Professional Documents
Culture Documents
October 2006
TABLE OF CONTENTS
Many companies are still in the early stages of SOA adoption and so the practice of SOA
governance—and likely the concept itself —will be new territory for many IT profession-
als. And yet, if companies are to realize any meaningful and lasting impact from SOA,
then governance is a fact of life that enterprises are going to have to become comfortable
with. More than any other factor over the long term, governance will make the difference
between SOA success and failure, and proficiency in governing the SOA environment will
distinguish IT leaders from laggards.
So what exactly is SOA governance, why is it important, and how do you make it real?
This white paper offers a practical explanation of SOA governance, where governance
should be applied, and the technologies to consider when putting an SOA governance
system into place. By making governance an up-front part of your SOA implementation
strategy, you will greatly enhance your chances of success and achieving a lasting return
on your SOA investments.
While the term may be novel, the act of governance and the underlying rationale will be
very familiar to IT. In most organizations, virtually every IT resource and process will
have some level of governance associated with it in the form of policies, rules, and con-
trols that define how a particular asset is managed and utilized, or parameters around
how a certain IT function is performed. For example, IT management will have estab-
lished policies for how projects are initiated, funded, prioritized, and staffed. An enter-
prise application package such as SAP or Siebel will have rules and operational proce-
dures concerning issues such as how change requests are processed and approved,
which employees are allowed access to the system and their level of access, and how
new versions of the software are rolled out. Collectively, the act of establishing and en-
acting these rules falls under the broad umbrella of IT governance, with the purpose be-
ing to institutionalize discipline and maturity in IT processes so as to gain greater control
and economies.
Before exploring the scope of SOA governance in further detail, it is worth considering
why governance is so fundamental to SOA’s success.
The development of new systems offering higher levels of visibility, control, and
compliance
For the business, SOA holds the promise of increasing the flexibility of IT resources, im-
proving the visibility and adaptability of business processes, and increasing the organiza-
tion’s agility and responsiveness to market conditions.
Each service is an asset that has to be properly designed to be useful within a larger
portfolio of business services – versioned, secured, managed, and monitored to ensure
that it performs with the expected quality-of-service. IT is accustomed to dealing with
these issues on an aggregate level—at the scope of an application package, for in-
stance—but SOA creates a challenge that is an order of magnitude greater by requiring
these issues to be addressed at the level of individual services. Further compounding
the challenge is the fact that services use and interact with other services, which in-
creases the complexity of change management, testing, and deployment. How do you
recreate a network of inter-dependent services in an isolated environment to perform re-
gression testing, for example?
Thus success with SOA is highly correlated with an organization’s ability to manage
complexity and to develop the necessary maturity and infrastructure—in the form of con-
trol and enforcement mechanisms—to maintain order over the SOA environment. With-
out effective SOA governance, organizations will experience some predictable chal-
lenges, including:
Services that cannot easily be reused because they are unknown to developers
or because they were not designed with reuse in mind
Unpredictable performance
So, having established the importance of governance in making SOA successful, on what
fronts is SOA governance required?
Architecture Governance
The first requirement of SOA governance is architecture governance. Architecture gov-
ernance is necessary to ensure that SOA as architecture evolves by design and not by
accident. To the extent that it mirrors governance requirements in other areas of IT archi-
tecture, SOA architecture governance practices can be adapted from existing Enterprise
Architecture processes.
These include:
Defining the high-level SOA architecture and topology, as well as the infrastruc-
ture capabilities that the SOA should incorporate
Determining the SOA platform strategy and making decisions about particular
vendor products and technologies
In addition, a key aspect of SOA architecture governance is defining a roadmap that will
guide the smooth and orderly evolution of the architecture over time. The majority of cor-
porate SOA strategies will involve overlaying and transforming the existing systems archi-
tecture in stages, rather than a wholesale replacement of the current infrastructure. Gov-
ernance is needed to ensure that decisions made along the way align in a consistent di-
rection and maintain the coherency of the SOA architecture.
SOA architecture governance is a discipline that architects and IT organizations will ac-
quire with relative ease if they have experience in parallel areas of distributed systems
architecture, for example, establishing the architecture of an enterprise-wide integration
infrastructure. In contrast, when it comes to the second frontier of SOA governance, or-
ganizations are likely to encounter certain requirements for the first time.
RU
Ensuring the strategic design of business services and validating that their inter-
faces and implementation conform to established design patterns and other cor-
porate standards and practices.
Run-Time Governance
Run-time governance is primarily of interest to IT operations. Governance at run-time
revolves around the definition and enforcement of policies for controlling the deployment,
Checking a service against a set of rules before it is deployed into production, for
example, to ensure that only a certain message transport or specific schemas
are used
Securing services so that they are accessible only to authorized consumers pos-
sessing the appropriate permissions, and that data is encrypted if required
A more specific case of run-time governance involves service-level monitoring and re-
porting. In order for the run-time SOA infrastructure to assess whether a given service is
performing at the required level for a given consumer—in terms of response time,
throughput, and availability—it is necessary to have an explicitly defined service level
agreement (SLA) between the service consumer and provider. SLAs can be expressed
in terms of service contracts between consumer-provider pairs, and they establish the
reference points for compliance monitoring and reporting by the SOA run-time environ-
ment. By tracking the actual performance of a service and comparing it to the require-
ments specified in the SLA, the system can identify non-compliant services and prompt
remedial action (for example, automatically instantiating another instance of the service
to improve load-balancing or alerting operations staff).
Change-Time Governance
Change is inevitable and, at some point, services deployed in the run-time environment
will have to be changed to adapt to new business requirements. Since the majority of
services will be designed once and then modified several times over their lifespans,
change-time governance—the act of managing services through the cycle of change—is
arguably more important in the long term than design-time governance.
• Customization
• Composition
• Configuration
Traditional software development is only changed through recoding and deploying new
code, which we refer to here as customization. With SOA, two additional change mecha-
nisms are enabled. Most SOA practitioners are familiar with composition, which is a style
of development which does not emphasize the creation of new code, but of combining
pre-existing deployed components. The most rapidly changing aspects of SOA system
behaviors are encoded in metadata configurations such as processes, contracts, and
Because of the rapidity of change enabled by SOA, appropriate controls are even more
important to ensure managed outcomes.
Managing service custody transfers through the design, coding, testing, and
deployment stages
Consider, for example, a service that enables vendor managed inventory. A change in
the service, say, to reduce inventory data latency from a week to one day, will involve not
only technical changes to the service (and possibly source applications and databases),
but, more importantly, changes in the business relationship between the company and its
suppliers. A comprehensive governance strategy is needed to ensure coordination be-
tween the technical and business-level changes. As with design- and run-time, this
change-time governance can be facilitated by a governance-enabled SOA infrastructure
that allows change-time policies to be defined and enforced through service contracts
and workflows.
While SOA governance is not a shrink-wrapped capability that you can implement off the
shelf without also addressing organizational and procedural issues, at its foundation is
the ability to enforce and automate policies across the service lifecycle. This creates the
opportunity for software mechanisms that enable the automation and enforcement of
governance policies.
This section of the white paper outlines the key moving parts of an SOA governance sys-
tem which performs such policy-related functions.
Stakeholders
Policy
Registry Repository
Configuration
A repository, for storing policies and other metadata related to the governance of
the services
Policy enforcement points, which are the agents that enact the actual policy en-
forcement and control at design-time, run-time, and change-time
A rules engine for managing the declaration of policies and rules and automating
their enforcement
An environment for configuring and defining policies and for managing govern-
ance workflows across the service lifecycle
Stores service descriptions, information about their end-points (the network re-
source where the service functionality is implemented), and other technical de-
tails that a consumer requires in order to invoke the service, such as protocol
bindings and message formats
Allows users to publish new services into the registry and to browse and search
for existing services
Maintains service history, allowing users to see when a service was published or
changed
As the place where services are made known within the SOA, a registry is also a natural
management and governance point. For example, compliance requirements—such as
conformance with the WS-I Basic Profile or the use of specific namespaces and sche-
mas—might be imposed on services before they are allowed to be published in the regis-
try. Or, as services are registered or changed, the registry also has the ability to trigger
approval and change notification workflows so that stakeholders are alerted to changes.
As such, a robust registry is an important component of any SOA governance solution.
Another important factor is the interoperability of the registry with other components of
the SOA infrastructure. OASIS provides a platform-independent standard for registry
interoperability known as UDDI (Universal Description, Discovery, and Integration). UDDI
defines a Web services-based programming interface that allows different consumer ap-
plications, tools, and run-time systems to query the registry, discover services, and inter-
act as required to provide management and governance capabilities. While it is not a
pre-requisite for an SOA registry to be based on UDDI, it is the most commonly adopted
standard and ensures the greatest degree of compatibility with other products in the envi-
ronment.
Repository
While the registry plays a central role in policy enforcement, the registry itself does not
provide sufficient context for the breadth of SOA governance requirements described in
this white paper. For example, policies—in the form of rules and restrictions that are en-
forced on services—and consumer/provider service level agreements are generally not
constructs that are stored in a registry (for one reason, they are not constructs that are
The term “repository” is used in many different contexts—for example, a data repository
(SQL database), a document repository (file system), or a source code repository (ver-
sion control system)—but in the context of SOA governance, the repository can be
thought of as a centrally-managed policy store.
Among other things, a governance repository should support the following capabilities:
Audit capabilities for tracking the trail of changes and authorizations applied to
assets within the repository context.
The requirement for a logically centralized repository is particularly important for codifying
and enforcing a single “official” set of policies across the organization. However, the ac-
tual repository itself may have a federated architecture for scalability and to enable the
use of the repository across different geographic regions, multiple lifecycle constituen-
cies, and across corporate boundaries.
When the registry and repository are unified with a single normalized and standards-
based information model and underlying datastore, the integrity of both governance-
related metadata and the information model can be assured. The unified approach also
eases the enforcement of policies that apply across the boundary between the registry
and the repository.
The places where policies are actually applied and enforced—the policy enforcement
points—change depending on the lifecycle stage. During design-time, the regis-
try/repository itself is the point of enforcement. During run-time, policies are generally
enforced by the underlying message transport system that connects service providers
with consumers. Finally, during change-time, policies are typically enforced by the IT
management system.
The following features are desirable in the design-time policy enforcement point:
Access control — Coupled with identity management, the system should offer
fine-grained access configurations over all aspects of registry/repository assets.
This includes the ability to secure assets as well as policies, governance proc-
esses, and asset classifications.
Content validation — Content (in the form of assets that checked into the regis-
try/repository) should be scanned and validated according to their type and pre-
configured compliance checks. Common validations include WSDL validation,
XML schema validation, testing for namespace violations, schema validation, and
other interoperability-related scans. For example, service consumers expect in-
terfaces to be well-formed and interoperable, so the registry/repository should
The intermediary interacts with the registry/repository to find services and their run-time
policies and enforces the policies during the execution of the service. In an SOA, the
run-time system is typically a message transport or mediation layer such as an Enterprise
Service Bus (ESB). The message transport brokers transactions between service pro-
vider and service consumer and frequently offers additional functions such as data trans-
formation, message queuing, reliable messaging, and other operational capabilities.
Consumer
Message
Transport
Policies
Registry/
Repository
Provider
Web Service
Without SOA, the ability to control and manage applications in this manner is restricted
both by the scope and the capabilities of the underlying platform. When different applica-
tions are integrated, it is generally infeasible to apply a common policy context to the in-
tegrated result. A typical challenge is enforcing access security when two applications
with different user communities are integrated. For example, application A automatically
Since run-time policies are typically applied to messages that flow across the message
transport system, the types—and level of sophistication—of run-time policies that can be
defined and enforced depend on the capabilities of the underlying intermediary. Desirable
areas of policy configuration include the following:
Finally, while the intermediary and registry/repository are logically decoupled, a depend-
ency exists to the extent that the intermediary has to understand and interpret the policies
defined in the registry/repository. As such, it is advantageous to have a message trans-
port system and registry/repository that are interoperable out of the box; otherwise, this is
an integration issue that the implementer has to address.
Information such as this can be used to optimize service delivery during the change-time
cycle by guiding adjustments in policies, service levels, or in the services themselves.
Changes to services will require the change-time governance practices described earlier
to be put into effect, for example, performing an impact analysis to assess the implica-
tions of changing a service and dealing with the resulting version management issues.
As with integration between the message transport and the registry/repository, it is bene-
ficial to have out-the-box linkages between the registry/repository and the management
system so that data flows seamlessly between the two without the need for additional
integration.
Rules are typically associated with events, while the rules engine handles the firing and
chaining of rules. For example, a company’s policy might be that access to services in
production is strictly limited to staff belonging to an IT operations role, whereas in the test
In addition to automating governance tasks, the rules engine can also help to deal with
policy federation, or the ability to allow multiple policy authors and authorities. This is an
important use case for enterprise SOA adoption where governance policies might not be
authored and controlled by a single department or organization. A more robust model—
which is the basis for policy federation—is to enable both centralized as well as distrib-
uted policy creation. Policy federation requires the establishment of guidelines and rules
for reconciling policies that come into conflict, and the rules engine assists in the execu-
tion of these rules.
Lifecycle Management
The final key ingredient of an SOA governance system is the user environment that pre-
sents the human interface to the registry/repository and which incorporates the govern-
ance lifecycle processes and workflows. Typically, the process workflow includes the
following steps:
Related to each of these steps, organizations might define approval and notification work-
flows, exception alerts, and a variety of other process steps. The SOA governance life-
cycle management capability will manifest itself in the forms of screens—with information
customized to the user’s role within the governance framework—reports, and integration
with e-mail to communicate notifications and approval requests. An important feature
when services are extended to business partners is the ability to make these lifecycle
management capabilities available securely across the firewall.
Ultimately, SOA governance is about maintaining control over, and having visibility into,
the SOA environment in order to engender the level of trust required for ongoing adoption
and success. Since many companies are just getting started with SOA, a question that
often comes to mind is how to get started and at what point of SOA adoption should gov-
ernance become a consideration?
While effective governance rests in how it is institutionalized within the organization, the
key to getting started is to take a strategic approach and to address the “big picture” gov-
ernance requirements first.
Specifically:
3) Start at the beginning. Generally, organizations will first want to pay attention
to the SOA architecture and to design-time governance policies in order to get
the SOA journey off on the right foot. In fact, since architecture and governance
are what separate a collection of Web services from being a true SOA, organiza-
tions that have gone down the path of simply developing and exposing Web ser-
vices without the appropriate controls or a broader architecture will want to con-
sider an investment in governance.
4) Put a governance system into place. While governance is not a solution that
comes in a box, having the right technology framework makes it easier—and in
some situations is the only scalable way—to enforce policies and controls. As
explained in this white paper, this framework should include mechanisms for de-
fining policies and service contracts and enforcing them through the service life-
cycle through workflows, intermediaries, and other automated means.
By establishing the right balance between strategy, organizational practices, and support-
ing technologies, companies will be able to turn the concept of SOA governance into a
practical reality and build a lasting foundation for SOA success.
The following checklist identifies key technical and functional requirements of an SOA
governance solution and can be used to assess the completeness of your governance
implementation strategy.
Registry/Repository
Service metadata typing and validation
Service relationship and dependency management
Search by name, description, keywords, attributes
Advanced search (multi-keys, Boolean expressions)
Storage of business-level metadata
Organization and business unit management
Metadata filtering
Delegated administration
Consolidated auditing on registry/repository lifecycle actions
File-system and database persistence options
Service Access
Workflow-driven approval/notification request processes
User-configurable policies and assertions
Service request reporting
Consumer data collection
Service Publishing
Workflow-driven approval/notification processes
User-configurable policies and assertions
WSDL validation and conformance reporting
Customizable user-defined validation policies (e.g. corporate policies)
Command-line publishing utilities
Publication wizards
Service Delivery
Consumer/provider pair binding
Service delivery contract model
Contract enforcement, versioning, deployment, monitoring, reporting
SLA management
Security terms management
Request/response routing management
Failover/load-balancing management
Logging and monitoring management
Policy Deployment Management
Runtime metrics warehousing
Federation/Replication
Master/slave replication
Selective synchronization of multiple repositories
Selective promotion of objects across repositories
Management Features
Advanced policies and account management
User activity auditing
Taxonomy management API
User Management API
Access Control API
Subscription API
Administration API
JAXR API
Security Features
Fixed and flexible roles
Role-based privileges
Service | Taxonomy | Attribute | Repository Object Access by Role
Access Control Lists (ACLs)
Digital signature support
LDAP support
Standards Interoperability
UDDI v2 and v3
Handling of any URI data types
JSR 93: Java API for XML Registries
JSR 223: Scripting for Java
JSR 94: Java Rule Engine API
webMethods, Inc. may revise this publication from time to time without notice.
Some states or jurisdictions do not allow disclaimer of express or implied
warranties in certain
transactions; therefore, this statement may not apply to you.
All rights reserved. No part of this work covered by copyright herein may be
reproduced in any form or by any means—graphic, electronic or mechanical—
including photocopying, recording, taping, or storage in an information retrieval
system, without prior written permission of the copyright owner.