Feeds

SOA: let's talk about sharing not reuse

A holistic approach

SANS - Survey on application security programs

Comment I've gradually become aware, over the past weeks, that I - and a lot of other people - have fallen down a bit of a rabbit-hole when it comes one aspect of SOA.

Over the past months I've been researching the topic extensively, and had come to the conclusion that there are four key aspects to SOA's potential business value: increased flexibility of systems; increased reuse of assets; increased business comprehensibility of systems; and increased visibility of the value that IT delivers. As the list shows, the second of the key elements I've talked about is "reuse". I've seen a lot of other people talking about reuse in the context of SOA, too.

But a couple of weeks ago, at an IT architecture conference, I finally became convinced: reuse is the wrong word for what people think about when they think about how services get published and consumed in a SOA initiative. A much better word is sharing.

It might sound like I'm nitpicking - these words can be seen as representing very similar concepts. So why is it so important to make a distinction between them? The answer is partly because reuse is a loaded term, which makes people think of object-orientation or component-based development.

Importantly, reuse is associated with replication of software. If I'm reusing an asset, I copy the code, the libraries, the package, whatever; and I use a copy of it in a new context (quite possibly altered a little bit, if I'm going for 'white box' rather than 'black box' reuse). But this is not what happens (or at least, it's not what should happen) in SOA. What should happen in SOA is that an overall requirement is factored to draw out opportunities to implement common services that are used in multiple contexts. That's not about replication, that's about referenceability.

More seriously than this technical nuance, though, I really think reuse is the wrong word for what should be happening in an SOA initiative because it's a term which allows us to be lazy and focus exclusively on the technological and organisational details of how we build systems. Let's face it, in the software industry we're all much more comfortable thinking about software development issues than we are thinking about other things (like how to make systems manageable, for example). This is bad because SOA "done right" is about much more than just software development.

Sharing is a better word for what should happen to service implementations in an SOA initiative because it forces you to think not only about the implications of SOA on developers but the implications of SOA on the IT organisation, and indeed on companies as a whole.

Thinking about sharing makes you start thinking in a more holistic way about SOA, which is much healthier in the long run. In particular, it makes you think properly about one of the critical success factors of SOA initiatives: getting a governance model in place. Specifically, as soon as you think about sharing you realise that by having a consumer use an existing service you are placing obligations on both the consumer and on the organisation as a whole. If I reuse your code, then we both have a copy. But if I share your service, you need to know about that, because you need to ensure that provision of the service scales to meet consumption demand, and that your support for the service can scale, too. I will probably need to be prepared to contribute to funding for these things. Sharing of a capability implies sharing of benefit; but also it implies sharing models for cost and risk.

So let's have much less talk of reuse. We're doing ourselves—and the potential of SOA to improve the lot of IT organisations—no good.

Copyright © 2006 Macehiter Ward-Dutton

This article was originally published at IT-Analysis.com

3 Big data security analytics techniques

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.