1. Ken Laskey, co-editor 5th SOA for E-Government Conference 1 May 2008
Governance Excerpt from Reference Architecture for SOA (OASIS SOA-RM TC work in-progress)
Ken Laskey, co-editor
5th SOA for E-Government Conference
1 May 2008

2. OASIS SOA-RM TC Work SOA Reference Model SOA Reference Architecture
Became OASIS Standard October 12, 2006
SOA Reference Architecture
Work in progress
First Public Review awaiting OASIS processing

3. What is a Reference Model
An abstract framework for understanding significant relationships among the entities of some environment.
Consists of a minimal set of unifying concepts, axioms and relationships within a particular problem domain.
Is independent of specific standards, technologies, implementations, or other concrete details.

4. Reference Model for SOA
It’s an OASIS Standard

5. What is a “Reference Architecture”?
(vs.) Reference Model
Models the abstract architectural elements in the domain independent of the technologies, protocols, and products that are used to implement the domain
Describes the important concepts and relationships in the domain focusing on what distinguishes the elements of the domain
A reference architecture elaborates further on the reference model to show a more complete picture of what is involved in realizing the modeled entities

6. Where the RA fits

7. What is the SOA RA?
The SOA Reference Architecture is an architectural description that documents (or describes) the abstract architectural elements of SOA-based systems
It focuses on the elements and their relationships needed to enable SOA-based systems to be used, realized, and owned – where part of the ownership consideration is governance

8. SOA Governance Model - Motivating Governance
SOA governance builds off general governance concepts
Participants have Goals and agree to Governance that will improve likelihood that an overlapping subset of the individual goals will be achieved
Governance, as expressed through Policies, attempts to satisfy the common goals
A minimal degree of agreement often presages participants who “slow-roll” if not actively reject complying with Policies that express the specifics of Governance

9. SOA Governance Model - Setting Up Governance
Leadership critical to initiate and champion Governance
Policies are means to realizing Goals
Compliance is required
Leadership sets up Governance Framework and Governance Processes
Unambiguous, consistent, and fair actions
Sufficient input on issues
Defined in charter and accepted by Participants

10. SOA Governance Model - Carrying Out Governance
Example
Policy: all authorized parties should have access to data
Rule: PKI certificates are required to establish identity of authorized parties
Regulation: Recognized PKI issuing body and procedures
Rules and Regulations provide operational constraints which may require resource commitments or other levies on the Participants
Participants having agreed to charter are then bound to comply with Rules and Regulations

11. SOA Governance Model Ensuring Compliance
You cannot govern what you cannot measure
As everyone must knows the rules, everyone must have access to metrics that define compliance
Management can use Metrics to identify exemplars of compliance and Leadership can provide options for rewarding the Participants

12. How SOA Governance is Different
SOA governance is organization of services that
promotes their visibility
facilitates interaction among service participants
enforces that the results of service interactions are
those real world effects as described within the service description
constrained by policies and contracts as assembled in the execution context
SOA governance must specifically account for control across different ownership domains
All the participants may not be under the jurisdiction of a single governance authority
Participants must agree to recognize authority of the Governance Body, operate within the Governance Framework and through the Governance Processes

13. What Needs to be Governed
SOA infrastructure – the “plumbing” that provides utility functions that enable and support the use of the service
Service inventory – the requirements on a service to permit it to be accessed within the infrastructure
Participant interaction – the consistent expectations with which all participants are expected to comply

14. What Needs to be Governed - SOA Infrastructure
Must be stable, reliable, extremely robust to all operating conditions
Usable in dependable and predictable ways

15. What Needs to be Governed - Service Inventory
Define concept of “well-behaved” services
Sufficient metrics to be collected to know:
how a service affects the SOA infrastructure
whether a service complies with infrastructure policies
Identify required attributes to describe a service
Consumer can decide whether service is sufficient for intended use
Include extensibility for adding new attributes as needed

16. What Needs to be Governed - Participant Interaction
Services adhere to service interface and service reachability parameters
Require that the result of an interaction MUST correspond to:
Real world effects as contained in service description
Policy agreements as documented in the execution context

17. Other Consideration - Standards
Identify minimum set needed
Expand and evolve the mandated set in a predictable manner
Sufficient guidance so that new services will be able to coexist as much as possible with the old
Changes to standards do not cause major disruptions
Implies choose your standards carefully

18. Governance vs. Management of SOA-based systems
Governance about how decisions are made
Management is about how decisions are realized
Nested – management at one level is governance at another
Parallel - several governance chains may be relevant concurrently