SOA governance: 'hot,' but vague

Typically, 'governance' describes the process by which projects are justified, managed and change controlled. But now it's really getting the royal treatment when tagged to SOA, as if it's never been done before. Hence, there's plenty of confusion and obfuscation about what it means and what it should cover. Should SOA governance be treated as something different and apart from normal governance of IT projects?

It can be argued that 1) there hasn't been enough "governance" of IT projects to begin with; and 2) SOA is something completely different, because it requires participation from a variety of enterprise factions. In other words, vendors are trying to introduce governance to truly ungovernable situations.

But since SOA is as much a journey as a destination, it can show us a better, more governable, way. In an article in SearchWebServices, Forrester Research's Mike Gilpin observes that "SOA governance is hot, but it's a vague category. A lot of vendors say they have SOA governance, but does that happen at design time, runtime, etc.? That confusion continues to exist." He notes that governance needs to be present at all stages of the SOA lifecycle:

"The industry is beginning to acknowledge that there are different parts of governance that need to be understood and runtime is as important as design time...  You want to catch things at design time if you can, but there are other policies have to be enforced by data flowing through system rather than the nature of program code and that's a worthy goal."

In my work with Webservices.Org, I recently polled some industry leaders for their predictions for the year ahead. The rise of SOA governance was a commanding theme. For example, Infravio's Miko Matsumura observes the following:

"Organizations will increasingly realize that the most significant constraints facing their successful rollouts are not technological, but organizational, political, social, and regulatory... Forethought is needed to manage policies and provide governance of services, people, processes and assets involved in a business initiative."

Gilpin is also quoted as saying that the ability to manage the governance process is likely beyond the grasp of any single vendor. Matsumura agrees: "The market is filled with lots of jargon and vendor claims, and implementers need to understand the use cases and requirements or they could get burned."