OASIS has just announced a public review for Reference Architecture Foundation for Service Oriented Architecture (SOA-RAF). This new document is a result of several years of work for the OASIS SOA Reference Model TC and represents an extension of the concepts and relationships defined in the OASIS Reference Model for Service Oriented Architecture..
SOA-RAF defines Service Oriented Architecture (SOA) as an architectural paradigm (style), occupying the boundary between business and IT. It is neither wholly IT nor wholly business, but reflects concerns of both worlds. Neither business nor IT completely own, govern and manage this SOA ecosystem. Both sets of concerns must be accommodated in the SOA ecosystem to fulfill its purposes. As a result, SOA-RAF focuses on SOA as an approach to integrating business with the information technology.
SOA-RAF follows the recommended practice of describing architecture in terms of models, views, and viewpoints and covers three main views:
... the Participation in a SOA Ecosystem view which focuses on the way that participants are part of a Service Oriented Architecture ecosystem; the Realization of a SOA Ecosystem view which addresses the requirements for constructing a SOA-based system in a SOA ecosystem; and the Ownership in a SOA Ecosystem view which focuses on what is meant to own a SOA-based system.
InfoQ had a chance to discuss the SOA-RAF with Dr Ken Laskey - the OASIS SOA Reference Model TC chair and one of the editors of the standard.
InfoQ: Considering the loss of the interest to SOA by the industry, is now a right time to create a new SOA standard?
Dr Laskey: I believe there is less of a loss of interest and more of a loss of hype. The people who believed SOA and the surrounding technology provided magic have become disillusioned because realizing the benefits of SOA is hard work. For those who appreciate the possible gains from the hard work, it is time to roll up our sleeves and make it happen. The SOA Reference Model defines service oriented architecture as "a paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains." Those capabilities and the understanding around how those capabilities need to work together to solve a problem must exist before real SOA magic can occur. Just saying we’re going to build an X service doesn’t substitute for understanding how to solve the X problem. Once you have that understanding, the SOA paradigm talks to more effective ways to bring together the pieces of a solution, especially when those pieces are under the control of different organizations. That is where the idea of ownership boundaries is important. The SOA-RAF elaborates on many of these ideas through the ecosystem, realization, and ownership views to provide a firm foundation upon which organizations can move forward with their SOA initiatives.
InfoQ: There are probably more than a hundred different SOA standards. What differentiates the Reference Architecture Foundation for Service Oriented Architecture from the others?
Dr Laskey: Most of the standards tell you how to do a specific piece with little, if any, context of how the piece really affects the whole. For example, UDDI gives you specifics on creating a registry entry but not a context for description and how description provides a key enabler for interaction, governance, and management. The intent of the SOA-RAF is to provide some of the glue that increases the value of the other pieces.
InfoQ:What, in your opinion, the most important concept introduced by the standard?
Dr Laskey: The concept of the SOA ecosystem is really the crux of the reference architecture foundation. The committee realized that our thinking about SOA had to go beyond the technical or even the more traditional business pieces in isolation and had to focus on the complex environment where stakeholders and other actors come together to use capabilities to address business needs. Often, the people and organizations with an interest in SOA solutions will focus on the IT systems they want to build. What is missed is the foundation that needs to be laid for interactions with these systems and among the different actors who own and use these systems. The systems, the stakeholders and other actors, and the conditions for their interactions all come together in the SOA ecosystem.
InfoQ:The majority of SOA standards contains specific SOA implementation approaches and is aimed at architects and developers. The SOA-RAF seems significantly more abstract. What is the intended audience for it?
Dr Laskey: Effective use of the SOA paradigm requires we go beyond the architects who lay out SOA-based systems and developers who code them. It must include those who have the responsibilities of owning the systems and those who have enough trust in the systems to use them to conduct their business. It must take into account the conditions under which use is offered and the conditions under which use is accepted and exercised. It must include those with responsibilities for governance and those with responsibilities for management. The intended audience is everyone who acts within the SOA ecosystem.
InfoQ:Saying the intended audience is everyone who acts within the SOA ecosystem seems a bit generic.
Dr Laskey: I would say it demonstrates the true reach of the ecosystem. If the janitor of a facility uses a service to report issues around the facility, that janitor is part of the ecosystem. Security within the ecosystem applies to that janitor. Trust on the part of the janitor is needed because the janitor is more likely to carefully enter an issue if there is confidence that the issue can be adequately captured with a minimum of effort and that it will reach other actors who can do something about it. We are talking about clear description of what a service does, how to request the service do it, and a way to know that the advertised real world effects have occurred. The workings of the SOA ecosystem have to be effective for all those doing business within it. If there is a feeling that it doesn’t apply to me, then there will be workarounds that will undercut the benefits we expect to see.
InfoQ:Significant portion of the standard is devoted to the joint action model and trust. How is it different from the existing interaction/security definitions/standards existing in SOA community?.
Dr Laskey: This all comes around again to the concept of ecosystem. The SOA-RAF talks about private state and shared state. While there are likely private actions on the part of any stakeholders and actors, the actions resulting in changes to shared state - that is the shared view of entities within the ecosystem - occur as a result of interactions. Joint action is a coordinated set of actions and it involves multiple actors, some human and some machine. Specific security definitions and other standards provide the details but the SOA-RAF provides the overall context in which these details contribute to getting things done.
InfoQ:This standard was in the works for nearly 6 years now. Why do you think it is taking this long to complete it?
Dr Laskey: There were a number of factors. The SOA Reference Model provided a minimal set of unifying concepts, axioms and relationships, so there is a lot that to expand upon when you start applying the building blocks provided by the SOA-RM. There was also a lot of learning, maturing of ideas, and factoring in of the experiences gained by the members of the committee from their day jobs. The experiences went across application areas and across vendor offerings. I think it is more difficult to write to the general ideas when you are explicitly working for wide applicability that is independent of any product suite. Finally, there were some areas, especially related to the SOA ecosystem, where we generated much more material and decided that we still couldn't do the varied aspects justice without a treatise on the individual subjects. While that might have provided more completeness - and it was by no means obvious what was sufficient completeness for some of these areas, let alone how to provide sufficient context within the whole - we eventually decided that a less is more approach would better serve our audience. Individual reference architectures will be developed from the foundation the SOA-RAF establishes and we look to those to provide concrete details to fill in where the SOA-RAF leaves off.
InfoQ:What do you expect from this review?
Dr Laskey: This is the first draft that completely covers our intended scope in a consistent manner throughout. Our previous review drafts benefitted greatly from comments directed to the evolving pieces. Now I expect comments to go beyond the local issues and more to the end-to-end challenges of defining, building, and owning resources within the broader ecosystem. We appreciate the document is long and covers a lot of territory. That is why we have asked for a 60-day review to give the community a chance to read, digest, and help us complete what we describe as a foundational work.