InfoQ

News

Article: SOA Governance: An Enterprise View

Posted by Stefan Tilkov on Aug 20, 2008 07:35 AM

Community
SOA
Topics
Governance
Tags
Service Contracts ,
OASIS ,
policy

In a new article, SOA architect Michael Poulin explains the necessity for SOA governance to ensure an SOA initiative's success, and explains the role the OASIS SOA Reference Model and the accompanying SOA Reference Architecture assign to SOA Governance. Michael observes SOA governance specifics from the enterprise perspective and illustrates them with several examples of SOA Governance policies.

In addition to the SOA Reference Model, Michael introduces the OASIS SOA Reference Architecture, currently in public review:

The SOA RA PRD 1 has recognised the role of enterprise social structure within SOA. Indeed, actions of the participants of the service interaction – service consumers and providers – have business or technical meaning only to the people and organisational units “with needs” and those “with capabilities”. As a consequence of this, we may say that if a social structure changes, the same actions may get different meaning than before. Even more, if a consumer expects the same meaning of the service actions in different social structures, it is likely that the service has to behave differently and provide different results (or RWE) in different social structures to meet such expectation.

Michael points out that SOA Governance is not the only governance an enterprise has to be concerned with:

Nevertheless, SOA Governance does not replace Enterprise Governance, or Business Governance, or IT Governance. We have to remember that there is a world besides SOA.

According to the author, SOA Governance applies to four major aspects of service structure and service use:

  • Service structure – the minimal set of elements that constitute a service within element relationship and operational models (development, integration and deployment policies)
  • SOA infrastructure – the “plumbing” that provides utility functions that enable and support the use of the service (deployment and run-time policies)
  • Service inventory – the requirements on a service to permit it to be accessed within the infrastructure via public interfaces, manually and automatically (management policies)
  • Participant interaction – the consistent expectations with which all participants of the service interaction are expected to comply (reachability and run-time policies)

Michael concludes with examples of SOA Governance policies that have proven to be useful to him in the past:

Areas of Applicability

Policy Examples

Governance Process

  • Service Governance Roles include: Service Owner, Service Provider, Service Consumer, Service Steward, Service Registrar, etc.

  • Service Governance Board includes representation from business, architecture, delivery and systems operations groups. The governance group is responsible for:

    • Defining and maintaining governance directives and policies

    • Granting of design and implementation exceptions when possible

    • Compliance reporting to the Management.

  • Governance policies and controls may be monitored and enforced by the Service Registrar as well as by corresponding Review Boards and Architectural Bodies

Development Stage

  • Design and development of the service has to have very strong reason(s) to be allowed going with an exception from the policies compliance

  • Service design has to be based on and take into consideration business execution context of the required business task. The business execution context should be able to outline what elements of the service are likely to be changed in the future.

  • Service design has to consider recommendations on the business operational scenarios for those who might use the service. If such scenarios are identified, business approval and sign-off are required.

  • Services should minimise or totally hide their internal constraints from the consumers.

  • A Service has to compensate for internal problem processing transparently to the consumers and never expose its internal execution constraints on to the consumers.

  • Service interfaces and service body (implementation) must adhere to the corporate security policies

  • The Service owner must provide service classification (business, infrastructure, etc.) and scope definition (business unit, enterprise, external, etc.) for each released service

  • Avoid setting up processes that demo well for three services without considering how it will work for 300” (SOA RA PRD 1).


Production Stage

  • All business services are required to maintain a Service Contract for each consumer they support.

  • All services are required to publish Service Descriptions

  • If the service does not require a Service Contract, its service level agreement has to be published in the Service Description

  • All services are required to adhere to a versioning strategy that provides all consumers with opportunities to migrate to the latest supported version(s) of a service.

  • All Service Descriptions have to be published in the Service Description Repository

  • All run-time service policies have to be published in the Service Policy Repository

  • Run-time service Policies may refer to other policies. Policies may be applied by the Policy Enforcement Point (PEP) interceptors and enforced by the Policy Decision Point (PDP) mechanisms

  • “…consider whether the display of status and activity for a small number of services will also be effective for an operator in a crisis situation looking at dozens of services, each with numerous, sometimes overlapping and sometimes differing activities” (SOA RA PRD 1)

Check out Michael Poulin's article, "SOA Governance: An Enterprise View" for more information.

  • This article is part of a featured topic series on Governance

Related Sponsor

Visit SOA Appliance Comparison Site
*Video Usage Model Tutorials
*Comparison to IBM DataPower X150
*Performance Benchmarks
*On-demand webinars

No comments

Watch Thread Reply

Educational Content

Bindings, Platforms, and Innovation

This presentation focuses on the Internet and separating myth from fact, history from the future, and the mundane from the imaginative. Bob Frankston presents a vision of what could and should be.

  •  Jul 02, 2009,
  •  

Orchestrating Long Running Activities with JBoss / JBPM

This article explores the use of JBoss and jBPM to implement design solutions that effectively address the issue of orchestrating long running activities.

  •  Jul 01, 2009,
  •  

Neo4j - The Benefits of Graph Databases

This presentation covers the use of graph databases as an optimal solution for data that is difficult to fit in static tables, rapidly evolving data or data that has a lot of optional attributes.

Realistic about Risk: Software development with Real Options

This session introduces Real Options and shows how it can help in running your project. Real Options is a decision-making process that can be used to manage risk.

  •  Jun 30, 2009,
  •  

Communication Flexibility Using Bindings

This article discusses the use of bindings on services and references (including the instance of non-configured bindings) as the means to implement SCA communications in a Web and SOA environment.

  •  Jun 30, 2009,
  •  

Writing DSLs in Groovy

After a short introduction to DSLs, Scott Davis plays with the keyboard showing how to approach the creation of a DSL by typing working snippets of Groovy code that get executed.

Scaling Agile with C/ALM (Collaborative Application Lifecycle Management)

IBM Rational and InfoQ present, Scaling Agile with C/ALM, an eBook showing organizations how to become “finely tuned software delivery machines” by enabling team integration and scaling.

Concurrent Programming with Microsoft F#

Amanda Laucher presents a real life enterprise application written in F#. She shows actual code snippets, explaining design decisions and suggesting how to use some of the F# constructs.