6.18. POLICY CATEGORIES DETERMINE POLICY ENFORCEMENT MECHANISMS
Policy enforcement is established based on the types of policies you require to achieve your SOA governance goals and close the critical SOA governance gaps. In general, the following policy rules of thumb will help you frame your policy enforcement model:
Business Policies. Business policies will almost always require manual governance board oversight. These are very difficult to enforce using any automated tools, and thus their enforcement is normally accomplished by governance boards, working group reviews, sign-off mechanisms and the like.
Process Policies. Process policies can be manually enforced, and most often will, but can be automated by augmenting manual governance checkpoints with business process management tools. For example, an SDLC can be automated with various checkpoints and reviews for a program management office (PMO) process, but most often the SDLC is manually executed and thus the PMO enforces the governance process by ensuring projects go through appropriate governance at the required times. The possibility of governance enablement and governance collaboration tools will open up new opportunities to implement robust governance solutions that more tightly link organization and process to automated policy enforcement.
Technical Policies. Technical policies can be enforced using many of these enforcement mechanisms, and can also benefit from SOA tooling and runtime governance solutions. Technical ...
Get Service-Oriented Architecture Governance for the Services Driven Enterprise now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
