Steps to SOA No. 6: Start Tackling Governance
Particularly in large enterprises, managing service interface definitions and deciding who is responsible for what pose the biggest challenges.
Thu, July 10, 2008
InfoWorld — Registries are more than just containers in which services can be described by metadata and discovered by clients and other services. They are also centers of SOA governance, where IT can list human service owners, manage versioning, ensure compliance with enterprise requirements, and more. The sooner you start thinking about how governance will work, the better.
Governance is best defined as a combination of workflow rules—who is responsible for what services, what happens when quality assurance uncovers problems, and so on—plus management of service interface definitions. Those definitions become an analogue of an IT org chart gradually transformed by the disruptive effect of SOA. “The strongest way to look at your service interfaces is that they are the design of your business,” says Randy Heffner, vice president at Forrester Research. “They deserve attention and governance as much as the design of your business does.”
SOA is fundamentally a new paradigm of IT, according to a technology exec at a major financial conglomerate who asked not to be named. “When you increase dependency and complexity, it presents a whole new set of problems,” the tech exec says. “The more SOA is successful, the more management becomes a problem.” This exec believes that governance should be distributed rather than centralized, in a manner similar to the relationships among federal, state, and local government in a democracy. And he means that literally: He is currently studying The Federalist Papers for insight.
In 2004, The Hartford formed an enterprise architecture group to put a “governance process around projects,” according to Moreland. In the beginning, he says, the governance process was all about communication. “We had architects talking together for the first time that were really solving the same problems, but in different lines of business. Now we’re to the point where we will actually stop a project if it does not conform to the reference architecture or the line-of-business blueprint. And we have the authority from upper management to be able to do that.”
Moreland provides a specific example of the types of problems good governance can avoid. Recently, one business unit of The Hartford published a useful service in the proper SOAP format. A different area of the business applied to use that service but also requested that the service return two additional data values within the XML. “The owner of that first service … said, ‘I don’t have the funding or the budget or the resources to do that. I’m tied up with other stuff,’ “ Moreland recalls. In such a case, he says, good governance stipulates that the service in question should be owned by a group with a dedicated team that can maintain and modify it for the entire enterprise.
Eric Knorr is executive editor at large at InfoWorld. Oliver Rist is senior contributing editor of the InfoWorld
