Networked computer systems have become a part of everyday life, facilitating and participating in all manner of activities. In concert, there has arisen an industry and disciplines dedicated to the configuration of such computer systems including computing professionals sometimes call computer programmers or computer application developers (collectively, “developers”). Developers have designed a variety of schemes for configuring modern computer systems in ways that are correct, reliable, scalable to accommodate large numbers of users and flexible enough to adapt to changing demands. One popular scheme separates programmatic functionality according to a Model-View-Controller (MVC) architecture. However, some conventional Model-View-Controller architectures have shortcomings.
For example, separation of programmatic functionality can correlate with and/or cause separation of developer responsibility. In a given project, some developers may be assigned responsibility for the data model (“model developers”), some developers may be assigned responsibility for the views of the data model (“view developers”) and some for the controller (“controller developers”). Such separation may be more or less strict, and may achieve efficiencies, nevertheless at times changes to the functionality of a computing application impact multiple sides of the separation, and for some projects it is often the case that both view developers and controller developers are impacted. This can lead to situations in which view developers are waiting on action by controller developers, and vice versa, lessening and even negating advantages of the separation.
In addition, different aspects of the Model-View-Controller separation can have different trust and/or security requirements. For example, the architecture and programmatic functional related to the data model may have high security and reliability requirements and there may even be legal repercussions for flaws. In contrast, view and/or user interface aspects of the architecture may have lower security requirements and may even be open to end-user and 3rd party customization and modification. The security situation can lead to non-ideal separations between view, model and controller responsibilities, again detracting from the advantages of the scheme. This situation can be aggravated in a multi-tenant context, where several unrelated tenants share system infrastructure. For example, portions of the data model may be private to particular tenants, and other portions may be private to the infrastructure. In this context, the separation between view aspects of the architecture and other aspects can be sharp.