- Forrester Councils
- Councils Overview
- log in
Posted by Randy Heffner on November 3, 2009
One of my favorite Forrester survey statistics to quote about SOA is the proportion of service-oriented architecture (SOA) users that see how important SOA can be for changing their business. In our Enterprise And SMB Software Survey, North America And Europe, Q4 2008 (taken after the start of the current economic crisis), 38% of Global 2000 SOA adopters said they are using SOA for strategic business transformation. This is a very high level of business impact — and far more value than was ever credited to object-oriented or component-based development. Why is this important to note? Many think of SOA first as a technology for reuse, like objects and components, and miss the reality that SOA is much more about business design and flexibility. By missing the business perspective on SOA, they miss the fact that SOA is the foundation for a much broader shift in application architecture and its relationship to the design, monitoring, and optimization of business processes.
And this brings us to the importance of policy-based SOA as an area of technology strategy for enterprise architects to pay attention to. Many SOA adopters already use security and management policy with their SOA-based services, and the future allows a much broader impact by applying other types of policy, including business policy, to SOA implementations. Among Forrester’s top 15 technologies, policy-based SOA is the highest in terms of newness and complexity, which means that, although the potential for business flexibility and value is there, it will take longer to understand, plan for, and adopt policy-based SOA than it will take for other top technologies. As a first step, architects should ensure that they understand the concepts so that they can set the right time frame for building toward policy-based SOA as they build platforms and patterns for SOA.
To begin to understand policy-based SOA, consider security and management. Products like SOA appliances, enterprise service busses (ESBs), and SOA and Web services management solutions provide for policy-based that control service execution. You define a security policy (e.g., “service requests must be accompanied by a WS-Security SAML token to identify the service consumer”) using the SOA product’s administration tool. At runtime, the SOA product intercepts the SOA request, applies the security policy, and either rejects the request (if the policy is not met) or forwards the request to the service for processing. The important point here is that the policy is declared separately from the service, allowing it to change without changing the service itself. In a similar way, policies for production monitoring (e.g., response time and availability) are declared separately and applied at runtime. Some of the benefits of this type of policy separation include:
These same concepts can be applied to business policies associated with SOA-based services. Examples of such policies include:
By extracting such decisions from the internals of service implementations, we provide the business with ready access for changing and optimizing business processes. But here’s the issue: Without a broad perspective on SOA policy, organizations can implement policy silos for SOA that duplicate tools and infrastructure for each different type of SOA policy. Security policy might be contained in an SOA appliance silo, management policy might be in an SOA management solution silo, business policy might be in an ESB silo. The two biggest problems this creates are 1) it is difficult to get a complete picture of a given SOA service’s production processing, and 2) it duplicates infrastructure and processes for policy authoring, auditing, and life cycle control.
Therefore, Forrester recommends taking a step back to understand the full possibilities, requirements, and business value of policy-based SOA. This will allow architects to craft an incremental and evolutionary strategy for starting small, typically with security or management policy, and growing into the full range of value available with policy-based SOA.
To read more about policy-based SOA, go to the five-part report series that begins with How To Get Started On SOA Policy Management.
Lead BT Transformation
Develop customer-obsessed strategies to drive growth »
Forrester's CX Index
Predict how actions to improve CX will affect revenue performance.
Measure the customer experiences that matter most »