Another thought on SOA Governance

Read Dave Lithincum's recent post about a Progress Software study on SOA adoption. Among other things, their results "revealed that governance is not keeping pace with the adoption of service-oriented architectures (SOAs) at most organizations." Sort of a self-serving survey like Dave says? It isn't particularly surprising for a vendor that makes SOA management solutions to find that more customers need better governance. In our engagements, we've usually found that companies have the integration tools and standards in place to rapidly deploy applications in SOA style, but the discipline showed up late to the game. Indeed, according to people who get paid to think about these things, we are entering a period of both widespread adoption of SOA in 2007 - and some widespread discontent. Policies and registries, and nomenclatures are great for SOA. But does the establishment of the rule mean you can literally enforce it within the application? Our self-serving opinion is that Quality is the missing piece of Governance. A lot of the big testing vendors are now saying they test SOA, but their approaches were designed to either heavily test at the unit/code level, or test from a UI. Extending testing from existing paradigms to support the kind of chaos created by a "continuously in build and deployment" will take a lot more than a new test adapter or creating thousands of automatic unit tests. You need to test that the business logic is working where it happens. Let's hope that we will continue to meet customers that know that for governance, policies are like legislation -- they need real validation in run time that can talk the language of every layer that policy might touch. - Jason