Anne, I am in total agreement with you. However if you only have static govenance then dynamic governance (which is what I think you mean by management and what analysts - it was probably you - coin active management comes next). To get the full governance story both are needed.
You identify compliance as one of the key issues and I could not agree with you more. When we open up this pandora's box it is pretty big. Compliance to static policy statements is the easier part (do I support WS-Transaction, do I provide support for Kerberos and so on). What is more interesting is the notion of behavior and compliance (does this service do what I expect it to do wrt behavior - ordering of message exchanges and function calling). It turns out behavioral governance could play a huge role in the ability to dynamically bind services to achieve automic computing (active management). Any thoughts on this space? Cheers Steve T On 20 Nov 2005, at 13:16, Anne Thomas Manes wrote: > I'd love to see further discussion on this topic. I'd love to hear > from people what governance practices they are putting into place. > > Steve -- you seem to be associating governance with autonomic > computing, so I feel obliged to reiterate that governance is not > limited in scope to runtime efforts. Governance applies to all stages > of service lifecycle -- design, development, testing, QA, release > engineering, staging, provisioning, operations, client provisioning, > testing, error tracking, revisions, etc. > > Certainly you want to make runtime operations run as smoothly as > possible and resolve hiccups as autonomically as possible, but I would > call that SOA management rather than SOA governance. Back to Gautham's > comment -- WSM products play an enforcement role in governance, > because they typically enforce a bunch of policies at service > provisioning time (configuring security for the service, etc), and > they enforce policies at runtime (authN, authZ, auditing, etc). But > SOA governance requires a lot more than just policy enforcers. > Enforcement is the easy part. > > Governance is actually more about putting hurdles in place to verify > compliance than it is about making things go smoothly. Governance > makes sure that developers don't circumvent the ops people so that > they can get their app out more quickly. Governance is about making > sure that apps have been thoroughly tested before they get deployed. > Governance is about making sure that an app has the proper security > protections in place. Governance is about making sure that the next > consumer that gets permission to use a service doesn't overwhelm the > system and bring down 20 other apps. > > Some parts of governance can be automated. Other parts of governance > can be guided using human workflow. Other parts of governance are > definitely manual in nature. For example, no one's going to generate > your corporate SOA policies for you. That takes a lot of hard work and > collaboration across departments and business units. Defining the > policies is the hard part. > > The governance tools I mentioned from Systinet and WebLayers are > policy management systems. They help with the policy definition > process by providing a database to capture and maintain the policies, > and they help with policy compliance testing. Policies are reusable > artifacts that have their own lifecycle. They are defined, codified, > used, and revised. A policy management system provides the means to: > • codify and document a policy (e.g., all services must use > literal > encoding and here's how you test for compliance), > • group policies (e.g., the WS-I BP policy group comprises a > couple > hundred individual policies), > • attach policies/policy groups to various service > groups/services/service artifacts > • identify when artifacts should be tested for compliance (code > check-in, build, registration, invocation, etc) > • test services/service artifacts for compliance > • report on compliance violations > • provide an approval process for compliance waivers > Anne > > On 11/19/05, Steve Ross-Talbot <[EMAIL PROTECTED]> wrote: >> But it was very much in that direction. As you say governance is a >> very >> wide topic. Alas your reports are not available whereas the position >> papers at the workshop are freely available. So at least it is a start >> and coupled with your basic thoughts perhaps we can drive forward in >> the right direction. >> >> I'd be interested in any open discussion on the topic as I have spend >> a >> good deal of time talking to people about this in various roles >> (vendors, users and just practitioners) and thus far it remains >> something of a wish list rather than something that really exists in >> product. I do know that the companies you mentioned have made strides >> in this area (including Systinet - your old company, and of course >> Enigmatec - my old company) but we are a long way off from achieving >> the sort of governance that is needed to achieve the IBM vision of >> autonomic computing. >> >> So any ideas thoughts would be welcome and doubly so if we can make it >> an open discussion. >> >> Cheers >> >> Steve T >> >> On 19 Nov 2005, at 13:52, Anne Thomas Manes wrote: >> >> > Based on my experience working with clients, I disagree that the >> term >> > "governance" is scoped to the subject of the W3C workshop on >> > constraints and capabilities. I've written a lot about governance >> for >> > Burton Group. Unfortunately, I can't share those reports with you >> > because Burton Group reports are available only to subscribers. >> > >> > But I will share with you some basic thoughts: >> > >> > Governance refers to the processes that an enterprise puts in place >> to >> > ensure that things are done right, where "right" means in accordance >> > with best practices, architectural principles, government >> regulations, >> > laws, and other determining factors. SOA governance refers to the >> > processes used to govern adoption and implementation of SOA. >> > >> > SOA governance involves three steps: >> > 1 Define SOA policies >> > 2 Deploy an SOA infrastructure that supports adoption >> of these >> > policies >> > 3 Institute a set of formal processes and procedures >> that verify >> > compliance with these policies >> > >> > SOA policies relate to issues such as: >> > • · Design principles >> > • · Preferred design patterns >> > • · Application-factoring rules >> > • · Naming conventions >> > • · Metadata requirements >> > • · Documentation >> > • · Preferred products >> > • · Product selection guidelines >> > • · Preferred domain standards >> > • · Preferred industry standards >> > • · Methods for dealing with regulatory requirements >> > • · Methods for assessing security risks >> > • Methods for implementing security based on risk factor >> > • · Methods for ensuring reliability and transaction >> > integrity· >> > • Service testing >> > • New service deployment and staging >> > • · Service registration >> > • · Service classification >> > • · Service provisioning >> > • · Service configuration >> > • · Service monitoring >> > • · Client provisioning >> > • · Service modification >> > • · Service versioning >> > • · Impact analysis >> > • · Service level objectives (SLO) >> > • · Service level agreement (SLA) compliance tracking >> > • · Error tracking and resolution >> > This list is long, but it barely scratches the surface. >> > >> > Products that help with SOA governance include registries, >> > repositories, software asset management systems, workflow, testing >> > tools, web services management. >> > >> > No one vendor covers the full SOA governance lifecycle. >> > >> > Leading players in the SOA governance software market include: >> > • Systinet and WebLayers, who provide policy management >> systems >> > (repository-based system for managing the lifecycle of codified >> > policies) as well as policy compliance testing tools and integrated >> > workflow for managing approval processes. Mindreef also does some >> > compliance testing, but at a much smaller scope. >> > • Systinet, Infravio, Flashline, and LogicLibrary, who >> provide >> > registries, repositories, and/or software asset management systems, >> > which are extremely useful for managing SOA assets and which can be >> > used as a gatekeeper for institution of governance approval >> processes >> > at various points in the service lifecycle (dev, testing, staging, >> > provisioning, revisions) >> > • AmberPoint, Actional, Layer 7, and Reactivity, who >> provide support >> > for governance at the service provisioning and runtime stages. >> > Anne >> > >> > On 11/19/05, Gautham Kasinath <[EMAIL PROTECTED] > wrote: >> >> >> >> Thanks for the brief explanation. I am reading the workshop >> materials >> >> from W3C on the topic, following your advice. >> >> >> >> Thanks again. >> >> >> >> Cheers >> >> Gautham Kasinath >> >> --- In [email protected], Steve >> >> Ross-Talbot <[EMAIL PROTECTED] ...> wrote: >> >> > >> >> > Gautham, >> >> > >> >> > Normally the term governance as applied to SOA is based on the >> >> notion >> >> > of static governance. >> >> > This is the sort of thing that WS-Policy (which is not a >> standard) >> >> is >> >> > all about. A recent workshop >> >> > run by W3C looked at wider notions of governance including the >> more >> >> > interesting form which is >> >> > dynamic governance. >> >> > >> >> > It probably makes sense to take a peek at the W3C workshop >> papers to >> >> > get a better understanding >> >> > of what governance is all about. >> >> > >> >> > Cheers >> >> > >> >> > Steve T >> >> > >> >> > W3C Workshop on Constraints and Capabilities for Web Services >> >> > http://www.w3.org/2004/09/ws-cc-program.html#papers >> >> > >> >> > >> >> > >> >> > On 19 Nov 2005, at 00:33, Gautham Kasinath wrote: >> >> > >> >> > > Hello, >> >> > > >> >> > >What exactly is SOA governance? Is it goverining an SOA >> >> framework, >> >> > >like in monitoring request-response, SLA etc? >> >> > > >> >> > >Cheers >> >> > >Gautham Kasinath >> >> > > >> >> > >--- In [email protected], John >> >> Crupi >> >> > ><[EMAIL PROTECTED]> wrote: >> >> > >> >> >> > >> Would you like to start with the use-cases/scenarios first to >> >> help >> >> > >> narrow the problem? >> >> > >> >> >> > >> jc >> >> > >> ----------------------------------------- >> >> > >> John Crupi >> >> > >> CTO, Enterprise Web Services Practice >> >> > >> Sun Distinguished Engineer >> >> > >> AIM: JohnCrupi >> >> > >> Blog: blogs.sun.com/crupi >> >> > >> Cell: 301.526.7890 >> >> > >> >> >> > >> >> >> > >> On Nov 18, 2005, at 12:22 AM, Tilak Mitra wrote: >> >> > >> >> >> > >> > I am looking for some real world implementation of SOA >> >> > >> > Governance, starting right from a project inception >> >> > >> > i.e. Strategy and Visioning , through Design, >> >> > >> > Implementation and right through operational and >> >> > >> > runtime. >> >> > >> > Any white paper / research work or material in any >> >> > >> > other form would be helpful. >> >> > >> > Thanks >> >> > >> > Regards >> >> > >> > Tilak >> >> > >> > >> >> > >> > >> >> > >> > >> >> > >> > __________________________________ >> >> > >> > Yahoo! FareChase: Search multiple travel sites in one click. >> >> > >> > http://farechase.yahoo.com >> >> > >> > >> >> > >> > >> >> > >> > >> >> > >> > YAHOO! GROUPS LINKS >> >> > >> > >> >> > >> >ÂVisit your group "service-orientated-architecture" on the >> >> web. >> >> > >> > >> >> > >> >ÂTo unsubscribe from this group, send an email to: >> >> > >> >[EMAIL PROTECTED] >> >> > >> > >> >> > >> >ÂYour use of Yahoo! Groups is subject to the Yahoo! Terms of >> >> > > Service. >> >> > >> > >> >> > >> > >> >> > >> >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > SPONSORED LINKS >> >> > > Service-oriented architecture >> >> > > Computer monitoring software >> >> > > Computer and internet software >> >> > > Free computer monitoring software >> >> > > >> >> > > YAHOO! GROUPS LINKS >> >> > > >> >> > > â–ª  Visit your group "service-orientated-architecture" >> >> on the web. >> >> > >  >> >> > > â–ª  To unsubscribe from this group, send an email to: >> >> > >  [EMAIL PROTECTED] >> >> > >  >> >> > > â–ª  Your use of Yahoo! Groups is subject to the Yahoo! >> >> Terms of >> >> > > Service. >> >> > > >> >> > > >> >> > >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ------------------------ Yahoo! Groups Sponsor >> >> --------------------~--> >> >> Get fast access to your favorite Yahoo! Groups. Make Yahoo! your >> home >> >> page >> >> http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/NhFolB/TM >> >> >> -------------------------------------------------------------------- >> >> ~-> >> >> >> >> >> >> Yahoo! Groups Links >> >> >> >> >> >> >> >> >> >> >> >> >> > >> > >> > >> > SPONSORED LINKS >> > Service-oriented architecture >> > Computer monitoring software >> > Computer and internet software >> > Free computer monitoring software >> > >> > YAHOO! GROUPS LINKS >> > >> > ▪ Visit your group "service-orientated-architecture" on >> the web. >> > >> > ▪ To unsubscribe from this group, send an email to: >> > [EMAIL PROTECTED] >> > >> > ▪ Your use of Yahoo! Groups is subject to the Yahoo! >> Terms of >> > Service. >> > >> > >> >> >> >> >> >> ------------------------ Yahoo! Groups Sponsor >> --------------------~--> >> Get fast access to your favorite Yahoo! Groups. Make Yahoo! your home >> page >> http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/NhFolB/TM >> -------------------------------------------------------------------- >> ~-> >> >> >> Yahoo! Groups Links >> >> >> >> >> >> > > > YAHOO! GROUPS LINKS > > ▪ Visit your group "service-orientated-architecture" on the web. > > ▪ To unsubscribe from this group, send an email to: > [EMAIL PROTECTED] > > ▪ Your use of Yahoo! Groups is subject to the Yahoo! Terms of > Service. > > ------------------------ Yahoo! Groups Sponsor --------------------~--> AIDS in India: A "lurking bomb." Click and help stop AIDS now. http://us.click.yahoo.com/VpTY2A/lzNLAA/yQLSAA/NhFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
