www.oasis-open.org
1
Governance Excerpt from Reference Architecture for SOA
(OASIS SOA-RM TC work in-progress)
Ken Laskey, co-editor
5th SOA for E-Government Conference1 May 2008
www.oasis-open.org
2
OASIS SOA-RM TC Work SOA Reference Model
Became OASIS Standard October 12, 2006 http://www.oasis-open.org/specs/index.php#
soa-rmv1.0 SOA Reference Architecture
Work in progress First Public Review awaiting OASIS
processing
3
What is a Reference Model An abstract framework for understanding
significant relationships among the entities of some environment.
Consists of a minimal set of unifying concepts, axioms and relationships within a particular problem domain.
Is independent of specific standards, technologies, implementations, or other concrete details.
5
What is a “Reference Architecture”?Reference Architecture (vs.) Reference Model
Models the abstract architectural elements in the domain independent of the technologies, protocols, and products that are used to implement the domain
Describes the important concepts and relationships in the domain focusing on what distinguishes the elements of the domain
A reference architecture elaborates further on the reference model to show a more complete picture of what is involved in realizing the modeled entities
7
What is the SOA RA?
The SOA Reference Architecture is an architectural description that documents (or describes) the abstract architectural elements of SOA-based systems
It focuses on the elements and their relationships needed to enable SOA-based systems to be used, realized, and owned – where part of the ownership consideration is governance
8
SOA Governance Model - Motivating GovernanceSOA governance builds off general governance concepts
• Participants have Goals and agree to Governance that will improve likelihood that an overlapping subset of the individual goals will be achieved
• Governance, as expressed through Policies, attempts to satisfy the common goals
• A minimal degree of agreement often presages participants who “slow-roll” if not actively reject complying with Policies that express the specifics of Governance
9
SOA Governance Model - Setting Up Governance
• Leadership critical to initiate and champion Governance• Policies are means to
realizing Goals• Compliance is required
• Leadership sets up Governance Framework and Governance Processes• Unambiguous, consistent,
and fair actions• Sufficient input on issues• Defined in charter and
accepted by Participants
10
SOA Governance Model - Carrying Out Governance
• Example• Policy: all authorized parties
should have access to data • Rule: PKI certificates are
required to establish identity of authorized parties
• Regulation: Recognized PKI issuing body and procedures
• Rules and Regulations provide operational constraints which may require resource commitments or other levies on the Participants
• Participants having agreed to charter are then bound to comply with Rules and Regulations
11
SOA Governance Model Ensuring Compliance
• You cannot govern what you cannot measure• As everyone must knows the rules, everyone must have access to metrics
that define compliance• Management can use Metrics to identify exemplars of compliance and
Leadership can provide options for rewarding the Participants
12
How SOA Governance is Different
SOA governance is organization of services that promotes their visibility facilitates interaction among service participants enforces that the results of service interactions are
those real world effects as described within the service description constrained by policies and contracts as assembled in the
execution context SOA governance must specifically account for control
across different ownership domains All the participants may not be under the jurisdiction of a single
governance authority Participants must agree to recognize authority of the
Governance Body, operate within the Governance Framework and through the Governance Processes
13
What Needs to be Governed SOA infrastructure – the “plumbing” that
provides utility functions that enable and support the use of the service
Service inventory – the requirements on a service to permit it to be accessed within the infrastructure
Participant interaction – the consistent expectations with which all participants are expected to comply
14
What Needs to be Governed - SOA Infrastructure
Must be stable, reliable, extremely robust to all operating conditions
Usable in dependable and predictable ways
15
What Needs to be Governed - Service Inventory Define concept of “well-behaved” services Sufficient metrics to be collected to know:
how a service affects the SOA infrastructure whether a service complies with infrastructure policies
Identify required attributes to describe a service Consumer can decide whether service is sufficient for
intended use Include extensibility for adding new attributes as needed
16
What Needs to be Governed - Participant Interaction Services adhere to service interface and service
reachability parameters Require that the result of an interaction MUST
correspond to: Real world effects as contained in service description Policy agreements as documented in the execution
context
17
Other Consideration - Standards Identify minimum set needed Expand and evolve the mandated set in a
predictable manner Sufficient guidance so that new services will be able to
coexist as much as possible with the old Changes to standards do not cause major disruptions Implies choose your standards carefully