Hi, it seems that you're about to use the persistance ignorance patterns often used in DDD but without a DDD approach yet. This is not really a problem since
These are great questions, doubt you're a noob. My $.02 Your security model(Authentication and Authorization) are cross cutting concerns and should be visible
don't throw the exception. it is not good practice and it's expensive to raise exceptions for what is essentially a validation concern. Notification Pattern:
Check out the source for CodeBetter.Canvas for an example. http://code.google.com/p/codebettercanvas/source/browse/#svn/trunk I think the answer from the DDD