Do you trust your data source?
Rockford Lhotka says in this TSS article that the data layer should be considered an external actor. Well I agree with him because of these reasons:
1) if the database is not in your control who says that the DBA will not change the schema one day breaking some but not all of the applications written against it. This does happen for perfectly good business reasons, i.e. new laws, a new business rule, or some other reason.
2) with the advent of SOA it is now possible to have failover of different datasources which have simular data the only real difference is how the data is stored &/or formatted. One DB sends its data out in an old text format while another sends it out in XML how do you merge them especially if you do not know that the failover occured (think same web service different DB behind) the WS still sends out a string just the format has changed and you did not do anything.
3) with new applications using p2p technologies it is very possible that the same data can and will be found but the difference is in the XML dialect the data is living in (XML dialect same data different xml tags). The issue here is that things occur dynamically the machine does not know what it will get until it gets it i.e. “real time”
All three of these reasons are things which we need to be thinking about now; how do you deal with dynamically generated / found / produced data of which you probably do not know where it came from or even what format it is in. We need to really start dealing with this issue because it is only going to get worse with the advent of easy p2p systems especially over IPv6 (multicasting is just too easy there), WS-Discovery which while it currently is positioned for small connected devices can easily be used to find disparate web services with out the need for a centralized registry server.
These issues are coming down the road at a very fast pace and we need to start determining how to deal with them now or else we will get overwhelmed by the gigantic size of the problem. While Rocky does not give any answers he does raise some interesting points like: almost every data source is outside of the applications trust boundary (I can think of some which this is not true but they are a very small percentage of the applications in the wild), and any interactive interface whether it is a data source or a GUI is outside of the trust boundary you can not trust what happens there (an interesting coorelation all of the projects I have been on ~80% of the bugs in the system were in the layers which interacted with these external actors not the layers which were within the trust boundary). This is an area which everyone needs to start thinking about especially if you are doing SOA because you will be bitten by them maybe not now but soon.
Until next time.
Blair