I want to create a dataflowdiagram for a three tiered software architecture, finally I want to create a Threat Model with the Dataflow diagram.
The software is supposed to be some kind of a gateway. It accepts HTTP Requests via a REST-Interface and offers different kinds of services to the user. It has three different layers which offer different functionalities, every Layer CAN be executed on a different machine.
- Boundary Layer (Accepts the Request)
- Control Layer (Offers the Business Logic)
- Adapter Layer (Dataconnection to the Back-End Systems)
Example: Let's just assume the User wants to create a DOC File with the help of the Sofware. He would request a DOC File on the Boundary Layer which would forward this request to the control layer where the business logic happens. The control layer would request the required data from the adapter layer.
Now this is a pretty straight forward example.
My question is the following:
Is every layer ( Boundary, Control, Adapter ) a Process in the dataflow diagram which needs to be decomposed into smaller Processes or do I just display the process as "Generate DOC document"?
Now what would happen if every layer ist executed on different machines - would that change the Dataflow Diagram or would it stay the same since the dataflow stays the same - only the underlying architecture changes?
Thanks a lot.
