6.11. IDENTIFYING TECHNICAL POLICIES
The policy model steps stated above apply to any policies, including business, process, and technical policies of an enterprise. If your focus is only technical policies, we recommend following the same approach described above, and then using these additional steps in the technical policy analysis and implementation. Again, treat this process as a subset of the overall policy model described above:
Define SOA policies needed based on business and technical requirements.
Define conformance processes across the services lifecycle (e.g., design, development/enablement, deployment, publishing, discovering, operation/run time, management, and maintenance activities).
Govern your SOA using the defined policies.
Measure conformance to the SOA governance model by examining multiple areas of conformance.[]
[] WebLayers Whitepaper: SOA Governance, 2005, p. 11.
Policies. What are our policies? Where are they described, documented and implemented? How are they enforced during design, development, and run time? Where are the gaps?
Enterprise Services. What enterprise services are being developed or exposed? How are policies being enforced during development? Is policy enforcement automated during the service's life cycle?
Conformance Status. Do our services (and others we consume) conform to our policies? What is the impact of nonconformance on service operations or business processes (e.g., security intrusions, SLA degradation, inoperable services)?
Impact Analysis ...
Get Service-Oriented Architecture Governance for the Services Driven Enterprise now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
