Quality assurance for SOA requires a different mindset

Forget QA as you knew it -- as it seems to do with everything else, SOA upsets the apple cart.

Quality assurance assures more trust in SOA -- and SOAs need trust

SOA has a lot of moving parts, so more traditional QA processes -- in which software is developed, tested, and handed off to a QA team for more testing in a very serialized manner -- will not work. "Given the distributed and complex nature of SOA, it is virtually impossible to 'stage' an SOA environment," says Wayne Ariola, VP of Parasoft.

In a new article, Wayne compares the QA process for SOA to that of embedded systems. He points out QA in the SOA world requires what he calls a "process cadence" that "initiates the quality process as soon as services are defined," based on a collaborative and building-block approach.

Wayne makes the following recommendations:

• Promote visibility. SOA is all about trust. The enterprise needs to be confident that all parts of the SOA are in working order. "Visibility will ultimately promote trust," Wayne says. "Trust will ultimately promote reuse of these business assets."
• Supply an automated infrastructure for reuse of testing assets. Just as SOA is about providing reusable services to the rest of the enterprise, testing artifacts should also be "reusable." As Wayne explains, "You do not want people redoing, recreating and rerunning the same tests over and over again. You want to make sure that test assets are created, shared, leveraged and extended properly among team members in order to achieve maximum efficiency." An automated infrastructure for storing testing assets -- such as a repository -- can help accomplish this goal.
• Promote bottom-up quality. QA needs to extend beyond the service and messaging layer to the underlying applications. Wayne urges the efficient application of coding standards, static analysis and unit testing to underlying assets -- and make this transparent to the rest of the enterprise as well.
• Leverage top-down quality as well. Wayne advises plenty of attention to the messaging layer as well -- including activities such as verifying WSDLs and BPEL files, as well as building security best practices into the software development lifecycle.
• Emulate as much as possible. Complex SOAs stretch to endpoints across the spectrum, including service customers inside and outside the enterprise, which cannot be tested directly. Such an extensive environment needs to be emulated.
• Improve, improve, improve. As with all QA processes, continuous improvement is the name of the game. Keep on measuring and tracking, Wayne advises.