www.oasis-open.org 1 governance excerpt from reference architecture for soa (oasis soa-rm tc work...

www.oasis-open.org 1 Governance Excerpt from Reference Architecture for SOA (OASIS SOA-RM TC work in-progress) Ken Laskey, co-editor 5 th SOA for E-Government Conference 1 May 2008

Post on 19-Dec-2015




3 download




Governance Excerpt from Reference Architecture for SOA

(OASIS SOA-RM TC work in-progress)

Ken Laskey, co-editor

5th SOA for E-Government Conference1 May 2008



OASIS SOA-RM TC Work SOA Reference Model

Became OASIS Standard October 12, 2006 http://www.oasis-open.org/specs/index.php#

soa-rmv1.0 SOA Reference Architecture

Work in progress First Public Review awaiting OASIS



What is a Reference Model An abstract framework for understanding

significant relationships among the entities of some environment.

Consists of a minimal set of unifying concepts, axioms and relationships within a particular problem domain.

Is independent of specific standards, technologies, implementations, or other concrete details.


Reference Model for SOA

It’s an OASIS Standard


What is a “Reference Architecture”?Reference Architecture (vs.) Reference Model

Models the abstract architectural elements in the domain independent of the technologies, protocols, and products that are used to implement the domain

Describes the important concepts and relationships in the domain focusing on what distinguishes the elements of the domain

A reference architecture elaborates further on the reference model to show a more complete picture of what is involved in realizing the modeled entities


Where the RA fits


What is the SOA RA?

The SOA Reference Architecture is an architectural description that documents (or describes) the abstract architectural elements of SOA-based systems

It focuses on the elements and their relationships needed to enable SOA-based systems to be used, realized, and owned – where part of the ownership consideration is governance


SOA Governance Model - Motivating GovernanceSOA governance builds off general governance concepts

• Participants have Goals and agree to Governance that will improve likelihood that an overlapping subset of the individual goals will be achieved

• Governance, as expressed through Policies, attempts to satisfy the common goals

• A minimal degree of agreement often presages participants who “slow-roll” if not actively reject complying with Policies that express the specifics of Governance


SOA Governance Model - Setting Up Governance

• Leadership critical to initiate and champion Governance• Policies are means to

realizing Goals• Compliance is required

• Leadership sets up Governance Framework and Governance Processes• Unambiguous, consistent,

and fair actions• Sufficient input on issues• Defined in charter and

accepted by Participants


SOA Governance Model - Carrying Out Governance

• Example• Policy: all authorized parties

should have access to data • Rule: PKI certificates are

required to establish identity of authorized parties

• Regulation: Recognized PKI issuing body and procedures

• Rules and Regulations provide operational constraints which may require resource commitments or other levies on the Participants

• Participants having agreed to charter are then bound to comply with Rules and Regulations


SOA Governance Model Ensuring Compliance

• You cannot govern what you cannot measure• As everyone must knows the rules, everyone must have access to metrics

that define compliance• Management can use Metrics to identify exemplars of compliance and

Leadership can provide options for rewarding the Participants


How SOA Governance is Different

SOA governance is organization of services that promotes their visibility facilitates interaction among service participants enforces that the results of service interactions are

those real world effects as described within the service description constrained by policies and contracts as assembled in the

execution context SOA governance must specifically account for control

across different ownership domains All the participants may not be under the jurisdiction of a single

governance authority Participants must agree to recognize authority of the

Governance Body, operate within the Governance Framework and through the Governance Processes


What Needs to be Governed SOA infrastructure – the “plumbing” that

provides utility functions that enable and support the use of the service

Service inventory – the requirements on a service to permit it to be accessed within the infrastructure

Participant interaction – the consistent expectations with which all participants are expected to comply


What Needs to be Governed - SOA Infrastructure

Must be stable, reliable, extremely robust to all operating conditions

Usable in dependable and predictable ways


What Needs to be Governed - Service Inventory Define concept of “well-behaved” services Sufficient metrics to be collected to know:

how a service affects the SOA infrastructure whether a service complies with infrastructure policies

Identify required attributes to describe a service Consumer can decide whether service is sufficient for

intended use Include extensibility for adding new attributes as needed


What Needs to be Governed - Participant Interaction Services adhere to service interface and service

reachability parameters Require that the result of an interaction MUST

correspond to: Real world effects as contained in service description Policy agreements as documented in the execution



Other Consideration - Standards Identify minimum set needed Expand and evolve the mandated set in a

predictable manner Sufficient guidance so that new services will be able to

coexist as much as possible with the old Changes to standards do not cause major disruptions Implies choose your standards carefully


Governance vs. Management of SOA-based systems Governance about how decisions are

made Management is about how decisions are

realized Nested – management at one level is

governance at another Parallel - several governance chains may

be relevant concurrently