Some would argue that it's the complexity of SOA itself (driven by the enterprise top-down focus) that creates the need for a formalized SOA governance initiative. Without formal SOA governance you can't hope to succeed with SOA because it's too easy to get it wrong.
In his view WOA manages to avoid many of the complexities of SOA, not needing complex tools or the WS-* architecture. (We should assume that Dan knows that many people dislike the assuming that SOA equates to WS-*.) Of course there are those who would argue that REST (aka WOA) is not simple at all when you have to implement complex applications and WS-* is needed, but we should ignore that argument in case it deflects us from Dan's core question: "So do you still need governance for [WOA]?"
The answer is probably yes (if you're an enterprise architect, you can stop holding your breath now). But, I think the approach to "WOA governance" is going to be fundamentally different than that of SOA governance (OK, time for the EA's to hold their breath again).
And the reason for this? In a traditional SOA you typically have enterprise architects setting the rules that govern the interactions between providers and consumers.
This works fine in an enterprise where everyone ends up reporting to one common person when you look far enough up the chain.
However, in a Web-based architecture in order to get parties to interact you would first have appoint an "Enterprise Architect for the Internet" who would set all of the policies in the same way as before.
Simple really. Except the part about "appointing an EA for the Internet". That might be a bit tricky. So, you can see, the top-down approach of SOA governance totally falls down when you look at WOA.
But what will work then? As Dan points out, there are fundamental aspects of governance that any infrastructure needs to solve, whether it is Web-based or SOAP-based. For example:
How can a provider make it easier to on-board customers and keep them happy (all while changing the service frequently)?
How can a consumer establish and build trust in their service provider (that's trust as in "trust but verify")?
Therefore in order to truly be a success WOA needs to achieve many of the same goals that SOA governance hopes to achieve. But as Dan things "... in a fundamentally different way." So does this indicate a missing piece in the REST architecture? Can the right kind of governance be added to WOA without affecting adversely its perceived simplicity?
/filters:no_upscale()/sponsorship/topic/995382dc-b781-4f0b-b74a-413e61a30927/CurityLogoRSB2023-1675420245128.png)
/articles/asp-dotnet-minimal-apis/en/smallimage/logo-1678972581766.jpg){kind=logo}
/articles/dotnet-grpc-json-transcoding/en/smallimage/logo-1674822319367.jpg){kind=logo}
/articles/build-deploy-scalable-golang-api/en/smallimage/logo-1667248748960.jpg){kind=logo}
/articles/remote-agile-governance/en/smallimage/using-remote-agile-governance-to-create-the-culture-organisations-need-small-1666608335110.jpg)
/articles/cognitive-load-platform-engineering/en/smallimage/logo-1668609260559.jpg){kind=logo}
/presentations/infrastructure-control-plane/en/smallimage/Daniel Mangum-s-1665739290818.jpg)
/presentations/empathy-software-development/en/smallimage/qcon-plus-s-1680292453897.jpeg)
/presentations/operationalizing-ai/en/smallimage/qcon-plus-s-1680292123806.jpeg)
/articles/culture-trends-2023/en/smallimage/InfoQ-Trend-Report-logo-1680287660356.jpeg){kind=logo}
/articles/finops-systems-thinking-lens/en/smallimage/12-places-to-intervene-rethink-FinOps-using-a-systems-thinking-lens-small-1679995317220.jpg)
/articles/secure-software-development-gitops/en/smallimage/accelerating-secure-software-delivery-lifecycle-with-GitOps-small-1679658720410.jpg)
/presentations/refactoring-rust/en/smallimage/qcon-plus-s-1679694299933.jpeg)
Community comments
Governance != Centralization
by Stefan Tilkov,
Re: Governance != Centralization
by Julian Browne,
Re: Governance != Centralization
by Dan Diephouse,
A dark view on " fundamentally different way..."
by Michael Poulin,
Governance != Centralization
by Stefan Tilkov,
Your message is awaiting moderation. Thank you for participating in the discussion.
To me, governance is about defining and enforcing rules in the interest of a better overall result. This seems a good idea regardless of any particular architectural or technical approach.
What's somewhat contrarian to WOA (hate that term) goals is the idea of having a central authority. But why is this a necessity? I think governance can be de-centralized, and if it is, it works perfectly with a more web-like style.
Re: Governance != Centralization
by Julian Browne,
Your message is awaiting moderation. Thank you for participating in the discussion.
That's exactly what I was thinking when I read this. I can see that there are differences in what's needed and in what's done, but not in how it's done.
Amazon are a good example of this, with their decentralised two-pizza service delivery teams, as described here.
Re: Governance != Centralization
by Dan Diephouse,
Your message is awaiting moderation. Thank you for participating in the discussion.
Heartily agree with Stefan here - especially on WOA sucking as a term. :-) Also, started to post some more thoughts, but they turned a little product oriented so I put them up as a blog entry instead.
A dark view on " fundamentally different way..."
by Michael Poulin,
Your message is awaiting moderation. Thank you for participating in the discussion.
I do agree with Stefan. However, here are 2 fundamentally different ways possible: 1) having a non-centralised (distributed) Governance; 2) having an anarchy - no Governance at all.
I suspect that WOA assumes that everything in the Web is like a social or community sites, or it has to be. Let me welcome such believers to deal with, for example, government, financial, pharmaceutical, and healthcare sites AFTER they would be governed like a social/community sites. Interesting, how long they would manage to stay free, healthy, without bankruptcy, and even alive?