sapienti sat

A first post into the newly-minted Retorts category, this is in response to the comment left by Michael Poulin (I assume the one of Fidelity & МЭИС fame) on the article SOA Governance Defined.

Fortunately, I do not expect everyone to be my fan, so we are cool here. I would have been saddened by the “mess” you found in my blog (I hope people find my writings to be well-reasoned and somewhat organized), if I have not learned earlier on how to translate English-to-English through Russian). So I assumed that you just disagree with my positions and line of reasoning. Now let us get back to the substance. Yes, I am familiar with OASIS SOA RM (I personally would not call it a standard just because it emanated from a standards body) and find it of very little value or relevance to the problems faced by the SOA practitioners around the world. Which is perhaps why there has been so little movement in this area since the document was released nearly two years ago and there seems to be no plans to update/evolve it in future. And that document does not seem to mention the word “Governance” even once. One of my favorite quotes is that Camel is a horse, designed by committee… So the definition of Governance as “deals with policies and regulations” must have come from some other source – you? An anecdote comes to mind: Plato once defined a (hu)Man as "a biped, without feathers" (animal bipes implume) so as my plucked chicken I would point out that the above definition describes many things from a humble school board to the Holy Mother Church. And policy without enforcement sounds so very … Russian! (for those of you who are far from Russian culture, I am referring to a famous quote by Saltykov-Shchedrin “the severity of Russian laws is alleviated by the lack of obligation to fulfill them”.)

I coined the term “Aspect-Based Governance” (please note -based rather then -oriented) to denote the distinction with the industry’s approach to make the decision for the customers what it would be reasonable for them to govern. The term seems to have caught-on and I have seen at least a couple of vendors and a global SI using it in this sense. If you were to read the article you would see that it has nothing to do with AOP – one thing I agree with wholeheartedly is that Governance, as well as the rest of SOA, should remain implementation-agnostic. Leaving aside the idea that AOP equals to Spring (last time I checked there were languages other then Java), let me reiterate that I was far from suggesting AOP-style code injections into the service implementations which would require a naïve assumption of service implementations’ language, platform and belonging within a certain domain of control. I too am a believer in the gateway architecture for governance, or maintaining the separation between the service implementations and PEnfPs. Furthermore, as a pioneer of delegated governance, I advocate the separation between the latter and PAP (A-for Application) and PEvP (Ev-for Evaluation).

The latter part of your comment contains many unequivocal statements which make polemics somewhat difficult:

“SOA Governance is a set of domain specific policies and regulations” – perhaps to you it is. And to me it is a way to transform services from digital artifacts into business assets. And to Miko it is something altogether different. Leaving the “minor” issue of enforcement and compliance out of Governance altogether not only threatens employment security of all those poor soles who are working on run-time governance technologies, but reminds me of another (I promise the last in this posting) historical vignette: once Descartes was asked to give the guild of Parisian tailors a lecture on solving the problem of optimal cutting of the cloth. He started it with drawing a circle and the words “for the sake of simplicity, let’s assume that human body is spherical” and was genuinely surprised when most of the audience left immediately. I guess the final test of relevance and usefulness of various definitions would be how much help they give to those struggling with SOA in the real world.
“I do not think it is possible to regulate such things [non-functional service characteristics] at the enterprise level” – perhaps, but I was able to build a solution which does exactly that. And based on there I think you live, you might have even used it by now...
And I do not see a big paradox between the need to define NFSCs in the service contract and specify them through Governance solution. Ever heard of service virtualization and WSDL processing? And what about the need to expose the same service with two (five!) different sets of policies to cater to different Service Consumption Scenarios? If this paradox proves anything, it is the lack of relevance of that RM to the real world of Enterprise Architecture.

Michael, I hope I was able to respond to all substantive points in your critique, and if you are interested, would invite you to continue this discussion.