Another important goal is to ensure versatility. Many applications will share the same instance of a service, but also in many cases, each application will require different operational semantics that are important for transaction security and other essentials. In conventional applications, you will normally find operational semantics within the code itself; this makes reusability almost impossible.
Composite applications must have the business logic defined separately from each application's infrastructure. For example, instead of baking security semantics into the code, use an external, general-purpose security framework. This will be your template for enforcing authentication and authorization rules based on declarative policies that specify the required security semantics for the service within the context of a specific application.
SOA Needs IT Governance
Guidance is essential for composite application architects and developers to feel secure in adopting SOA. To be successful, training must link up with ongoing IT governance to guide service development and deployment.
Governance refers to the processes an enterprise puts in place to make sure things are done right — that is, in accordance with best practices, architectural principles, legal and industry regulations and other factors. Governance can give a business context to guide the fundamental changes in design, development and project management that must occur if SOA and composite applications are to take off. People are naturally resistant to change, so a governance framework that expresses the new bylaws and goals is essential.
CIOs and application development managers must also look at incentives. Do current incentive programs actually hinder the development of reusable services? Most programs focus on time-to-market and cost containment. Designing for reusability takes more time and resources. The development team that implements a reusable service often derives no immediate benefit. Why should a developer, much less a line of business manager who has budget for development, agree to accept the increased burden of developing reusable services just so someone else can benefit?
Control is another disincentive that IT management must address. A line-of-business manager won't want to expose his objectives to missed schedules or project disruption because of another group's failure to deliver a service on time. Also, some groups prefer to reinvent the wheel because they're certain they can do it better.
Governance can help shift the culture. When no existing service is available, developers need incentives to create services that other developers can reuse.
As expectations rise about the potential of SOA and composite applications to bring down costs and deliver higher quality to business processes, companies will question the wisdom of monolithic packaged applications. The age of the massive, lumbering, elephantine application is passing. The new age of flexible, plug-and-play services is about to begin. With careful planning and attention to both technical and cultural details, your organization will grasp the new reins of IT power and ride to market first.
Anne Thomas Manes is VP and research director of Burton Group, an IT research and advisory firm. She is a 24-year industry veteran and expert in Web services and distributed computing technology. Write to her at [email protected].