In general, governance means establishing and enforcing how people and solutions work together to achieve organizational objectives. This focus on putting controls in place distinguishes governance from day-to-day management activities. [Source: Introduction to SOA Governance: The official IBM definition and why you need it]
As a discipline, governance has been with us for many years, but with the advent of enterprise SOA, the need has been heightened for organizations to take governance as a discipline more seriously. So, why is defining SOA governance and its scope so challenging?
With so many definitions of SOA coming from software vendors, standards bodies, analyst firms, and respected authors, it’s no wonder that defining SOA governance and its scope causes so much confusion and disagreement.
SOA governance should be viewed as the application of Business governance, IT governance, and EA governance to Service-Oriented Architecture (SOA). In effect, SOA governance extends IT and EA governance, ensuring that the benefits that SOA extols are met. This requires governing not only the execution aspects of SOA, but also the strategic planning activities.
SOA Governance Relationships
Many of the early definitions of SOA were very technology-focused and the differences between SOA and web services technology were blurred. A side-effect of this is the misperception that SOA governance can be solved by technology alone. Effective SOA governance requires equal focus on the people, process, and technology aspects of SOA governance; therefore, defining and scoping SOA governance can be a challenge.
As previously stated, SOA governance should extend the organization’s existing IT and EA governance models to cater for the new SOA assets and SOA policies. Extending these existing governance models reduces the risk that organizations will create uncoordinated silo’ed governance regimens that will potentially duplicate existing coverage areas of their core governance regimens. Extending the existing governance regimen to ensure that the benefits of SOA are achieved is still challenging. It requires governing the strategic planning activities as well as the execution aspects of SOA.
The goal of the SOA Governance Framework is to enable organizations to define and deploy their own focused and customized SOA Governance Model.
Since aspects of the SOA Governance Model require culture change, an SOA Governance Regimen should never be deployed in a big-bang approach. The framework defines an incremental deployment approach so that organizations can continue to meet their current demands while moving towards their long-term goals for SOA.
There is no single model of good SOA governance due to variants within an organization. Examples of these variants include the existing governance in place, the SOA maturity level, size of the organization, etc. In effect, an organization’s appropriate SOA Governance Model is one that defines:
Organizations should frankly assess their current governance regimen and practical governance goals. From this, an achievable roadmap for delivering governance can be created.
The SOA Governance Framework consists of an SOA Governance Reference Model (SGRM) which is utilized as a starting point, and an SOA Governance Vitality Method (SGVM) which is a definition/improvement feedback process to define a focused and customized SOA Governance Regimen.
SOA Governance Framework
The SOA Governance Reference Model (SGRM) is a generic model that establishes a foundation of understanding and is utilized to expedite the process of tailoring the SOA Governance Regimen for an organization. All aspects of the SGRM should be reviewed and considered for customization to the organization’s environment. The examples provided are intended to be a starting point for discussion which may be selected from or extended.
The SOA Governance Vitality Method (SGVM) is a process that starts with the
SGRM and then follows a number of phased activities to customize it for the organization’s variants. SOA governance should be viewed as a process and not a project; therefore, the phases of the SGVM should be viewed as a continuous improvement loop, whereby progress is measured, and course-correction and updates to the SOA Governance Regimen are performed when needed.