James,
I find the following two paragraphs illuminating. They are from "Sun Certified Enterprise Architect for J2EE, Study Guide" by Paul Allen and Joseph Bambara.
J2EE Best Practices � Session Bean Fa�ade
The session bean fa�ade (SBF), shown in Figure 4-13, provides a simple, single point of entry to shared entity beans. It shields the client from complex entity bean relationships. The most obvious rationale for using session beans to abstract entity beans is that the approach also abstracts the structure of your data stores. The presumption is that you do not want to expose the inner workings of your application�s data store (such as the database tables and columns), or even the specifics of how that data is stored. In other words, letting users (potential hackers) know your database schema is not a good idea. Problems can arise when you allow direct access to the entity bean layer.
The methods in entity beans typically map directly to underlying fields in the data schema. This will become more important as service-based computing increases. Instead of providing complete applications, the J2EE specification (or Web Services: UDDI,
SOAP) indicates that organizations are focusing more on components than on complete applications. Interchanging data components from enterprise A�s application with presentation components from enterprise B�s application is becoming the standard. As a result, it is unsafe to assume that only your enterprise will be accessing your business layer and EJBs. For these reasons, a sound design of the business layer can save trouble when beans you worked on must be accessible by a new business partner.
Regards,
Dan