Re: [soa-rm-ra] White Paper by Miko Matsumura (Webmethods/Infravio) on SOA Governance...

[Ken Laskey <klaskey@mitre.org>]

I read through the paper and started making comments but then decided just to propose some alternatives:

Governance is the process of understanding the goals an organization wants to achieve, understanding the key elements that need to be regulated and/or coordinated, and specifying the framework and guidelines through which these elements are to be managed to achieve the organization's goals.

Policies are assertions describing the world as one wants it to be and how one wants the world to act.  Policy provides a capture of the key elements of governance and the desired dynamics involving those key elements.

Policy and Policy Enforcement
1. Need clear statement of intent.
2. Need unambiguous test of whether or to what degree intent is met.
3. Need mechanism (or criteria for mechanism) to evaluate compliance of an entity with respect to the test.
4. Need way to annotate entity information with result of evaluation.
Any given set of policies and associated tests are inputs to the policy enforcement process, and the policies and tests are likely to change (consistent with a policy for change management) over time.  The critical aspects are a clear statement of the policy and a clear indicator of policy compliance.

Other thoughts:  
- "lack of working governance mechanisms ... will be the most common reason for project failure" but over-governance or wrongly focused governance is likely to be more prevalent than too little governance.
- "SOA is a mess waiting to happen" but part of the promise of SOA is the power that emerges when people are able to harvest that mess.
- "rogue services could spring up everywhere" and this is one of the real challenges because the rogue may not be intentional but just a good service gone bad.  I could argue that the driving question is less one of governance and more how to intelligently monitor and manage the ecosystem.
- "As with other forms of governance, relationships, policies and processes among organizations and human participants are also of great significance."  This one is worth remembering.

Ken


On Oct 9, 2006, at 5:46 PM, John, Anil wrote:

Miko Matsumura (former VP of Infravio, recently acquired by Webmethods), has an interesting paper on SOA Governance. The first section is on SOA Adoption and Governance and the second on how their product implements it. The first section is definitely worth a read.

 

I would normally attach the PDF, but the paper has the following caveat of "No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, photocopying, recording or otherwise, without prior written consent of Infravio, Inc.”, so I’ll just point you to where you can find it.

 

http://www.infravio.com/resource_center/ - Look for “The Definitive Guide to SOA Governance and Lifecycle Management aka "Monsoon"”.

 

Some things to keep in mind. He is talking in the paper about the SOA Lifecycle and NOT the Service Lifecycle. He also uses the OASIS RM for his definition of SOA (a good thing!) and also relates Governance as a federated model analogous to the Gov’t which is something that we have discussed as well.

 

Regards,

 

- Anil

 

:-
:- Anil John
:- Johns Hopkins University - APL
:- http://www.jhuapl.edu
:- (240) 228-0612
:-
:- E-Mail Response Time: 24 hrs
:-
 

------------------------------------------------------------------------------------------
Ken Laskey
MITRE Corporation, M/S H305     phone:  703-983-7934
7515 Colshire Drive                        fax:        703-983-1379
McLean VA 22102-7508