Wednesday, February 22, 2006

SOA vs The Architects

With SOA and/or the concept of composite applications we will see an increase in ready-to-use business-services as well as technical-services.
This is the promise of SOA and a pre-requisite for composite applications.

What makes me wonder is, who will control access to those ready-to-use services? Just the term ready-to-use makes me panic.
And I don't mean just security wise? But rather from a logical level ?

Let's say I'm a developer and working on a composite application, or just in need of a service, that others already did and were friendly enough to provide to the whole enterprise.
Let's say - as in almost all examples - a credit check.
Let's say this is some in-house customer-service task I'm automating that from time-to-time needs to check the credit of a customer or prospect, e.g. 100 times a day.

With the help of the service registry I will be able to discover the credit check service and use it from my application (think UDDI/WSDL if that helps, but those are just protocols and formats to facilitate that).
So I'm happy, I found the service and I'm going to use that service.

There will probably some security restrictions as to which user is allowed to connect to the credit check. Good.
So I contact the supplier/owner of said service, tell him why and how I need access to it, and I will be granted access.
I finish my development/testing/whatever task and deploy my application to production. Everything runs smoothly, everybody is happy.

Half a year later, I'm working on a different application, and again need the credit check. I again look to the service registry, find the credit check service I'm famliar with (or I just remember it), and start using it for the new application.

This time, however, I'm working on a web application that issues quotes to prospective customers, and I have to include a credit check for the final calculation of the quote. The estimated number of quotes is several thousands a day (because I'm just a bit smaller then Amazon but still huge... ok).

Who will tell me, that using the (same) credit check service is still OK for me? Where can I find which load the credit check service is able to absorb? And at which load it is already running? There might be already 10 applications that use the credit check that comprise 90% of the whole capacity it was designed for, and now I'm adding another 70%? Who will keep me from doing so ?
Who will be able to do impact analysis on all the other 10 applications?

The only person/organisation that comes to mind is either the enterprise architects or some newly established integration architects/specialist.

But those guys need to have a more operational role than in the past. They need to know the general state of their services quite will. For the past, today and the months to come.

Isn't this a major shift in expectations from those groups?
Are they ready? Are the operatoin departments ready to let others, i.e. architects, etc, look into their system on a level usually reserverd to operators & andministrators ?

No comments: