Udi Dahan   Udi Dahan – The Software Simplist
Enterprise Development Expert & SOA Specialist
    Blog Consulting Training Articles Speaking About

How to create fully encapsulated Domain Models

Friday, February 29th, 2008.

image Update: The new and improved solution is now available: Domain Events, Take 2.

Most people getting started with DDD and the Domain Model pattern get stuck on this. For a while I tried answering this on the discussion groups, but here we have a nice example that I can point to next time.

The underlying problem I’ve noticed over the past few years is that developers are still thinking in terms of querying when they need more data. When moving to the Domain Model pattern, you have to “simply” represent the domain concepts in code – in other words, see things you aren’t used to seeing. I’ll highlight that part in the question below so that you can see where I’m going to go with this in my answer:

I have an instance where I believe I need access to a service or repository from my entity to evaluate a business rule but I’m using NHibernate for persistence so I don’t have a real good way to inject services into my entity. Can I get some viewpoints on just passing the services to my entity vs. using a facade?

Let me explain my problem to provide more context to the problem.

The core domain revolves around renting video games. I am working on a new feature to allow customers to trade in old video games. Customers can trade in multiple games at a time so we have a TradeInCart entity that works similar to most shopping carts that everybody is familiar with. However there are several rules that limit the items that can be placed into the TradeInCart. The core rules are:

1. Only 3 games of the same title can be added to the cart.
2. The total number of items in the cart cannot exceed 10.
3. No games can be added to the cart that the customer had previously reported lost with regards to their rental membership.
    a. If an attempt is made to add a previously reported lost game, then we need to log a BadQueueStatusAddAttempt to the persistence store.

So the first 2 rules are easily handled internally by the cart through an Add operation. Sample cart interface is below.

   1:  class TradeInCart{
   2:      Account Account{get;}
   3:      LineItem Add(Game game);
   4:      ValidationResult CanAdd(Game game);
   5:      IList<LineItems> LineItems{get;}
   6:  }

However the #3 rule is much more complicated and can’t be handled internally by the cart, so I have to depend on external services. Splitting up the validation logic for a cart add operation doesn’t seem very appealing to me at all. So I have the option of passing in a repository to get the previously reported lost games and a service to log bad attempts. This makes my cart interface ugly real quick.

   1:  class TradeInCart{
   2:      Account Account{get;}
   3:      LineItem Add(
   4:          Game game, 
   5:          IRepository<QueueHistory> repository, 
   6:          LoggingService service);
   8:      ValidationResult CanAdd(
   9:          Game game, 
  10:          IRepository<QueueHistory> repository, 
  11:          LoggingService service);
  13:      IList<LineItems> LineItems{get;}
  14:  }

The alternative option is to have a TradeInCartFacade that handles the validations and adding the items to the cart. The façade can have the repository and services injected though DI which is nice, but the big negative is that the cart ends up totally anemic.

Any thought on this would be greatly appreciated.


As I highlighted above, the thing that will help you with your business rules is to introduce the Customer object (that you probably already have) with the property GamesReportedLost (an IList<Game>). Your TradeInCart would have a reference to the Customer object and could then check the rule in the Add method.

Before I go into the code, it looks like your Account object might be used the same way, but your description of the domain doesn’t mention accounts, so I’m going to assume that that’s unrelated for now:

   1:  public class Customer{
   3:      /* other properties and methods */
   5:      private IList<Game> gamesReportedLost;
   6:      public virtual IList<Game> GamesReportedLost 
   7:      { 
   8:          get
   9:          {
  10:              return gamesReportedLost;
  11:          }
  12:          set
  13:          {
  14:              gamesReportedLost = value;
  15:          }
  16:      }
  17:  }

Keep in mind that the GamesReportedLost is a persistent property of Customer. Every time a customer reports a game lost, this list needs to be kept up to date. Here’s the TradeInCart now:

   1:  public class TradeInCart
   2:  {
   3:      /* other properties and methods */
   5:      private Customer customer;
   6:      public virtual Customer Customer
   7:      { 
   8:          get { return customer; }
   9:          set { customer = value; }
  10:      }
  12:      private IList<LineItem> lineItems;
  13:      public virtual IList<LineItem> LineItems
  14:      {
  15:          get { return lineItems; }
  16:          set { lineItems = value; }
  17:      }
  19:      public void Add(Game game)
  20:      {
  21:          if (lineItems.Count >= CONSTANTS.MaxItemsPerCart)
  22:          {
  23:              FailureEvents.RaiseCartIsFullEvent();
  24:              return;
  25:          }
  27:          if (NumberOfGameAlreadyInCart(game) >=
  28:              CONSTANTS.MaxNumberOfSameGamePerCart)
  29:          {
  30:              FailureEvents
  31:                .RaiseMaxNumberOfSameGamePerCartReachedEvent();
  32:              return;
  33:          }
  35:          if (customer.GamesReportedLost.Contains(game))
  36:              FailureEvents.RaiseGameReportedLostEvent();
  37:          else
  38:              this.lineItems.Add(new LineItem(game));
  39:      }
  41:      private int NumberOfGameAlreadyInCart(Game game)
  42:      {
  43:          int result = 0;
  45:          foreach(LineItem li in this.lineItems)
  46:              if (li.Game == game)
  47:                  result++;
  49:          return result;
  50:      }
  51:  }
  53:  public static class FailureEvents
  54:  {
  55:      public static event EventHandler GameReportedLost;
  56:      public static void RaiseGameReportedLostEvent()
  57:      {
  58:           if (GameReportedLost != null)
  59:               GameReportedLost(null, null);
  60:      }
  62:      public static event EventHandler CartIsFull;
  63:      public static void RaiseCartIsFullEvent()
  64:      {
  65:           if (CartIsFull != null)
  66:               CartIsFull(null, null);
  67:      }
  69:      public static event EventHandler MaxNumberOfSameGamePerCartReached;
  70:      public static void RaiseMaxNumberOfSameGamePerCartReachedEvent()
  71:      {
  72:           if (MaxNumberOfSameGamePerCartReached != null)
  73:               MaxNumberOfSameGamePerCartReached(null, null);
  74:      }
  75:  }

image Your service layer class that calls the Add method of TradeInCart would first subscribe to the relevant events in FailureEvents. If one of those events is raised, it would do the necessary logging, external system calls, etc.

As you can see, the API of TradeInCart doesn’t need to make use of any external repositories, nor do you need to inject any other external dependencies in.

One thing I didn’t do in the above code to keep it “short” is to define the relevant custom EventArgs for bubbling up the information as to which game was reported lost or already have 3 of those in the cart. That is something that definitely should be done so that the service layer can pass this information back to the client.

Here’s a look at Service Layer code:

   1:  public class AddGameToCartMessageHandler :
   2:      BaseMessageHandler<AddGameToCartMessage>
   3:  {
   4:      public override void Handle(AddGameToCartMessage m)
   5:      {
   6:          using (ISession session = SessionFactory.OpenSession())
   7:          using (ITransaction tx = session.BeginTransaction())
   8:          {
   9:              TradeInCart cart = session.Get<TradeInCart>(m.CartId);
  10:              Game g = session.Get<Game>(m.GameId);
  12:              Domain.FailureEvents.GameReportedLost +=
  13:                gameReportedLost;
  14:              Domain.FailureEvents.CartIsFull +=
  15:                cartIsFull;
  16:              Domain.FailureEvents.MaxNumberOfSameGamePerCartReached +=
  17:                maxNumberOfSameGamePerCartReached;
  19:              cart.Add(g);
  21:              Domain.FailureEvents.GameReportedLost -=
  22:                gameReportedLost;
  23:              Domain.FailureEvents.CartIsFull -=
  24:                cartIsFull;
  25:              Domain.FailureEvents.MaxNumberOfSameGamePerCartReached -=
  26:                maxNumberOfSameGamePerCartReached;
  28:              tx.Commit();
  29:          }
  30:      }
  32:      private EventHandler gameReportedLost = delegate { 
  33:            Bus.Return((int)ErrorCodes.GameReportedLost);
  34:          };
  36:      private EventHandler cartIsFull = delegate { 
  37:            Bus.Return((int)ErrorCodes.CartIsFull);
  38:          };
  40:      private EventHandler maxNumberOfSameGamePerCartReached = delegate { 
  41:            Bus.Return((int)ErrorCodes.MaxNumberOfSameGamePerCartReached);
  42:          };
  43:      }
  44:  }

It’s important to remember to clean up your event subscriptions so that your Service Layer objects get garbage collected. This is one of the primary causes of memory leaks when using static events in your Domain Model. I’m hoping to find ways to use lambdas to decrease this repetitive coding pattern. You might be thinking to yourself that non-static events on your Domain Model objects would be easier, since those objects would get collected, freeing up the service layer objects for collection as well. There’s just on small problem:

The problem is that if an event is raised by a child (or grandchild object), the service layer object may not even know that that grandchild was involved and, as such, would not have subscribed to that event. The only way the service layer could work was by knowing how the Domain Model worked internally – in essence, breaking encapsulation.

If you’re thinking that using exceptions would be better, you’d be right in thinking that that won’t break encapsulation, and that you wouldn’t need all that subscribe/unsubscribe code in the service layer. The only problem is that the Domain Model needs to know that the service layer had a default catch clause so that it wouldn’t blow up. Otherwise, the service layer (or WCF, or nServiceBus) may end up flagging that message as a poison message (Read more about poison messages). You’d also have to be extremely careful about in which environments you used your Domain Model – in other words, your reuse is shot.


I never said it would be easy :-)

However, the solution is simple (not complex). The same patterns occur over and over. The design is consistent. By focusing on the dependencies we now have a domain model that is reusable across many environments (server, client, sql clr, silverlight). The domain model is also testable without resorting to any fancy mock objects.

One closing comment – while I do my best to write code that is consistent with production quality environments, this code is more about demonstrating design principles. As such, I focus more on the self-documenting aspects of the code and have elided many production concerns.

Do you have a better solution?

Something that I haven’t considered?

Do me a favour – leave me a comment. Tell me what you think.

If you liked this article, you might also like articles in these categories:

Check out my Best Content If you've got a minute, you might enjoy taking a look at some of my best articles.
I've gone through the hundreds of articles I've written over the past 6 years and put together a list of the best ones as ranked by my 5000+ readers.
You won't be disappointed.

Subscribe to my feedIf you'd like to get new articles sent to you when they're published, it's easy and free.
Subscribe right here.

Follow me on Twitter Follow me on Twitter @UdiDahan.

Something on your mind? Got a question? I'd be thrilled to hear it.
Leave a comment below or email me, whatever works for you.


  1. Ayende Rahien Says:

    Does it really make sense to do so in the general case.
    Assume that it is not lost games that you want to check, but all games that were rented (to prevent bootlegging).
    Now, you have a potential of a lot of entries in that collection, vs. the relatively short amount that can be expected in lost games collection.

    At that point, loading the entire collection from DB becomes prohibitively expensive.

    My approach for that would be to define ICustomerInformationService
    (badly name, I know), which I could ask questions such as:

    customerInformationService.WasGameReportedAsLost(customer, game);

    About the events, you need to override the default handling of the event registration and use weak ref pointers to them.

  2. Alex Says:

    Is there any way you could publish the whole source of the project, so that less experiences people like me will be able to see it in action and understand more clearly.

  3. Jesse Says:

    Wow Udi, thanks for the excellent post and follow up to the problem that I posted on the DDD forum. I totally agree with you that it would be great to just check the Account(Customer) object for the lost games. In our domain we actually have a RentalQueue object that can be accessed off of Account which contains answers to many questions about active games which the user wants to rent, but once a game is reported lost or returned(there are many other states besides these 2) then it falls out of the active RentalQueue and into a QueueArchive. I failed to mention this in the post, but this archive list could grow to be rather large over time and having to load the complete list to find lost games would be impractical. So this is pretty much the situation that Ayende points to in his comment.

    I agree that throwing exceptions as the notification pattern would not be the way to go. Exceptions are inefficient and I believe that the violations that can occur when adding an item to a cart do not justify an exception because they are known states that can occur in the domain.

    I like the notification pattern you have used using events and I have actually done something similar in the past, however I stopped using it because I was afraid of the memory leaks as you have mentioned. I am interested in ayende’s comment, “About the events, you need to override the default handling of the event registration and use weak ref pointers to them”. Can you show an example of what you mean be this Ayende? Also I think overuse of this can make the application code difficult to follow so I have started using a different kind of notification pattern that simply passes back a ValidationResult to callers. The ValidationResult can contain a list of violations that are keyed, so you can check for a specific violation like this


    Obviously this isn’t quite as clean as the observer notification pattern you have laid out but it feels much more explicit to me. So I end up with an operation like this

    ValidationResult Add(game);

    So how would you handle this knowing that Queue archive has to be searched to find out if the game was reported lost? And that the archive can become quite large as it grows over time.

  4. Evan Says:

    You could remove the garbage collection related noise by doing the following:

    1. Define a stateful event class (instead of a static event class)
    2. Use the stateful event class as part of a context (CallContext, RequestContext, etc).
    3. Make the event class implement IDisposable

    There are a number of implementation options depending on IoC/DI preferences.

    Inside service layer method:

    using (IFailureEvents events = IEventFactory.CaptureFailureEvents())
    events.OnKaboom += FreakOut;

    //insert domain manipulation here

    The events to the domain model can work just like ambient transactions..


    And of course, Dispose() takes care of dropping all the subscribed delegates.

    This also takes care of some nasty error conditions. As an example, your blog code above will leak memory if the domain model throws an exception inside cart.Add().

    Also, if I’m reading your code correctly, you are buggy for multiple threads. If Handle() is called concurrently in multiple threads, you may end up returning multiple error codes where you only wanted to return 1 (since the deletegates are attached to a static event–you may have many subscribers attached to it during concurrent execution).


  5. Ollie Riches Says:

    Udi, are you saying that domain entities should reference the respository implementations internal for lazy loading techniques?

    I know you said this is not production quality code and is for demostration purposes but wouldn’t be benefical to wrap the event
    subscribeunsubscribe into a disposable class so that you could use a ‘using’ statement which would then give you the automatic unsubscribing and no need for an explicit tryfinally block etc…

    I’m also interested what Ayende means about overriding the default event handling etc.

  6. Ayende Rahien Says:

    For overriding, you do something like this:

    List<WeakReference> gameRentalsEvents;

    event EventHandler GameRental
    add { gameRentalEvents.Add(value); }
    remove { gameRentalEvents.Remove(value); }

  7. Nick Says:

    This is an issue I’ve been struggling with for some time and have asked about on the DDD and alt.net groups, but still have found no solution I’m happy with.

    Ayende, where would you use ICustomerInformationService? Would you pass it into the cart like LineItem Add(Game game, ICustomerInformationService customerInformationService)?

    It seems to me the problem comes down to this:

    1. We don’t want anemic entities, that is we want them to do stuff
    2. We want our objects decoupled
    3. We don’t want to use standard dependency injection techniques on our entities
    4. In order to do things, sometimes we need to use other objects

    So, the problem is, how do we make our entities aware of those other objects they need to do the stuff we want them to do?

    A couple suggestions that have been made:

    1. Don’t decouple (goes against 2 above)
    2. Use standard DI, e.g. have NHibernate inject the dependencies on object creation (goes against 3 above)
    3. Pass in the dependencies as an argument of the relevant method of the entity
    4. Break all such problems out into a domain service and call it from the service layer

    Each of these has its obvious problems. In truth, when I’ve tried 2, my API was certainly the nicest, though there is something about it that just feels wrong.

    I’m beginning to think there is no good solution and that if I want my domain to do stuff, I should just have a bunch of domain services and anemic entities.

  8. Ollie Riches Says:

    Ayende, where is the advantage when overriding the event handlers?

  9. udidahan Says:

    Ayende [1],

    > Does it really make sense to do so in the general case?

    Yes. It does. This is what the Domain Model is all about.

    > Assume that it is not lost games that you want to check, but all
    > games that were rented (to prevent bootlegging).
    > Now, you have a potential of a lot of entries in that collection,
    > vs. the relatively short amount that can be expected in lost games
    > collection.

    You have to remember that the Domain Model is part of the OLTP part of the system. Anything that deals with “all” of anything when that can be a large collection – doing that in an OLTP environment will kill your concurrency anyway. That then is handled outside the Domain Model – an OLAP issue.

    For instance, we could cache a snapshot (correct up until T – delta) of the ID’s of rented games in memory. I’d have a BootleggingPreventionMessageHandler which is configured to run before the AddGameToCartMessageHandler use that cached information to flag a problematic message.

    Not everything needs to be done in the Domain Model.

    Does that make sense?

  10. udidahan Says:


    > you are buggy for multiple threads. If Handle() is called
    > concurrently in multiple threads

    Each message handler is a single-call object. Multiple handling threads using multiple instances of that class – so there’s nothing to worry about there.

    I am trying to work something into the configuration of nServiceBus so that message handlers will be automatically configured correctly.

  11. udidahan Says:


    > Udi, are you saying that domain entities should reference the
    > respository implementations internal for lazy loading techniques?

    Absolutely not.

    By using IList in my domain objects, the O/R mapper fills that with its own lazy-loading list implementation.

    So, while my domain objects effectively call into the O/R mapper’s lazy loading code, there is no dependency there.

    Does that make sense?

  12. Ollie Riches Says:

    I meant to ask:

    ‘are you saying that domain entities SHOULDN’T reference the respository implementations internal for lazy loading techniques?’


  13. Colin Jack Says:

    Good post.

    We use a notification style rather than events (CanAdd/Add) but we are just supporting Web apps at the minute so we might need to look at events at some stage if that changes.

  14. Jesse Ezell Says:

    Udi, I don’t like your error handling approach at all right here. You are opening up consumers to all sorts of potential error handling nightmares. For example, suppose after the add call you have another action that is called. This action should be executing under the same transactional context. You don’t explicitly point out if your Bus return method would throw an exception or somehow abort the thread. If it doesn’t throw an exception or abort the thread, then we have a problem because after the call to the Return method, we will execute the second action, which will then get committed, even though the first action never happened. Additionally, even if the return method did throw an exception, there is still the possibility that you didn’t attach all the possible error handlers (or maybe at some point an additional error check is added to the Add method). If you forget to attach a handler, the error never bubbles up and again you have the same problem. Throwing exceptions instead would make it far easier to avoid this type of problem.

    You also have the possibility that an exception can be thrown inside the add method itself, which further complicates things and means you might need to handle errors in two completely different ways.

    Furthermore, there is a problem as soon as multiple threads start participating in this process. Since your events are static, an error on one thread could end up lauching the event handler that was actually intended to be used by another thread. Since the event doesn’t even contain a reference to the owner object, there isn’t even a way for your handler to know if it is being called as a result of the operations on its thread.

    So, this seems to cause quite a few messes that could be entirely avoided simply by throwing exceptions instead of trying to reinvent the wheel.

  15. udidahan Says:


    Thank you so much for your comments. There’s a lot of meat in there. Let me try to address them one at a time:

    “suppose after the add call you have another action that is called. This action should be executing under the same transactional context.”

    The vast majority of messages result in calling a single method on the domain model. Well, that’s how my domain models are designed, anyway. Regardless, it is correct that it would be in the same transactional context.

    “You don’t explicitly point out if your Bus return method would throw an exception or somehow abort the thread.”

    The chance of Bus.Return throwing an exception is extremely low, as it is using store-and-forward messaging as well. In other words, even if the client we are responding to is offline, it would not throw an exception. I don’t currently see other ways it might abort a thread – and this is after seeing it in production over 3 years.

    “If it doesn’t throw an exception or abort the thread, then we have a problem because after the call to the Return method, we will execute the second action, which will then get committed, even though the first action never happened.”

    I’m not quite sure what you mean here, but I’ll hazard a guess. If you are referring to the fact that we might return a response to the client after the first method call, yet the second call may fail resulting in a rollback, then that would break isolation. Yet, once again, by using store-and-forward messaging that is transaction aware, the Bus.Return will be rolled back as well – ie, the response will not be sent to the client.

    “there is still the possibility that you didn’t attach all the possible error handlers (or maybe at some point an additional error check is added to the Add method).”

    The point is not necessarily to handle all error events but only those that it makes sense to let the client know about. If the database cannot be reached, that’s not something that the client/user could do anything about. Better to let an administrator know, and after the admin has fixed the problem, to allow him to replay the messages that failed previously due to that problem.

    “You also have the possibility that an exception can be thrown inside the add method itself, which further complicates things and means you might need to handle errors in two completely different ways.”

    Certain exceptions can’t (and shouldn’t) be handled by applicaiton code, like the DB being unavailable, or having the transaction being chosen as the victim of a deadlock. The only solution for those scenarios is to retry. If N retries have failed, move the messages to some other queue, from which the admin can return them after the problem has been rectified. Other than that, the domain model should be designed in such a way that exceptions won’t be thrown.

    On the issue of threading – you’re correct. I forgot to put the ThreadStatic attribute on the events. However, when moving to the weak-reference solution Ayende outlined, those delegates would be stored in something like ThreadLocalStorage.

    The problem with counting on exceptions, and catching them is handling those “unhandleable” exceptions – DB unavailable, deadlocks, out of memory, etc. Once you have to handle those robustly, then you may find your solution much more complicated without having transactions spans a store-and-forward transactional messaging communications layer. Also, you may still be thinking about single response semantics – but how does your solution work if you can return multiple responses?

    Sorry, that was an insincere question. I know the answer, and it’s that the solution doesn’t handle it well at all. The thing is that few developers consider the value of being able to response with multiple messages.

    Consider a simple “get all orders for customer” message, when that customer has millions of orders. If you try to bundle that all up into a single response, you’ll out-of-memory yourself – also known as denial-of-service yourself. If you can “stream” or “chunk” the data out of the database all the way through the messaging you can handle it much more elegantly.

    Well, this response is becoming longer than many of my posts, so I’ll stop here.

    Thanks again for your comments.

  16. Colin Jack Says:

    I thought I’d read old blog entries where you indicated you don’t use DI for entities because you like them to be stand alone (http://www.ayende.com/Blog/archive/2007/08/23/Dependency-Injection-in-a-Dynamic-Environment.aspx). Would you thus inject the service into the entity or call it from a higher layer?

  17. Jesse Ezell Says:

    Thanks for the response. I think I must not have been clear on the transaction issue. Here is code to illustrate a little better what I was trying to get at. Let’s say that instead of just calling Add, the method calls two methods in your domain model:


    Suppose the Add method fires the failure event. The AddHit method will still execute and then be committed by the tx.Commit line below. However, you don’t want AddHit to be committed, because the Add call failed. Your approach requires users to handle all possible errors, while throwing exceptions safely aborts the transaction without any additional work. If you derive your exceptions from a common base class, you can always handle rule violation exceptions and convert them to fault messages instead of letting them go unhandled entirely and wind up causing poison messages.

    Keep in mind that throwing exceptions doesn’t prevent you from returning multiple rule violations or messages. This is still easy to do when throwing exceptions, you just have to allow the exception to contain a list of violations.

  18. udidahan Says:


    It looks like you’re saying that things like auditing and hit tracking should not occur when the domain model decides it doesn’t want to update its data.

    I don’t think that that’s what you meant to say.

    And throwing exceptions cuts short the execution within the domain model – so while it doesn’t TECHNICALLY prevent multiple return messages, it prevents the rest of the domain stack from having its say.

    Hope that makes sense.

  19. Pavel Bazanov Says:

    I think Jesse meant that it’s not correct to call tracker.AddHit(g) after failure in cart.Add(g). But in your case it will be called even if cart.Add raises failure event.

    And I also think it’s not good.

    Please comment on this.

  20. udidahan Says:

    Pavel (and Jesse),

    If there is some logical connection between what tracker.AddHit(g) and cart.Add(g) are doing, that should be expressed in the domain model. In other words, only after cart.Add(g) is successful should the domain cause tracker.AddHit(g) to be called.

    In order to handle all aspects of the problem in as simple a way as possible, each part of the solution has to follow certain rules. By having the service layer only call one method on the domain model, transaction management, error handling, and correctness all “just work”.

    I’m sure that getting a more generic solution to work is possible, however I find that it tends to be either much more work, or may leave certain scenarios unhandled (losing messages if the database is unavailable).

    Does that make things a little clearer?

  21. Yoni Rapoport Says:

    I like the idea of introducing the Customer object and using it for validity checking but I think the FailureEvents class and its usage is a poor choice for monitoring failure to add a game. It adds unnecessary complexity and violates encapsulation. Instead, a simple object could be sent to the “Add” method and provide methods for addressing failures.

  22. Pavel Bazanov Says:

    I talked to one russian Software Architects (he is very very good in my opinion) today and he says, that usually he raises exceptions during data and business rules validation.

  23. Yoni Rapoport Says:

    Pavel, throwing and catching exceptions is also a violation of encapsulation. It is error prone, adds unnecessary complexity, and should generally be used as a last resort.
    I think that instead of trying to hide the fact that validation is being performed, one should explicitly provide an end-point for handling invalid data notifications.

  24. Pavel Bazanov Says:

    Why do you say it is error prone and adds unnecessary complexity. I don’t see any complexity at all.

  25. Yoni Rapoport Says:


    There are many subtle complexities which may only become apparent as the code evolves but here are two examples:
    1. Whenever you add a call to the “Add” method you should probably handle the various exceptions that may be thrown as validation occurs. This may become difficult as you begin to search the code of the “Add” method and all other methods being called from within “Add” to try and locate all of these exceptions.
    2. Whenever a new validation rule is introduces a new exception has to be thrown. Now a manual search must be made for all code which calls “Add” in order to make sure the exception is caught. Missing one of these calls can result in the exception propagating to a completely unrelated area of the application.

    The list goes on…

  26. udidahan Says:


    The problem with passing some Errors object around is that it becomes difficult to take action in your code when an error occurs – events help solve that.

    I’ll be putting up a post describing more about the whole Failure Events “paradigm”.

    The complexity of remembering to remove event subscriptions will be handled by Ayende’s weak reference comment.

  27. udidahan Says:

    Yoni, with respect to Pavel’s comment,

    I don’t think that he’s necessarily talking about custom exceptions. The problem with any kind of exception is that it is difficult to know what to do with it – should we just retry the transaction? Should we send a message back to the client?

    We need one way of doing things that is robust, and then adjust our development practices around that. Otherwise, we’ll be continuously creating NP complete problems for ourselves around software stability and correctness. Well, that’s been my experience anyway.

  28. Yoni Rapoport Says:


    The “Error” objects which are passed are of course constructed as instances of classes which implement a certain “Error” interface. The same code you have placed in event handlers can be placed within such class.

    It will be interesting to see how you can prevent these events (which are defined in a static class and can be fired and handled from anywhere in the code) from becoming a debugging and maintenance nightmare in anything but the simplest of scenarios.

  29. Yoni Rapoport Says:

    Udi, with respect to you your last comment (No. 27),

    Well, the same questions can be asked about FailureEvents which are raised – “should we just retry the transaction? Should we send a message back to the client?”

    The answers should be explicitly represented in code.

    I’m not sure I understand what you mean by “one way of doing things”. I think you will find that sticking with encapsulation, by having an object communicate only with its members or objects which were passed to it, is extremely robust and flexible

  30. udidahan Says:


    When a failure event is raised – this is an applicative state, no amount of retrying is going to change that.

    The service layer / message handler decides which kinds of errors it want to notify the client about and just ignores everything else. This prevents the problem you outlined with custom exceptions.

    Exceptions occur in exceptional situations that the service layer code can’t really handle robustly by itself – the database can’t be reached, the transaction was chosen as the victim of a deadlock, etc. In these exceptional situations (that most developers don’t think about enough) retrying is the correct behavior – but only from a wider perspective. Transactions need to span the messaging layer as well in order to prevent message loss in case of server failure – in other words, we roll back the messaging layer as well.

    If a message gets retried N times, we consider the problem unsolvable at that point in time and move the message to an error queue. Administrators monitor that error queue, and can take action when they see messages piling up there.

    Deserialization exceptions are another kind of problem that needs similar error queue handling, but the whole N retry thing can be short-cutted at an infrastructure level.

    About the “one way of doing things”, in order to have a system-wide solution which takes into account exceptional situations like the above, preventing message loss, and working well with administrators, we find that the degrees of freedom we have in writing code for one part of the system are somewhat limited – which is OK. Rules prevent analysis paralysis, shorten training, lead to coding standards, etc.

    I agree that your error object pattern fits well with all the other system level issues, so now we can limit our discussion to domain model encapsulation, and service layer interaction. BTW, don’t think that there is only one static class with events, we can express other business events similarly.

  31. Pavel Bazanov Says:

    With respect to your post, I will reply about your 2 example of subtle complexities.

    1. You don’t need to check the method you call for possible exceptions. First of all you should have a convention of exceptions which you throw inside BLL or DAL, so you always know which exceptions can be thrown. Second, you may write catch(Exception ex) to catch all possible exceptions, because usually all you need is to show user exception message.
    2. Again, you don’t need to search for all code which calls “Add” method if you add new validation. Because, first of all, if you add new validation, you can still throw same ValidationException (why do you need another new exception type for validation?). And second, again, you may have catch(Exception ex) and don’t care about different exception types.

    So, I wanna say, that you just need to create a convention of how you throw and handle exceptions in BLL and DAL and that’s all. So, with respect to your opinion, I think that “subtle complexity” is something you just thought up, not a real complexity.

  32. Yoni Rapoport Says:


    I guess that for the simple scenario you describe, in which every validation error is handled in the exact same way and all validation failures can be represented using a single class, this will work. I still think that even having to adhere to such convention is error prone because that’s one more thing to remember and one more thing to teach your successor. In addition, I also still think that for your simple scenario an “Add(Game game, System.Action validationFailure)” method will result in shorter and more robust code:

    cart.Add(game, delegate(string messageToUser) { // show user message });

  33. udidahan Says:


    What would you do if that code ran server side?

  34. Yoni Rapoport Says:


    If your intention is asking what I would do if the caller of cart.Add and the implemntation of cart.Add resided on two seperate tiers then I guess I would provide a client-side proxy of TradeInCart which will conduct the relevant communication with the server. If the communication is such that the server cannot initiate calls back to the client then an appropriate request/response mechanism should be wrapped around the “Add” call – namely validation failures should be stored and returned to the client after the method returns.

    I hope I understood your question correctly. I am not sure how the usage of message handlers provides a better solution to the issue of distributed programming in this case. More importantly, I think it is a mistake to include technical considerations such as performance or network distribution when discussing software design. Well designed software will always allow for future technical improvements.

    I always advise to write well designed, testable code first and only later worry about performance and deployment scenarios.

  35. udidahan Says:


    I guess my question targeted your “show user message” comment, specifically the delegate part of it.

    I’m afraid that on the issue of performance/distribution we’ll have to disagree – some things can’t be solved after the fact. Now, as a result of my consulting practice, I may tend to see a larger percentage than most where that occurs. The result is usually a redesign/rewrite.

    Not that I’m against well designed, testable code mind you :)

  36. udidahan Says:

    One last thing, in terms of correctness under a multi-threaded execution environment when using Ayende’s proposed solution – just mark the list with the [ThreadStatic] attribute.

    It would be nice if there was a library that wrapped this up, wouldn’t it?

  37. Domain Events - Take 2 Says:

    […] previous post on how to create fully encapsulated domain models introduced the concept of events as a core pattern of communication from the domain back to the […]

  38. Elegant Code » Decoupled Domain Models Says:

    […] has written about How to create fully encapsulated Domain Models in the past (make sure to read the comments) and has further refined this approach in one of his […]

  39. Morten Lyhr Says:

    I think your solution is complex and a bit over architected.

    You can see my solution here: http://morten.lyhr.dk/2008/09/how-to-create-fully-encapsulated-and.html

  40. Colin Jack Says:

    Trying to re-read this and I think there are maybe a couple of things going on here:

    1) Dependencies – Avoiding domain having external dependencies, this was what the original question was about in relation to rule 3. You’ve solved it by just having a collection on the entity, avoiding the need to go to the repository.
    2) Handling any failures – Which is where events come in.

    The two approaches can be used seperately and its the second one that I guess is more interesting…

    “The only problem is that the Domain Model needs to know that the service layer had a default catch clause so that it wouldn’t blow up. Otherwise, the service layer (or WCF, or nServiceBus) may end up flagging that message as a poison message (Read more about poison messages). You’d also have to be extremely careful about in which environments you used your Domain Model – in other words, your reuse is shot.”

    I see it a little differently. My domain classes allow other layers to ask questions, so you can ask can I do this? If the answer is no then you are given a nice Notification style object full of useful information explaining why the operation cannot be done. If however you ignore this nicety and try to proceed with the action anyway then we raise an exception (exceptions being useful when a method cannot do what it was designed to do).

    Exceptions are thus very rare and generally indicate a programming bug, you forgot to check that the operaiton was possible.

    As you say if the caller does not pay attention and we do throw an exception then it might cause a failure, but then the equivalent of not catching an exception is not attaching to the error event handler and is it really better for the system to continue on after that happens?

    You can also solve the retry/multiple responses issues, I’ve definitely had exceptions that we caught and retried and bulked up errors into one exception and both worked well.

    Despite using them my main problem with exceptions is that if you get all sorts of layers catching exceptions then it gets difficult to impose a policy that enforces consistent handling for particular types of exception. However this doesn’t invalidate the whole approach.

    “In order to handle all aspects of the problem in as simple a way as possible, each part of the solution has to follow certain rules. By having the service layer only call one method on the domain model, transaction management, error handling, and correctness all “just work”.”

    Let me check I understand. Lets say that within the single domain method we need to coordinate some work accross two aggregates, each is being updated. The update to the first fails and we raise the appropriate FailureEvent, the domain service/method has already subscribed to this event and its handler ensures we don’t continue with the update to the second aggregate. In addition the event is then also handled by the service layer. Does this sum up the approach?

  41. Daniel Says:

    I know I am many months late, but I just happened to see this today and fits nice with what I am doing right now.
    What would happen if the values that you access through CONSTANTS would come from configuration? Would it be hard to test the entity as you would depend implicitly on configuration?
    Would it be fine have a dependency on IConfiguration in our entity? Would the repository method Get() the place to inject that dependency using some sort of Service Locator?

    thanks in advance

  42. udidahan Says:


    About the CONSTANTS – you’d have to set up some kind of injection for your entities, currently not well supported by the ORM tools.

    There’s a deeper issue here around who can change the behavior of the domain, and how, and who tests that the domain behaves correctly under the new config, and if this impacts data already saved in the database.

    In short, there’s no silver bullet.

  43. udidahan Says:


    > My domain classes allow other layers to ask questions, so you can ask can I do this?

    I’m afraid that that violates the “tell, don’t ask” principle of OO.

    Also, by and large you don’t have single methods updating across aggregates. The cases where I’ve seen that happen were where the domain model was too big, trying to capture rules across multiple contexts.

  44. Colin Jack Says:

    > I’m afraid that that violates the “tell, don’t ask” principle of OO.

    Depends, if a behaviour crosses aggregates then I think its fine to ask each aggregate whether they want to proceed before starting. Plus if you don’t ask you can still tell them what to do and they will in turn tell you if they can’t fulfil their part (using an exception).

    > Also, by and large you don’t have single methods updating across
    > aggregates. The cases where I’ve seen that happen were where the
    > domain model was too big, trying to capture rules across multiple
    > contexts.

    Not sure I agree with that, I’ve quite often seen multiple aggregates involved in a transaction. For example if you use party archetype then the party and its role or a relationship could all be involved. Guess it depends on how your domain model is designed though.

  45. Nick Says:

    I’m not sure how it violates ask/dont tell. Isn’t that basically the same as command/query separation? In this case, all Colin is doing is querying.

  46. udidahan Says:


    I’d argue for a saga across aggregates.

  47. udidahan Says:


    In CQS, you don’t query against the transactional data – so that wouldn’t really hold here.

  48. Pete Grazaitis Says:

    I know that by default the public exposure of Properties for NHibernate ORM allows for easy adoption of the Anemic anti-pattern.

    By locking down the set’s to internal,private, or protected you can give NHibernate special set access via the proxy but keep the entities better encapsulated.

    However, I have noticed that for collections, like Lists/Bags we may lock down the setter but leave the get public. The problem here is that I can then add/remove items directly from the collection and avoid any Add/Remove methods that employ business logic.

    Do you have a recommended solution to avoiding this possibility? My guess is that you would make the mapping use field level access and avoid a Property altogether.

    My next issue, is NHibernate specific, so I apologize if this is outside the scope. If the desired solution is field level access, how would this work if I define my class as an interface within the mapper with concrete classes defined as subclasses? Would I have to define that particular property on every subclass?

  49. udidahan Says:


    You can expose collections as IEnumerable so that there won’t be any Add/Remove methods available.

    On your NHibernate specific question, you wouldn’t do anything different in the mapping to work with these interfaces. Just use Ayende’s repository wrapper around it.

  50. Nuno Lopes Says:

    Wow I’m so late.

    I like the nServiceBus idea (it seams that you are using it right?).

    Consider a Web Application where this service is in assembly that is directely referenced.

    Using that scheme, what would the caller of the AddGameToCartMessageHandler have to do to check for errors?

    Do you have any framework that we can read to understand this? I mean
    BaseMessageHandler, what is this? What does it do?

    If it what I think it is I like in principle, but would like to see it further :)


  51. Nuno Lopes Says:


    Started commenting the ideas presented regarding modeling the domain, but it started to be too long. So I stopped, put together the ideas contrasting and complementing the one presented here on an article in my Blog.

    Just started blogging my mind away last weekend so please fill free to point out some deadlocks of mine, I can only learn and share.

    Here it is:


  52. udidahan Says:


    > Consider a Web Application where this service is in assembly that is directely referenced.

    It doesn’t work like that. The web app would send a message to a different process which would run the above service layer.

    You can find out more about nServiceBus on the site http://www.NServiceBus.com. Take a look at the overview section.

  53. Nuno Lopes Says:

    I see, now I understand. Thank you very much for your answer Udi.

    I reviewed the post in my blog as the English was really bad. If you care to read it (or re-read it) Udi and pass on some comments would be really a learning experience.

    It mainly addresses the Domain Model for the example you used but in a different and better way (at least IMHO).

    What may interest you is that I may be wrong but my approach to the Domain Model and the way you propose Domain Errors to be reported back to the caller don’t mingle that well. At least I don’t see a recurring technique to apply them. Especially when Domain Objects call each other services to perform their activity.

    That is why I don’t like how errors are reported.

    PS: Has you may have guessed already, English is not my mother language, so I’ll try to be carefull so that my impressions can get across without much effort.

  54. udidahan Says:


    Your English is perfectly understandable – no worries :)

    I did go through some posts on your blog – looks like good stuff. Welcome to the conversation.

  55. Domain Events - Salvation Says:

    […] It started by looking for how to create fully encapsulated domain models. […]

  56. Thomas Says:

    Check out this summray of Craig Larman’s view on this:

  57. udidahan Says:


    I read through the post and it describes Craig Larman’s view on *Problem Domain Object Models*, not the Domain Model software artifact I’m describing in this post – I’m afraid it’s a bit of an apples to oranges comparison.

    I do think that more developers should know about the kind of modeling you describe in your post, though.

    Thanks for the link.

    — Udi

  58. Paul Linton Says:

    I really liked your ‘Make Roles Explicit’ talk and found your web site as a result. The method you describe here to handle Domain events seems like it will fix a particular problem I have in my Domain where an action on a Customer should cause various Accounting action to take place.
    Can you clear up for me a couple of questions?
    In DomainEvents there is a comment next to the Container declaration “as before”, I can’t find the earlier reference.
    I assume IContainer is some DI container (StructureMap?) which raises the question of “Where does the DomainEvents class live”? If it goes in the Domain then the Domain depends on the DI container, if it goes in a Service layer then the Domain depends on that service layer. Or is IContainer some abstraction of DI defined in the Domain?
    Will I be in a state of sin if I call the Handles interface IHandle (seems to fit the IWashDishes thought process)?

  59. udidahan Says:


    Don’t worry about the “as before” as the code was taken from an article in which it was developed bit by bit.

    The DomainEvents class is infrastructure, below both the Serivce Layer and the Domain Model.

    On the name IHandle, might I suggest maybe IHandleDomainEvents instead.

    Thanks for your comments.

  60. Richard Says:

    Domain events?? Events are evil. The Specification Pattern works a lot better than this solution proposed, and exceptions are enough. No need to create this domain event thing.. why the need to reinvent the wheel??

  61. udidahan Says:


    I respect that that is your opinion.

  62. caesar.guok Says:

    Hi, Udi,
    I’v met some problemns, when I want to do some Domain Patten practices.
    Maybe someone before talked about this topic.
    Refer to your code, if some rules in the domain model were not passed, how can I stop the next tx.commit() operation? Because the values include in the model object aren’t what the business progress need.
    And then, if I create a series of model, but as you mentioned, the model objects shouldn’t be entity objects which depends on database. How can I do a convertion between model objects and entity objects?

    Thanks in advance.

    Yours Caesar

  63. udidahan Says:


    Read up on some of my CQRS stuff in which I explain that commands that could fail should not be sent by clients in the first place.

  64. raminxtar Says:

    Very nice article & sample.
    If all that we want to do is to return error codes from domain/service layer, what do you think about this approach:

    class TradeInCart

    OperationResult Add(Game g,out LineItem li){}
    class DomainOperationResult
    public bool IsSuccessful{get;set;}
    public string ErrorMessage{get;set;}

    No need to exceptions or events subscription plus more explicit interface of the domain object

  65. raminxtar Says:

    please change DomainOperationResult -> OperationResult in my post
    OperationResult may be similar to your ValidationResult class.
    BTW is there a downloadable version of your sample code?

  66. Ali Shahzad Says:

    I’m also wondering about the pros and cons of returning a simple OperationResult object from Add method. It probably violates some Command Query Separation principle, but makes the code much simpler as long as the caller does not make further calls on the cart object based on the returned value

    Any ideas?

  67. plalx Says:

    I know this is old, but as far as I can tell, the fact that you are reaching out to another aggregate (customer) to enforce the following invariant means it could be violated if there’s concurrency involved, no?

    if (customer.GamesReportedLost.Contains(game))

  68. udidahan Says:


    You’re absolutely right – this example doesn’t make use of higher-level service boundaries to isolate the relevant parts of the Game from Customer.

Your comment...

If this is your first time commenting, it may take a while to show up.
I'm working to make that better.

Subscribe here to receive updates on comments.

Don't miss my best content


Bryan Wheeler, Director Platform Development at msnbc.com
Udi Dahan is the real deal.

We brought him on site to give our development staff the 5-day “Advanced Distributed System Design” training. The course profoundly changed our understanding and approach to SOA and distributed systems.

Consider some of the evidence: 1. Months later, developers still make allusions to concepts learned in the course nearly every day 2. One of our developers went home and made her husband (a developer at another company) sign up for the course at a subsequent date/venue 3. Based on what we learned, we’ve made constant improvements to our architecture that have helped us to adapt to our ever changing business domain at scale and speed If you have the opportunity to receive the training, you will make a substantial paradigm shift.

If I were to do the whole thing over again, I’d start the week by playing the clip from the Matrix where Morpheus offers Neo the choice between the red and blue pills. Once you make the intellectual leap, you’ll never look at distributed systems the same way.

Beyond the training, we were able to spend some time with Udi discussing issues unique to our business domain. Because Udi is a rare combination of a big picture thinker and a low level doer, he can quickly hone in on various issues and quickly make good (if not startling) recommendations to help solve tough technical issues.” November 11, 2010

Sam Gentile Sam Gentile, Independent WCF & SOA Expert
“Udi, one of the great minds in this area.
A man I respect immensely.”

Ian Robinson Ian Robinson, Principal Consultant at ThoughtWorks
"Your blog and articles have been enormously useful in shaping, testing and refining my own approach to delivering on SOA initiatives over the last few years. Over and against a certain 3-layer-application-architecture-blown-out-to- distributed-proportions school of SOA, your writing, steers a far more valuable course."

Shy Cohen Shy Cohen, Senior Program Manager at Microsoft
“Udi is a world renowned software architect and speaker. I met Udi at a conference that we were both speaking at, and immediately recognized his keen insight and razor-sharp intellect. Our shared passion for SOA and the advancement of its practice launched a discussion that lasted into the small hours of the night.
It was evident through that discussion that Udi is one of the most knowledgeable people in the SOA space. It was also clear why – Udi does not settle for mediocrity, and seeks to fully understand (or define) the logic and principles behind things.
Humble yet uncompromising, Udi is a pleasure to interact with.”

Glenn Block Glenn Block, Senior Program Manager - WCF at Microsoft
“I have known Udi for many years having attended his workshops and having several personal interactions including working with him when we were building our Composite Application Guidance in patterns & practices. What impresses me about Udi is his deep insight into how to address business problems through sound architecture. Backed by many years of building mission critical real world distributed systems it is no wonder that Udi is the best at what he does. When customers have deep issues with their system design, I point them Udi's way.”

Karl Wannenmacher Karl Wannenmacher, Senior Lead Expert at Frequentis AG
“I have been following Udi’s blog and podcasts since 2007. I’m convinced that he is one of the most knowledgeable and experienced people in the field of SOA, EDA and large scale systems.
Udi helped Frequentis to design a major subsystem of a large mission critical system with a nationwide deployment based on NServiceBus. It was impressive to see how he took the initial architecture and turned it upside down leading to a very flexible and scalable yet simple system without knowing the details of the business domain. I highly recommend consulting with Udi when it comes to large scale mission critical systems in any domain.”

Simon Segal Simon Segal, Independent Consultant
“Udi is one of the outstanding software development minds in the world today, his vast insights into Service Oriented Architectures and Smart Clients in particular are indeed a rare commodity. Udi is also an exceptional teacher and can help lead teams to fall into the pit of success. I would recommend Udi to anyone considering some Architecural guidance and support in their next project.”

Ohad Israeli Ohad Israeli, Chief Architect at Hewlett-Packard, Indigo Division
“When you need a man to do the job Udi is your man! No matter if you are facing near deadline deadlock or at the early stages of your development, if you have a problem Udi is the one who will probably be able to solve it, with his large experience at the industry and his widely horizons of thinking , he is always full of just in place great architectural ideas.
I am honored to have Udi as a colleague and a friend (plus having his cell phone on my speed dial).”

Ward Bell Ward Bell, VP Product Development at IdeaBlade
“Everyone will tell you how smart and knowledgable Udi is ... and they are oh-so-right. Let me add that Udi is a smart LISTENER. He's always calibrating what he has to offer with your needs and your experience ... looking for the fit. He has strongly held views ... and the ability to temper them with the nuances of the situation.
I trust Udi to tell me what I need to hear, even if I don't want to hear it, ... in a way that I can hear it. That's a rare skill to go along with his command and intelligence.”

Eli Brin, Program Manager at RISCO Group
“We hired Udi as a SOA specialist for a large scale project. The development is outsourced to India. SOA is a buzzword used almost for anything today. We wanted to understand what SOA really is, and what is the meaning and practice to develop a SOA based system.
We identified Udi as the one that can put some sense and order in our minds. We started with a private customized SOA training for the entire team in Israel. After that I had several focused sessions regarding our architecture and design.
I will summarize it simply (as he is the software simplist): We are very happy to have Udi in our project. It has a great benefit. We feel good and assured with the knowledge and practice he brings. He doesn’t talk over our heads. We assimilated nServicebus as the ESB of the project. I highly recommend you to bring Udi into your project.”

Catherine Hole Catherine Hole, Senior Project Manager at the Norwegian Health Network
“My colleagues and I have spent five interesting days with Udi - diving into the many aspects of SOA. Udi has shown impressive abilities of understanding organizational challenges, and has brought the business perspective into our way of looking at services. He has an excellent understanding of the many layers from business at the top to the technical infrstructure at the bottom. He is a great listener, and manages to simplify challenges in a way that is understandable both for developers and CEOs, and all the specialists in between.”

Yoel Arnon Yoel Arnon, MSMQ Expert
“Udi has a unique, in depth understanding of service oriented architecture and how it should be used in the real world, combined with excellent presentation skills. I think Udi should be a premier choice for a consultant or architect of distributed systems.”

Vadim Mesonzhnik, Development Project Lead at Polycom
“When we were faced with a task of creating a high performance server for a video-tele conferencing domain we decided to opt for a stateless cluster with SQL server approach. In order to confirm our decision we invited Udi.

After carefully listening for 2 hours he said: "With your kind of high availability and performance requirements you don’t want to go with stateless architecture."

One simple sentence saved us from implementing a wrong product and finding that out after years of development. No matter whether our former decisions were confirmed or altered, it gave us great confidence to move forward relying on the experience, industry best-practices and time-proven techniques that Udi shared with us.
It was a distinct pleasure and a unique opportunity to learn from someone who is among the best at what he does.”

Jack Van Hoof Jack Van Hoof, Enterprise Integration Architect at Dutch Railways
“Udi is a respected visionary on SOA and EDA, whose opinion I most of the time (if not always) highly agree with. The nice thing about Udi is that he is able to explain architectural concepts in terms of practical code-level examples.”

Neil Robbins Neil Robbins, Applications Architect at Brit Insurance
“Having followed Udi's blog and other writings for a number of years I attended Udi's two day course on 'Loosely Coupled Messaging with NServiceBus' at SkillsMatter, London.

I would strongly recommend this course to anyone with an interest in how to develop IT systems which provide immediate and future fitness for purpose. An influential and innovative thought leader and practitioner in his field, Udi demonstrates and shares a phenomenally in depth knowledge that proves his position as one of the premier experts in his field globally.

The course has enhanced my knowledge and skills in ways that I am able to immediately apply to provide benefits to my employer. Additionally though I will be able to build upon what I learned in my 2 days with Udi and have no doubt that it will only enhance my future career.

I cannot recommend Udi, and his courses, highly enough.”

Nick Malik Nick Malik, Enterprise Architect at Microsoft Corporation
You are an excellent speaker and trainer, Udi, and I've had the fortunate experience of having attended one of your presentations. I believe that you are a knowledgable and intelligent man.”

Sean Farmar Sean Farmar, Chief Technical Architect at Candidate Manager Ltd
“Udi has provided us with guidance in system architecture and supports our implementation of NServiceBus in our core business application.

He accompanied us in all stages of our development cycle and helped us put vision into real life distributed scalable software. He brought fresh thinking, great in depth of understanding software, and ongoing support that proved as valuable and cost effective.

Udi has the unique ability to analyze the business problem and come up with a simple and elegant solution for the code and the business alike.
With Udi's attention to details, and knowledge we avoided pit falls that would cost us dearly.”

Børge Hansen Børge Hansen, Architect Advisor at Microsoft
“Udi delivered a 5 hour long workshop on SOA for aspiring architects in Norway. While keeping everyone awake and excited Udi gave us some great insights and really delivered on making complex software challenges simple. Truly the software simplist.”

Motty Cohen, SW Manager at KorenTec Technologies
“I know Udi very well from our mutual work at KorenTec. During the analysis and design of a complex, distributed C4I system - where the basic concepts of NServiceBus start to emerge - I gained a lot of "Udi's hours" so I can surely say that he is a professional, skilled architect with fresh ideas and unique perspective for solving complex architecture challenges. His ideas, concepts and parts of the artifacts are the basis of several state-of-the-art C4I systems that I was involved in their architecture design.”

Aaron Jensen Aaron Jensen, VP of Engineering at Eleutian Technology
Awesome. Just awesome.

We’d been meaning to delve into messaging at Eleutian after multiple discussions with and blog posts from Greg Young and Udi Dahan in the past. We weren’t entirely sure where to start, how to start, what tools to use, how to use them, etc. Being able to sit in a room with Udi for an entire week while he described exactly how, why and what he does to tackle a massive enterprise system was invaluable to say the least.

We now have a much better direction and, more importantly, have the confidence we need to start introducing these powerful concepts into production at Eleutian.”

Gad Rosenthal Gad Rosenthal, Department Manager at Retalix
“A thinking person. Brought fresh and valuable ideas that helped us in architecting our product. When recommending a solution he supports it with evidence and detail so you can successfully act based on it. Udi's support "comes on all levels" - As the solution architect through to the detailed class design. Trustworthy!”

Chris Bilson Chris Bilson, Developer at Russell Investment Group
“I had the pleasure of attending a workshop Udi led at the Seattle ALT.NET conference in February 2009. I have been reading Udi's articles and listening to his podcasts for a long time and have always looked to him as a source of advice on software architecture.
When I actually met him and talked to him I was even more impressed. Not only is Udi an extremely likable person, he's got that rare gift of being able to explain complex concepts and ideas in a way that is easy to understand.
All the attendees of the workshop greatly appreciate the time he spent with us and the amazing insights into service oriented architecture he shared with us.”

Alexey Shestialtynov Alexey Shestialtynov, Senior .Net Developer at Candidate Manager
“I met Udi at Candidate Manager where he was brought in part-time as a consultant to help the company make its flagship product more scalable. For me, even after 30 years in software development, working with Udi was a great learning experience. I simply love his fresh ideas and architecture insights.
As we all know it is not enough to be armed with best tools and technologies to be successful in software - there is still human factor involved. When, as it happens, the project got in trouble, management asked Udi to step into a leadership role and bring it back on track. This he did in the span of a month. I can only wish that things had been done this way from the very beginning.
I look forward to working with Udi again in the future.”

Christopher Bennage Christopher Bennage, President at Blue Spire Consulting, Inc.
“My company was hired to be the primary development team for a large scale and highly distributed application. Since these are not necessarily everyday requirements, we wanted to bring in some additional expertise. We chose Udi because of his blogging, podcasting, and speaking. We asked him to to review our architectural strategy as well as the overall viability of project.
I was very impressed, as Udi demonstrated a broad understanding of the sorts of problems we would face. His advice was honest and unbiased and very pragmatic. Whenever I questioned him on particular points, he was able to backup his opinion with real life examples. I was also impressed with his clarity and precision. He was very careful to untangle the meaning of words that might be overloaded or otherwise confusing. While Udi's hourly rate may not be the cheapest, the ROI is undoubtedly a deal. I would highly recommend consulting with Udi.”

Robert Lewkovich, Product / Development Manager at Eggs Overnight
“Udi's advice and consulting were a huge time saver for the project I'm responsible for. The $ spent were well worth it and provided me with a more complete understanding of nServiceBus and most importantly in helping make the correct architectural decisions earlier thereby reducing later, and more expensive, rework.”

Ray Houston Ray Houston, Director of Development at TOPAZ Technologies
“Udi's SOA class made me smart - it was awesome.

The class was very well put together. The materials were clear and concise and Udi did a fantastic job presenting it. It was a good mixture of lecture, coding, and question and answer. I fully expected that I would be taking notes like crazy, but it was so well laid out that the only thing I wrote down the entire course was what I wanted for lunch. Udi provided us with all the lecture materials and everyone has access to all of the samples which are in the nServiceBus trunk.

Now I know why Udi is the "Software Simplist." I was amazed to find that all the code and solutions were indeed very simple. The patterns that Udi presented keep things simple by isolating complexity so that it doesn't creep into your day to day code. The domain code looks the same if it's running in a single process or if it's running in 100 processes.”

Ian Cooper Ian Cooper, Team Lead at Beazley
“Udi is one of the leaders in the .Net development community, one of the truly smart guys who do not just get best architectural practice well enough to educate others but drives innovation. Udi consistently challenges my thinking in ways that make me better at what I do.”

Liron Levy, Team Leader at Rafael
“I've met Udi when I worked as a team leader in Rafael. One of the most senior managers there knew Udi because he was doing superb architecture job in another Rafael project and he recommended bringing him on board to help the project I was leading.
Udi brought with him fresh solutions and invaluable deep architecture insights. He is an authority on SOA (service oriented architecture) and this was a tremendous help in our project.
On the personal level - Udi is a great communicator and can persuade even the most difficult audiences (I was part of such an audience myself..) by bringing sound explanations that draw on his extensive knowledge in the software business. Working with Udi was a great learning experience for me, and I'll be happy to work with him again in the future.”

Adam Dymitruk Adam Dymitruk, Director of IT at Apara Systems
“I met Udi for the first time at DevTeach in Montreal back in early 2007. While Udi is usually involved in SOA subjects, his knowledge spans all of a software development company's concerns. I would not hesitate to recommend Udi for any company that needs excellent leadership, mentoring, problem solving, application of patterns, implementation of methodologies and straight out solution development.
There are very few people in the world that are as dedicated to their craft as Udi is to his. At ALT.NET Seattle, Udi explained many core ideas about SOA. The team that I brought with me found his workshop and other talks the highlight of the event and provided the most value to us and our organization. I am thrilled to have the opportunity to recommend him.”

Eytan Michaeli Eytan Michaeli, CTO Korentec
“Udi was responsible for a major project in the company, and as a chief architect designed a complex multi server C4I system with many innovations and excellent performance.”

Carl Kenne Carl Kenne, .Net Consultant at Dotway AB
“Udi's session "DDD in Enterprise apps" was truly an eye opener. Udi has a great ability to explain complex enterprise designs in a very comprehensive and inspiring way. I've seen several sessions on both DDD and SOA in the past, but Udi puts it in a completly new perspective and makes us understand what it's all really about. If you ever have a chance to see any of Udi's sessions in the future, take it!”

Avi Nehama, R&D Project Manager at Retalix
“Not only that Udi is a briliant software architecture consultant, he also has remarkable abilities to present complex ideas in a simple and concise manner, and...
always with a smile. Udi is indeed a top-league professional!”

Ben Scheirman Ben Scheirman, Lead Developer at CenterPoint Energy
“Udi is one of those rare people who not only deeply understands SOA and domain driven design, but also eloquently conveys that in an easy to grasp way. He is patient, polite, and easy to talk to. I'm extremely glad I came to his workshop on SOA.”

Scott C. Reynolds Scott C. Reynolds, Director of Software Engineering at CBLPath
“Udi is consistently advancing the state of thought in software architecture, service orientation, and domain modeling.
His mastery of the technologies and techniques is second to none, but he pairs that with a singular ability to listen and communicate effectively with all parties, technical and non, to help people arrive at context-appropriate solutions. Every time I have worked with Udi, or attended a talk of his, or just had a conversation with him I have come away from it enriched with new understanding about the ideas discussed.”

Evgeny-Hen Osipow, Head of R&D at PCLine
“Udi has helped PCLine on projects by implementing architectural blueprints demonstrating the value of simple design and code.”

Rhys Campbell Rhys Campbell, Owner at Artemis West
“For many years I have been following the works of Udi. His explanation of often complex design and architectural concepts are so cleanly broken down that even the most junior of architects can begin to understand these concepts. These concepts however tend to typify the "real world" problems we face daily so even the most experienced software expert will find himself in an "Aha!" moment when following Udi teachings.
It was a pleasure to finally meet Udi in Seattle Alt.Net OpenSpaces 2008, where I was pleasantly surprised at how down-to-earth and approachable he was. His depth and breadth of software knowledge also became apparent when discussion with his peers quickly dove deep in to the problems we current face. If given the opportunity to work with or recommend Udi I would quickly take that chance. When I think .Net Architecture, I think Udi.”

Sverre Hundeide Sverre Hundeide, Senior Consultant at Objectware
“Udi had been hired to present the third LEAP master class in Oslo. He is an well known international expert on enterprise software architecture and design, and is the author of the open source messaging framework nServiceBus. The entire class was based on discussion and interaction with the audience, and the only Power Point slide used was the one showing the agenda.
He started out with sketching a naive traditional n-tier application (big ball of mud), and based on suggestions from the audience we explored different solutions which might improve the solution. Whatever suggestions we threw at him, he always had a thoroughly considered answer describing pros and cons with the suggested solution. He obviously has a lot of experience with real world enterprise SOA applications.”

Raphaël Wouters Raphaël Wouters, Owner/Managing Partner at Medinternals
“I attended Udi's excellent course 'Advanced Distributed System Design with SOA and DDD' at Skillsmatter. Few people can truly claim such a high skill and expertise level, present it using a pragmatic, concrete no-nonsense approach and still stay reachable.”

Nimrod Peleg Nimrod Peleg, Lab Engineer at Technion IIT
“One of the best programmers and software engineer I've ever met, creative, knows how to design and implemet, very collaborative and finally - the applications he designed implemeted work for many years without any problems!

Jose Manuel Beas
“When I attended Udi's SOA Workshop, then it suddenly changed my view of what Service Oriented Architectures were all about. Udi explained complex concepts very clearly and created a very productive discussion environment where all the attendees could learn a lot. I strongly recommend hiring Udi.”

Daniel Jin Daniel Jin, Senior Lead Developer at PJM Interconnection
“Udi is one of the top SOA guru in the .NET space. He is always eager to help others by sharing his knowledge and experiences. His blog articles often offer deep insights and is a invaluable resource. I highly recommend him.”

Pasi Taive Pasi Taive, Chief Architect at Tieto
“I attended both of Udi's "UI Composition Key to SOA Success" and "DDD in Enterprise Apps" sessions and they were exceptionally good. I will definitely participate in his sessions again. Udi is a great presenter and has the ability to explain complex issues in a manner that everyone understands.”

Eran Sagi, Software Architect at HP
“So far, I heard about Service Oriented architecture all over. Everyone mentions it – the big buzz word. But, when I actually asked someone for what does it really mean, no one managed to give me a complete satisfied answer. Finally in his excellent course “Advanced Distributed Systems”, I got the answers I was looking for. Udi went over the different motivations (principles) of Services Oriented, explained them well one by one, and showed how each one could be technically addressed using NService bus. In his course, Udi also explain the way of thinking when coming to design a Service Oriented system. What are the questions you need to ask yourself in order to shape your system, place the logic in the right places for best Service Oriented system.

I would recommend this course for any architect or developer who deals with distributed system, but not only. In my work we do not have a real distributed system, but one PC which host both the UI application and the different services inside, all communicating via WCF. I found that many of the architecture principles and motivations of SOA apply for our system as well. Enough that you have SW partitioned into components and most of the principles becomes relevant to you as well. Bottom line – an excellent course recommended to any SW Architect, or any developer dealing with distributed system.”

Consult with Udi

Guest Authored Books
Chapter: Introduction to SOA    Article: The Enterprise Service Bus and Your SOA

97 Things Every Software Architect Should Know

Creative Commons License  © Copyright 2005-2011, Udi Dahan. email@UdiDahan.com