Q

Implementing governance

In this expert response, Toufic Boubez clarifies confusion about implementing governance.

This Content Component encountered an error
I've been reading a lot about governance lately, but I'm confused on what sort of technical infrastructure I'll need to support it. Are there different combinations I can consider? Is there a logical starting point?

Let me just state up front that you're not the only one who's confused about governance, especially around SOA or Web services. The term governance is being used a little bit everywhere these days and has become very overloaded. In various presentations and papers I have tried to define the term based on the concept of corporate governance. To me, governance of an entity is the set of processes and policies that give visibility into...

and provide accountability for that entity. So for SOA, let's define it as the set of processes that enable the definition, deployment, management, enforcement and compliance audit of corporate policies. I know that's long-winded, but I haven't seen anything that I like better.

Now, in terms of technology, every functional element in that list (definition, enforcement, audit, etc.) will probably require some corresponding infrastructure element. So, how and where do you start? I won't get into a discussion about the benefits of Big Design Up Front (BDUF) or Big Requirements Up Front (BRUF) or other philosophical diversions. Instead I'm going to go by what I've seen in the marketplace so far over the last couple of years. For a typical SOA roadmap, authoring, deploying and enforcing security policies has been the first step towards governance. This is because most SOA roadmaps I have seen are decidedly not BDUF/BRUF: Organizations typically deploy a limited set of Web services for a very specific and narrowly scoped project. Security, access control, privacy and confidentiality issues are typically dealt with at this stage. Logging and auditing requirements for Web services transactions are also typically included. Although hardware based XML acceleration is also usually bundled into some of these requirements, it is not a governance issue, so we'll forget about it for now. As projects mature and Web service usage grows, monitoring service status and enforcing Service Level Agreements (SLAs) is typically the logical next step. And of course having a services registry early on will save you the headaches of renormalization later on. As a result of this evolution profile, you'd expect to see three categories for Web services governance infrastructure to emerge, and you'd be correct. These are: security gateways (policy enforcement points); registries; and management tools. This should give you a good starting point to implement a governance framework.

This was first published in May 2006

Dig deeper on SOA governance

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide

SearchWinDevelopment

Close