[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm-ra] Comments on the nature of governance
Ken: Two things stand out for me (which was one of the reasons I picked the term organs of control) 1. Giving specific guidance for the kinds of groups that would offer control seems to 'technology-specific' to me. I think something like a 'policy originating' entity is more to the core of the matter then governance standards setting groups/people. Whatever the shape of that organ is, they will need means of recording policy choices, promulgating them, enforcing them etc. etc. 2. On the other hand, I think that something needs to be recorded about the relationships between the different policy setting elements. I think that the concept of provenance is critical to the smooth functioning of any governance mechanism. (E.g., I am deciding that we shall use SOAP 3.0 because I am the CTO and because deciding this kind of technical standard is both within my competence and authority.) Frank On Aug 21, 2007, at 9:00 PM, Ken Laskey wrote: > Some comments inline and a suggestion for a simplified diagram. > > > > Ken > > On Aug 15, 2007, at 4:24 PM, Francis McCabe wrote: > >> I think that the governance section needs to be more architectural >> in nature. >> >> I suggest the folowing outline: >> >> 1. A short intro on what governance is: >> What is governance, what are the issues, who are the stakeholders. >> Why is it important? >> What is the relationship to management >> How multi-ownership domains affects those pieces and maybe puts >> natural limits on authority > specifically point out differences (at least in our opinion) > vs. single standalone system >> >> 2. What are the key pieces that need to be put into place: >> Structure of explicit rules/constitution, the idea of there >> being organs of control. > Rather than "organs of control", think in terms of well known > entities through which globally applicable governance framework is > established and then more locally how use of framework is kept in > compliance. (See more a few lines down on enforcement.) > >> What are the levers of those organs (policies, roles, powers, >> authorities and responsibilities) > Policies for versioning and CM. > Monitoring, i.e. you can't govern what you can't measure. > Governance standards, e.g. pieces of a framework developed by > larger and for which there is wide buy-in (i.e. deriving their just > power from the consent of the governed) > >> Measurement infrastructure analytics, policy violations, policy >> conflicts >> Enforcement infrastructure: policy enforcement points, meta- >> policies > The only real enforcement mechanism is locally restriction on > whether external service can be accessed, e.g. blocking message to > a restricted service. Eventually have accepted (across ownership > domains) on principles by which a service can be blocked. > Eventually, a representative governance body may be formed to > codify such principles/policies but it is unlikely an effective > body can be formed before there is an explicit problem for which > there is no better response. > >> The inputs to the organs of control > More challenging is decisions about processes through which > specifics established. > > >> : decisions about Standards and other regulatory influences, >> conflicts between participants. >> What kind of cross-organizational entities are important in the >> context of a multi-domain SOA-based system. What kind of entities >> exist within an organization. > Previous comments touch on these. > >> >> 3. More elaboration on the relationship to management as one of >> enforcement (and hence implementation of governance) This is where >> material on policies and contracts as descriptions of governance >> intentions could link things together nicely. > This will be tough to write about architecture and not have a > treatise on governance because so little has really been > established. To what extent is a treatise justified and needed? > >> >> 4. The specific features of the relationship between regulatory >> authorities and any governance structure. Something that draws out >> the links between internal authority within the realm and external >> authority. (e.g., I have to ask you to follow these processes >> because of my obligations under SOX). >> >> Also, we need to base the model on a diagram. This was my diagram: >> <Governance Model.png> > > ---------------------------------------------------------------------- > ------- > Ken Laskey > MITRE Corporation, M/S H305 phone: 703-983-7934 > 7151 Colshire Drive fax: 703-983-1379 > McLean VA 22102-7508 > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]