Some would argue that it's the complexity of SOA itself (driven by the enterprise top-down focus) that creates the need for a formalized SOA governance initiative. Without formal SOA governance you can't hope to succeed with SOA because it's too easy to get it wrong.
In his view WOA manages to avoid many of the complexities of SOA, not needing complex tools or the WS-* architecture. (We should assume that Dan knows that many people dislike the assuming that SOA equates to WS-*.) Of course there are those who would argue that REST (aka WOA) is not simple at all when you have to implement complex applications and WS-* is needed, but we should ignore that argument in case it deflects us from Dan's core question: "So do you still need governance for [WOA]?"
The answer is probably yes (if you're an enterprise architect, you can stop holding your breath now). But, I think the approach to "WOA governance" is going to be fundamentally different than that of SOA governance (OK, time for the EA's to hold their breath again).
And the reason for this? In a traditional SOA you typically have enterprise architects setting the rules that govern the interactions between providers and consumers.
This works fine in an enterprise where everyone ends up reporting to one common person when you look far enough up the chain.
However, in a Web-based architecture in order to get parties to interact you would first have appoint an "Enterprise Architect for the Internet" who would set all of the policies in the same way as before.
Simple really. Except the part about "appointing an EA for the Internet". That might be a bit tricky. So, you can see, the top-down approach of SOA governance totally falls down when you look at WOA.
But what will work then? As Dan points out, there are fundamental aspects of governance that any infrastructure needs to solve, whether it is Web-based or SOAP-based. For example:
How can a provider make it easier to on-board customers and keep them happy (all while changing the service frequently)?
How can a consumer establish and build trust in their service provider (that's trust as in "trust but verify")?
Therefore in order to truly be a success WOA needs to achieve many of the same goals that SOA governance hopes to achieve. But as Dan things "... in a fundamentally different way." So does this indicate a missing piece in the REST architecture? Can the right kind of governance be added to WOA without affecting adversely its perceived simplicity?