4.3.2: Discovery and Trust
Establish Discovery and Trust Mechanisms Other Information:
The SOI is responsible for enabling the operation and management of the service-oriented architecture, as well as providing
the tools and environments to support the development, acquisition, and integration of services and service-based solutions.
Discovery - Registries/Repositories: No SOA is complete without governance and visibility. Reuse of services, and for that
matter, all assets is not possible without the ability to discover these assets as and when required. Registries and repositories
are the safe houses where all assets can be located and managed. Providers use this capability to advertise their services
and assets for others to use. Owners utilize the capabilities of the Registry/Repository to manage their assets through the
various lifecycle stages from development through operations into retirement. Consumers use them to locate and identify assets
that may meet their requirements. The current level of maturity in the industry regarding Service Discovery does not allow
for run-time discovery and consumption. The current most effective discovery mechanisms use Registries/Repositories at build
time to discover pre-existing services that can be consumed within a composite application. Upon evaluation and selection,
the service is then designated using UDDI registries as the accepted service at run time. In evaluating a discovered service,
additional criteria such as reliability, efficiency, dependency, adherence to and/or violations of policies, etc provide valuable
information to aid in determining the suitability of a service. Registry/Repository provides the capability to store this
type of metadata related to the assets (including services) and the relationships among them; thus forming the cornerstone
for SOA Governance. Trust – Enterprise Security/Privacy and Level of Service: Discovery of valuable information or services
across verticals is useless without a trust model that enables the discoverer to consume it with confidence; part of this
relates to the need for enterprise security and privacy. There are various commercial security and privacy services on the
market, but none has been shown to scale across a large federated enterprise. Further, none is certified and accredited for
the most robust government applications. In fact, US Government policy insists that government network security services be
developed and managed by the government. Any IT architecture must guarantee a level of service. Therefore, any SOA instantiation
requires an ability to monitor and optimize quality of service with respect to discovery, security/privacy, and other vital
functionality.
Indicator(s):
|
