RE: [soa-rm-ra] Requirements for Governance

["Chiusano Joseph" <chiusano_joseph@bah.com>]

I agree, Ken - it's a fine line for us. I think it would be valuable for another initiative (outside of our TC/SC) to create a standard framework for establishing SOA governance within an organization, but for us to consider treating the topic more on the light side.

 

Joe

 

Joseph Chiusano

Associate

Booz Allen Hamilton

 

700 13th St. NW, Suite 1100

Washington, DC 20005

O: 202-508-6514 

C: 202-251-0731

Visit us online@ http://www.boozallen.com

 

---

From: Ken Laskey [mailto:klaskey@mitre.org]
Sent: Sunday, April 30, 2006 3:00 PM
To: Danny Thornton
Cc: soa-rm-ra@lists.oasis-open.org
Subject: Re: [soa-rm-ra] Requirements for Governance

My question with governance, especially the management variety, is how much is it just having the appropriate information available through description.  With the caveat that I am behind in my reading and have not gone through the articles identified over the past week, I don't believe SOA requires policy beyond what is usually generated in the world, but it needs a disciplined way to make use of policy.  So service description needs to be able to point to the applicable policy, possibly indicate the criticality of the policy (by using a defined criticality term and pointing to the definition of that term), and possibly point to the engine to be used to evaluate whether the current or proposed interaction complies with the policy.  A level of compliance can be specified, again with the level definition being referenced along with any specific level value.

Note, the onus here is how do you specify policy and how do you evaluate compliance.  (For those who missed it, this week W3C acknowledged the Member Submission of WS-Policy.)  Obviously, we need to prod this a little harder but it seems to give the flexibility to have any specific governance plan without SOA caring about the specifics.

Am I missing something?

Ken

On Apr 30, 2006, at 10:19 AM, Danny Thornton wrote:

In last Wednesday’s telecon, our discussion of SOA

Governance centered on reflecting the roles, rights,

and obligations of participants.  Particpants could be

people, organizations, or entities directly or

indirectly involved in the interactions with a

service. In order to embed the service in human

society, there are also participants involved in the

delivery of the services, monitoring the services,

etc.

When thinking through SOA Governance, two questions

arise.  How are services governed through management

and how are the interactions of services governed? The

RA requirements for Effectiveness relate to the

Governance of interactions.  These requirements are

closely related to discussions of Governance and

Policy.

http://wiki.oasis-open.org/soa-rm/Goals,_Critical_Success_Factors_and_Requirements

The RA requirements for Graduated engagement and

Manageability relate to the management type of

Governance.  These requirements are closely related to

discussions of Governance and life cycle.  

I would argue that if you looked at the RA

requirements with Governance tinted glasses, you would

find the necessary requirements.  Creating a critical

success factor for Governance would mean providing a

different view of the requirements for Effectiveness

and Assurance.

Danny

__________________________________________________

Do You Yahoo!?

Tired of spam?  Yahoo! Mail has the best spam protection around 

http://mail.yahoo.com 

---

Ken Laskey

MITRE Corporation, M/S H305     phone:  703-983-7934

7515 Colshire Drive                        fax:        703-983-1379

McLean VA 22102-7508