muSOAing for 10/08/09

Before we explore the intricacies of SOA Governance, let us first examine for a minute all the events that let us to this point where the need for strict Governance became mandatory. The Internet has been in around in some form or shape since the late 60s.

The most ubiquitous application in this nascent Internet was email. Later on this technology called the browser came along served to democratize Internet and and created this whole new web by marrying together all the core constituents of the Internet and helped to open this technology to the masses. In this same vein, I would say that SOA has served to democratize web technology and in the process demystify myriad terms that were hitherto the exclusive domain of consultants. It has been the main enabler for serving useful technology over the web. If you look at it another way, SOA being this technology that spanned domains, business units, organizations and even geographic boundaries, the chance that it might be misused is perhaps a very gross understatement.

Every SOA implementation has to be designed keeping in mind that it can be and perhaps will be abused and misused. The threats are both within and without it’s defined execution boundary. So with the exposure of a seemingly harmless URL can portend very deep implications that will carry down to the very heart and core of that system which will service this URL. Think of every sort of threat you can come up with and you have your laundry list of items you have to consider as part of your security and governance for your services.

The term Governance is still quite fuzzy and it’s boundaries and what constitutes this particular function are widening every day. Suffice to say that to cover this vast ground a strategy should be in place right from get go, from the point where you start designing your services upto the point where you deploy and run your services. To grapple with this conundrum, the industry has (thankfully) begun to see these as two distinct components, being design time and run time Governance.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: