Mention the term 'governance' these days, and you will probably draw lots of nervous stares because the term means many things to many people. Narrow that to SOA governance, and those expressions often turn blank.
The challenge is that governance itself is a loaded term, and when it comes to SOA, the definition of what to govern is at this point somewhat fluid. No wonder that people refer to it warily as ‘the G word’.
In the age of SOX, governance implies not only fiscal, but also legal, responsibility. And while SOX is not specifically aimed at IT directly, as steward of corporate data, IT is on the firing line when it comes to ensuring that the CEO stays out of jail.
And when you compare the objectives of SOX and SOA, you will inevitably confront a disconnect. While SOX is intended to prevent bad things from happening to data, if SOA is implemented properly, it provides new ways of exposing data.
Now let us ratchet up the equation. With traditional software development, once you got past the requirements stage, the business typically threw most responsibility for the application over the wall to IT. By contrast, the SOA lifecycle can involve multiple masters through the life cycle, because new or re-used services can be composed and shared on an ongoing basis. In most organisations, responsibilities for creating and maintaining a service over its life cycle have yet to be fully defined.
Consequently, if you are going to formally govern SOA, that implies that there is some formal IT governance exercised as well to govern the rules of engagement, and set the context for how IT contracts with the business to expose and manage services from creation to deployment, modification, re-use, and retirement. And, given that re-use relies on a robust architecture, that implies that the organisation should also have a somewhat codified software development lifecycle. And the enforcement of service contracts specifying service level agreements means that there is also an infrastructure management aspect.
Not surprisingly, when a panel of experts on SOA governance convened at the Open Group's Enterprise Architecture Practitioners conference last week, responses to the question of what SOA governance entails were all over the map.
But given that the goals of SOA are hardly modest, it is no wonder that we are still dancing around the ‘G’ word.