Re: [soa-rm-ra] random and nonrandom thoughts on governance

[Don Flinn <flinn@alum.mit.edu>]

It seems to me that the purpose of governance is not to attempt to 
satisfy the expressed goals of participants and organizations, but that 
it is to attempt to constrain, direct and influence certain of their 
goals. 

Since organizations and participants can have many goals which lie 
outside the purview of governance, what are the goals that governance 
should be concerned with?  One set of goals is that which have the 
potential to do harm to any group of stakeholders or the organization 
itself.  Another set comprise those goals that would benefit the 
organization and its stakeholders.  The governance polices should 
constrain the former and support and encourage the latter. 

Since different groups of stakeholders may have conflicting goals, it is 
a responsibility of the Representative Body to choose one over the 
other.  How this is done is an implementation detail, but it is a type 
of decision that the RA should call out.

Don

Ken Laskey wrote:
> Rex,
>
> I believe we need an RA, not just a template for one.  That said, we 
> should clearly document our rationales so that others, while possibly 
> making different decisions, are aware of the decisions that need to be 
> made.  There aren't necessarily more decisions made in the governance 
> section, it is just that this is where the apparatus for making 
> /certain types of decisions/ is explicitly called out.
>
> Ken
>
> On Sep 6, 2007, at 7:17 PM, Rex Brooks wrote:
>
>> I think we're getting closer to a single diagram that captures the 
>> essence of governance, and, for me, that gets to the point of 
>> defining what the choices are for a reference architecture. It dawned 
>> on me that that set of choices shows up here, in governance, more 
>> than in other sections because this is a case where decisions are 
>> required. I think the verb "architect" as the definition of the 
>> relationship or association between "Decision Makers" and "Governance 
>> Framework" is where that happens, and for my $.02 I think the choices 
>> here define where any given RA puts its stake in the sand between the 
>> poles of the governance spectrum from Authoritative and Cooperative.
>>
>> I suggest that what we have discovered is that we are providing a 
>> template for developing a reference architecture rather than 
>> producing an exemplar RA based on the RM.
>>
>> Cheers,
>> Rex
>>
>> At 5:35 PM -0400 9/6/07, Ken Laskey wrote:
>>> I'm looking at the diagram I uploaded at the beginning of 
>>> yesterday's meeting and at the diagram Danny uploaded after the 
>>> meeting and I'm trying to merge all this with what was said during 
>>> the meeting.  
>>> Let's see where this collection of thoughts takes me (and you hearty 
>>> enough to read on).
>>>
>>> I started with the diagrams but then got stuck on Bob's thoughts on 
>>> governance where there is one "type" that has overriding authority 
>>> and another "type" where somewhat independent groups work together .  
>>> We've often talk about this as within enterprises and across 
>>> enterprises but for this discussion I'd like to call them 
>>> Authoritative and Cooperative.  How do these fit with the diagrams?  
>>> Well, they could be subclasses of Governance but I think they may 
>>> more appropriately be at (or near) the ends of a (maybe continuous, 
>>> maybe stepwise) spectrum.  We'll see where that goes later.
>>>
>>> To back up a second, note that my diagram has Participants agreeing 
>>> to Governance and Danny has Governance having jurisdiction over 
>>> Participants.  After a chuckle or two, I think these can work 
>>> together because part of what the participant agrees to is being 
>>> under a jurisdiction.  Participants can remove themselves from a 
>>> jurisdiction by moving in some physical sense (e.g. where you live 
>>> or where you work) or by selectively ignoring the Governance (e.g. 
>>> outright defiance or the time honored approach of slow-rolling).  
>>> This doesn't cover being born in an authoritarian (note difference 
>>> with authoritative) regime and having no escape, but for SOA I think 
>>> we can consider that an edge case.
>>>
>>> So I start with Participants who may be members of Organizations.  I 
>>> could just note that an Organization can be a Participant and do 
>>> away with this but I wanted to show (although didn't include the 
>>> cardinality) that a Participant can be a member of more than one 
>>> Organization and both the Participant and the Organization can (and 
>>> do) come under multiple sets of Governance Processes (yes, it should 
>>> probably be plural in my diagram).
>>>
>>> While we're at subclasses of Participant, Danny has Decision Makers 
>>> as a subclass and these entities do all the governance work.  I 
>>> don't think this is accurate because it isn't always "decision 
>>> makers" that express Goals.  Participants can act as individuals or 
>>> representatives of organizations.  If representing an organization, 
>>> they probably act with some level of cognizance by Decision Makers 
>>> but the specifics (at least at some level of detail) may not 
>>> (probably not?) have Decision Makers review.  I would say the whole 
>>> Participant/Decision Maker combination is demonstrated by Working 
>>> Group/TC participants.  On the other hand, I see a correspondence 
>>> between Danny's Decision Makers and my Representative Body, so let's 
>>> not downplay it too quickly.  (Note, I am no more ond of Decision 
>>> Makers than I was of Representative Body.  Any other suggestions?)
>>>
>>> So let's get back to Authoritative and Cooperative Governance.  With 
>>> Authoritative governance, there is a recognized entity who should be 
>>> running things.  This says nothing about whether the recognized 
>>> entity is officially blessed or whether it is particularly 
>>> effective.  The recognized entity is almost certainly a Participant 
>>> and a Decision Maker.
>>>
>>> With Cooperative governance, the independent entities agree to a 
>>> Governance Framework under which there will be Governance Processes, 
>>> and the collection of independent entities form the Decision Makers.  
>>> Actually, the collection becomes the recognized entity of the 
>>> Authoritative governance.
>>>
>>> Is it appropriate to say that any Governance requires cooperation 
>>> and the question of authoritative is really authoritative to whom 
>>> and can you make decisions (reflected through Rules and Policies) 
>>> stick?  If this is true, a single governance diagram covers both 
>>> cases without either being explicitly represented in the diagram.
>>>
>>> Some other notes on Danny's diagram:
>>> - My intent for Governance Framework is it would form the structure 
>>> for the Governance Processes rather than "support" it.
>>> - Management needs to have more than knowledge of policy; it has to 
>>> provide direction for Management.
>>>
>>> With respect to Bob's question of where functions fit in, there are 
>>> processes for performing functions and rules and regulations that 
>>> provide details.  The operational how falls to management.  That 
>>> said, I don't think functions get added to the diagrams but can be 
>>> included in the accompanying text.
>>>
>>> Something captured in my diagram I don't think appears in others is 
>>> the idea that participants create local management to create local 
>>> rules and regulations in addition to those that may be created more 
>>> globally.  Thus, Management Body is instantiated at multiple levels.
>>>
>>> While writing this, I have been modifying my diagram to capture 
>>> these and other thoughts.  The result so far is no additional 
>>> classes but many additional relationships.  I think it is an 
>>> improvement but YMMV.
>>>
>>> One final thing: processes for assessing and enforcing compliance 
>>> have to be part of the Governance Processes and the particulars are 
>>> defined by Rules and Regulations.  This includes adjudication, from 
>>> voluntary negotiation to no-nonsense enforcement.  Compliance is 
>>> with Rules and Regulation, not Policy; here, I define Policy as 
>>> statements of what you want to occur whereas Rules and Regulations 
>>> supply the metrics on which compliance is evaluated.  Now  the last 
>>> couple sentences may form the basis of a couple more lines on the 
>>> attached diagram, but frankly at the moment I'm not up to adding them.
>>>
>>> Diagram is attached for those who can see it directly.  For others, 
>>> I'll upload to OASIS.
>>>
>>> Ken
>>>
>>> ?
>>>
>>> ------------------------------------------------------------------------------------------
>>> Ken Laskey
>>> MITRE Corporation, M/S H305     phone:  703-983-7934
>>> 7515 Colshire Drive                        fax:        703-983-1379
>>> McLean VA 22102-7508
>>>
>>> I'm looking at the diagram I uploaded at the beginning of 
>>> yesterday's meeting and at the diagram Danny uploaded after the 
>>> meeting and I'm trying to merge all this with what was said during 
>>> the meeting.  Let's see where this collection of thoughts takes me 
>>> (and you hearty enough to read on).
>>>
>>> I started with the diagrams but then got stuck on Bob's thoughts on 
>>> governance where there is one "type" that has overriding authority 
>>> and another "type" where somewhat independent groups work together 
>>> .  We've often talk about this as/ within enterprises/ and/ across 
>>> enterprises/ but for this discussion I'd like to call them 
>>> Authoritative and Cooperative.  How do these fit with the diagrams?  
>>> Well, they could be subclasses of Governance but I think they may 
>>> more appropriately be at (or near) the ends of a (maybe continuous, 
>>> maybe stepwise) spectrum.  We'll see where that goes later.
>>>
>>> To back up a second, note that my diagram has Participants/ 
>>> agreeing/ to Governance and Danny has Governance 
>>> having /jurisdiction over/ Participants.  After a chuckle or two, I 
>>> think these can work together because part of what the participant 
>>> agrees to is being under a jurisdiction.  Participants can remove 
>>> themselves from a jurisdiction by moving in some physical sense 
>>> (e.g. where you live or where you work) or by selectively ignoring 
>>> the Governance (e.g. outright defiance or the time honored approach 
>>> of slow-rolling).  This doesn't cover being born in an authoritarian 
>>> (note difference with authoritative) regime and having no escape, 
>>> but for SOA I think we can consider that an edge case.
>>>
>>> So I start with Participants who may be members of Organizations.  I 
>>> could just note that an Organization can be a Participant and do 
>>> away with this but I wanted to show (although didn't include the 
>>> cardinality) that a Participant can be a member of more than one 
>>> Organization and both the Participant and the Organization can (and 
>>> do) come under multiple sets of Governance Processes (yes, it should 
>>> probably be plural in my diagram).
>>>
>>> While we're at subclasses of Participant, Danny has Decision Makers 
>>> as a subclass and these entities do all the governance work.  I 
>>> don't think this is accurate because it isn't always "decision 
>>> makers" that express Goals.  Participants can act as individuals or 
>>> representatives of organizations.  If representing an organization, 
>>> they probably act with some level of cognizance by Decision Makers 
>>> but the specifics (at least at some level of detail) may not 
>>> (probably not?) have Decision Makers review.  I would say the whole 
>>> Participant/Decision Maker combination is demonstrated by Working 
>>> Group/TC participants.  On the other hand, I see a correspondence 
>>> between Danny's Decision Makers and my Representative Body, so let's 
>>> not downplay it too quickly.  (Note, I am no more ond of/ Decision 
>>> Makers/ than I was of/ Representative Body/.  Any other suggestions?)
>>>
>>> So let's get back to Authoritative and Cooperative Governance.  With 
>>> Authoritative governance, there is a/ recognized entity/who should 
>>> be running things.  This says nothing about whether the recognized 
>>> entity is officially blessed or whether it is particularly 
>>> effective.  The recognized entity is almost certainly a Participant 
>>> and a Decision Maker.
>>>
>>> With Cooperative governance, the independent entities agree to a 
>>> Governance Framework under which there will be Governance Processes, 
>>> and the collection of independent entities form the Decision 
>>> Makers.  Actually, the collection becomes the recognized entity of 
>>> the Authoritative governance.
>>>
>>> Is it appropriate to say that any Governance requires cooperation 
>>> and the question of authoritative is really authoritative to whom 
>>> and can you make decisions (reflected through Rules and Policies) 
>>> stick?  If this is true, a single governance diagram covers both 
>>> cases without either being explicitly represented in the diagram.
>>>
>>> Some other notes on Danny's diagram:
>>> - My intent for Governance Framework is it would form the structure 
>>> for the Governance Processes rather than "support" it.
>>> - Management needs to have more than knowledge of policy; it has to 
>>> provide direction for Management.
>>>
>>> With respect to Bob's question of where functions fit in, there are 
>>> processes for performing functions and rules and regulations that 
>>> provide details.  The operational how falls to management.  That 
>>> said, I don't think functions get added to the diagrams but can be 
>>> included in the accompanying text.
>>>
>>> Something captured in my diagram I don't think appears in others is 
>>> the idea that participants create local management to create local 
>>> rules and regulations in addition to those that may be created more 
>>> globally.  Thus, Management Body is instantiated at multiple levels.
>>>
>>> While writing this, I have been modifying my diagram to capture 
>>> these and other thoughts.  The result so far is no additional 
>>> classes but many additional relationships.  I think it is an 
>>> improvement but YMMV.
>>>
>>> One final thing: processes for assessing and enforcing compliance 
>>> have to be part of the Governance Processes and the particulars are 
>>> defined by Rules and Regulations.  This includes adjudication, from 
>>> voluntary negotiation to no-nonsense enforcement.  Compliance is 
>>> with Rules and Regulation, not Policy; here, I define Policy as 
>>> statements of what you want to occur whereas Rules and Regulations 
>>> supply the metrics on which compliance is evaluated.  Now  the last 
>>> couple sentences may form the basis of a couple more lines on the 
>>> attached diagram, but frankly at the moment I'm not up to adding them.
>>>
>>> Diagram is attached for those who can see it directly.  For others, 
>>> I'll upload to OASIS.
>>>
>>> Ken
>>>
>>> <a0624084dc306377e6029>
>>>
>>>
>>> ------------------------------------------------------------------------------------------
>>>
>>> Ken Laskey
>>> MITRE Corporation, M/S H305     phone:  703-983-7934
>>> 7515 Colshire Drive                        fax:        703-983-1379
>>> McLean VA 22102-7508
>>>
>>>
>>>
>>> Content-Id: <41EBD2F9-3D1B-4427-A295-202A421A2E44@mitre.org 
>>> <mailto:41EBD2F9-3D1B-4427-A295-202A421A2E44@mitre.org>>
>>> Content-Type: image/png;
>>>     x-unix-mode=0644;
>>>        name=governance 20070906.png
>>> Content-Disposition: inline;
>>>         filename="governance 20070906.png"
>>>
>>> Attachment converted: Macintosh HD:smime 555.p7s (    /    ) (0030A6EB)
>>
>>
>> -- 
>>     
>> Rex Brooks
>> President, CEO
>> Starbourne Communications Design
>> GeoAddress: 1361-A Addison
>> Berkeley, CA 94702
>> Tel: 510-898-0670
>>
>
> -----------------------------------------------------------------------------
> Ken Laskey
> MITRE Corporation, M/S H305      phone: 703-983-7934
> 7151 Colshire Drive                         fax:       703-983-1379
> McLean VA 22102-7508
>
>
>
>


-- 
Don Flinn
President
Mansurus LLC
e-mail: flinn@alum.mit.edu
Tel: 781-856-7230
http://mansurus.com