Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Where to put security when using DDD - domain driven design

Tags:

security

domain-driven-design

As title is suggesting, I am interested in general opinion on where is the best to put all security related code(like code for JWT, standard authentication, etc.)

I am thinking about it quite a while and I do not have a clue what should be suitable place for this.

Does somebody has any experience with this. What is for you correct place for this, according to DDD?

like image 388
nemo_87 Avatar asked Sep 05 '16 13:09

nemo_87

People also ask

What is DDD in security?

Amongst the techniques introduced to manage the complexity of the application development process is Domain-driven design (DDD). DDD prescribes a specific application of separation of concerns to the application model into a domain model and DDD-services.

Why there is a need for domain driven design DDD )?

Domain-Driven Design(DDD) is a collection of principles and patterns that help developers craft elegant object systems. Properly applied it can lead to software abstractions called domain models. These models encapsulate complex business logic, closing the gap between business reality and code.

Is domain driven design still relevant?

Domain-driven design (DDD) is a useful approach that provides excellent guidelines for modeling and building systems, but it is a means to an end, not an end in itself. While the concepts are valid, you lose a lot if you limit yourself to using them only: There actually is a life beyond DDD.

Where is domain driven design used?

Domain-driven design is perfect for applications that have complex business logic. However, it might not be the best solution for applications with minor domain complexity but high technical complexity. Applications with great technical complexity can be very challenging for business-oriented domain experts.

1 Answers

As mentioned by @inf3rno in Access Control in Domain Driven Design, Vaughn Vernon briefly touches upon this in his book Implementing Domain-Driven Design.

Security and permissions should be centralized in its own bounded context, which is then used by other bounded contexts. Have a look at the Identity Access bounded context for inspiration, but I recommend following Schneier's Law, which states that you should not build your own security system.

like image 68
Martin4ndersen Avatar answered Sep 28 '22 06:09

Martin4ndersen
Sign in to Comment

Related questions

how to deal with passwords securely within your application
Flash vs Native Webcam Permissions in Chrome 28
Security Risks of Including a 3rd Party iFrame
Java 7u45 Security Warning: Allow access to the following application from this web site?
Is it possible to use reCAPTCHA without iframe and any javascript?
How to make each user access resources at a specific location according to their authority/role in JAAS?
Reading data from a security token in a browser
how does big companies like google, amazon, manage their private key infrastructure?
spray security: how to protect routes?
Securing a Thrift server aginst the POODLE SSL vulnerability
Strategies for safely storing and using user credentials testing environments
Difference between HTTP Splitting AND HTTP Smuggling?
How to check if user is a Domain User or Local User?
Protecting twitter keys on Android
Should I use ValidateAntiForgeryToken in every POST request? [closed]
Veracode Insecure Temporary File error when using java.io.File.createTempFile
AcceptSecurityContext fails when application is running as a service
Security concerns with base64 encoded images
In Rails, can the secret_key_base be updated without losing previously signed data?
Why does Spring Security use default pre authentication checks?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!