http://ayende.comAyende @ RahienCopyright (C) Ayende Rahien 2004 - 2021 (c) 202660Simon, Yes, it is. There is a wide variety of applications where this is actually what you want. Think forms over data. http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment7http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment7Tue, 18 Aug 2009 11:15:01 GMTAyende Isn't this assuming CRUD, lack of long running workflow (saga's), messaging etc? http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment6http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment6Tue, 18 Aug 2009 10:09:43 GMTFunny enough, that 'hack' is arguably the most successful GUI technology to date. http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment5http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment5Tue, 18 Aug 2009 08:27:36 GMTYou're making a ton of sense to me. We're talking about apps that control both sides of the wire, that secure access to the server so only authenticated clients get through, and that can accomplish most of what they need from the server by persisting a ChangeSet (aka, saving a bunch of new and changed entities in a transaction). None of this precludes server-side authentication, authorization, and validation of every action. You're talking belt and suspenders in most cases (the "suspenders" being your "complete waste of time"). But some folks are really worried about keeping their pants up and customer cost be damned. For them the frameworks in this space make server-side replay easy to manage because they foster a single, dual-environment code-base that can execute both on the client (for responsiveness) and on the server (for paranoia). They also faciliate server-only services where you need them; not their forte but more than sufficient when ChangeSet Persistence is carrying most of the load. RIA Services, CSLA. .and DevForce all share this perspective. Check them out. http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment4http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment4Tue, 18 Aug 2009 04:11:34 GMTTake advice from the MMO game developers: "Never trust the client". RIA is great, now you can have a real .Net business object in your web app and fully enforce the rules there with some nice UI interactivity to boot. However I would enforce the same rules on the server, maybe your client is not in a hostile environment, but why early optimize, remove rules checks on the server only if necessary. We are shooting for a CSLA like "mobile object" approach where BO class source code is shared between the Silverlight client and full .Net server. The objects simply move from one tier to another before committing to the DB. I believe the Silverlight RIA framework does this too. http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment3http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment3Mon, 17 Aug 2009 20:38:58 GMTUnless I'm making some one-off tool, I'm rarely making an application where the server side is not important (where rules *beyond* data-typing need to be enforced on the server). http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment2http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment2Mon, 17 Aug 2009 13:22:28 GMTA classic example of this is the client server desktop app, with winforms connecting to a SQL database via storedprocs secured by SQL access rights. Good times... http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment1http://ayende.com/4124/taking-advantage-on-the-data-transfer-tier#comment1Mon, 17 Aug 2009 10:01:52 GMT