The example could not be the better, but thinks in a CustomerService that pass the Customers over the wire and this Customer has and User associated that returns email, login, password...
In the SecurityService I´m getting the same user but in this case it has a collection of permisssions that the CustomerService doesn´t see. Why have to create and UserDTO for the SecurityService and another for the CustomerService? If my UI is a dynamic layer that ignore types and exclude null properties in the serialization?
