OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [soa-rm-ra] Comments on the nature of governance

Some comments inline and a suggestion for a simplified diagram.


Ken

On Aug 15, 2007, at 4:24 PM, Francis McCabe wrote:

I think that the governance section needs to be more architectural in nature.

I suggest the folowing outline:

1. A short intro on what governance is:
   What is governance, what are the issues, who are the stakeholders.
   Why is it important?
   What is the relationship to management
   How multi-ownership domains affects those pieces and maybe puts
natural limits on authority
      specifically point out differences (at least in our opinion) vs. single standalone system

2. What are the key pieces that need to be put into place:
   Structure of explicit rules/constitution, the idea of there being organs of control.
      Rather than "organs of control", think in terms of well known entities through which globally applicable governance framework is established and then more locally how use of framework is kept in compliance.  (See more a few lines down on enforcement.)

What are the levers of those organs (policies, roles, powers, authorities and responsibilities)   
   Policies for versioning and CM.
   Monitoring, i.e. you can't govern what you can't measure.
   Governance standards, e.g. pieces of a framework developed by larger and for which there is wide buy-in (i.e. deriving their just power from the consent of the governed)

   Measurement infrastructure analytics, policy violations, policy conflicts
   Enforcement infrastructure: policy enforcement points, meta-policies
      The only real enforcement mechanism is locally restriction on whether external service can be accessed, e.g. blocking message to a restricted service.  Eventually have accepted (across ownership domains) on principles by which a service can be blocked.  Eventually, a representative governance body may be formed to codify such principles/policies but it is unlikely an effective body can be formed before there is an explicit problem for which there is no better response.

   The inputs to the organs of control
       More challenging is decisions about processes through which specifics established.


: decisions about Standards and other regulatory influences, conflicts between participants.
   What kind of cross-organizational entities are important in the
context of a multi-domain SOA-based system. What kind of entities exist within an organization.
   Previous comments touch on these.


3. More elaboration on the relationship to management as one of
enforcement (and hence implementation of governance) This is where
material on policies and contracts as descriptions of governance
intentions could link things together nicely.
   This will be tough to write about architecture and not have a treatise on governance because so little has really been established.  To what extent is a treatise justified and needed?


4. The specific features of the relationship between regulatory
authorities and any governance structure. Something that draws out the links between internal authority within the realm and external
authority. (e.g., I have to ask you to follow these processes because of my obligations under SOX).

Also, we need to base the model on a diagram. This was my diagram:
<Governance Model.png>

-----------------------------------------------------------------------------
Ken Laskey
MITRE Corporation, M/S H305      phone: 703-983-7934
7151 Colshire Drive                         fax:       703-983-1379
McLean VA 22102-7508

smime.p7s

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]