OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Fwd: [soa-rm-ra] RA ftf thoughts on governance


As a follow-on to my previous email on governance, here is the August summary of our discussion.

Begin forwarded message:

From: Ken Laskey <klaskey@mitre.org>
Date: August 17, 2006 8:01:39 AM EDT
Subject: [soa-rm-ra] RA ftf thoughts on governance

While various uploads to Kavi comprise the minutes of the RA SC face-to-face meeting, this summary of the governance discussion is being compiled in addition to the minutes because the proposed approach differs somewhat from the typical SOA conclusions.  Thus, governance will be a focus of an upcoming telecon and this summary provides a starting point.
 
The ftf discussion began with the question: What does it mean to have governance across ownership boundaries?  One aspect is management, and per an earlier email suggestion, a management section has been added to the wiki draft to begin to reflect this separation.  In general, governance reflects what some authority wants to happen, e.g. policies, and management provides the details and mechanisms by which policy becomes reality.  Much of the management-focused material in the current governance write-up will likely migrate to the management section, including the appropriate parts dealing with life cycle considerations.
 
In general, governance should be a function of what one wants to accomplish, and thus while SOA should leverage existing structures and best practices, it should not adopt approaches developed for single systems in a single ownership domain if these would significantly inhibit or even preclude the benefits we expect from SOA.  Governance for SOA, both development and enforcement,  is likely to parallel governance for traditional commerce.  This leads to the following conclusions:
 
1. There will be a range of governance depending on the perceived needs of the participants.  In a free market, a dominant mechanism is the satisfaction of the consumer, i.e. if consumers do not find sufficient value in an offering, the product is not used and will either be modified to better serve its intended audience or it will disappear.  One can see this with numerous consumer products and with shareware on the Web.  There is little if any governance, and this will likely serve similar situations for SOA where experience with fitness for use is the dominant governance mechanism.
 
Even with the market, there are situations where market feedback is not considered sufficient in terms of speed, precision, or need to mitigate effects.  This is seen where there are health and safety considerations, such as advance approval of new drugs.  Alternately, there are intermediate situations, for example the automobile industry, where the market is the dominant governance mechanism but a third party, i.e. some level of government, intervenes where health or safety is an issue.  Further discussion on this is included under item 3 below.
 
The conclusion then is there is not a one-size-fits-all governance but a need to understand the types of things governance will be called on to do in the context of the goals of SOA.  It is likely that some communities will initially desire and require very stringent governance policies and procedures while other will see need for very little.  Over time, best practices will evolve, likely resulting in some consensus on a sensible minimum and, except in extreme cases where it is demonstrated to be necessary, a loosening of strict governance toward the best practice mean.
 
2. Whatever level of governance is chosen, it must have effective enforcement, including collection of and access to information needed for enforcement.  At a basic level, this requires a relatively free flow of information on consumer experience so prospective consumers can determine whether a given resource available through a SOA implementation provides described functionality and robustness consistent with consumer expectations.  Again, the need for enforcement depends on the importance, e.g. life criticality, of the resource.  If a resource is free of charge and is generally available to provide some useful but non-critical function, its mere availability may be sufficient and little if any governance or associated enforcement is necessary.  For something where there is advance arrangement for the service, e.g. a subscription service, information is likely needed to document availability and form the basis for penalties as prescribed by applicable enforceable policy.  If the service is important, reporting may be more critical than penalties because there will be an imperative for understanding and fixing any problem that occurs.
 
The conclusion then is enforcement is likely dependent on available information (metrics?) and the enforcement mechanism should be consistent with the level of governance perceived as needed.  Some aspects of enforcement fall under management.
 
3. Regulatory governance likely to evolve to reflect perceived needs of stakeholders, including non-participatory stakeholders and regulatory governance of the Commons.
 
Governance as grounds for mediation of differences between participants.
Governance to codify consensus behavior between participants.
Governance to protect participants.
Governance to protect non-participants from side effects.
Governance to protect the Commons.
 
SOA provides an interesting example where we are trying to prescribe governance for something that in many cases does not yet exist.  We are trying to use past experience to deal with anticipated needs and requirements.  From a historical context, governance concepts evolved first to provide grounds for mediation of differences between participants, and later to codify consensus behavior between participants and protect the participants from damaging behavior of one of the parties.  The enforcement mechanism could be any agreed upon third party who had was given authority over the participants or later some governmental body that also generated the policy to be enforced.  In any case, the enforcement mechanism was answerable to that body’s stakeholders.  When government is the enforcement mechanism, the stakeholders include not only the immediate participants but other non-participatory stakeholders who may be affected by side effects of the primary interaction.  The RM gives examples of real world effects that go beyond the immediate public actions, such as a change in credit rating after getting a loan for a large purchase.  In a society, perceived effects on the well being of the general population (the non-participatory stakeholders) often lead to additional policies and enforcement, such as environmental standards.  The intent of such governance is to protect and regulate behavior that affects the Commons, the resources under the ownership or protection of society as a whole.
 
The conclusion then is governance by third parties, whether through government or other agreed upon organization, is likely to develop and have significant effect on the overall governance of SOA.



------------------------------------------------------------------------------------------

Ken Laskey

MITRE Corporation, M/S H305     phone:  703-983-7934

7515 Colshire Drive                        fax:        703-983-1379

McLean VA 22102-7508




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]