Ravikanth's Blog

Happenings around Me

Disclaimer

India MVP Blogs

Mugh blogs

My

My Favorites

My Network Places

Business Rules implementation techniques - Which one is better?

Business rules in client web pages(away from data)

==================================
  • Developers tend to do this. But for a change in business rule, Need to recompile and redeploy the web applications.
  • Eventually, If you expose data through web service your application cannot make sure who is going to access which data, because web service consuming application will write their own set of business rules.
  • Data is in your hand but business rules are not in your control, every other consuming application will implement their own rules.
  • Managing/Maintaining business rules across different applications is difficult.
  • Change in business rule needs to be replicated in all the consuming applications.

Business rules in back end stored procedures(along with data)

============================================
  • Simple to include a change in business rule.
  • No need to recompile.
  • If you expose data through web service, your application can make decisions who is going to access which data, not the consuming application.
  • Data as well as business rules are in your control.
  • Change in business rule needs a change at one place.

 The above said points are valid & true for authorization rules and security rules also.

Please comment if you have any other thoughts.

Posted: Dec 13 2007, 06:14 AM by dvravikanth | with 6 comment(s) |
Filed under: , ,

Comments

joginipally said:

I have few concerns in your post.

My main concern is in following points posted by you

Eventually, If you expose data through web service your application cannot make sure who is going to access which data, because web service consuming application will write their own set of business rules.

As you said if i expose data through a web service i can impliment authorization checks with in a web service thus allowing only legitimate users.. right?

So all of the following points are also not true in this case. Am i in a wrong assumption?

<<Ravikanth>>

Even if you implement rules in webservices, for a change in rule you need to recompile and also need to redeploy webservice. More over if there is a major change in rule all the consuming application need to change. This is worst case.

# December 13, 2007 7:46 AM

JV said:

I don't like either options. I prefer placing business rules in my Business layer (Sounds obvious?) and not in your ui or data layer.

<<Ravikanth>>
I agree this is one of the best option. For a change in business rule you need to change business layer, and then recompiling finally re deploying. Eventually if more than one application is using business rules layer you are in trouble.

In this case you need to make sure that every call comes via business layer. Later point of time if you want to expose data through web service, you need make sure that call comes from application <->Webservice<->Business layer<->Data

 

# December 13, 2007 7:49 AM

Karl said:

I never understood the "need to recompile" vs "no need to recompile argument"  Either way you're changing your code, which means you should re-run all ur test and go through a regression testing phase.

Anyways, as others have said, wouldn't the best place to put business rules be in the business layer?

# December 13, 2007 7:59 AM

Mike D said:

I've yet to see an app where the UI could ignore the rules of the Business Layer.

# December 13, 2007 9:45 AM

Richard G said:

Doesn't this assume that rules are nothing more than code which can only be executed in one layer? Why can't rules be something which can be transported across layers and independently evaluated. A web page can look at a rule defining a field as required and provide immediate feedback (highlight field, Javascript warning before submission) and the business layer can evaluate it as well. If the business layer includes methods to ask of it "tell me what the rules" are, it could get back an assembly, XML, or whatever form the rules come in.

<<Ravikanth>>

Agree What you said, Here I am looking for Extendability & Manageability.

# December 13, 2007 1:12 PM

joginipally said:

As others it is a better option to place business rules in business layer.

But, if you are using a web service that exposes the data and authorization checks are implimented in your application to make decisions who is going to access which data, in this senario any application/any body can consume the data by defining their own set of rules!

In this case the web service itself should have a set of rules for authorization.

# December 14, 2007 12:42 AM
Leave a Comment

(required) 

(required) 

(optional)

(required)