SOA Executive Forum Panel: Topics for Discussion


I'll be moderating a panel at this year's InfoWorld SOA Executive Forum. There are actually two events, one in San Jose on May 5th and one in New York on May 17th. I'm doing the same panel both places. The topic of my panel is "Services and Contracts" and I'll be joined by David Linthicum, CTO at Grand Central Communications; Rick Caccia, Senior Director of Product Management at Oracle (nee Oblix); and Jim Bole, Vice President of Products at Infravio.

In my reviews of Web services intermediaries in the last two years, the issue of contracts, SLAs and the like comes up anytime companies want to start rolling out Web services offerings to anymore than just a handful of partners. In a head-to-head review of Actional, AmberPoint, Flamenco Networks, Infravio, and Westbridge Technology I wrote:

As Web services move from internal pilot projects to large-scale deployments involving partners and suppliers, managing the myriad interactions places a significant burden on the enterprise. The service provider must provision accounts for new consumers, allow them to select services, manage versions, negotiate SLAs, provide monitoring and reporting data and alerts, and authenticate each consumer transaction. Automation and self-service could spell the difference between a successful rollout and one that requires so much staff time that it becomes untenable.

I think this will be a good panel. Each of the participants brings their own flavor and experience to the problem of how you can offer Web services at scale. The overall panel is 50 minutes. I plan to give each panelist a few minutes for introductions of themselves and their philosophy (no PowerPoint) and then open it up to questions. I always like to have some to prime the pump. Here's some I've thought of:

  • Is there anything special about an SLA on a Web service as opposed to say, and SLA on a Web site or other online service? What kinds of things are typically covered?
  • How are SLAs enforced on Web services now?
  • Most intermediary tools have tools for measuring latency, failure, and other points of an SLA. What isn't being done yet in the monitoring arena that's going to be important in enforcing SLAs?
  • The issue of provisioning in Web services is largely moot until you start performing authorization on services.
    • How does authentication and authorization fit in?
    • Besides authorizations, what else happens in a typical Web services provisioning action?
    • What are the ways to approach provisioning at scale?
  • There seem to be three levels of interaction between partners in Web services. The first, I'll term ad hoc, where all of the service agreements are negotiated from scratch each time. The second I'll call hub and spoke, where one strong partner essentially dictates the terms for all the players. The third I'll call networked, where various players have all agreed to some set of rules up front and the network organization enforces them.
    • Have I missed any?
    • What is the state of the industry right now? What are most people doing?
    • Do you see this changing any time soon?
    • What tools exists to support these various levels? Are new ones emerging?
  • Is the networked model a pipe-dream, or might we really see such networks emerge?
  • I think automated policy negotiation is one of the areas where there will be big changes in the next few years.
    • What is the state of automated policy negotiation?
    • XACML and other standards are being developed in the federated identity space (which for out purposes, we can probably treat as a specialized domain of Web services). Are there any more general standards for Web services SLAs on the horizon?
    • Are any of you participating in their development?

One caveat: I've purposely asked some of these knowing that one panelist or more has some expertise or even a product (gasp!) that fits the issue. That's OK, but I don't want the panel to be a session of dueling product features. I like us to focus on possibilities, open areas, and futures. I know this isn't everything that might be covered. If you've got others questions to suggest, please leave a comment or drop me a line.

Update: Here are some additional questions:

  • Policy negotiation sounds strikingly similar to how B2B markets commoditize. When you define a good, its quality (which can vary, there are over 100 variants of west texas crude), price and credit terms -- liquidity for the market as a whole takes off. What efforts are there to standardize service level agreements and other contract terms across web service intermediaries? Are buyers and sellers demanding business level standardization? (from Ross Mayfield)