1. Giving specific guidance for the kinds of groups that would offer control seems to 'technology-specific' to me. I think something like a 'policy originating' entity is more to the core of the matter then governance standards setting groups/people. Whatever the shape of that organ is, they will need means of recording policy choices, promulgating them, enforcing them etc. etc.
2. On the other hand, I think that something needs to be recorded about the relationships between the different policy setting elements. I think that the concept of provenance is critical to the smooth functioning of any governance mechanism. (E.g., I am deciding that we shall use SOAP 3.0 because I am the CTO and because deciding this kind of technical standard is both within my competence and authority.)
Some comments inline and a suggestion for a simplified diagram.
Ken
On Aug 15, 2007, at 4:24 PM, Francis McCabe wrote:
I think that the governance section needs to be more architectural in nature.
I suggest the folowing outline:
1. A short intro on what governance is:
What is governance, what are the issues, who are the stakeholders.
Why is it important?
What is the relationship to management
How multi-ownership domains affects those pieces and maybe puts
natural limits on authority
specifically point out differences (at least in our opinion) vs. single standalone system
2. What are the key pieces that need to be put into place:
Structure of explicit rules/constitution, the idea of there being organs of control.
Rather than "organs of control", think in terms of well known entities through which globally applicable governance framework is established and then more locally how use of framework is kept in compliance. (See more a few lines down on enforcement.)
What are the levers of those organs (policies, roles, powers, authorities and responsibilities)
Policies for versioning and CM.
Monitoring, i.e. you can't govern what you can't measure.
Governance standards, e.g. pieces of a framework developed by larger and for which there is wide buy-in (i.e. deriving their just power from the consent of the governed)
Measurement infrastructure analytics, policy violations, policy conflicts
Enforcement infrastructure: policy enforcement points, meta-policies
The only real enforcement mechanism is locally restriction on whether external service can be accessed, e.g. blocking message to a restricted service. Eventually have accepted (across ownership domains) on principles by which a service can be blocked. Eventually, a representative governance body may be formed to codify such principles/policies but it is unlikely an effective body can be formed before there is an explicit problem for which there is no better response.
The inputs to the organs of control
More challenging is decisions about processes through which specifics established.
: decisions about Standards and other regulatory influences, conflicts between participants.
What kind of cross-organizational entities are important in the
context of a multi-domain SOA-based system. What kind of entities exist within an organization.
Previous comments touch on these.
3. More elaboration on the relationship to management as one of
enforcement (and hence implementation of governance) This is where
material on policies and contracts as descriptions of governance
intentions could link things together nicely.
This will be tough to write about architecture and not have a treatise on governance because so little has really been established. To what extent is a treatise justified and needed?
4. The specific features of the relationship between regulatory
authorities and any governance structure. Something that draws out the links between internal authority within the realm and external
authority. (e.g., I have to ask you to follow these processes because of my obligations under SOX).
Also, we need to base the model on a diagram. This was my diagram:
<Governance Model.png>
-----------------------------------------------------------------------------
Ken Laskey
MITRE Corporation, M/S H305 phone: 703-983-7934
7151 Colshire Drive fax: 703-983-1379
McLean VA 22102-7508