NEWS AT SEI
This article was originally published in News at SEI on: February 1, 2008
When it comes to the current perspectives on service-oriented architecture (SOA), there are gaping needs for robust tooling, reliable metrics, and education about business or mission implications, among other requirements. But there are efforts moving forward in some government, academic, and commercial organizations to define strategies for SOA adoption, study security issues, form governance models, and create measurement vehicles.
Those observations are among the more than 200 issues, challenges, and steps to fill gaps voiced by participants in the Hard Problems in SOA Workshop at the Software Engineering Institute (SEI) on January 30. The SEI co-sponsored the workshop with IBM (the Federal SOA Institute), and Carnegie Mellon University.
The observations highlighted by the 110 workshop participants illustrate a broad concern about the implications of SOA adoption. The participants work in government agencies, military service branches, health care organizations, universities, research and development centers, and commercial enterprises. Some of the more than 35 organizations represented were the U.S. Air Force, Army, and Navy; University of Pittsburgh Medical Center; Internal Revenue Service; Harris Corporation; the Office of the Secretary of Defense; Northrop Grumman; Villanova University; PNC Financial Services; the Federal Aviation Administration; and Westfield Insurance.
Participants represented the interests, viewpoints, and experiences of service consumers, service providers, system architects, acquirers, researchers, and others. They contributed to working sessions on these dimensions of SOA:
- SOA Governance
- Strategy, Justification of SOA Projects, ROI, Strategic Plan for SOA Introduction
- Security for SOA
- SOA Design, Development, and Deployment: Methods and Tools
“These dimensions focus on problems specific to the use of SOA within federal government organizations, but they have implications for commercial organizations as well,” says Grace Lewis of the SEI.
The workshop was focused on a taxonomy of major SOA research challenges that the SEI has developed. The workshop discussions followed a template that helped attendees to address areas of the taxonomy by focusing on the following questions: Which issues are most important and why?; What is known now about the issues?; Where do the gaps exist between what is known and what needs to be discovered about the issues?; and What are some ideas for addressing the gaps? Following the working sessions, each group shared its views with all workshop participants.
SOA Governance: Just Enough
From the session on “SOA Governance,” participants identified as key issues the need for a governance metamodel and for consideration about “ecosystem” (beyond the scope of a single organization) governance.
A metamodel, the Governance group reported, would ensure consistency among organizations in an SOA environment, while allowing individual organizations to tailor governance policies as needed. Among the gaps noted in the current state of development are
- the need for a business process ontology
- consideration of service reuse and measurement
- definition of knowledge and event rules
In the context of the ecosystem, SOA has led to a world that encompasses much broader governance than a single organization. A key challenge is to address federation while still providing only the minimum level of governance needed.
SOA Strategy: Finding Where SOA Applies and Measuring Its Effectiveness
The “SOA Strategy, Justification of SOA Projects, ROI, and Strategic Plan for SOA Introduction” working group identified these issues:
- SOA strategy definition
- applicability of SOA
- operational effectiveness
An SOA strategy definition is needed, the group contended, because SOA crosses boundaries of areas of interest, so a narrow approach will not be successful. Also, SOA adoption requires an organizational transformation that can come about only incrementally. The group noted that current funding models are incompatible for an SOA paradigm and that many organizations resist relinquishing control.
Further, SOA is not a one-size-fits-all proposition. There needs to be guidance about where SOA applies and where it does not. Decision makers, the group concluded, are not as well-versed as they need to be in the business implications of SOA.
Operational effectiveness is the core motivation for any organization to consider an SOA environment. And the heart of operational effectiveness is measurement. Yet it is hard now to determine the cost of things that cross organizational boundaries, such as shared services.
SOA Security: Challenge of Federated Environment
The working session on “Security for SOA” found that the complication of composite applications, implications for user identity, and management of security across diverse environments were the top issues.
In composite applications, or choreographed services as the working group defined them, it can be a challenge to guarantee security results when it is unknown how the system will be assembled. Specifying security policies in this environment is a particularly difficult issue.
At times, the group noted, service providers can also be service consumers, making it difficult to form a chain of identity. Also, because the systems from which the services are exposed belong to different organizations, federated schemes of security are needed. In addition, there is a lack today of large-scale tooling and consistent security metrics to aid the managing of security in those federated situations.
SOA Design, Development, and Deployment: New Methods for Greater Complexity
In the session on “SOA Design and Deployment,” participants identified these issues:
- a methodology for a system life cycle that features a high rate of change and high degree of complexity
- the need to understand and evaluate service-oriented systems
The methodology discussed will facilitate better decision making and aid interoperability. The lack of a common method for IT architects and business analysts represents a gap today in meeting this need.
In terms of architecture, the group asked
- What are attributes that are most important, and particular, in an SOA environment?
- How can you model and measure agility, rate of change, resiliency of architecture, and the ability to evolve?
- What are the generations of the architecture?
SOA environments demand assurance, yet they offer new and significant testing challenges. There is an impedance mismatch between the specification and implementation of services, according the group. Also, an organization may rely on services that it does not control.
Full Workshop Documents Available
Outbriefs for all four working sessions along with a presentation on the SOA research taxonomy are available on the Interoperability section of our website.
This was an exciting workshop. People came together to share their thoughts on the hard problems of SOA,” said Frank Stein of IBM. “We want to continue doing this because we want to know and address what the next hard problems are as SOA adoption increases.”
For additional information, contact us using the link in the For More Information box at the bottom of this page.