Analyst: SOA governance stymied by lack of standards

It's not design time or runtime, it's 'all the time'

Every organization has multiple SOA-inspired efforts taking place inside and across firewalls, and each and every one is likely employing different types of repositories to govern service lifecycle management and discovery. (In many cases, still manually, via spreadsheets and wikis.)

It's not design time or runtime, it's 'all the time'

There are plenty of situations where multiple types of repositories are deployed to track services or functions. And that's okay, according to Gartner analyst Frank Kenney. However, these need to be brought together to more effectively strenghten SOA governance efforts. Unfortunately, standards do not yet exist to bring these different mechanisms together.

Kenney, speaking at the recent ebizQ conference on SOA Governance, called for better cohesion between SOA governance systems, repeating his mantra that "runtime and design time don’t mean anything when it comes to SOA -- its not 'runtime' or 'design time,' its 'all the time.'" (Archived presentation available here.)

Kenney also recently pointed out that Microsoft offers the most widely used SOA governance tool -- Excel. But again, that's okay -- at least enterprises are doing something.

The issue is that too many enterprises and vendors attempt to separate governance into the two separate lifecycle stages, when it all should be treated as one ongoing effort, he said in his keynote address, accompanied by Miko Matsumura, deputy CTO for Software AG. In addition, Kenney says, SOA governance systems need to integrate with not only each other, but also with other types of systems across the enterprise. Unfortunately, this ability to integrate does not exist yet, he says.

"We need to move towards a delegated system, where we can have one registry interacting with another registry on behalf of another and another and another," Kenney said. "This is where standards are going to get us. Sadly again, they don’t really exist today."

Federated governance is the next wave on the horizon for both enterprises and vendors, he says. "Many times I get asked, what should the registry/repository of record? Should it be this registry/repository for SOA? Or should it be my CMDB?" Both of these approaches are valid, he says, since there are various ways to capture and maintain information on services and applications. "We need to have federation, but that federation needs to be contextual; that federation needs to be optimized for the viewer. It needs to have context."

However, it's now difficult to federate the various repositories that exist across enterprises, so there's a lot of work to be done in this area. "Sadly, that’s one thing that seems to be missing from SOA governance today," Kenney pointed out. "The most we can do, absent of standards, is a single replicate or synchronization. In some cases, that’s going to be good enough."

Good enough may not be enough when it comes to governing services across domains, however. "In cases such as B-to-B instances, where I’m reaching outside my firewall, and I have to do business with a business partner, and I cant always, or I cant always sync, it will become hard," he said.

Expect to see activity pick up in this area from vendors and analysts, he adds. "We believe that within the next 24 months, you’re going to hear a lot about this issue of federation, a lot about the issues of governance interoperability so that things can be federated."