In a move that signals the growing importance of creating and enforcing polices for using Web services in a service-oriented architecture, SOA Software plans to update its SOA products so they can work with the registries of its competitors.
The company is expected to announce soon that its Service Manager Web services management software, its XML virtual private network and the technology for exposing legacy data within an SOA -- acquired in December from Merrill Lynch & Co. -- will be "registry independent," said Ian Goldsmith, vice president of product marketing at the company.
The service registry has traditionally been viewed as the "system of record" within a SOA because it's designed to catalog services for reuse and provide the location of the metadata attached to the services. This metadata often contains information such as who can access a service, what security must be used and the associated service-level agreements.
Until now, SOA Software has required its own proprietary registry for those products, Goldsmith said. But that could lead to problems in the future because the market for SOAs has grown.
"[Users] want a single location where they can store and categorize the location of services and use that central repository to reference where they can find other information like metadata," he said. "They don't expect the SOA Software management product to be the only product that stores metadata."
Any registry that conforms to the Universal Description, Discovery and Integration Version 3 standard will work with SOA Software's products, he said. The company believes that this version of the standard is likely to remain largely unchanged in the future, he said.
The SOLA (Service-Oriented Legacy Architecture) tool acquired from Merrill Lynch already works with any registry. The Web services management and XML VPN products will be registry-independent this quarter, he said.
SOA Software expects several registry vendors to back the company's move, but Goldsmith declined to say who they are.
SOA Software is targeting users such as Christopher Crowhurst, vice president and principal architect at Thomson Learning, a professional and academic testing company. Crowhurst said he now spends 10 percent to 15 percent of his time each week meeting with vendors and working to create an enterprisewide approach to SOA governance. Thomson Learning now has about 10 registries, including those from LogicLibrary, Systinet and others packaged with Microsoft and SAP applications. The company also uses various Web services management and security tools, he said.
The company now must create and enforce policies to govern Web services by manipulating the interfaces of its XML gateways, application servers and other service's end points. However, Crowhurst is searching for technology that can make and enforce Web service policies throughout the entire life cycle of a service from design to runtime, he said.
"There are very few tools capable of managing policy that way and none capable of enforcing policy that way," he said.
All of the Web services vendors his company works with are positioning their tools as the backbone for governance, he said, noting that none is up to the task yet.
Managing security throughout the life of a service requires an interoperability framework that all the vendors can make their products work with, he said.
Crowhurst has put SOA governance on a fast track because it will not be practical to manage governance at the end points within a year, given the fast growth of Web services at the company.
In the past year, Thomson Learning has quadrupled the number of Web services it has in production, he said. One business unit alone has created more than 50 over the past year -- and the company has 44 business units.
Miko Matsumura, vice president of marketing and technology standards at Infravio, which has its roots in the registry market, said his company plans to endorse SOA Software's move. Infravio over the past several months has moved to focus all its efforts on SOA governance because users are increasingly demanding ways to manage the polices surrounding the creation of Web services, he said.
"It takes a pure-play vendor focused on metadata management to effectively handle a lot of the [SOA] functionality," he said. "We're discovering that customers have a heck of a lot of requirements. In the old days when people were running pilot projects, it was security through obscurity, [and] no one messed with the registry data because no one knew about it. The discussion has shifted dramatically toward repository and governance concerns as people go into a deployment mode."