I'm looking at the diagram I uploaded at the beginning of yesterday's meeting and at the diagram Danny uploaded after the meeting and I'm trying to merge all this with what was said during the meeting. Let's see where this collection of thoughts takes me (and you hearty enough to read on).
I started with the diagrams but then got stuck on Bob's thoughts on governance where there is one "type" that has overriding authority and another "type" where somewhat independent groups work together . We've often talk about this as within enterprises and across enterprises but for this discussion I'd like to call them Authoritative and Cooperative. How do these fit with the diagrams? Well, they could be subclasses of Governance but I think they may more appropriately be at (or near) the ends of a (maybe continuous, maybe stepwise) spectrum. We'll see where that goes later.
To back up a second, note that my diagram has Participants agreeing to Governance and Danny has Governance having jurisdiction over Participants. After a chuckle or two, I think these can work together because part of what the participant agrees to is being under a jurisdiction. Participants can remove themselves from a jurisdiction by moving in some physical sense (e.g. where you live or where you work) or by selectively ignoring the Governance (e.g. outright defiance or the time honored approach of slow-rolling). This doesn't cover being born in an authoritarian (note difference with authoritative) regime and having no escape, but for SOA I think we can consider that an edge case.
So I start with Participants who may be members of Organizations. I could just note that an Organization can be a Participant and do away with this but I wanted to show (although didn't include the cardinality) that a Participant can be a member of more than one Organization and both the Participant and the Organization can (and do) come under multiple sets of Governance Processes (yes, it should probably be plural in my diagram).
While we're at subclasses of Participant, Danny has Decision Makers as a subclass and these entities do all the governance work. I don't think this is accurate because it isn't always "decision makers" that express Goals. Participants can act as individuals or representatives of organizations. If representing an organization, they probably act with some level of cognizance by Decision Makers but the specifics (at least at some level of detail) may not (probably not?) have Decision Makers review. I would say the whole Participant/Decision Maker combination is demonstrated by Working Group/TC participants. On the other hand, I see a correspondence between Danny's Decision Makers and my Representative Body, so let's not downplay it too quickly. (Note, I am no more ond of Decision Makers than I was of Representative Body. Any other suggestions?)
So let's get back to Authoritative and Cooperative Governance. With Authoritative governance, there is a recognized entity who should be running things. This says nothing about whether the recognized entity is officially blessed or whether it is particularly effective. The recognized entity is almost certainly a Participant and a Decision Maker.
With Cooperative governance, the independent entities agree to a Governance Framework under which there will be Governance Processes, and the collection of independent entities form the Decision Makers. Actually, the collection becomes the recognized entity of the Authoritative governance.
Is it appropriate to say that any Governance requires cooperation and the question of authoritative is really authoritative to whom and can you make decisions (reflected through Rules and Policies) stick? If this is true, a single governance diagram covers both cases without either being explicitly represented in the diagram.
Some other notes on Danny's diagram:
- My intent for Governance Framework is it would form the structure for the Governance Processes rather than "support" it.
- Management needs to have more than knowledge of policy; it has to provide direction for Management.
With respect to Bob's question of where functions fit in, there are processes for performing functions and rules and regulations that provide details. The operational how falls to management. That said, I don't think functions get added to the diagrams but can be included in the accompanying text.
Something captured in my diagram I don't think appears in others is the idea that participants create local management to create local rules and regulations in addition to those that may be created more globally. Thus, Management Body is instantiated at multiple levels.
While writing this, I have been modifying my diagram to capture these and other thoughts. The result so far is no additional classes but many additional relationships. I think it is an improvement but YMMV.
One final thing: processes for assessing and enforcing compliance have to be part of the Governance Processes and the particulars are defined by Rules and Regulations. This includes adjudication, from voluntary negotiation to no-nonsense enforcement. Compliance is with Rules and Regulation, not Policy; here, I define Policy as statements of what you want to occur whereas Rules and Regulations supply the metrics on which compliance is evaluated. Now the last couple sentences may form the basis of a couple more lines on the attached diagram, but frankly at the moment I'm not up to adding them.
Diagram is attached for those who can see it directly. For others, I'll upload to OASIS.
MITRE Corporation, M/S H305 phone: 703-983-7934
7515 Colshire Drive fax: 703-983-1379
McLean VA 22102-7508