Of Governance, OASIS SOA RM and Plucked Chickens

A first post into the newly-minted Retorts category, this is in response to the comment left by Michael Poulin (I assume the one of Fidelity & МЭИС fame) on the article SOA Governance Defined.

Fortunately, I do not expect everyone to be my fan, so we are cool here. I would have been saddened by the “mess” you found in my blog (I hope people find my writings to be well-reasoned and somewhat organized), if I have not learned earlier on how to translate English-to-English through Russian). So I assumed that you just disagree with my positions and line of reasoning. Now let us get back to the substance. Yes, I am familiar with OASIS SOA RM (I personally would not call it a standard just because it emanated from a standards body) and find it of very little value or relevance to the problems faced by the SOA practitioners around the world. Bipeds of both kinds Which is perhaps why there has been so little movement in this area since the document was released nearly two years ago and there seems to be no plans to update/evolve it in future. And that document does not seem to mention the word “Governance” even once. One of my favorite quotes is that Camel is a horse, designed by committee… So the definition of Governance as “deals with policies and regulations” must have come from some other source – you? An anecdote comes to mind: Plato once defined a (hu)Man as "a biped, without feathers" (animal bipes implume) so as my plucked chicken I would point out that the above definition describes many things from a humble school board to the Holy Mother Church. And policy without enforcement sounds so very … Russian! (for those of you who are far from Russian culture, I am referring to a famous quote by Saltykov-Shchedrin “the severity of Russian laws is alleviated by the lack of obligation to fulfill them”.)

I coined the term “Aspect-Based Governance” (please note -based rather then -oriented) to denote the distinction with the industry’s approach to make the decision for the customers what it would be reasonable for them to govern. The term seems to have caught-on and I have seen at least a couple of vendors and a global SI using it in this sense. If you were to read the article you would see that it has nothing to do with AOP – one thing I agree with wholeheartedly is that Governance, as well as the rest of SOA, should remain implementation-agnostic. Leaving aside the idea that AOP equals to Spring (last time I checked there were languages other then Java), let me reiterate that I was far from suggesting AOP-style code injections into the service implementations which would require a naïve assumption of service implementations’ language, platform and belonging within a certain domain of control. I too am a believer in the gateway architecture for governance, or maintaining the separation between the service implementations and PEnfPs. Furthermore, as a pioneer of delegated governance, I advocate the separation between the latter and PAP (A-for Application) and PEvP (Ev-for Evaluation).

The latter part of your comment contains many unequivocal statements which make polemics somewhat difficult:

  • SOA Governance is a set of domain specific policies and regulations” – perhaps to you it is. And to me it is a way to transform services from digital artifacts into business assets. And to Miko it is something altogether different. Leaving the “minor” issue of enforcement and compliance out of Governance altogether not only threatens employment security of all those poor soles who are working on run-time governance technologies, but reminds me of another (I promise the last in this posting) historical vignette: once Descartes was asked to give the guild of Parisian tailors a lecture on solving the problem of optimal cutting of the cloth. He started it with drawing a circle and the words “for the sake of simplicity, let’s assume that human body is spherical” and was genuinely surprised when most of the audience left immediately. I guess the final test of relevance and usefulness of various definitions would be how much help they give to those struggling with SOA in the real world.
  • I do not think it is possible to regulate such things [non-functional service characteristics] at the enterprise level” – perhaps, but I was able to build a solution which does exactly that. And based on there I think you live, you might have even used it by now... :) 
  • And I do not see a big paradox between the need to define NFSCs in the service contract and specify them through Governance solution. Ever heard of service virtualization and WSDL processing? And what about the need to expose the same service with two (five!) different sets of policies to cater to different Service Consumption Scenarios? If this paradox proves anything, it is the lack of relevance of that RM to the real world of Enterprise Architecture.

Michael, I hope I was able to respond to all substantive points in your critique, and if you are interested, would invite you to continue this discussion.

Posted on: Jun 12, 2008

Posted by: Alex Maclinovsky

Category: Retorts

Permanent link to this entry

Comments:

I like the "Lets assume the human body is spherical" part =)

Miko

Posted by Miko Matsumura on June 15, 2008 at 12:32 PM CDT #

Thanks Miko. This is one of my favorite fables. In real life not only the geniuses make this mistake....

Posted by Alex V Maclinovsky on June 17, 2008 at 10:09 AM CDT #

Very interesting and entertaining discussion.

While you may not call the OASIS SOA RM a standard just because it emanated from a standards body, I believe that is one of the definitions of a standard. I believe that the intent of establishing semantics and concepts is valuable or should be valuable even to "SOA Practitioners." It is a boon to those who might want to understand some of the concepts and semantics involved.

The subsequent OASIS SOA RA (draft) that has just been published -- and again, while it may not qualify as a standard -- yet-- it certainly is not a Camel. SOA Practitioners may feel it is too ponderous or too overdone. However, I think it is the first document to really create a model that links business to technical architecture so completely. We are looking for a guide to improve real understanding and providing a set of requirements for implementing a SOA environment. This RA appears to be on the right track. AND to your point (re: the RM) it DOES mention Governance... better than anything I've seen before.

I do enjoy and respect your comments (most of them, anyway). ;-)

Posted by Jim Buckner on August 28, 2008 at 12:13 PM CDT #

I am glad my comment has caught such attention and interests. Unfortunately, I have to notice that it is, probably, the fault of The Russian American Independent University, where Alex “have not learned earlier on how to translate English-to-English through Russian” that in the West, it is a good manner starting the statements such as responses with the subject of the discussion.

So, my comments were about proposed approach to SOA Governance that assumed obsolete definition of the SOA Service, i.e. where Service = Web Service. With this respect, I pointed on OASIS SOA RM Standard that changed the meaning of SOA Service. However, like majority of vendors, Sun Microsystems (where Alex worked that time) ignored it because the Standard took the position of the consuming companies instead of the ones providing technical infrastructure (vendors). It is unfortunate because Sun seems was not even represented in the OASIS SOA RM Technical Committee despite it had representatives from around 44 organisations including such Sun competitors in SOA as IBM, Intel, HP, Tibco, Oracle, Layer 7, and others (I cannot be sure in the number because people could leave from the TC since that time).

This, probably, is the reason why Alex did not know in June, 2008, that OASIS continued its work on ‘WHAT is WHAT in SOA and WHY’ and released the subsequent OASIS SOA Reference Architecture public review draft almost the same time as Alex published the response (than you, Jim Buckner, for reminding this). Actually, soon, there will be the second public review draft released. The OASIS SOA RA put a lot of attention on the SOA Governance. You can read about some addressed ideas in my article “SOA Governance: An Enterprise View” published by InfoQ.

I am amazed by the fact of how well Alex maintains his Russian roots. The famous Saltykov-Shchedrin’s (Russian writer) expression “the severity of Russian laws is alleviated by the lack of obligation to fulfill them” is about 100 years old. Later on, Russia used only one ‘law’ – enforcement. This may be the reason why Alex such tremblingly treats governance enforcement aspect. BTW, SOA RA directly points that the governance enforcement is the task of the Management and it is not a ““minor” issue” at all. As of ‘so very Russian sound’, it appears that Alex, not me, follows the Saltykov-Shchedrin’s notice by saying: “I personally would not call it a standard just because it emanated from a standards body”

I shell not repeat here how OASIS defines SOA Governance, you can find it in referenced article. However, I am very interested in learning how Alex “was able to build a solution which does exactly that [M.P. - regulates non-functional service characteristics at the enterprise level]. And based on there I think you live, you might have even used it by now..”
Yes, I did hear about service virtualization and WSDL processing and used it in 2004. About “And what about the need to expose the same service with two (five!) different sets of policies to cater to different Service Consumption Scenarios? If this paradox proves anything, it is the lack of relevance of that RM to the real world of Enterprise Architecture”, I can say that OASIS SOA RM/RA defines exact mechanism for exposing the same service with whatever policies – it is the Service Description and Service Contract. Both of them may use WSDL as a service interface (or even several WSDLs) or use other interface types; there may be several Service Contracts for the same Service Description with different sub-sets of agreed policies and interfaces. This is, actually, another proof that it is the time for “the real world of Enterprise Architecture” to learn the standards to understand WHAT/WHY they deal with and only then decide HOW to do it.
For the next post, may be Alex would be so kind to tell us how Amazon (where Alex works now) preserves SO Principles and how it treats Service Contracts when changing the response message content based on the throughput capabilities of their “SOA” system?

Posted by Michael Poulin on December 05, 2008 at 10:08 AM CST #

Post a Comment:
  • HTML Syntax: NOT allowed

This blog copyright 2009 by Alex Maclinovsky