I went to my second Java User Group meeting last night. Kevin Smith gave a talk on Service-oriented Architecture (SOA) security. He talked about using interceptors and about access control based on services, requests, or individual records (or even individual pieces of data), and about loose coupling. And that's really what it all comes down to: loose coupling. All the buzz, hype, and mania over SOA really just boils down to the simple practice of not tying all of your code up in knots. Write little pieces of code that do one thing and anywhere one piece depends on another piece, use a layer of abstraction (an interface in the Object-oriented world or a service in SOA-speak) so that component A isn't tied to the implementation of component B, but rather to a specification that could be satisfied by components C or D instead. When the components don't depend on each other directly, it's more likely you'll be able to reuse one or more of them later.