Among the SOA hype, recently there have been a lot of articles and recommendations about the need for governance when introducing SOA. For example, Paolo Malinverno, Research VP of Gartner, wrote in [Gartner06]:
Service-Oriented Architecture governance isn't an option—it's an imperative. The bigger the SOA is, the more governance it needs, and the more complex the governance roles and mechanisms must be. Governance arrangements take a long time to design and install, and are difficult to enforce, but without them, every SOA project out of pilot phase is at risk.
But what exactly does "SOA governance" mean, and who is responsible for it? I will discuss these questions in the following subsections.
Regarding the question of what governance in general and SOA governance in particular mean, I like the simple definition Anne Thomas Manes gave at OOP 2007 (see [Manes07]). According to her, governance is:
Making sure that people do what's "right."
She also gives the supplementary and slightly more concrete hint that governance means:
Controlling the development and operation of software.
From this point of view, it is always an imperative to have governance. Otherwise, the risk of chaos and/or wasting money and resources is far too high.
Let's try to find a bit more detail about what it means to govern SOA. That is, how do you make sure that people "do what's 'right'" regarding SOA?
In [Manes07], Manes defines the following governance basics:
Policies define ...