« JCR and AtomPub
A reminder on Atom IDs »

What is SOA Governance?

February 5th, 2008

Governance is one of those terms, like ESB or SOA, that is super fun in it’s ability to be morphed into whatever you want it to be. Luckily for us (and unluckily for marketing teams everywhere), it is a bit more definable.

David Linthinicum has a good post which attempts to define what governance really is. He divides it into design time and runtime governance. Under design time he includes:

  • A registry and/or repository for the tracking of service design, management, policy, security, and testing artifacts.
  • Design tools, including service modeling, dependency tracking, policy creation and management, and other tools that assist in the design of services.
  • Deployment tools, including service deployment, typically through binding with external development environments.
  • Links to testing tools and services, providing the developer/designer the ability to create a test plan and testing scenarios, and then leverage service testing technology.

Under runtime governance he includes:

  • Service discovery
  • Service delivery
  • Security
  • Setting and maintaining appropriate service levels
  • Managing errors and exceptions
  • Enabling online upgrades and versioning
  • Service validation
  • Auditing and logging

Miko Matsumura chimes in with an interesting comment as well:

This is helpful for sure, but one of the things that’s worth pointing out is the fine research by Gartner which suggests that making an artificial distinction between design time and run time governance is potentially dangerous.

This is very true. I can think of a number of things which span both design time and run time:

  • WS-I Compliance
  • Security Policies - i.e. requiring SSL for all endpoints. Or requiring WS-Security.
  • Dependency tracking - Cluster node X depends on Service Y which depends on artifact Z.

I think its also important to keep in mind that governance != software products. Governance can potentially span a lot more as it includes a lot processes and oversight which can’t be directly enforced by software (i.e. ensuring that your services comply with local laws). I’m assuming by the inclusion of “SOA” inside the title of David’s post is an attempt to narrow this down a bit to SOA related tools. Although this begs the question - what is SOA? :)

This entry was posted on Tuesday, February 5th, 2008 at 2:50 pm and is filed under Governance.

Leave a Reply