Rectangle 27 5

In order to do an insurance claim system of any complexity that involves roles and "sub-tasks" you really need an BPM solution, not just workflow. Workflow Foundation 4.0 is slick but it really doesn't not come close to the functionalities of a BPM product.

BPM solutions, like Metastorm BPM, Global360, and K2.NET, provide human centric workflow, tasks, roles, and system integration that can model and streamline the business processes like your insurance claim system. Use ASP.NET to build the interface that integrates with the BPM workflow engine as their built in designers are usually limited and force you to use their custom built web control which usually are not as full featured as the ASP.NET web controls.

what about using WF 4.0 with custom activities?

I respectfully disagree. K2 does add a layer of functionality (such as authorization, locking, and reporting) to WF, but an experienced team could develop those features. WF 4 brings a lot to the table. BPM solutions tend to be expensive and "enterprisey."

c# - To Workflow or Not to Workflow? - Stack Overflow

c# workflow c#-4.0 workflow-foundation-4
Rectangle 27 33

Quite frankly, after having spent over a decade writing service oriented architectures, I fail to see the real conceptual difference. The concept (and utility) of a service has always been, in my mind, atomic. It is by writing atomic services that you allow for "composition" of larger macro services, which then allows you to orchestrate them into some kind of business processes.

There is nothing in the original SOA prescription that ever prevented one from writing services in different programming languages and allow their interaction through means of contractual interface. There is also nothing in the original SOA prescription that ever prevented one to deploy their services independent of each other. The choice of whether to deploy all services under one Tomcat process, or break them into individual Tomcat/Nginx processes and deploying them across different nodes in your cluster is just a matter of semantics. So fundamentally, I personally find no difference between SOA and microservices. Coining a new term does not make it an invention, frankly.

design patterns - Difference between Microservices Architecture and SO...

design-patterns design soa microservices
Rectangle 27 5

I would use it in any environment where I need to work with workflow, however when using it in conjuction with K2 or even SharePoint 2007 the power of the platform is truly useful. When developing business applications with BI specialist the use of the platform is recommended and this would normally only be relevant to streamline and improve business processes.

For the record WF was developed in conjunction with K2's development team and the new K2 Blackpearl is built on top of WF, so is MOSS 2007 and WSS 3.0's workflow engines.

.net - When to use Windows Workflow Foundation? - Stack Overflow

.net workflow workflow-foundation
Rectangle 27 1

The EJBs are responsable for business processes/logic (i.e: methods), and are able to orchestrating others CDI controllers, is not so common let the EJB create objects, for that you would prefer a CDI POJO Producer.

In your case is leaner to use a CDI object and produce the object that you need from there, looks like a DAO and could be used (i mean, injected) into the EJB.

Think of EJBs on terms of a Boundary Pattern, using specialized controllers.

  • @Stateless is not required to implements Serializable, these are pooled, and its lifecycle does not allow serialization.
  • In general you dont want to use a getter to the entity manager of an EJB, you should prefer write a method and use the em internally.
  • The persistence context is easier to manipulate if uses JTA
  • Your @Stateless should begins the transactions and let them propagated along the controllers
  • The em with package visibility is a good idea, lets you mock your facade / boundary easily

java - CDI bean producer inside EJB stateless session bean - Stack Ove...

java java-ee design-patterns ejb cdi
Rectangle 27 3

Go with the technology your team knows and feels comfortable with. Workflow Foundation is not a product that you can use straight away - it's rather a set of pieces you can embed in your application in order to build a workflow system. IMHO the workflow logic is the least important piece of technology, first of all you have to concentrate on the GUI because business owners will not see anything but the GUI. But if your system is a success then you have to be prepared for neverending change requests and new requirements so you have to implement your business logic so that it's easy to change and easy to divide into separate processes to suit different user needs (sometimes contradicting). BPM helps in this task because it allows you to have separate, multiple versions of business processes suiting various business needs. You don't need full fledged BPM engine for that but it's useful to code your business logic so that it can be versioned and divided into individual business processes - the worst thing to have is an unmantainable and intertangled blob of code that handles 'everything' and that no one can understand. There are many ideas for that - state machines, DSLs (domain specific languages), scripts etc - you decide what the implementation should be. But you should always think in terms of business processes and organize your logic accordingly so that it reflects these processes. And be prepared for coexistence of many variants of business logic and data structures - this is the most difficult design task imho.

c# - To Workflow or Not to Workflow? - Stack Overflow

c# workflow c#-4.0 workflow-foundation-4
Rectangle 27 8

I use Balsamiq Mockups for UI design and Visual Paradigm Aigilian for modelling - it allows to nicely go from high-level business processes to granular requirements and UML modelling... And it's quite cheap.

I use Balsamiq too, seems a nice little app. It has the added benefit of allowing you to show people your designs without them thinking its a finished thing which is allowed by the "sketched" appearance of controls.

Sorry, I didn't notice the 'free' word. But I think I gave you pointers to two great tools - if not for now, then maybe for the future. Good luck :)

Oh my, that balsamiq is just what I've been looking for!

Balsamiq is AWESOME. I've bought a license, as I do with all tools I think are awesome ;-)

architecture - What tools (free) do you use to design software - Stack...

design architecture uml
Rectangle 27 6

JSON Web Token (JWT) is a JSON-based open standard (RFC 7519) for creating tokens that assert some number of claims. For example, a server could generate a token that has the claim "logged in as admin" and provide that to a client. The client could then use that token to prove that they are logged in as admin. The tokens are signed by the server's key, so the server is able to verify that the token is legitimate. The tokens are designed to be compact, URL-safe and usable especially in web browser single sign-on (SSO) context. JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes.[1][2] The tokens can also be authenticated and encrypted.[3][4]

What would prevent a user from copying their token and using it in any other response?

@UladKasach to be honest I never went really deep into them, but afaik they're expireable, unique for your user, and encrypted by SSL (which you're of course practicing), it's the exact same idea behind oauth afaik

security - How do I secure REST API calls? - Stack Overflow

security api rest web-applications backbone.js
Rectangle 27 9

Apache ODE (Orchestration Director Engine) executes business processes written following the WS-BPEL standard. It talks to web services, sending and receiving messages, handling data manipulation and error recovery as described by your process definition. It supports both long and short living process executions to orchestrate all the services that are part of your application.

OSWorkflow can be considered a "low level" workflow implementation. Situations like "loops" and "conditions" that might be represented by a graphical icon in other workflow systems must be "coded" in OSWorkflow.

Shark is an extendable workflow engine framework including a standard implementation completely based on WfMC specifications using XPDL (without any proprietary extensions !) as its native workflow process definition format and the WfMC "ToolAgents" API for serverside execution of system activitie

thanks, very interesting. wftk looks promising. Thanks for the descriptions of the services too.

I am going to mark this as the answer because it provided me with a good list of alternatives that I could investigate. Thanks

@Kinlan - I am curious about your prototype with Stateless. What shortcomings did it have?

@David - if you want control (which I do) and speed then Stateless seems like an ideal solution - there is not much too it, it does almost everything from a theory point of view that you learn about state machines, as long as you are comfortable with writing your own persistence and creation logic it seems like a very strong solution. I suppose they might be it short comings for some people... I haven't found anything else yet really to say "man... I wish it did xyz", and I can at least code it to do it if I really need a feature.

@David, the one thing I did find was that the OnEnter event didn't fire for the start state, but I can't tell if that is correct or wrong :)

Open alternatives to Windows Workflow - Stack Overflow

open-source workflow workflow-foundation
Rectangle 27 9

Apache ODE (Orchestration Director Engine) executes business processes written following the WS-BPEL standard. It talks to web services, sending and receiving messages, handling data manipulation and error recovery as described by your process definition. It supports both long and short living process executions to orchestrate all the services that are part of your application.

OSWorkflow can be considered a "low level" workflow implementation. Situations like "loops" and "conditions" that might be represented by a graphical icon in other workflow systems must be "coded" in OSWorkflow.

Shark is an extendable workflow engine framework including a standard implementation completely based on WfMC specifications using XPDL (without any proprietary extensions !) as its native workflow process definition format and the WfMC "ToolAgents" API for serverside execution of system activitie

thanks, very interesting. wftk looks promising. Thanks for the descriptions of the services too.

I am going to mark this as the answer because it provided me with a good list of alternatives that I could investigate. Thanks

@Kinlan - I am curious about your prototype with Stateless. What shortcomings did it have?

@David - if you want control (which I do) and speed then Stateless seems like an ideal solution - there is not much too it, it does almost everything from a theory point of view that you learn about state machines, as long as you are comfortable with writing your own persistence and creation logic it seems like a very strong solution. I suppose they might be it short comings for some people... I haven't found anything else yet really to say "man... I wish it did xyz", and I can at least code it to do it if I really need a feature.

@David, the one thing I did find was that the OnEnter event didn't fire for the start state, but I can't tell if that is correct or wrong :)

Open alternatives to Windows Workflow - Stack Overflow

open-source workflow workflow-foundation
Rectangle 27 2

is this what business process of yours?

create table document (
  `id`        int unsigned auto_increment,
  `title`     varchar(128) not null,

  primary key(id)
);
create table block (
  `id`             int unsigned auto_increment,
  `id_document`    int // foreign key to document
  primary key(id)
);
create table block_html (
  `id`             int unsigned auto_increment, // foreign key to block table and make it primary
  `type`      varchar(32) not null,
  `contents`  TEXT not null,

  primary key(id)
);
create table block_image (
  `id`        int unsigned auto_increment,// foreign key to block table and make it primary
  `type`      varchar(32) not null,
  `url`       varchar(255) not null,
  primary key(id)
);

This looks pretty interesting. Could you explain how I can effectively query for a document and it's related blocks?

you are welcome

mysql schema foreign-key relational-theory
Rectangle 27 4

Mutating table errors almost always indicate a problem with the data model or related business processes. The most common cause is denormalisation, that is where data in one table is duplicated in some fashion in another table. That seems to be the case here - your CUSTOMER table is holding metadata about another table, PERSON. Only it's compounded by the cascade of information in the other direction.

The proper way to resolve this situation is to sort out the data model. Is CUSTOMER a sub-type of PERSON or is it the other way round? Determine which is the parent and which is the child, and make sure that information only flows in one direction: probably from super-type to sub-type. Although a better solution would be to remove the data propagation altogether.

There are workarounds but they involve packages and other contrivances to apply changes.

oracle - Clashing triggers - mutating table - Stack Overflow

oracle plsql triggers mutating-table
Rectangle 27 2

If what you want is creating multiple child processes doing their "own business" right after their creation, you should use vfork() (used to create new processes without fully copying the address space of the father process) and exec() family to replace the children processes' images with whatever you want.

if you don't want the father to wait until the child is finished, you should take advantage of asynchronous signal handling. A SIGCHLD is sent when a child process ends. So you can put the wait() within the signal handler for SIGCHLD rather than the father process and let the signal handler collect returning status for child process.

#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <signal.h>
#include <stdlib.h>

sig_atomic_t child_process_ret_status;

void spawn(char *program,char *argv[]){
    pid_t child_pid=vfork();

    if(child_pid>0){
        printf("the parent process pid: %d\n",(int)getpid());
        printf("the cpid: %d\n",(int)child_pid);
        system("ping -c 10 www.google.com");
    }else{
        printf("the new process %d is going to execute the new program %s\n",(int)getpid(),program);
        execvp(program,argv);
        printf("you'll never see this if everything goes well.\n");
    }
}


void child_process_ret_handle(int sigval){
    if(sigval == SIGCHLD){
        printf("SIGCHLD received !\n");
        wait(&child_process_ret_status);
    }
}

int main(void){
    signal(SIGCHLD,child_process_ret_handle);
    char *program="sleep";
    char *argv[]={
        "sleep",
        "5",
        NULL
    };

    spawn(program,argv);
    if(WIFEXITED (child_process_ret_status)){
        printf("child process exited successfully with %d\n",WEXITSTATUS (child_process_ret_status));
    }else{
        printf("the child process exited abnormally\n");    
    }

    printf("parent process: %d returned!\n",getpid());
    return 0;
}

c - Spawn an independent child - Stack Overflow

c linux process spawn
Rectangle 27 2

An interesting combination would be to use ruote to manage the state (via aasm / workflow) of multiple resources (documents if you like). Sometimes, a resource may belong to many business processes, and could perhaps exhibit more than one state.

+1 for AASM; it's not perfect, but it's fairly widely used and under continuous development.

ruby - Any recommendation for rails workflow implementations? - Stack ...

ruby-on-rails ruby workflow state-machines
Rectangle 27 3

Refactoring IS the better way. Even though the process is daunting you should definitely separate the presentation and business logic. You will not be able to write good unit tests against your biz logic until you make that separation. It's as simple as that.

In the refactoring process you will likely find bugs that you didn't even know existed and, by the end, be a much better programmer!

Also, once you refactor your code you'll notice that testing your db interactions will become much easier. You will be able write tests that perform actions like: "add new tenant" which will involve creating a mock tenant object and saving "him" to the db. For you next test you would write "GetTenant" and try and get that tenant that you just created from the db and into your in-memory representation... Then compare your first and second tenant to make sure all fields match values. Etc. etc.

c# - Unit testing database application with business logic performed i...

c# database unit-testing
Rectangle 27 95

I've had such a task before and I've got the solution. I would avoid enumerating all days in between when it's avoidable, which is the case here. I don't even mention creating a bunch of DateTime instances, as I saw in one of the answers above. This is really waste of processing power. Especially in the real world situation, when you have to examine time intervals of several months. See my code, with comments, below.

/// <summary>
    /// Calculates number of business days, taking into account:
    ///  - weekends (Saturdays and Sundays)
    ///  - bank holidays in the middle of the week
    /// </summary>
    /// <param name="firstDay">First day in the time interval</param>
    /// <param name="lastDay">Last day in the time interval</param>
    /// <param name="bankHolidays">List of bank holidays excluding weekends</param>
    /// <returns>Number of business days during the 'span'</returns>
    public static int BusinessDaysUntil(this DateTime firstDay, DateTime lastDay, params DateTime[] bankHolidays)
    {
        firstDay = firstDay.Date;
        lastDay = lastDay.Date;
        if (firstDay > lastDay)
            throw new ArgumentException("Incorrect last day " + lastDay);

        TimeSpan span = lastDay - firstDay;
        int businessDays = span.Days + 1;
        int fullWeekCount = businessDays / 7;
        // find out if there are weekends during the time exceedng the full weeks
        if (businessDays > fullWeekCount*7)
        {
            // we are here to find out if there is a 1-day or 2-days weekend
            // in the time interval remaining after subtracting the complete weeks
            int firstDayOfWeek = (int) firstDay.DayOfWeek;
            int lastDayOfWeek = (int) lastDay.DayOfWeek;
            if (lastDayOfWeek < firstDayOfWeek)
                lastDayOfWeek += 7;
            if (firstDayOfWeek <= 6)
            {
                if (lastDayOfWeek >= 7)// Both Saturday and Sunday are in the remaining time interval
                    businessDays -= 2;
                else if (lastDayOfWeek >= 6)// Only Saturday is in the remaining time interval
                    businessDays -= 1;
            }
            else if (firstDayOfWeek <= 7 && lastDayOfWeek >= 7)// Only Sunday is in the remaining time interval
                businessDays -= 1;
        }

        // subtract the weekends during the full weeks in the interval
        businessDays -= fullWeekCount + fullWeekCount;

        // subtract the number of bank holidays during the time interval
        foreach (DateTime bankHoliday in bankHolidays)
        {
            DateTime bh = bankHoliday.Date;
            if (firstDay <= bh && bh <= lastDay)
                --businessDays;
        }

        return businessDays;
    }

Great answer! There is little bug though. I take the freedom to edit this answer since the answerer is absent since 2009.

The code above assumes that DayOfWeek.Sunday has the value 7 which is not the case. The value is actually 0. It leads to a wrong calculation if for example firstDay and lastDay are both the same Sunday. The method returns 1 in this case but it should be 0.

Easiest fix for this bug: Replace in the code above the lines where firstDayOfWeek and lastDayOfWeek are declared by the following:

int firstDayOfWeek = firstDay.DayOfWeek == DayOfWeek.Sunday 
    ? 7 : (int)firstDay.DayOfWeek;
int lastDayOfWeek = lastDay.DayOfWeek == DayOfWeek.Sunday
    ? 7 : (int)lastDay.DayOfWeek;

Now the result is:

+1 That's probably the easiest and most efficient way to do it (my solution coming from C++ doesn't use the support of TimeSpan, C# makes some tasks so much easier). The bankHolidays is a nice touch too!

Also make sure that bank holidays as follows: if (firstDay <= bh && bh <= lastDay && bh.IsWorkingDay())

Thanks for the method. Although, I had to add the following to the bank holidays substraction/iteration if-statement: && !(bh.DayOfWeek == DayOfWeek.Sunday || bh.DayOfWeek == DayOfWeek.Saturday), else it would substract the same day twice, if a holiday falls in a weekend.

I changed the last loop for a Linq statement: businessDays -= bankHolidays.Select(bankHoliday => bankHoliday.Date).Count(bh => firstDay <= bh && bh <= lastDay);

Also they are countries that don't have the weekend in Saturday, Sunday. See this link for more info: en.wikipedia.org/wiki/Workweek_and_weekend

c# - Calculate the number of business days between two dates? - Stack ...

c# datetime
Rectangle 27 95

I've had such a task before and I've got the solution. I would avoid enumerating all days in between when it's avoidable, which is the case here. I don't even mention creating a bunch of DateTime instances, as I saw in one of the answers above. This is really waste of processing power. Especially in the real world situation, when you have to examine time intervals of several months. See my code, with comments, below.

/// <summary>
    /// Calculates number of business days, taking into account:
    ///  - weekends (Saturdays and Sundays)
    ///  - bank holidays in the middle of the week
    /// </summary>
    /// <param name="firstDay">First day in the time interval</param>
    /// <param name="lastDay">Last day in the time interval</param>
    /// <param name="bankHolidays">List of bank holidays excluding weekends</param>
    /// <returns>Number of business days during the 'span'</returns>
    public static int BusinessDaysUntil(this DateTime firstDay, DateTime lastDay, params DateTime[] bankHolidays)
    {
        firstDay = firstDay.Date;
        lastDay = lastDay.Date;
        if (firstDay > lastDay)
            throw new ArgumentException("Incorrect last day " + lastDay);

        TimeSpan span = lastDay - firstDay;
        int businessDays = span.Days + 1;
        int fullWeekCount = businessDays / 7;
        // find out if there are weekends during the time exceedng the full weeks
        if (businessDays > fullWeekCount*7)
        {
            // we are here to find out if there is a 1-day or 2-days weekend
            // in the time interval remaining after subtracting the complete weeks
            int firstDayOfWeek = (int) firstDay.DayOfWeek;
            int lastDayOfWeek = (int) lastDay.DayOfWeek;
            if (lastDayOfWeek < firstDayOfWeek)
                lastDayOfWeek += 7;
            if (firstDayOfWeek <= 6)
            {
                if (lastDayOfWeek >= 7)// Both Saturday and Sunday are in the remaining time interval
                    businessDays -= 2;
                else if (lastDayOfWeek >= 6)// Only Saturday is in the remaining time interval
                    businessDays -= 1;
            }
            else if (firstDayOfWeek <= 7 && lastDayOfWeek >= 7)// Only Sunday is in the remaining time interval
                businessDays -= 1;
        }

        // subtract the weekends during the full weeks in the interval
        businessDays -= fullWeekCount + fullWeekCount;

        // subtract the number of bank holidays during the time interval
        foreach (DateTime bankHoliday in bankHolidays)
        {
            DateTime bh = bankHoliday.Date;
            if (firstDay <= bh && bh <= lastDay)
                --businessDays;
        }

        return businessDays;
    }

Great answer! There is little bug though. I take the freedom to edit this answer since the answerer is absent since 2009.

The code above assumes that DayOfWeek.Sunday has the value 7 which is not the case. The value is actually 0. It leads to a wrong calculation if for example firstDay and lastDay are both the same Sunday. The method returns 1 in this case but it should be 0.

Easiest fix for this bug: Replace in the code above the lines where firstDayOfWeek and lastDayOfWeek are declared by the following:

int firstDayOfWeek = firstDay.DayOfWeek == DayOfWeek.Sunday 
    ? 7 : (int)firstDay.DayOfWeek;
int lastDayOfWeek = lastDay.DayOfWeek == DayOfWeek.Sunday
    ? 7 : (int)lastDay.DayOfWeek;

Now the result is:

+1 That's probably the easiest and most efficient way to do it (my solution coming from C++ doesn't use the support of TimeSpan, C# makes some tasks so much easier). The bankHolidays is a nice touch too!

Also make sure that bank holidays as follows: if (firstDay <= bh && bh <= lastDay && bh.IsWorkingDay())

Thanks for the method. Although, I had to add the following to the bank holidays substraction/iteration if-statement: && !(bh.DayOfWeek == DayOfWeek.Sunday || bh.DayOfWeek == DayOfWeek.Saturday), else it would substract the same day twice, if a holiday falls in a weekend.

I changed the last loop for a Linq statement: businessDays -= bankHolidays.Select(bankHoliday => bankHoliday.Date).Count(bh => firstDay <= bh && bh <= lastDay);

Also they are countries that don't have the weekend in Saturday, Sunday. See this link for more info: en.wikipedia.org/wiki/Workweek_and_weekend

c# - Calculate the number of business days between two dates? - Stack ...

c# datetime
Rectangle 27 9

Don't get too hung up on that term Service Oriented Architecture (SOA) as its really more of a marketing term that describes a well-known and practiced software development methodology of making programs into specialized components that can be reused across a broad range of applications. It can also describe applying this software development methodology to business process modeling where business units and workflows are modularized and looked at as individual services rather than monolithic processes that exist in a bubble, and some call this different but related application of the concept Service Oriented Modeling.

While SOA shares a lot in common with modularization, it also adds the requirement that your separate code modules not only inter-operate and integrate (i.e. work well together with) each other, but potentially with everyone else's code in the world, and also that they are available over some well-defined mechanism.

An SOA "purist" might tell you that for your software to be "SOA-compliant" (note: that's not a real thing as there's no single set of rules or governing body on services) that you need to write it as a SOAP Web Service, publish and maintain a WSDL which can act as a contract between you and any implementing parties, and follow the relevant WS-* specs. However, in reality REST and other lightweight modularization/integration/reusability approaches are just as much in line with the concept of SOA.

If you did want to become an "expert" in SOA then read through every word of the following specs:

(those are just some of the most important WS-* specs, see full list here)

Then read every page of the following essential SOA books:

However, I don't actually advise that as there's way too much reading material. What I would suggest though, is that you use them as a reference as you code your own programs following an SOA methodology and notice that in a specific area, a reference manual on what to do next would come in handy. Practice makes perfect and you'll really learn a lot more from working with real-world examples than from reading books and learning everything about the standards and theory. As you mentioned, start with the overly-simplistic JAX-WS and JAX-RS Web Service examples that come out-of-the-box with IDEs like NetBeans or Eclipse, then try some examples that come with popular SOA frameworks like CXF, Axis2 or RESTlet.

In general, as you are writing code constantly ask yourself if your code is:

  • Reusable in other applications or domains
  • Makes its core functionality extensible internally and accessible externally (especially over a network connection, i.e. HTTP)
  • Provides output data or metadata in an easy to parse/process (and thus integrate) format like XML, JSON or one of the many related data languages and sub-languages
  • As specialized and modularized as possible; and at the same time, if there are other similar specalized APIs or Web Services that already exist out there, would it be better to use them instead of reinventing the wheel

There are lots of other questions and criteria that people may use, but IMHO these are the most important.

Great answer, but aren't you neglecting to mention the key point? It's not just about making programs from components, but from services: components that operate by listening for and answering requests over a network!

I'd argue that SOA as a methodology (as allueded to at the top of my answer) doesn't require a network to be applied as a concept, but yes I've updated my response to reflect that a network is usually involved.

@bomoney: So when a C program uses zlib for (un)compression support, it's doing SOA? Yikes - I've seen terminology dilution before, but never quite on this scale.

Wow, that's quite a leap... I didn't say that at all. The OP knows about SOAP/ws-* but was asking how they fit together to achieve SOA. What I did is list some common aspects of SOA to provide a high-level view and compare it to a simple Object-Oriented pattern namely "modularization" en.wikipedia.org/wiki/Module_pattern (which in my experience consulting for enterprises is a commonly sought-after SOA pattern, only in the form of Remote Procedure Invocation, Message Router and Event-Driven Consumer).

My point was for OP to take a step back and think about concepts they want to employ not just technologies. A C program using zlib has nothing to do with it... mind you if you were a sucker for punishment you could probably program an entire Enterprise Integration pattern into said strange form of C plus zlib compression/uncompression and call that SOA, being only partially a nutbar for doing things the difficult way, because the patterns themselves are technology agnostic.

web services - Understanding SOA architecture - Stack Overflow

web-services soap wsdl soa uddi
Rectangle 27 2

Let's start from the goal - the goal of game development is to create entertaining product. It should be accurate to the extend that it looks good and runs smoothly. The goal of a business software solution is to model a work process. It should be a tool which works fast enough. A stable product, which executes absolutely accurately and secure the tasks it should do.

Since we target different goals, we use different approaches to build a game and a business software. Let's move to the requirements. For a game, the requirements are determined by the game designer. For a software product the business defines the process and the requirements. For a game the requirements are not final - shall we have small cartoon figures or real human models - this does not matter for the game engine for example. But for a software product, the requirements should be strictly followed and cleared to the maximum possible detail before development.

From the different requirements come different software design and development approach. For a game the performance and gameplay are critical and the qualiity of the graphics and sounds (for example) could be reduced just to be compatible with weaker hardware. Also the physical model could be simplified just to run smoother and improve the gameplay. For the business software everything should be exact and cutting features means that your product will not be as functional as designed anymore.

For a game, the security is not important - there is no critical customer data which should be saved. For a business software a good security system should be supplied - starting from data encryption (while saving on data storage or transferring through network) moving through backup system and mentioning (but not last) the compatibility with previous versions.

language agnostic - What's the difference between game development and...

language-agnostic
Rectangle 27 11

In short a web server is a server that serves web pages to users via http. An application server is a server that hosts the business logic for a system. It often hosts both long running/batch processes and/or a interop services not meant for human consumption (REST/JSON services, SOAP, RPC, etc).

What does the term 'host's the business logic' mean? How is it performed?

Is the business logic exposed to the client through web services?

It can be served via web-services, or it can be served by any other interface (TCP, MQ, flat files on a share (I don't recommend the last)).

This can be misleading. The application server doesn't host anything. Your code hosts the business logic and the application server works as the glue between that and the web pages that users request.

webserver - What is the difference between application server and web ...

webserver terminology application-server
Rectangle 27 229

I went through this process not to long ago with a company I worked for and I plan on going through it again soon with my own business. If you have some network technical knowledge, it really isn't that bad. Otherwise you will be better off using Paypal or another type of service.

The process starts by getting a merchant account setup and tied to your bank account. You may want to check with your bank, because a lot of major banks provide merchant services. You may be able to get deals, because you are already a customer of theirs, but if not, then you can shop around. If you plan on accepting Discover or American Express, those will be separate, because they provide the merchant services for their cards, no getting around this. There are other special cases also. This is an application process, be prepared.

Next you will want to purchase an SSL certificate that you can use for securing your communications for when the credit card info is transmitted over public networks. There are plenty of vendors, but my rule of thumb is to pick one that is a brand name in a way. The better they are known, the better your customer has probably heard of them.

Next you will want to find a payment gateway to use with your site. Although this can be optional depending on how big you are, but majority of the time it won't be. You will need one. The payment gateway vendors provide a way to talk to the Internet Gateway API that you will communicate with. Most vendors provide HTTP or TCP/IP communication with their API. They will process the credit card information on your behalf. Two vendors are Authorize.Net and PayFlow Pro. The link I provide below has some more information on other vendors.

Now what? For starters there are guidelines on what your application has to adhere to for transmitting the transactions. During the process of getting everything setup, someone will look at your site or application and make sure you are adhering to the guidelines, like using SSL and that you have terms of use and policy documentation on what the information the user is giving you is used for. Don't steal this from another site. Come up with your own, hire a lawyer if you need to. Most of these things fall under the PCI Data Security link Michael provided in his question.

If you plan on storing the credit card numbers, then you better be prepared to put some security measures in place internally to protect the info. Make sure the server the information is stored on is only accessible to members who need to have access. Like any good security, you do things in layers. The more layers you put in place the better. If you want you can use key fob type security, like SecureID or eToken to protect the room the server is in. If you can't afford the key fob route, then use the two key method. Allow a person who has access to the room to sign out a key, which goes along with a key they already carry. They will need both keys to access the room. Next you protect the communication to the server with policies. My policy is that the only thing communicating to it over the network is the application and that information is encrypted. The server should not be accessible in any other form. For backups, I use truecrypt to encrypt the volumes the backups will be saved to. Anytime the data is removed or stored somewhere else, then again you use truecrypt to encrypt the volume the data is on. Basically where ever the data is, it needs to be encrypted. Make sure all processes for getting at the data carries auditing trails. use logs for access to the server room, use cameras if you can, etc... Another measure is to encrypt the credit card information in the database. This makes sure that the data can only be viewed in your application where you can enforce who sees the information.

I use pfsense for my firewall. I run it off a compact flash card and have two servers setup. One is for fail over for redundancy.

I found this blog post by Rick Strahl which helped tremendously to understand doing e-commerce and what it takes to accept credit cards through a web application.

One of the best I've seen.... +1

@donut: Because time moves on, and answers rarely remain static.

security - Payment Processors - What do I need to know if I want to ac...

security e-commerce pci-dss