinator of its intention to participate in the transaction.

The J2EE specification that defines an infrastructure for the business application fortress.

A collection of software fortresses that collectively run a large enterprise.

A specialized system within a fortress that creates infograms and sends them to other fortresses via drawbridges .

A standard string-encoding mechanism designed specifically for data.

An adaptation of a CRC card that tells us three things about a fortress: its name and type, its responsibilities, and the allies with which it must collaborate to fulfill its responsibilities. Compare TAR card .

A protocol used to transfer files between machines.

The fourth phase of the four-phase commit protocol, which is entered when the last transactional participant lets the transactional coordinator know its opinion on the transaction outcome. In this phase, the coordinator informs each of the participants of the transaction as to what the transaction result should be.

A combination of hardware and software systems designed to prevent unauthorized entry into a private network.

The wall function of preventing access to a fortress other than through approved channels (drawbridges).

A diagram showing the enterprise fortresses and the ally relationships between them.

A detailed description of a specific fortress, including any information that a fortress outsider might need to know, such as information about the drawbridges, the high-level algorithms the fortress implements, and the technologies used inside the fortress.

A cartoon figure used in diagrams to represent the type of a fortress.

The protocol that is used by most transaction coordinators for either loosely or tightly coupled transactions. The four phases are sleep, meditative, consensus, and final.

The rule stating that business component methods should be designed to be self-contained tightly coupled transactions.

A specialized system within a fortress that receives requests from a drawbridge and subjects them to a security inspection. Compare wall .

Describing two or more dissimilar systems. The term usually refers to the technology base on which the systems are built. For example, a pair of two systems ”one built on .NET and the other built on WebSphere ”would be considered a heterogeneous pair. Compare homogeneous .

A drawbridge connecting a pair of heterogeneous fortresses. Compare homogeneous drawbridge .

Describing two or more similar systems. The term usually refers to the technology base on which the systems are built. For example, a pair of two systems, both built on .NET would be considered a homogeneous pair. Compare heterogeneous .

A drawbridge connecting a pair of homogeneous fortresses. Compare heterogeneous drawbridge .

The standard definition of documents returned to browsers from presentation fortresses.

One of the common protocols used for the transferral of information between browsers and presentation fortresses.

In Pat Helland's software fiefdom model, describing a request that can be executed any number of times greater than zero with an equivalent result.

Internet Inter-ORB Protocol, the CORBA component protocol and precursor to the Java RMI/IIOP component protocol.

A request that travels between two fortresses via a connecting drawbridge.

The part of a large enterprise that owns information processing.

In BTP terminology, the party starting the transaction and defining the loosely coupled transaction boundaries.

A feature of component-oriented middleware (COMWare) that shares a single instance of a component among a large number of clients .

A guarantee by a fortress that it never leaves itself in a damaged or incomplete state. Also the process of guaranteeing that an infogram has not been changed en route through a drawbridge.

A description of what something can do for you, usually used within the context of objects or components.

Describing a process that involves more than one fortress. Compare intrafortress .

A presentation or Web service fortress.

The part of the .NET technologies that provides an infrastructure for presentation fortresses and sometimes for Web service fortresses.

Describing a process that occurs entirely within one fortress. Compare interfortress .

A family of specifications, produced by Sun, that define an enterprise architecture and are rooted in the Java programming language.

The programming language used with J2EE technologies.

In J2EE terminology, a deployable unit of code.

The low-level language into which Java is translated before it is compiled. Compare Microsoft Intermediate Language .

Sun's main specification for programming presentation fortresses.

The runtime infrastructure used by the Java language. Compare Common Language Runtime .

A shared-key authentication system.

A fortress that wraps an existing legacy system that was originally developed without regard to the software fortress model.

A collection of compiled code that is linked into an executable.

A cluster of machines, usually a large number, that are organized such that if one machine goes down, its work in progress is lost, but new work can be picked up by another machine in the cluster. Compare tightly coupled cluster .

A coordination of two or more activities that allows each activity to learn of the failure or success of the others, and to take appropriate remedial action upon failure. Compare tightly coupled transaction .

A service fortress that is responsible for coordinating loosely coupled transactions that span fortresses.

The second phase of the four-phase commit protocol, which is entered when the transaction initiator informs the coordinator that a new transaction boundary has been reached and the coordinator has assigned a transaction ID. In this phase, the coordinator is waiting for transactionally aware resources to check in.

A communications technology that is the basis for asynchronous drawbridges today.

Usually used within the context of objects or components, a specific request that something can do for you.

A request to a component instance to perform a service on behalf of a specific client.

The low-level language into which all .NET-supported languages are translated before they are compiled. Compare Java bytecode .

One of the tiers in a three-tier architecture. The middle tier is typically responsible for tightly coupled transaction processing.

IBM's technology for treaty management fortresses, considered part of its WebSphere product line.

IBM's message queue product.

Microsoft's message queue product.

A transaction that must be coordinated over two or more transactional resources, such as databases.

Microsoft's term for its enterprise technologies.

A language that can be used for programming within .NET. Most languages (the notable exception is Java) are .NET languages.

One of the component communications protocols supported by .NET.

Describing a workload that can be accomplished without blocking the one requesting the work. In the software fortress model, the term is usually used in reference to asynchronous drawbridges.

A process for proving that a particular fortress made a particular request, especially when the fortress denies having done so.

A message queue that does not support transactional protection and will not participate with transactional resources in a multiple-resource transaction.

A three-tier architecture in which the middle tier is subdivided into smaller business systems.

An artifact of object-oriented programming, which is one (not the only) technique we can use to implement algorithms. An object is therefore a unit of implementation. In Java, an object is an instantiation of a Java class. In .NET, an object is an instantiation of a class defined in one of the .NET languages, such as C#. Compare component .

The official newsletter of the software fortress movement, available at www.objectwatch.com.

Oracle corporation's main database (data strongbox) technology.

One of several software consortia that are trying to define standards for various aspects of Web services. The Web site is www.oasis- open .org.

A database that is spread out over multiple physical computers.

A message queue that is stored on disk and therefore is not lost in case of system failure. Compare transient queue .

The point at which COMWare technologies intercept a method request traveling between a client and a specific component instance for the purpose of running a variety of COMWare algorithms.

The ability of an object-oriented or component-oriented system to support multiple implementations of an interface and then choose which of those implementations is appropriate to use at runtime.

The use of asynchronous drawbridges to implement many of the features of clusters.

A fortress that accepts browser requests and prepares to forward them to the corporate empire. The presentation fortress is a browser gateway into the enterprise.

The browser- facing tier in a traditional three-tier architecture. This tier typically handles interactions with the browser. Its function is analogous to that of a presentation fortress.

The process of protecting infograms en route through a drawbridge from prying eyes.

A secret key, typically used for encryption and decryption, that is shared by a small number of parties (usually two). Compare public key .

The condition in which a fortress is not particularly trustworthy but appears to be so, most likely through the use of asynchronous drawbridges. Compare true reliability .

A key that is made publicly available for use in encryption and decryption. Compare private key .

An authentication scheme that is based on public and private keys. Secure Sockets Layer (SSL) is a public/private “key authentication scheme. Compare shared-key authentication .

The source of a broadcast. Compare subscriber .

The carrier of a message in a message queue system.

The fortress that is receiving a request from another fortress. Compare donor fortress .

A measure of how much a fortress can be trusted to be available when it is needed.

Any technology designed to allow component method invocations to be made across process boundaries.

A precursor technology to distributed components.

A client system that is built as a stand-alone program.

Remote Method Invocation/Internet Inter-ORB Protocol, the standard component protocol that is supposed to be used by all J2EE systems. Pronounced "RMI over IIOP."

A type of security used with components in which users are assigned roles (such as managers or tellers) and then access rights to components, interfaces within components, or methods within interfaces are based on those same roles.

The rule dictating how data must move between code that implements business logic and a database. The first part of this two-part rule states that all data used in a transaction must be acquired from the database within that transaction. The second part states that all data that is changed during the transaction must be stored back to the database before the transaction commits.

The ability to increase the processing capability of a fortress, preferably without increasing the overall cost per unit of work.

An approach to scalability in which more machines are added to one or more clusters. Compare scale-up and build-big .

An approach to scalability in which smaller machines are replaced with larger machines. Compare scale-out and build-big .

A public/private “key authentication scheme.

An adaptation of the UML construct called class sequence diagram. SADs give more detail about how the various fortresses work together while still fitting in a relatively small space. In a SAD, the heading gives the name of the treaty. Within the treaty, each ally fortress is represented by a vertical line. Interactions between the fortresses are shown with one of three arrows, following conventions similar to those of UML's class sequence diagrams. Full solid arrowheads show use of a synchronous drawbridge. Full hollow arrowheads show a synchronous drawbridge returning information. Half solid arrowheads show use of an asynchronous drawbridge. Typically the name of the drawbridge is written underneath the arrow.

A fortress that packages some common functionality and/or data that must be shared across one or more enterprises .

The data that is used by a presentation fortress to find, in a data strongbox, the larger body of data that represents the state of a specific browser session. Also called session state key .

An authentication scheme that is based on two parties sharing a common secret, such as a password. Kerberos is a shared-key authentication scheme. Compare public/private “key authentication .

A standard string representation of a request between heterogeneous systems.

A treaty that does not require the coordination of a treaty management fortress. Compare complex treaty .

A transaction that involves only one transactional resource.

The first phase of the four-phase commit protocol, in which the transaction coordinator is not paying attention to anything you are doing.

A component surrogate that uses SOAP to transform a method request into a string.

Pat Helland's model for enterprise architectures, in which software systems owned by different enterprises treat each other as autonomous computing units.

A conglomerate of software systems that work together in a tight trust relationship to provide consistent and meaningful functionality to a hostile outside world.

An enterprise architecture consisting of a series of self-contained, mutually suspicious, marginally cooperating software fortresses interacting with each other through carefully crafted and meticulously managed treaty relationships.

A methodology for designing an enterprise system based on software fortresses.

Microsoft's main database (data strongbox) technology.

The process of managing information that is specific to the donor fortress or requestor of a service.

Programming logic that is stored inside and executed from inside of a database.

A guarantee that is made in a tightly coupled transaction ”namely, that participating transactionally aware resources will all undo their portion of the workload if any other participating transactionally aware resource is unable to complete its portion of the workload and will absolutely guarantee to complete their portion of the workload once they all agree to do so. Compare weak transactional guarantee .

One of the places to which a broadcast will be sent. Compare publisher .

Something that stands in for something else. Also called proxy .

A drawbridge that delivers its infogram immediately and does not return control to the envoy until that delivery has occurred. Compare asynchronous drawbridge .

A brief overview of a treaty, including which fortresses are part of that treaty and what their responsibilities are within that treaty.

A version of the four-phase commit protocol that does not consider the sleep part of the commit protocol.

A traditional architecture that consists of a presentation tier, a middle tier, and a data tier. Compare N-tier architecture .

A string, typically encrypted, that gives one party permission to do something with another party.

A cluster of machines, usually a small number, that are organized such that if one machine goes down, its work in progress is not lost but rather is automatically picked up by one of the remaining machines in the cluster. Tightly coupled clusters are usually used to protect the database machine from failures. Compare loosely coupled cluster .

A tightly coupled transaction in which there are two or more transactional resources and the services of a distributed transaction coordinator are therefore required. Compare tightly coupled single-resource transaction .

A tightly coupled transaction in which exactly one transactional resource is involved, and the services of a distributed transaction coordinator are therefore not required. Compare tightly coupled multiple-resource transaction .

A coordination of updates to one or more transactional resources (such as databases or message queues) such that all resources either complete their updates or none of the resources complete any of their updates. Compare loosely coupled transaction .

An industry standard benchmark designed to test high-end database applications.

A collection of either requests or updates that should be processed as a group , with all either succeeding or failing.

Something that knows how to accept groups of updates and guarantee that they are done or not done en masse, and how to participate with an outside entity to coordinate its group of updates with groups of updates to other transactionally aware resources. Often called simply transactional resource .

A message queue that can behave as a transactionally aware resource.

The point at which a transaction either begins or ends.

The ability of a system to automatically have all of the work in a given workflow be done within the same transaction.

The original approach to building the middle tier in a three-tier system. TPMs were built to provide highly scalable systems built around a rich-client architecture.

A message queue that is not stored on disk and therefore is not protected against loss in case of system failure. Compare persistent queue .

A defined partnership of two or more fortresses.

A subset of a fortress “ally diagram (FAD) that shows only those fortresses participating in a given treaty.

A fortress that is specialized to manage complex treaties .

A detailed description of a specific treaty, including any information that a participant in the treaty might need to know, such as information about sequences of fortress interactions, security requirements, transactional expectations, and the synchronicity of the drawbridge.

The condition in which a fortress is truly up and running when asked to do something. Also called availability . Compare pseudoreliability .

A basic rule of fortress design stating that all entities within a fortress trust all other entities within the same fortress, but trust no entities that live outside the fortress.

A version of the four-phase commit protocol that considers the sleep and meditative phases part of the precommit phase and not part of the commit protocol per se.

An object-oriented design methodology.

One of the Web service family of standards that is used to find potential partners, usually partners exposing their functionality through SOAP.

The guard function of checking infograms to make sure they don't contain illegal or invalid information.

Microsoft's programmer tools, used primarily for presentation and business application fortresses.

Conceptually, a part of the fortress that prevents requests from entering the fortress other than through approved channels. A wall could be implemented as a firewall, through role-based security, through database security, or through ACLs. Compare guard .

A guarantee that is made in a loosely coupled transaction ”namely, that participants will merely let each other know if they are unable to complete their portion of the workload, and let each participant decide what action, if any, to take as a result. Compare strong transactional guarantee .

A fortress that accepts programmatic requests over the Internet and prepares to forward them to the corporate empire. The Web service fortress is the programmatic gateway into the enterprise.

A standard string format defining, in minute detail, everything there is to know about a Web service.

A specification for finding WSDL documents and related information on a Web site.

BEA's J2EE-influenced enterprise technologies.

IBM's J2EE-influenced enterprise technologies.

Conceptually, something within the fortress that fulfills part of the overall fortress's responsibility. A worker could be implemented, for example, as a component, a process, or a collection of processes.

The use of asynchronous drawbridges to put off peak workloads until times when the system would normally be used lightly.