NEWS AT SEI
This library item is related to the following area(s) of work:System of Systems
This article was originally published in News at SEI on: February 1, 2008
When it comes to the current perspectives on service-oriented architecture (SOA), there are gaping needs for robust tooling, reliable metrics, and education about business or mission implications, among other requirements. But there are efforts moving forward in some government, academic, and commercial organizations to define strategies for SOA adoption, study security issues, form governance models, and create measurement vehicles.
Those observations are among the more than 200 issues, challenges, and steps to fill gaps voiced by participants in the Hard Problems in SOA Workshop at the Software Engineering Institute (SEI) on January 30. The SEI co-sponsored the workshop with IBM (the Federal SOA Institute), and Carnegie Mellon University.
The observations highlighted by the 110 workshop participants illustrate a broad concern about the implications of SOA adoption. The participants work in government agencies, military service branches, health care organizations, universities, research and development centers, and commercial enterprises. Some of the more than 35 organizations represented were the U.S. Air Force, Army, and Navy; University of Pittsburgh Medical Center; Internal Revenue Service; Harris Corporation; the Office of the Secretary of Defense; Northrop Grumman; Villanova University; PNC Financial Services; the Federal Aviation Administration; and Westfield Insurance.
Participants represented the interests, viewpoints, and experiences of service consumers, service providers, system architects, acquirers, researchers, and others. They contributed to working sessions on these dimensions of SOA:
“These dimensions focus on problems specific to the use of SOA within federal government organizations, but they have implications for commercial organizations as well,” says Grace Lewis of the SEI.
The workshop was focused on a taxonomy of major SOA research challenges that the SEI has developed. The workshop discussions followed a template that helped attendees to address areas of the taxonomy by focusing on the following questions: Which issues are most important and why?; What is known now about the issues?; Where do the gaps exist between what is known and what needs to be discovered about the issues?; and What are some ideas for addressing the gaps? Following the working sessions, each group shared its views with all workshop participants.
From the session on “SOA Governance,” participants identified as key issues the need for a governance metamodel and for consideration about “ecosystem” (beyond the scope of a single organization) governance.
A metamodel, the Governance group reported, would ensure consistency among organizations in an SOA environment, while allowing individual organizations to tailor governance policies as needed. Among the gaps noted in the current state of development are
In the context of the ecosystem, SOA has led to a world that encompasses much broader governance than a single organization. A key challenge is to address federation while still providing only the minimum level of governance needed.
The “SOA Strategy, Justification of SOA Projects, ROI, and Strategic Plan for SOA Introduction” working group identified these issues:
An SOA strategy definition is needed, the group contended, because SOA crosses boundaries of areas of interest, so a narrow approach will not be successful. Also, SOA adoption requires an organizational transformation that can come about only incrementally. The group noted that current funding models are incompatible for an SOA paradigm and that many organizations resist relinquishing control.
Further, SOA is not a one-size-fits-all proposition. There needs to be guidance about where SOA applies and where it does not. Decision makers, the group concluded, are not as well-versed as they need to be in the business implications of SOA.
Operational effectiveness is the core motivation for any organization to consider an SOA environment. And the heart of operational effectiveness is measurement. Yet it is hard now to determine the cost of things that cross organizational boundaries, such as shared services.
The working session on “Security for SOA” found that the complication of composite applications, implications for user identity, and management of security across diverse environments were the top issues.
In composite applications, or choreographed services as the working group defined them, it can be a challenge to guarantee security results when it is unknown how the system will be assembled. Specifying security policies in this environment is a particularly difficult issue.
At times, the group noted, service providers can also be service consumers, making it difficult to form a chain of identity. Also, because the systems from which the services are exposed belong to different organizations, federated schemes of security are needed. In addition, there is a lack today of large-scale tooling and consistent security metrics to aid the managing of security in those federated situations.
In the session on “SOA Design and Deployment,” participants identified these issues:
The methodology discussed will facilitate better decision making and aid interoperability. The lack of a common method for IT architects and business analysts represents a gap today in meeting this need.
In terms of architecture, the group asked
SOA environments demand assurance, yet they offer new and significant testing challenges. There is an impedance mismatch between the specification and implementation of services, according the group. Also, an organization may rely on services that it does not control.
Outbriefs for all four working sessions along with a presentation on the SOA research taxonomy are available on the Interoperability section of our website.
This was an exciting workshop. People came together to share their thoughts on the hard problems of SOA,” said Frank Stein of IBM. “We want to continue doing this because we want to know and address what the next hard problems are as SOA adoption increases.”
For additional information, contact us using the link in the For More Information box at the bottom of this page.
For more information
Please tell us what you
think with this short
(< 5 minute) survey.