Re: [soa-rm] Policies and Contracts - notes for currently posted document

[Danny Thornton <danny_thornton2@yahoo.com>]

Hi Michael,

You provided a nice distinction between Web Service
and Service Description and I am in agreement with
almost everything you wrote in this particular e-mail.
 To help clarify description/policy/contract in the
RA, I'll give one example of a policy and a contract,
the business meaning, the relationship to the Service
Description, and the implementation mechanisms for the
policy and contract.  

Suppose business Global provides a service description
containing a policy that states the consumer of the
service should belong to a recognized government
agency. Part of using the service actually requires
invoking an action on the service with a true value
that the consumer is a recognized government agency. 
However, the service does not verify the truth of the
action.  The end result of ignoring the policy may be
that the consumer waisted their time and did not
obtain useful information for personal use. The
consumer was warned with the policy.  Global doesn't
really care if consumers violate the policy.

Global discovers that people really like its service
and that it is getting heavy usage.  Global gets
smarter about how they deal with consumers and they
incorporate an electronic mechanism to verify the
consumer belongs to a recognized government agency
(suspend the realistic impossibilities here and make
believe for a moment). Global decides to make the
policy a contract and now has a mechanism of
electronic measurability for the verification of the
assertion by the consumer.  Global and the consumer
now enter into a binding contractual agreement before
the consumer can use Global's service. 

More on the IT side of things, Global uses some Access
Management Suite of products to authorize actions by
the consumer.  Policies and/or contracts feed into
policy decision points that render authorization
decisions, the PDP doesn't distinguish between
rendering a decision for a policy versus a contract. 
For Global, the distinction between policy and
contract is only relevant at the human level where
some employed lawyer by Global or by the consumer
might take legal action for violation of a stated
contract.  

There are an infinite number of relationships and
types of enforcement a business/government may setup
that distinguish a particular policy from a contract. 


You may be interested in a discussion thread on the RA
mailing list, Jan23rd-Jan26th, where we discussed the
relationship of QoS and other possible business
contracts to the SLA.  

Danny Thornton
http://www.soamodeling.org

--- michael.poulin@uk.fid-intl.com wrote:

> Duane,
> 
> The reviewed document is from SOA-RA Wiki  from the
> ServiceView section. This certainly may not be a
> part of SOA-RM (in my response  message about David
> Linthicum, I mentioned one article I wrote in
> Sys-Con when considered SOA-RM for actual SOA
> development).
> 
> I think that Service Description is the thing which
> distinguish SOA Service from a Web Service and adds
> business meaning to the former. Since Service
> Contract is based on the Service Description, it
> becomes a concrete artifact in RA. What I try to
> achieve with this is to close the door (at least,
> shut it a little) to the populistic use of Web
> Services that expose non-service oriented IT
> artifacts into  SOA. That is, Web Services should
> not be equal to SOA because they do  not have
> business meaning, execution context, are not
> responsible for the business behavior of the service
> implementation and do not oblige service provider to
> agile with the business needs.
> Plus, Service Contract may be treated in similar way
> as Service Description (not a Policy) with regard to
> service discovery and invocation. Talking about SOA
> services that reflect business services, I would not
> invoke a service blindly, only because it is
> announced until I am sure it does not represent a
> risk to my business, i.e. I need a Service Contract
> in place.
> 
> As of Policies and Service Description/ Service
> Contract, I agree that Policies might not be the
> part of the Description/Contract text ( an
> preferably if they do not) but rather referenced in
> there. This does not preclude using them in
> WS-Policy and WS-PolicyAttachment. However,  WS !=
> SOA Service, and SOA may treat as providers as
> consumers policies, I think.
> 
> Now, service versioning is not the same as execution
> context though it is used to reflect the specific of
> the context. That is, particular version of the
> service may be used in the context A. However, the
> same version may be used in the context B but not in
> the context C. This totally depends on the consumers
> needs. Here (http://java.sys-con.com/read/250503.htm
> ) I tried to describe the SOA service versioning. 
> 
> I would be happy to present to discuss my notes in a
> telcon (I am in London, UK) but cannot do it on 28
> Feb. (I will be on vacations).
> 
> Cheers,
> - Michael
> 



 
____________________________________________________________________________________
We won't tell. Get more on shows you hate to love 
(and love to hate): Yahoo! TV's Guilty Pleasures list.
http://tv.yahoo.com/collections/265