Hey Steve and Anne, Well, from what I hear, SOA Software is now moving into WSM them selves.
Now, I am quite tempted to rewind a bit and ask your opinion. One of my friends, that has been in SOA and Web Services for quite sometime said something like Web Services and SOA is a technology that allows one to post losses. Whats your take on it? Cheers G. P.S. I know it is way outside our topic of discussion, but nevertheless I posted to know your opinions. --- In [email protected], Steve Ross-Talbot <[EMAIL PROTECTED]> wrote: > > Anne, > > I am in total agreement with you. However if you only have static > govenance then dynamic governance (which is what I think you mean by > management and what analysts - it was probably you - coin active > management comes next). To get the full governance story both are > needed. > > You identify compliance as one of the key issues and I could not agree > with you more. When we open up this pandora's box it is pretty big. > Compliance to static policy statements is the easier part (do I support > WS-Transaction, do I provide support for Kerberos and so on). What is > more interesting is the notion of behavior and compliance (does this > service do what I expect it to do wrt behavior - ordering of message > exchanges and function calling). It turns out behavioral governance > could play a huge role in the ability to dynamically bind services to > achieve automic computing (active management). Any thoughts on this > space? > > Cheers > > Steve T > > On 20 Nov 2005, at 13:16, Anne Thomas Manes wrote: > > > I'd love to see further discussion on this topic. I'd love to hear > > from people what governance practices they are putting into place. > > > > Steve -- you seem to be associating governance with autonomic > > computing, so I feel obliged to reiterate that governance is not > > limited in scope to runtime efforts. Governance applies to all stages > > of service lifecycle -- design, development, testing, QA, release > > engineering, staging, provisioning, operations, client provisioning, > > testing, error tracking, revisions, etc. > > > > Certainly you want to make runtime operations run as smoothly as > > possible and resolve hiccups as autonomically as possible, but I would > > call that SOA management rather than SOA governance. Back to Gautham's > > comment -- WSM products play an enforcement role in governance, > > because they typically enforce a bunch of policies at service > > provisioning time (configuring security for the service, etc), and > > they enforce policies at runtime (authN, authZ, auditing, etc). But > > SOA governance requires a lot more than just policy enforcers. > > Enforcement is the easy part. > > > > Governance is actually more about putting hurdles in place to verify > > compliance than it is about making things go smoothly. Governance > > makes sure that developers don't circumvent the ops people so that > > they can get their app out more quickly. Governance is about making > > sure that apps have been thoroughly tested before they get deployed. > > Governance is about making sure that an app has the proper security > > protections in place. Governance is about making sure that the next > > consumer that gets permission to use a service doesn't overwhelm the > > system and bring down 20 other apps. > > > > Some parts of governance can be automated. Other parts of governance > > can be guided using human workflow. Other parts of governance are > > definitely manual in nature. For example, no one's going to generate > > your corporate SOA policies for you. That takes a lot of hard work and > > collaboration across departments and business units. Defining the > > policies is the hard part. > > > > The governance tools I mentioned from Systinet and WebLayers are > > policy management systems. They help with the policy definition > > process by providing a database to capture and maintain the policies, > > and they help with policy compliance testing. Policies are reusable > > artifacts that have their own lifecycle. They are defined, codified, > > used, and revised. A policy management system provides the means to: > > ⢠codify and document a policy (e.g., all services must use literal > > encoding and here's how you test for compliance), > > ⢠group policies (e.g., the WS-I BP policy group comprises a couple > > hundred individual policies), > > ⢠attach policies/policy groups to various service > > groups/services/service artifacts > > ⢠identify when artifacts should be tested for compliance (code > > check-in, build, registration, invocation, etc) > > ⢠test services/service artifacts for compliance > > ⢠report on compliance violations > > ⢠provide an approval process for compliance waivers > > Anne > > > > On 11/19/05, Steve Ross-Talbot <[EMAIL PROTECTED]> wrote: > >> But it was very much in that direction. As you say governance is a > >> very > >> wide topic. Alas your reports are not available whereas the position > >> papers at the workshop are freely available. So at least it is a start > >> and coupled with your basic thoughts perhaps we can drive forward in > >> the right direction. > >> > >> I'd be interested in any open discussion on the topic as I have spend > >> a > >> good deal of time talking to people about this in various roles > >> (vendors, users and just practitioners) and thus far it remains > >> something of a wish list rather than something that really exists in > >> product. I do know that the companies you mentioned have made strides > >> in this area (including Systinet - your old company, and of course > >> Enigmatec - my old company) but we are a long way off from achieving > >> the sort of governance that is needed to achieve the IBM vision of > >> autonomic computing. > >> > >> So any ideas thoughts would be welcome and doubly so if we can make it > >> an open discussion. > >> > >> Cheers > >> > >> Steve T > >> > >> On 19 Nov 2005, at 13:52, Anne Thomas Manes wrote: > >> > >> >  Based on my experience working with clients, I disagree that the > >> term > >> > "governance" is scoped to the subject of the W3C workshop on > >> > constraints and capabilities. I've written a lot about governance > >> for > >> > Burton Group. Unfortunately, I can't share those reports with you > >> > because Burton Group reports are available only to subscribers. > >> > > >> >  But I will share with you some basic thoughts: > >> > > >> > Governance refers to the processes that an enterprise puts in place > >> to > >> > ensure that things are done right, where "right" means in accordance > >> > with best practices, architectural principles, government > >> regulations, > >> > laws, and other determining factors. SOA governance refers to the > >> > processes used to govern adoption and implementation of SOA. > >> > > >> >  SOA governance involves three steps: > >> >      1      Define SOA policies > >> >      2      Deploy an SOA infrastructure that supports adoption > >> of these > >> > policies > >> >      3        Institute a set of formal processes and procedures > >> that verify > >> > compliance with these policies > >> > > >> > SOA policies relate to issues such as: > >> >      â¢Â      · Design principles > >> >      â¢Â      · Preferred design patterns > >> >      â¢Â      · Application-factoring rules > >> >      â¢Â      · Naming conventions > >> >      â¢Â      · Metadata requirements > >> >      â¢Â      · Documentation > >> >      â¢Â      · Preferred products > >> >      â¢Â      · Product selection guidelines > >> >      â¢Â      · Preferred domain standards > >> >      â¢Â      · Preferred industry standards > >> >      â¢Â      · Methods for dealing with regulatory requirements > >> >      â¢Â      · Methods for assessing security risks > >> >      â¢Â      Methods for implementing security based on risk factor > >> >      â¢Â      · Methods for ensuring reliability and transaction > >> > integrity· > >> >      â¢Â      Service testing > >> >      â¢Â        New service deployment and staging > >> >      â¢Â      · Service registration > >> >      â¢Â      · Service classification > >> >      â¢Â      · Service provisioning > >> >      â¢Â      · Service configuration > >> >      â¢Â      · Service monitoring > >> >      â¢Â      · Client provisioning > >> >      â¢Â      · Service modification > >> >      â¢Â      · Service versioning > >> >      â¢Â      · Impact analysis > >> >      â¢Â      · Service level objectives (SLO) > >> >      â¢Â      · Service level agreement (SLA) compliance tracking > >> >      â¢Â      · Error tracking and resolution > >> >  This list is long, but it barely scratches the surface. > >> > > >> >  Products that help with SOA governance include registries, > >> > repositories, software asset management systems, workflow, testing > >> > tools, web services management. > >> > > >> >  No one vendor covers the full SOA governance lifecycle. > >> > > >> >  Leading players in the SOA governance software market include: > >> >      â¢Â      Systinet and WebLayers, who provide policy management > >> systems > >> > (repository-based system for managing the lifecycle of codified > >> > policies) as well as policy compliance testing tools and integrated > >> > workflow for managing approval processes. Mindreef also does some > >> > compliance testing, but at a much smaller scope. > >> >      â¢Â      Systinet, Infravio, Flashline, and LogicLibrary, who > >> provide > >> > registries, repositories, and/or software asset management systems, > >> > which are extremely useful for managing SOA assets and which can be > >> > used as a gatekeeper for institution of governance approval > >> processes > >> > at various points in the service lifecycle (dev, testing, staging, > >> > provisioning, revisions) > >> >      â¢Â      AmberPoint, Actional, Layer 7, and Reactivity, who > >> provide support > >> > for governance at the service provisioning and runtime stages. > >> >  Anne > >> > > >> > On 11/19/05, Gautham Kasinath <[EMAIL PROTECTED] > wrote: > >> >> > >> >> Thanks for the brief explanation. I am reading the workshop > >> materials > >> >> from W3C on the topic, following your advice. > >> >> > >> >> Thanks again. > >> >> > >> >> Cheers > >> >> Gautham Kasinath > >> >> --- In [email protected], Steve > >> >> Ross-Talbot <[EMAIL PROTECTED] ...> wrote: > >> >> > > >> >> > Gautham, > >> >> > > >> >> > Normally the term governance as applied to SOA is based on the > >> >> notion > >> >> > of static governance. > >> >> > This is the sort of thing that WS-Policy (which is not a > >> standard) > >> >> is > >> >> > all about. A recent workshop > >> >> > run by W3C looked at wider notions of governance including the > >> more > >> >> > interesting form which is > >> >> > dynamic governance. > >> >> > > >> >> > It probably makes sense to take a peek at the W3C workshop > >> papers to > >> >> > get a better understanding > >> >> > of what governance is all about. > >> >> > > >> >> > Cheers > >> >> > > >> >>  > Steve T > >> >> > > >> >> > W3C Workshop on Constraints and Capabilities for Web Services > >> >> > http://www.w3.org/2004/09/ws-cc-program.html#papers > >> >> > > >> >> > > >> >> > > >> >> > On 19 Nov 2005, at 00:33, Gautham Kasinath wrote: > >> >> > > >> >> > > Hello, > >> >> > > > >> >> > >What exactly is SOA governance? Is it goverining an SOA > >> >> framework, > >> >> > >like in monitoring request-response, SLA etc? > >> >> > > > >> >> > >Cheers > >> >> > >Gautham Kasinath > >> >> > > > >> >> > >--- In [email protected], John > >> >> Crupi > >> >> > ><[EMAIL PROTECTED]> wrote: > >> >> > >> > >> >> > >> Would you like to start with the use-cases/scenarios first to > >> >> helpà > >> >> > >> narrow the problem? > >> >> > >> > >> >> > >> jc > >> >> > >> ----------------------------------------- > >> >> > >> John Crupi > >> >> > >> CTO, Enterprise Web Services Practice > >> >> > >> Sun Distinguished Engineer > >> >> > >> AIM: JohnCrupi > >> >> > >> Blog: blogs.sun.com/crupi > >> >> > >> Cell: 301.526.7890 > >> >> > >> > >> >> > >> > >> >> > >> On Nov 18, 2005, at 12:22 AM, Tilak Mitra wrote: > >> >> > >> > >> >> > >> > I am looking for some real world implementation of SOA > >> >> > >> > Governance, starting right from a project inception > >> >> > >> > i.e. Strategy and Visioning , through Design, > >> >> > >> > Implementation and right through operational and > >> >> > >> > runtime. > >> >> > >> > Any white paper / research work or material in any > >> >> > >> > other form would be helpful. > >> >> > >> > Thanks > >> >> > >> > Regards > >> >> > >> > Tilak > >> >> > >> > > >> >> > >> > > >> >> > >> > > >> >> > >> > __________________________________ > >> >> > >> > Yahoo! FareChase: Search multiple travel sites in one click. > >> >> > >> > http://farechase.yahoo.com > >> >> > >> > > >> >> > >> > > >> >> > >> > > >> >> > >> > YAHOO! GROUPS LINKS > >> >> > >> > > >> >> > >> >ÃVisit your group "service-orientated-architecture" on the > >> >> web. > >> >> > >> > > >> >> > >> >ÃTo unsubscribe from this group, send an email to: > >> >> > >> >[EMAIL PROTECTED] > >> >> > >> > > >> >> > >> >ÃYour use of Yahoo! Groups is subject to the Yahoo! Terms of > >> >> > > Service. > >> >> > >> > > >> >> > >> > > >> >> > >> > >> >> > > > >> >> > > > >> >> > > > >> >> > > > >> >> > > > >> >> > > > >> >> > > > >> >> > > > >> >> > > SPONSORED LINKS > >> >> > > Service-oriented architecture > >> >> > > Computer monitoring software > >> >> > > Computer and internet software > >> >> > > Free computer monitoring software > >> >> > > > >> >> > > YAHOO! GROUPS LINKS > >> >> > > > >> >> > > ââ"ª à Visit your group "service-orientated-architecture" > >> >> on the web. > >> >> > > à > >> >> > > ââ"ª à To unsubscribe from this group, send an email to: > >> >> > > à [EMAIL PROTECTED] > >> >> > > à > >> >> > > ââ"ª à Your use of Yahoo! Groups is subject to the Yahoo! > >> >> Terms of > >> >> > > Service. > >> >> > > > >> >> > > > >> >> > > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> ------------------------ Yahoo! Groups Sponsor > >> >> --------------------~--> > >> >> Get fast access to your favorite Yahoo! Groups. Make Yahoo! your > >> home > >> >> page > >> >> http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/NhFolB/TM > >> >> > >> -------------------------------------------------------------------- > >> >> ~-> > >> >> > >> >> > >> >>  Yahoo! Groups Links > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> > > >> > > >> > > >> > SPONSORED LINKS > >> > Service-oriented architecture > >> > Computer monitoring software > >> > Computer and internet software > >> > Free computer monitoring software > >> > > >> > YAHOO! GROUPS LINKS > >> > > >> >      âªÂ      Visit your group "service-orientated-architecture" on > >> the web. > >> > > >> >      âªÂ      To unsubscribe from this group, send an email to: > >> > [EMAIL PROTECTED] > >> > > >> >      âªÂ      Your use of Yahoo! Groups is subject to the Yahoo! > >> Terms of > >> > Service. > >> > > >> > > >> > >> > >> > >> > >> > >> ------------------------ Yahoo! Groups Sponsor > >> --------------------~--> > >> Get fast access to your favorite Yahoo! Groups. Make Yahoo! your home > >> page > >> http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/NhFolB/TM > >> -------------------------------------------------------------------- > >> ~-> > >> > >> > >> Yahoo! Groups Links > >> > >> > >> > >> > >> > >> > > > > > > YAHOO! GROUPS LINKS > > > > ⪠ Visit your group "service-orientated-architecture" on the web. > >  > > ⪠ To unsubscribe from this group, send an email to: > >  [EMAIL PROTECTED] > >  > > ⪠ Your use of Yahoo! Groups is subject to the Yahoo! Terms of > > Service. > > > > > ------------------------ Yahoo! Groups Sponsor --------------------~--> Get fast access to your favorite Yahoo! Groups. Make Yahoo! your home page http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/NhFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
