LOS ANGELES -- Despite the lack of standards and business cases, SOA governance continues to gain ground, thanks...
to its promise of allowing the business unit to wield control of IT through policy enforcement.
On Monday, registry vendor Systinet unveiled the Governance Interoperability Framework (GIF), an initiative that has the support of 10 Web services vendors that specialize in areas such as management, security, integration and business intelligence.
"The GIF is the first attempt to provide a standard product to get one view of your policies and all your service descriptions," said David Butler, vice president of marketing at Burlington, Mass.-based Systinet Corp.
Management vendors, such as Hewlett Packard Co. and AmberPoint Inc., and security vendors, such as DataPower Technology Inc. and Reactivity, are participating in the reference implementation of the framework.
The centerpiece of the framework is Systinet's UDDI-based Business Service Registry, which acts as the system of record for services and their policies. The framework is divided into three integration layers for data, control and the user interface.
UDDI has come a long way since its inception. Once promising to be a global services directory, many still question the real value of UDDI and whether it's necessary at all. In fact, there is confusion about the difference between UDDI and registries.
"UDDI is not a product, it's a standard," Butler said. Registries are the products that implement the UDDI standard.
"Nobody can use UDDI," added Roman Stanek, founder of Systinet. "UDDI is just raw data and T-models. You need to have applications built on top of it."
Registries are an essential foundation of what Gartner refers to as the Web services framework, an architectural model comprised of six areas: security, management, discovery, development, orchestration and transport.
SOA governance, which in part relies on registries, unifies all six elements of the Web services framework, and is what registry vendors such as Systinet are now focused on providing.
According to analysts, registries have become more than just UDDI implementations. They go beyond providing a discovery mechanism for Web services.
"Stop thinking of the registry as just a service repository," Frank Kenney, analyst at Gartner, said during a presentation at the Gartner Application Integration and Web Services Summit. "Start thinking of it as a vital asset of where the policies that affect your services live."
"Governance is not about creating policy, it's about enforcing it," Kenney added. "You need the technology to enforce it."
Some industry experts suggest that as registries become commoditized, vendors will start to move into the area of governance. At the moment, Systinet and Infravio are the only standalone UDDI-based registry vendors, and governance is a key area the two companies are looking to address.
The GIF is an attempt to create not only a framework, but a de facto standard and reference implementation for SOA governance, according to Butler. Systinet customers, such as Citigroup and Motorola, are working on implementing the framework, which will serve as a proof of concept.
"Governance is codification of best practices," Stanek said. "Most best practices are in paper form today. There is lots of information about services that can be codified into automated policies."
The next version of Systinet's registry, code-named Blue Sky, will be shipping this summer and will include the GIF framework.