SOA Governance Panel


I'll be moderating a panel on SOA governance at InfoWorld's SOA Executive Forum March 16 in San Francisco. This will be a follow-on to the feature I did on SOA governance that ran in January. The panelists will be:

  • Todd Biske of AG Edwards. Todd blogs actively about SOA. He had a recent piece about governance with an analogy to voting that I enjoyed.
  • Ed Vazquez of Sprint-Nextel. Ed's the Group Manager of the Web Service Integrations & SOA.
  • David Harrington of MedicAlert® Foundation. David's the CTO at MedicAlert.
  • Mystery Panelist. We're still waiting for confirmation on this guest. Trust me...whoever it is will be good.

As I started putting this panel together, I wanted to get people who were using SOA and had run up against governance problems. It's easy to get vendors to come and talk and they do a good job, but the stories are second hand. I think the discussion on this panel will be real, hands-on experiences. At least, I hoping...

The panel will be run with a strict moratorium on PowerPoint slides. I'll spend 3-5 minutes introducing the subject, give each panelist 2-3 minutes to introduce themselves, and then we'll launch into questions. I'll have some prepared and also take audience questions. Here are some of the questions I've been thinking about asking:

  • Why is governance important?
  • How does your company govern SOA?
  • What big mistake did you make early on that convinced you that you needed to govern your SOA efforts?
  • What role do policies play in governing SOA? What policies do you have?
  • How do you distinguish between design-time, deploy-time, and run-time policies? Do you treat them differently in the governance process?
  • Do you have a center of excellence (COE)? What role does it play? How does it work?
  • How are governance and architecture related?
  • Have you encountered resistance to SOA governance in your organization? How do you overcome it?
  • How do you enforce policies? Who enforces policy?
  • What process do you use for feeding back information from enforcement and taking corrective action?
  • Is any of your policy enforcement automated (WS-I checks for example)? How do you do it?
  • What role do registries play in your governance efforts?
  • What role do Web services management systems play in your governance efforts?
  • Do you use SLAs or other contract devices between providers and consumers? How are they managed?

If you've got other questions about SOA governance that you think ought to be addressed, please leave a comment.