So much metadata, so little time

Registry and repository are hot commodities in SOA, but where is it all leading us?
Written by Joe McKendrick, Contributing Writer

Registry and repository are hot commodities in SOA, but where is it all leading us? I few days back, I posted some observations about the evolving dynamics between registry and repository. Some other industry observers have also been examining the implications of registry/repository.

Miko Matsumura (Infravio) says there is still a lot of work to be done in terms of policy management. Biske: maybe we should just start calling it a 'repristry' He pointed to the BEA-Flashline acquisition as addressing some of the service "lifecycle" issues. However, he adds that "the technical problems in service lifecycle governance are relatively easy problems of approval workflow, technical federation and synchronization. The bigger problem is SOA policy lifecycle governance." That's because intra-organizational politics enters the mix, he says: "central IT, business units and external partners don't always agree, and require policy federation capabilities to ensure smooth alignment and integration."

Todd Biske says we may begin to encountering issues untangling these mechanisms. He rechristened the registry/repository with a new buzzname: the "repistry." "The registry/repository is somewhat like the database of SOA... The repository of SOA has allowed convergence of the development time asset repository with the run-time service registry," Biske points out.

Go up another level, and you have the configuration management database. Nothing wrong with that, right?

Well, Biske says what's happening is for every type of application, there's repository being piled on top of repository, resulting in "repositories for niche areas that overlap with each other, causing potential for replication and synchronization issues. Do I then create a repository services layer that provides a single view of the truth? Do I need some form of repository federation? How about a meta-repository? Of course, the repository itself already was a metadata source, so now I have meta-metadata. Ugh, I’m giving myself a headache."

John Waters of Application Development Trends says the recent acquisitions (BEA-Flashline, webMethods-Cerebra, HP-Mercury/Systinet) have made SOA repositories the trend de jure. Vendors are recognizing that they need to offer both registry and repository. Waters adds that metadata needs to be managed -- "service definitions (WSDL), policy definitions that control security and other access to services (WS-Security and WS-Policy), models and business process definitions (BPEL, UML, WS-CDL), schema for data (XML Schema), and more. The registries provide a means of discovering, locating, and binding the metadata; the repositories store it and support change and version management."

So where does registry end and repository begin? Waters quotes ZapThink's Ron Schmelzer, who sums up the challenge this way:

''Registries (like Infravio, Systinet, and Software AG) emerged when Web Services required them through UDDI and other access mechanisms,'' he says. ''Repositories (like those offered by Software AG, LogicLibrary, and Flashline) were first used by developers to manage all their assets, but once those assets became services, it all started to get mushed together.''

Editorial standards