Navigating the SOA Open Standards Landscape Around Architecture – Open Standards Work on SOA Governance


SOA Governance frameworks are defined both in The Open Group SOA Governance Framework [15] and as a chapter in the OASIS Reference Architecture for SOA Foundation [6]. The OMG SOA Governance RFP development group [36] is also exploring the standardization of SOA governance. While the understanding of SOA governance provided by these works is similar, they are written from different perspectives. Each specification supports the same range of opportunity, but has provided different depths of detail for the perspectives on which they focus. The following table outlines some of the aspects of the governance specifications that had different emphasis.


OASIS Reference Architecture
for SOA

The Open Group SOA Governance Framework


More abstract, covering wide range of concepts but not detailing any particular one.

More concrete, providing more detail for specific conditions.


Focus on conveying understanding of SOA governance.

Focus on guidance for architects adding governance to SOA processes.


Focus on governance among peers across ownership boundaries.

Focus on governance within an organization.

Controlling Body

Focus on coordination among peers with controlling body being facilitator running framework for coordination.

Focus on coordination among peers who are subordinate to controlling body.

Target of Governance

Focus on SOA infrastructure, service inventory, and participant interaction.

Focus on service and SOA solution portfolio and lifecycle process.

SOA Governance Concepts

These works define similar concepts for SOA governance, SOA governance frameworks, and SOA governance reference models:

  • SOA Governance is an enhancement of enterprise governance that recognizes the distinct concerns of SOA, particularly sharing of services/capabilities across organizational boundaries, that ensures continued alignment of business goals and SOA solutions. It covers the definitions of standards, guidelines, policies, and metrics for current SOA processes which are monitored with compliance processes.
  • SOA Governance Framework includes organizational, technology, and process governance customized for an organization.
  • SOA Governance Reference Model (The Open Group) and Generic Model for Governance (OASIS) establish the core concepts of SOA governance and the relationships between them.

Many of these core concepts are core to governance in general and not specific to SOA. As a result of different perspectives, there is different emphasis, focus, and detail in the reference models. The core concepts are very similar in both reference models and are summarized and compared in this section:

  • EA Governance – We agree that IT, EA, and SOA governance influence each other. We agree that if an EA is available, then it should provide a foundation for governance; if no EA work has been done, then much of that work will become part of the SOA and SOA governance work.
  • People – We agree that SOA governance involves roles including stakeholders, where the stakeholders may include organizations, boards, and other groupings that facilitate defining and assigning the responsibilities of governance.
  • Technology – We agree that it includes technology for enabling SOA governance. We agree that SOA governance should provide guidance to and ensure that SOA IT infrastructure used as part of SOA is used according to policies, rules, and regulations. We agree that SOA and SOA governance influence IT infrastructure and IT governance.
  • Guiding Principles – We agree that The Open Group guiding principles are roughly the same as the OASIS policies, and provide a means for aligning business and SOA objectives and influencing how SOA governance is defined and deployed.
  • Roles – We agree that roles and responsibilities should be considered as part of an organization’s SOA and that participants in SOA include stakeholders, leadership, and governance bodies.
  • Governing Processes – We agree that it must be possible to assess compliance and respond appropriately, where the response may be recognition/benefits for exemplary compliance, dispensation where flexibility enables accounting for local conditions, or penalties where compliance targets are missed. The actions of governance must also be communicated to the stakeholders. The governing processes are enabled by the implementation of:

    Checkpoints – We agree that checkpoints – identified stop points to check for governance compliance – can be used to enable governance of SOA solutions.

    Metrics – We agree that metrics should be identified and collected to support compliance and monitoring. We agree that metrics should be available to relevant stakeholders.

    Artifacts – We agree that governance is supported by artifacts which include service descriptions, policies, and documentation on the governance regimen and governing processes.
  • Governed Processes – We agree that the target of SOA governance includes services, solutions, technology, and processes. We agree that SOA solutions and lifecycles should be governed; however, OASIS does not get into the details of doing this.
  • Vitality – We agree that SOA governance is an ongoing process that should have a feedback loop to keep it current and aligned with long-term goals for SOA in the organization. We agree that plan, define, implement, and monitor stages occur iteratively as part of the ongoing process of governance and to ensure vitality.