Primer: Web Services Governance

What is it? Web services governance refers to policies and software tools that aim to manage service-oriented architecture (SOA), a development approach that employs software reuse to speed application delivery.

Why does it matter? Web services can be combined into composite services. Web services provide specific functions, such as HR data for resource planning, that may be used in multiple applications. But for this concept to work, developers within an enterprise must build services in a consistent manner. And once services are constructed, they need to be described, cataloged and monitored when deployed. The proliferation of Web services in some organizations has resulted in “an explosion of complexity,” says John Daly, vice president and general manager of global architectural services at integrator Keane. Governance tools seek to tame this environment.

How does it work? Web services governance involves both design-time and run-time aspects. In design-time governance, enterprise architects create a set of rules that define how services should be constructed. Other rules determine how services may be deployed, nailing down parameters such as access rights. Governance software helps put the Web services guidelines into action. Registry products, for example, catalog an organization’s services and associated policies. Registries “help enforce design practices,” says Roman Stanek, founder and chief software architect of Systinet, a maker of SOA products.

Run-time governance focuses on how Web services behave. In this area, Web services management software monitors the performance of Web services and provides version control as individual services evolve.

What are the benefits? Governance software makes it easier to run an SOA, says Scott Thompson, head of application development for H&R Block Financial Advisors. Thompson says H&R Block uses AmberPoint’s management product to monitor its Web services traffic. The software, he explains, relieves the company’s developers from tasks such as monitoring Web services and exception management, letting them concentrate on “solving the business problems.”

H&R Block may deploy a registry as its population of Web services grows, Thompson adds. Motorola has already taken that step, installing Systinet’s registry. The need for a registry is most pressing among organizations creating scores of Web services across multiple business units. Eric Newcomer, chief technology officer at Iona Technologies, cites a 50-services threshold for a registry, although groups with fewer services have embraced the technology.

What are the challenges? Industry executives say automation will do little good if the customer lacks consensus on Web services rules and a common architecture. The next issue: rolling out a governance solution that spans inherently distributed Web services. Policy management, Web services management and registry software are among the moving parts.

How do standards fit in? Standards that apply to governance include the web service description language (wsdl), which describes a given service’s particulars, including how a requesting application can access it. The universal description, discovery and integration (uddi) standard provides a web services directory and supports registry products. The ws-i basic profile, meanwhile, offers guidelines on how to employ wsdl, uddi and other specifications in a consistent manner, thus promoting interoperability among services.