How do you define SOA governance? SOA governance is about having the discipline and making sure that the very important
decisions go through to appropriate people and that these people have the appropriate input to make those decisions. That is half of the SOA governance problem. The second half is whenever there are decisions that are made, SOA governance needs to make sure that those decisions are actually followed. It's not only about setting a speed limit, it is about enforcing it too and eventually giving people tickets or sending them to jail. That is what SOA governance really is about. Can you break down governance into subcategories or facets? There are phases. Like the ones I just mentioned. There is a phase in which defines what the policy is. Really where you start is by saying, "Ok, this set of decisions, I want them covered." You get your appropriate backing and appropriate power to make those decisions. Then you assign those decisions to the groups of people who are best able to enact those decisions. That would be the second thing that you do. Also, you organize those roles to make sure that everything is acceptable and to make sure the mandate is in place and the people are in power.
After that is the managing part, which is enforced by the decisions made. The final part is dealing with the acceptance — whether people accept the decisions that are made for them or they do not. Say if you decide that no developer is allowed to import a new service into the registry/repository and someone decides to and works for weeks to try to implement one without having the necessary clearance. Then you are to decide what to do with that. You have to decide what to do with this service. Are you going to put it in the repository with the other ones? Are you going to throw it away? What are you going to do with this guy? Are you just going to slap him on the wrist or do you tell him to go on holiday for the next two months? Typically, there are risks and you have to enforce good behavior. What mistakes are users making most often when it comes to SOA governance?
The biggest mistake that users are making is by setting a speed limit and then expecting that everyone will not go past it. That is the biggest mistake because people will do what they want to do. It happens all the time. I am Italian and it is our nature to break the speed limit. So how would you suggest going about fixing this? Enforcing and then not expecting people to break the speed limit, how can that be changed?
There is a lot of technology that can be used to partially address that. There is a lot of technology that can be used to enforce the proper processes and design of services going through a Center of Excellence, for example. The key is to follow the process of what I was saying before, decide which decisions to govern, who is the power in governing that, measure and compliance, and then the acceptance. It works well on paper, but in fact is very difficult. Is there any specific way that governance has changed in just the past year?
No, the problem tends to be the same. Programmers have tended to be undisciplined for their entire lives, we are not just finding that out now. If you could invent something that would help out SOA governance at this point right now what would it be?
I think if I had the answer, I wouldn't be working right now. I'm afraid I don't have the answer for that. This is because governance is a difficult thing to deal with. You can kill a project by having too much and you can kill a project by having too little. So you just need enough. And then, all these process decisions and the way you enforce those decisions change company by company. So, there is little space for specific inventions. IBM Global Services is already making hundreds of millions. If I had an invention like that, I would probably sell it today and go back to the Bahamas.
SOA governance tends to group quite a lot of them. But, typically organizational issues like demonstrating that SOA works and actually delivers effectively to the company, getting through all the skepticism that surrounds SOA, cutting through the hype of SOA, these are all very important things. As I say, SOA governance tends to focus on a specific set of things. It is quite a lot of things for me to do. Is there anything else you would like to add about SOA governance?
As a conclusive statement, you can't overlook SOA governance because it is going to haunt you. Quite a few people have buried their head in the sand thinking that they can speed by it and they can't. To me, the biggest error that people could make is to ignore governance as a problem. It is lethal having SOA range freely and it limits the effectiveness and value of SOA. That is why we go through so much trouble to prevent this from happening.