Services Layer Design Checklist

From Guidance Share

Jump to: navigation, search


Design Considerations

  • Services are designed to be application scoped and not component scoped.
  • Entities used by the service are extensible and composed from standard elements.
  • Your design does not assume to know who the client is.
  • Your design assumes the possibility of invalid requests.
  • Your design separates functional business concerns from infrastructure operational concerns.


  • Identified a suitable mechanism for securely authenticating users.
  • Considered the implications of using different trust settings for executing service code.
  • SSL protocol is used, if you are using basic authentication.
  • Web Services Security (WS-Security) is used, if you are using SOAP messages.


  • Appropriate access permissions are set on resources for users, groups, and roles.
  • URL authorization and / or file authorization is used appropriately, if you are using Windows authentication.
  • Access to Web methods is restricted appropriately using declarative principle permission demands.
  • Services are run under the most restrictive account that is appropriate.

Communication =

  • You have determined how to handle unreliable or intermittent communication scenarios.
  • Dynamic URL behavior is used to configure endpoints for maximum flexibility.
  • Endpoint addresses in messages are validated.
  • You have determined the approach for handling asynchronous calls.
  • You have decided if the message communication must be one-way or two-way.

Exception Management

  • Exceptions are not used to control business logic.
  • Unhandled exceptions are dealt with appropriately.
  • Sensitive information in exception messages and log files are not revealed to users.
  • SOAP Fault elements or custom extensions are used to return exception details to the caller when using SOAP.
  • Tracing and debug-mode compilation is disabled for all services except during development and testing.

Message Channels

  • Appropriate patterns, such as Channel Adapter, Messaging Bus, and Messaging Bridge are used for messaging channels.
  • You have determined how you will intercept and inspect the data between endpoints when necessary.

Message Construction

  • Appropriate patterns, such as Command, Document, Event, and Request-Reply are used for message constructions.
  • Very large quantities of data are divided into relatively smaller chunks and sent in sequence.
  • Expiration information is included in messages, if the messages are time-sensitive, and the service ignores expired messages.

Message Endpoint =

  • Appropriate patterns such as Gateway, Mapper, Competing Consumers, and Message Dispatcher are used for message endpoints.
  • You have determined if you should accept all messages, or implement a filter to handle specific messages.
  • Your interface is designed for idempotency so that, if it receives duplicate messages from the same consumer, it will handle only one.
  • Your interface is designed for commutativity so that, if messages arrive out of order, they will be stored and then processed in the correct order.
  • Your interface is designed for disconnected scenarios, such as support for guaranteed delivery.

Message Protection

  • The service is using transport layer security when interaction between the service and consumer are not routed through intermediary servers.
  • The service is using message-based protection when interaction between the service and consumer are routed through other servers.
  • You have considered message-based plus transport layer (mixed) security when you need additional security.
  • Encryption is used to protect sensitive data in messages.
  • Digital signatures are used to protect messages and parameters from tampering.

Message Routing

  • Appropriate patterns such as Aggregator, Content-Based Router, Dynamic Router, and Message Filter are used for message routing.
  • The router ensures sequential messages sent by a client are all delivered to the same endpoint in the required order (commutativity).
  • The router has access to the message information when it needs to use that information for determining how to route the message.

Message Transformation

  • Appropriate patterns such as Canonical Data Mapper, Envelope Wrapper, and Normalizer are used for message transformation.
  • Metadata is used to define the message format.
  • An external repository is used to store the metadata when appropriate.

Representational State Transfer (REST)

  • You have identified and categorized resources that will be available to clients.
  • You have chosen an approach for resource identification that uses meaningful names for REST starting points and unique identifiers, such as a GUID, for specific resource instances.
  • You have decided if multiple representations should be supported for different resources, such as support an XML, Atom, or JSON format and make it part of the resource request.
  • You have decided if multiple views should be supported for different resources, such as support for GET and POST operations for a specific resource.

Service Interface

  • A coarse-grained interface is used to minimize the number of calls.
  • The interface is decoupled from the implementation of the service.
  • Business rules are not included in the service interface.
  • The schema exposed by the interface is based on standards for maximum compatibility with different clients.
  • The interface is designed without assumptions about how the service will be used by clients.


  • You have defined the schema for operations that can be performed by a service.
  • You have defined the schema for data structures passed with a service request.
  • You have defined the schema for errors or faults that can be returned from a service request.

Deployment Considerations

  • The service layer is deployed to the same tier as the business layer in order to maximize service performance.
  • You are using Named Pipes or Shared Memory protocols when a service is located on the same physical tier as the service consumer.
  • You are using the TCP protocol when a service is accessed only by other applications within a local network.
  • You are using the HTTP protocol when a service is publicly accessible from the Internet.
Personal tools