Friday, March 20, 2009

FORRESTER blog repost Lean Information Management Strategies for Lean Times

Lean Information Management Strategies for Lean Times

By James Kobielus

When the going gets tough, the tough get lean, focused, and flexible. To help organizations survive the bad times and thrive in all climates, their information management initiatives must remain agile and adaptable.

If you feel your information management strategy is anything but lean, you’re not alone. Many organizations struggle to gain control over information infrastructures that have become too bloated, rigid, and slow to realign with new business drivers.

Lean information management practices are essential for corporate survival. They are far more than belt-tightening exercises. They also help you build analytic muscle for excelling in any business environment. Here are some basic pointers for keeping your information management strategy lean:
  • Trim your information infrastructure of excess cost. Lean means you should cut excessive, budget-busting overhead from your information management environment. Careful cuts are best, because they optimize your existing operations without gutting the core information, analytics, and applications that underpin your core competencies. Silo, server, database, and application consolidation should be your principal approaches. Also, you should re-evaluate vendor-sourcing strategies and renegotiate licenses at more favorable terms. And you should investigate lower-cost alternatives, such as software-as-a-service, to address business intelligence, business performance solutions, enterprise data warehousing, master data management, enterprise content management, and other information management requirements.
  • Fit information initiatives to key business imperatives. Lean also means you fit, focus, and fully align your information management initiatives to mission-critical business imperatives. Strategic alignment ensures that you leverage information assets across diverse application domains and business processes, rather than allow that intelligence to languish underutilized in silos. To sustain this approach, you should establish an information management framework, such as a Business Intelligence Solution Center, that enables ongoing collaboration between business and IT stakeholders. You should engage all key business and technical groups in information management planning discussions.
  • Flex information architectures to changing circumstances. Finally, lean means maintaining an approach that is flexible and adaptable, able to shift course as your needs and environment change. In yoga terms, lean is all about building, toning, and stretching analytical muscle to keep it from tearing when you need to transition rapidly from one strategic alignment to the next. You need the flexibility to swing between centralized information management infrastructures and decentralized or federated environments. For end-to-end data management environments, Forrester has developed an architecture decision support tool that helps information managers to determine which of several topologies is best suited to their needs: centralized enterprise data warehouse, hub-and-spoke, independent data marts, data federation, and information-as-a-service.
Considered as a comprehensive strategy, these lean practices are true bloat-busters and recession-beaters. They allow organizations to deliver practical insights that address all pain points, even--especially!!!--within strict budgets.

Wednesday, March 18, 2009

What if you had the voice of Jim Cramer inside your head screaming at you while you were trying to make sense of your personal investment portfolio?

All:

Speaking of maddening echo chambers, has anybody noticed that that's what the US television industry has become in recent years, with the proliferation of cable channels, the 24-hour news channels, the steady stream of talking--AND SCREAMING--heads?

Thank you Jon Stewart for tearing a new one in the hide of one of the most obnoxious--and dangerous--of those SCREAMING HEADS: Jim Cramer of CNBC. That Cramer is one dude that I've been avoiding from the start--partly due to simply how he looks, but more to the point how he talks and acts on the tube. In every way, this guy has always struck me as pure huckster, hypester, trickster. That, plus the fact that I find CNBC and all other business and news channels almost unwatchable--due in part to the overcluttered screens with TOO MUCH INFORMATION, including, especially, those obnoxious crawlers--which Bloomberg, in particular, stacks so deep that I get deeply claustrophobic just switching past that channel.

Anyway, re Cramer on the "Daily Show" recently, I just found a transcript of that exchange between him and Stewart, and also watched the video for the first time. I'll give most of the rest of this post over to the best of Stewart's rants. They're simply too perfect and summarize my feelings exactly:

*************************

"JS: But why, when you talk about the regulators, why not the financial news network? That's the whole point of this. CNBC could be an incredibly powerful tool of illumination for people that believe that there are two markets. One, that has been sold to us as long term. Put your money in 401k's, put your money in pensions and just leave it there, don't worry about it. It's all doing fine. Then there's this other market, this real market that's occurring in the back room. Where giant piles of money are going in and out, and people are trading them and it's transactional and it's fast, but it's dangerous. It's ethically dubious and it hurts that long term market. So what it feels like to us, and I'm speaking purely as a layman, it feels like we are capitalizing your adventure by our pension and our hard earned.. and that it is a game that you know, that you know is going on. But that you go on television as a financial network and pretend isn't happening."

"JS: But the gentleman in that uh, uh, video is a sober rational individual. And the gentleman on Mad Money is throwing plastic cows through his legs and shouting "sell, sell, sell". Then coming on two days later and going "I was wrong, you should have bought". Like, I can't reconcile the brilliance and knowledge that you have of the intricacies of the market, with the crazy b****** I see you do every night."

"JS: I gotta tell you. I understand that you want to make finance entertaining, but it’s not a f---ing game. When I watch that I get, I can’t tell you how angry it makes me because it says to me, “You all know.” You all know what’s going on. You can draw a straight line from those shenanigans to the stuff that was being pulled at Bear and at AIG and all this derivative market stuff that is this weird Wall Street side bet."

"JS: No, no, no, no, no. I want desperately for that, but I feel like that’s not what we’re getting. What we’re getting is… Listen, you knew what the banks were doing and yet were touting it for months and months. The entire network was and so now to pretend that this was some sort of crazy, once-in-a-lifetime tsunami that nobody could have seen coming is disingenuous at best and criminal at worst."

" JS: It’s very easy to get on this after the fact. The measure of the network, and the measure of mess. CNBC could act as—No one is asking them to be a regulatory agency, but can’t—but whose side are they on? It feels like they have to reconcile as their audience the Wall Street traders that are doing this for constant profit on a day-to-day for short term. These guys companies were on a Sherman’s March through their companies financed by our 401ks and all the incentives of their companies were for short term profit. And they burned the f---ing house down with our money and walked away rich as hell and you guys knew that that was going on."

"JS: But isn’t that part of the problem? Selling this idea that you don’t have to do anything. Anytime you sell people the idea that sit back and you’ll get 10 to 20 percent on your money, don’t you always know that that’s going to be a lie? When are we going to realize in this country that our wealth is work. That we’re workers and by selling this idea that of “Hey man, I’ll teach you how to be rich.” How is that any different than an infomercial? "

**************************

Me back again: "How is that any different than an infomercial?" Ah...hee hee...picture the sprayed-on-beard-face of pitchman infomercial screamer Billy Mays. Now, and I know this is painful, replay Mays' voice in your head. Now replay Jim Cramer's voice.

Same guy, right? How would you like those guys to take up permanent residence in your psyche...especially when you're trying to manage your finances in a rational manner?

Hard, right? Annoying, right? Of course, Mays just tries to sell isolated consumers harmless bullshit. Cramer pretends that he's advising the country on how to manage our collective investment portfolio.

Harmless?

Jim

Did the media in the 1930s obsess over the Great Depression the way we obsess over this current recession?

All:

Talking out of school here, but are you as tired as I am by the echo-chamber of media commentary on the current recession, on how long it is going to last, how deep it will be, how painful it is for so many people, how we can cope with it, and so forth?

Not to minimize all these serious matters, but sometimes it feels like a sore hurts much more and lasts a hell of a lot longer if all you ever do is obsess over it, dwell on it, pick at it, bandage it, unbandage it, rebandage it, comment on it, apply various treatments to it, worry that it's cancer, and the like. The queasy middle ground between prudent attention to one's own health and self-fulfilling hypochondria.

Did people in the 1930s, crappy as that era was, regard that particular business-downturn slump as the existential apocalyptic horse latitudes that seems to frame all current discussions of the current period? Or did they dub it a "great" depression only in retrospect? Just curious.

Culture has changed a lot since then, and our expectation of self-regulating economic cycles makes us more nervous and less risk-tolerant than ever. Great Depressions nowadays seem like they should be amenable to Great Anti-Depressants, and/or Great Stimulants.

Prozac Culture. Viagra Culture. Starbucks Culture.

Jim

Tuesday, March 17, 2009

imho Semantic Web Grounds SOA in a World of Meanings

By James Kobielus

Semantics is just a fancy word for understanding what things truly mean.

In distributed IT environments, semantic interoperability enables applications to understand the precise meaning of each piece of data that they import, acquire, retrieve, and otherwise receive from elsewhere. Without a transparent view into the semantics of externally originated content, applications cannot know how to validate, map, transform, correlate, and otherwise process that information without garbling its meaning.

Semantic interoperability is and always has been one of the principal tasks in real-world integration projects. Typically, it requires sweat equity by business analysts and data architects, who must define mappings to ensure that meaning is not lost or misconstrued when data is transformed to the requisite schemas of target applications. This can be a complex, error-prone exercise, because separate application domains often use different data syntaxes, schemas, and formats to describe semantically equivalent entities, such as a particular customer’s various records or a specific product’s multifarious descriptions.

Complicating the integration process is the fact that application domains rarely describe their semantics—in other words, the entity-relationship conceptual models that inform their data structures—in any formal or consistent way. Furthermore, relational data structures can be frustratingly opaque to developers who are trying to associate a complex set of linked tables with a coherent, business-level conceptual model. Integration specialists must often infer semantics from sketchy documentation, and then create cross-application data mappings that are based on those inferences.

What is the Semantic Web?

In an ideal world, semantics standards would be implemented universally, thereby accelerating, automating, and tightening semantic integration among heterogeneous environments.

Semantic Web refers to a long-running industry initiative that is working toward this ambitious goal. The vision of a Semantic Web has been percolating within the service-oriented architecture (SOA) community since the 1ate 1990s. It has been promoted primarily by World Wide Web (WWW) inventor Tim Berners-Lee. And it continues to be developed through a formal activity of the World Wide Web Consortium (W3C), which Berners-Lee heads.

At heart, Semantic Web is a vision for how the WWW should evolve to realize its full potential (indeed, some industry observers have taken to calling it “Semantic SOA” or “Web 3.0”). Since its birth in the early 1990s, the WWW has transformed the Internet into an open book that—through common interoperability standards such as HyperText Transfer Protocol (HTTP), HyperText Markup Language (HTML), and Extensible Markup Language (XML)—allows content everywhere to be available, readable, searchable, and comprehensible to human consumers. The Semantic Web initiative extends that concept to include non-human consumers. Organizations can implement W3C-developed semantics standards—such as Resource Description Framework (RDF) and Web Ontology Language (OWL)--to make the meaning of content unambiguously comprehensible to services, applications, bots, and other automated components.

Nevertheless, people vary widely in how they interpret the scope of the Semantic Web initiative, and the market is swarming with a wide range of projects, products, and tools that implement different variants of this vision. In the broadest perspective, Semantic Web may be understood as referring to an all-encompassing metadata, description, and policy layer that enables universal, automatic, comprehensive end-to-end interoperability across every macro or micro entity—including data, components, services, applications, and services—on every conceivable level. At its most down-to-earth, though, Semantic Web is usually construed as the ability to associate structured data with controlled, application-domain-specific conceptual models known as “ontologies.”

The potential benefits of semantic interoperability fall into several application domains:
  • Enterprise content management (ECM): Semantic approaches can support more powerful discovery, indexing, search, classification, commentary, and navigation across heterogeneous stores of unstructured and semi-structured content. Semantic search—driven by concepts, not mere text strings--is regarded by many as the potential killer application of Semantic Web technology. Indeed, many Semantic Web vendors are primarily implementing the technology in search engines that leverage ontology-based concepts to improve search accuracy and reduce spurious hits.
  • Enterprise information integration (EII): Semantic approaches enable consolidated viewing, query, and update of structured data that has been retrieved from diverse sources. Indeed, most commercial EII environments present an abstract semantic layer that mediates access to heterogeneous data, such as enterprise resource planning (ERP) and customer relationship management (CRM) applications, converging it all to a common presentation-side schema. A handful of those EII vendors—including BEA and Red Hat/MetaMatrix--have begun to support Semantic Web standards, primarily through third-party software plug-ins.
  • Enterprise service bus (ESB): Semantic approaches can facilitate multilayered application, process, and service interoperability across disparate environments. To date, there has been little production implementation of Semantic Web standards in the ESB arena, though vendors such as Telcordia Technologies have adopted semantics, ontologies, and RDF to describe the conceptual models implemented by application endpoints, agents, and intermediary nodes within ESB-like middleware approaches such as event stream processing (ESP).
To some degree, the Semantic Web community is also loosely associated with Web 2.0 “social bookmarking” or “folksonomy” initiatives such as Del.icio.us, Digg, and Reddit, which provide online communities within which users may collectively link, tag, classify, and comment on Web content originated elsewhere (however, usually without reference to W3C specifications). The key difference between the Semantic Web and these folksonomy efforts is that the former relies primarily on professional developers to create and maintain standards-based ontologies, whereas the latter relies on end users to create informal, non-standard collections of descriptive tags applying to content they find while surfing the Web.

What are the Principal Standards and Approaches for Implementing the Semantic Web?

On the standards front, the Semantic Web vision is starting to bear fruit, slowly but inexorably.

In the past year, there has been an upsurge in industry attention to the W3C’s Semantic Web activity, due in part to the growing realization that SOA-based interoperability demands attention to semantics issues. To date, W3C-developed Semantic Web specifications—most notably, RDF and OWL—have begun to gain significant traction in commercial products. Startups continue to emerge, offering ontology modeling tools, inference engines, RDF repositories, and other necessary components of Semantic Web solutions. And more and more users are incorporating semantics-based approaches in their search, text analytics, ECM, EII, and other mission-critical applications.

At the heart of Semantic Web environments is the notion of ontologies, which are conceptual models comprising entity-relationship statements that have been expressed in a “knowledge representation language.” For Semantic Web, the principal knowledge representation language is RDF, which is an official W3C Recommendation. RDF uses XML to define a rich data model, syntax, and vocabulary for the exchange of machine-understandable ontologies about URI-designated resources. Within an RDF ontology, statements consist of well-defined “subjects,” “predicates,” and “objects.” For example, in the statement “This BCR article has an author whose value is James Kobielus,” the subject is “This BCR article,” the predicate is “has an author,” and the object is “whose value is James Kobielus.” Under RDF notation, each of these “nodes” is designated with its own unique URI, and a syntactically complete statement can be created by concatenating subject, predicate, and object node URIs into a single structure called an “RDF triple.”

RDF is the core specification in a growing range of Semantic Web standards and specifications under W3C, including:
  • OWL: This specification, which is an official W3C Recommendation, extends RDF to support richer description of resource properties, classes, relationships, equality, and typing.
  • SPARQL Query Language for RDF: This specification, which is currently a W3C Candidate Recommendation, leverages XQuery and XPath to support queries across diverse RDF data sources.
  • Gleaning Resource Descriptions from Dialects of Languages (GRDDL): This specification, which is currently a W3C Candidate Recommendation, specifies how an XML document can be marked up to declare that it includes RDF-compatible data and also to specify links to algorithms--typically represented in Extensible Stylesheet Language Transformations (XSLT)--for extracting this data from the document.
At the very least, all Semantic Web implementations use RDF as their core ontology language, though many also support OWL for its semantic richness (and a growing number are implementing SPARQL, GRDDL, and related W3C specifications). Ontologies figure into Semantic Web environments in any of the following scenarios:
  • Semantic modeling: In this scenario, developers explicitly model semantics as RDF/OWL ontologies, and/or as such related logical structures as taxonomies, thesauri, and topic maps. The ontologies are used to drive creation of structured content that instantiates the entities, classes, relationships, attributes, and properties defined in the ontologies. This is the classic model of greenfield development of application data under the Semantic Web paradigm.
  • Semantic mediation: In this scenario, developers explicitly model semantics as RDF/OWL ontologies, and use the ontologies to drive the creation of mappings, transformations, and aggregations among existing, structured data sets. This describes the typical use of Semantic Web approaches within heterogeneous EII and other data integration environments.
  • Semantic mining: In this scenario, developers use natural-language processing (NLP) and pattern-recognition tools to extract the implicit semantics from unstructured text sources. The extracted entities, relationships, facts, sentiments, and other artifacts are used to fashion RDF/OWL ontologies that drive the creation of indices, tags, annotations, and other metadata that layer a consistent semantic structure across the various items within an unstructured text store. This describes the typical use of Semantic Web in search and text mining/analytics environments.
To sustain an ontology-centric Semantic Web environment, the following functional components are necessary:
  • Semantic tools: Application developers require a broad range of tools to help them work with ontologies, taxonomies, thesauri, topic maps, and other semantic constructs. Developers need tools to discover, query, browse, analyze, visualize, model, design, edit, classify, and annotate semantic constructs. They also need tools to map among dissimilar ontologies, define transformation rules, and attach descriptive tags and metadata. Tools should support semantics development by individual developers or collaborative teams. And semantics tools should integrate with Eclipse and other common development platforms, and support visual development in Unified Modeling Language (UML) and other modeling frameworks.
  • Semantic engines: Application environments require runtime components to mediate interactions among semantic-aware components, and also to interface with legacy systems. Runtime semantic engines should support such functions as validating ontologies against standards; matching, mapping, transformation, correlation, and merging of data to conform with standard ontologies; and inference-based extraction of implicit ontologies from unstructured text sources. Semantic inference engines should support deterministic mapping across ontologies, as well as fuzzy equivalence-matching between extracted entity-relationship models and concepts specified in formal ontologies.
  • Semantic repositories: Application environments require repositories or libraries to manage ontologies and other semantic objects, and also to maintain the rules, policies, service definitions, and other metadata to support life-cycle management of application semantics. Semantic repositories should support storage, synchronization, caching, access, import/export, registration, archiving, backup, and administration of ontologies and the data that instantiate those ontologies. The most prevalent semantic repositories are “RDF-triple store” databases.
  • Semantic controls: Application environments require that various controls—on access, change, versioning, auditing, and so forth—be applied to ontologies (otherwise, it would be meaningless to refer to ontologies as “controlled vocabularies”). Controls might be enforced at the repository-, engine-, and/or tool levels. Developers might be constrained by the corporate-standard semantic tool to only use particular standard ontologies, which could vary depending on the type of application or project on which they’re working. To the extent that developers work in teams, the semantic-application development tool might provide a role-based workflow to structure interactions in accordance with best practice.
Who are the Major Semantic Web Solutions Vendors?

In the marketplace, the Semantic Web community is spawning a expanding group of promising startups, as well as some tentative commitments by larger, established software vendors.

It’s no surprise that academic research institutions and open-source communities play a substantial role in catalyzing the development of the Semantic Web. Coordinating semantics projects are such communities as Advanced Knowledge Technologies, Digital Enterprise Research Institute, Gnowsis, Rx4RDF, and SemWebCentral.

As befits an embryonic market pushing a bleeding-edge technology, many Semantic Web vendors are in fact consultants pursuing ontology-based projects in ECM, EII, ESB, and other areas. In fact, many Semantic Web vendors are attempting to jumpstart a self-sustaining software business from a handful of consulting jobs. Still, there are many semantics firms that make their living primarily from consulting and other professional services engagements. These firms include Articulate Software, Business Semantics, EffectiveSoft, Mindful Data, Pragati Synergetic Research, Semantic Arts, Semantic Light, Taxonomy Strategies, and Zepheira.

As noted earlier, many software vendors are seeking the low-hanging commercial fruit of semantic search. The growing list of semantic search engine vendors includes Aduna, AskMeNow, ChaCha, Cognition Technologies, Copernic, Endeca, FAST Search and Transfer, Groxis, Hakia, Intelliseek, ISYS Search Software, Jarg, Metacarta, Ontosearch, Powerset, Readware, Semaview, Siderean, Syntactica, Textdigger, Vivisimo, and ZoomInfo. Most of these vendors rely heavily on NLP, pattern-matching, and text analytics to power the semantics-aware crawlers that they deploy to extract ontologies from unstructured text throughout the Web, intranets, and other content collections.

Just as important, Semantic Web pure-play vendors have come into their own. Dozens of vendors offer flexible, sophisticated solutions that can support a wide range of semantics-aware applications in addition to search. Pure-plays in this space include Access Innovations, Axontologic, Cycorp, Fourthcodex, DATA-GRID, Franz, LinkSpace, Metatomix, Modus Operandi, Mondeca, Ontology Works, Ontopia, Ontoprise, Ontos AG, Revelytix, Sandpiper Software, SchemaLogic, Semagix, Semandex Networks, Semansys, Semantic Insights, Semantic Research, Semantra, Semtation GmBH, Teragram, Thetus, TopQuadrant, Visual Knowledge, Wordmap, and XSB.

Semantic Web vendors vary widely in their functionality, development interfaces, deployment flexibility, and standards support. None of these vendors are staking their success on rapid, universal adoption of the full stack of Semantic Web standards. Instead, they all provide tools, platforms, and applications that can be deployed for tactical, point, quick-payoff IT projects. They address specific business needs with their solutions while enabling customers to integrate semantics solutions to varying degrees with their existing application and middleware infrastructures.

What follows are snapshots of a handful of these vendors, illustrating their diverse backgrounds, approaches, and business models:
  • Cycorp: Headquartered in Austin TX, Cycorp develops turnkey solutions in artificial intelligence, knowledge representation, machine reasoning, NLP, semantic data integration, information management, and search. Its Cyc middleware combines an ontology (which has been placed in the public domain) with a knowledge base, inference engine, natural language interfaces, and semantic integration bus. The vendor offers a no-cost license to its semantic technologies development toolkit to the research community. In the Semantic Web arena, Cycorp is doing R&D into scenarios in which end users create lightweight local ontologies that are subsequently elaborated, enriched, and mapped to more formal global ontologies by semantic inference engines.
  • Sandpiper Software: Headquartered in Los Altos CA, Sandpiper Software provides semantics tools, consulting, and training. Its Visual Ontology Modeler (VOM) 1.5 tool supports component-based ontology modeling through frame-based knowledge representation. VOM, an add-in to IBM Rational Rose, leverages UML to capture and represent knowledge unambiguously. VOM supports RDF/OWL-based modeling of domain, interface, process, and user ontologies. As a subscription service, Sandpiper also offers the Medius Ontology Library, which extends VOM’s bundled ontology libraries to include application-specific ontologies plus utility ontologies for national, international, and general metadata standards.
  • SchemaLogic: Headquartered in Kirkland WA, SchemaLogic provides an SOA-based business semantics middleware suite, as well as semantics consulting and training services. The company’s SchemaLogic Enterprise Suite includes server components that gather, create, refine, reconcile, and distribute ontologies, taxonomies, tag libraries, and other semantic metadata to subscribing applications over a real-time pub-sub integration fabric. The suite includes a governance layer that supports collaborative, Web-based participation and feedback by users and subject matter experts in the creation and refinement of business semantics. Collaborative semantic governance may span organizational boundaries, with the resultant semantic artifacts capable of being propagated automatically to third-party search engines, content management applications, portals, and other systems. For example, customers can use SchemaLogic Enterprise Suite to synchronize content categories and descriptions across distributed deployments of Microsoft Office SharePoint Servers.
  • TopQuadrant: Headquartered in Alexandria VA, TopQuadrant is a software vendor that provides an open Java-based platform for development of Semantic Web applications. The TopBraid Suite includes tools and components for building ontologies; developing inference rules and SPARQL-based queries; collaboratively creating and browsing RDF-enabled content; extracting semantics from various data sources via GRDDL and other interfaces; mediating between RDF/OWL and other formats; displaying rich model-driven user interfaces; configuring and orchestrating semantic inference operations; and storing ontologies in third-party RDF triple-store databases. The suite supports browser-based access, collaborative semantic governance, and ontology-based search.
As noted earlier, some Semantic Web vendors are partnering with established EII vendors to offer ontology-aware semantic-integration layers for federated data query/update. These vendors are:
  • Modus Operandi: This vendor’s Wave Semantic Data Services Layer product integrates with BEA’s EII solution--AquaLogic Data Services Platform (ALDSP)—via RDF/OWL ontologies. In so dong, it enables semantic integration of information across diverse, dispersed corporate applications, databases, and data warehouses. It supports user-driven ad-hoc semantic search and query, relying on ontologies to reconcile semantic conflicts among heterogeneous data. It also incorporates runtime services to crawl and index data services, to visualize the integrated data, and to monitor data services status. Modus Operandi’s ontology development tool can be launched from within BEA WebLogic Workshop, and can also import any standard OWL ontology developed in external tools. The tool deploys Wave semantic data services directly to ALDSP running on BEA’s WebLogic Server.
  • Revelytix: This vendor’s MatchIT integrates with the semantic data services layer in Red Hat/MetaMatrix’s EII environment. MatchIT supports automated semantic mapping to help domain experts reconcile, map, and mediate semantics across heterogeneous environments via RDF/OWL ontologies. It provides an extensible ontology development tool that implements various sophisticated algorithms for determining semantic equivalence.
Some major data management vendors have begun to dip their toes in the Semantic Web market through solutions of their own. These vendors are:
  • Oracle: Released in July 2005, Oracle Spatial 10g Release 2 provides a data management platform for RDF-based applications, supporting new object types to manage RDF data in Oracle. Based on a graph data model, RDF triples are persisted, indexed and queried, similar to other object-relational data types. The Oracle 10g RDF database ensures that application developers benefit from the scalability of the Oracle database to deploy scalable semantic-based enterprise applications. Metatomix, Ontoprise, and TopQuadrant have all announced support for Oracle Spatial 10g Release 2.
  • IBM: Downloadable from vendor’s AlphaWorks site, IBM Integrated Ontology Development Toolkit supports storage, manipulation, query, and inference of ontologies and corresponding data instances. It includes an ontology definition metadata model, workbench, and repository. Its metamodel is a runtime semantics library that is derived from the OMG's Ontology Definition Metamodel (ODM) and implemented in Eclipse Modeling Framework (EMF). The Java-based workbench enables RDF/OWL ontology building, management, visualization, parsing, and serialization, plus transformation between RDF/OWL and other data-modeling languages. The repository, Minerva, is a high-performance DBMS optimized for OWL ontology storage, inference, and query, implementing a subset of SPARQL.
How Mature is the Semantic Web Market?

Even with all of this industry activity, the Semantic Web market is still far from mature. First off, RDF, OWL, and kindred W3C specifications have not exactly taken the SOA world by storm. One could not name a single pure-play vendor of Semantic Web technology that’s well-known to the average enterprise IT professional. And rare is the enterprise IT organization that’s looking for people with backgrounds in or familiarity with Semantic Web technologies. This remains a young, highly specialized niche in which academic research projects outnumber commercial products, and in which most products are point solutions rather than integrated features of enterprise databases, development tools, and application platforms. As noted above, no EII vendor has natively integrated Semantic Web specifications, and neither Oracle nor IBM has ventured much beyond their initial tentative forays into this new arena.
Commercial progress on the Semantic Web front has been glacial, at best, with no clear tipping point in sight. It’s been eight years since RDF was ratified by W3C, and more than three years since OWL spread its wings, but neither has achieved breakaway vendor or user adoption. To be fair, there has been a steady rise in the number of semantics projects and start-ups, as evidenced by growing participation in the annual Semantic Technology Conference, which was recently held in San Jose CA. And there has been a recent resurgence in industry attention to semantics issues, such as the recent announcement of a “Semantic SOA Consortium” involving Science Applications International Corporation (SAIC), and others. Some industry observers have even attempted to rebrand Semantic Web as “Web 3.0,” so as to create the impression that this is a new initiative and not an old effort straining to stay relevant.
Surprisingly, the SOA market sectors that one would expect to embrace the Semantic Web have largely kept their distance. In theory, vendors of search, ECM, EII, ESB, business intelligence (BI), database management systems (DBMS), master data management (MDM), and data quality (DQ) solutions would all benefit from the ability to automatically harmonize divergent ontologies across heterogeneous environments. But only a handful of vendors from these niches has taken a visible role in the Semantic Web community, and even these vendors seem to be taking a wait-and-see attitude to it all. One big reason for reluctance is that there are already many established tools and approaches for semantic interoperability in the SOA world, and the new W3C-developed approaches have not yet demonstrated any significant advantages in development productivity, flexibility, or cost.
One of the leading indicators of any technology’s commercial adoption is the extent to which Microsoft is on board. By that criterion, the Semantic Web has a long way to go, and may not get to first base until early in the next decade, at the very least. The vendor’s ambitious roadmap for its SQL Server product includes no mention of the Semantic Web, ontologies, RDF, or anything to that effect. So far, the only mention of semantic interoperability in Microsoft’s strategy is in a new development project codenamed “Astoria.” Project “Astoria,”, which was announced in May at Microsoft’s MIX conference, will support greater SOA-based semantic interoperability on the ADO.Net framework through a new Entity Data Model schema that implements RDF, XML, and URIs. However, Microsoft has not committed to integrating “Astoria” with SQL Server, nor is it planning to implement any of the W3C’s other Semantic Web specifications. Essentially, “Astoria” is Microsoft’s trial balloon to see if a Semantic Web-lite architecture lights any fires in the development community.
Clearly, there is persistent attention to semantic interoperability issues throughout the distributed computing industry. Microsoft is certainly not the only SOA vendor that is at least pondering these issues on a high architectural plane. Over the remainder of this decade, most major SOA, EII, DBMS, and BI vendors are going to make some strategic acquisitions in the Semantic Web community. Increasingly, leading enterprise platform, application, and tool vendors will integrate ontologies, inference engines, RDF-triple stores, and other semantics components and interfaces into their solutions.
But it may take another decade before the likes of IBM, Oracle, Microsoft, SAP, and other leading enterprise software vendors fully integrate semantics into all of their solutions. Until such time, we must continue to view the Semantic Web as an exciting but immature work in progress.
******
Original publication date: October 2007, Business Communications Review.

Author's note: I've posted this here because I'm tired of telling people about this great article I wrote on Semantic Web a couple of years ago for some now-defunct publication that practically nobody read. That wasn't very long ago and this still holds up quite well. Judge for yourself. Same principle applies with my poetry; it's more important to make your own audience than wonder why one never materializes. Better to self-publish than forever perish.

VENDORS MENTIONED IN THIS ARTICLE:
Access Innovations: http://www.accessinn.com/
Aduna: http://www.aduna-software.com/
Advanced Knowledge Technologies: http://www.aktors.org/akt/
Articulate Software: http://www.articulatesoftware.com/
AskMeNow: http://www.askmenow.com/
Axontologic: http://www.axontologic.com/
BEA: http://www.bea.com/
Business Semantics: http://www.businesssemantics.com/
ChaCha: http://www.chacha.com/
Cognition Technologies: http://www.cognition.com/
Copernic: http://www.copernic.com/
Cycorp: http://www.cyc.com/
Fourthcodex: http://www.fourthcodex.com/
DATA-GRID: http://www.data-grid.com/
Digital Enterprise Research Institute: http://www.deri.ie/
Endeca: http://www.endeca.com/
FAST Search and Transfer: http://www.fastsearch.com/
Franz: http://www.franz.com/
Gnowsis: http://www.gnowsis.org/
Groxis: http://www.groxis.com/
Hakia: http://www.hakia.com/
IBM: http://www.ibm.com/
Intelliseek: http://www.intelliseek.com/
ISYS Search Software: http://www.isys-search.com/
Jarg: http://www.jarg.com/
LinkSpace: http://www.linkspace.net/
Metacarta: http://www.metacarta.com/
MetaMatrix: http://www.metamatrix.com/
Metatomix: http://www.metatomix.com/
Microsoft: http://www.microsoft.com/
Mindful Data: http://www.mindfuldata.com/
Modus Operandi: http://www.modusoperandi.com/
Mondeca: http://www.mondeca.com/
Ontology Works: http://www.ontologyworks.com/
Ontopia: http://www.ontopia.net/
Ontoprise: http://www.ontoprise.de/content/index_eng.html
Ontos AG: http://www.ontos.com/de/company/index.php
Ontosearch: http://www.ontosearch.com/
Oracle: http://www.oracle.com/
Powerset: http://www.powerset.com/
Pragati Synergetic Research: http://www.pragati-inc.com/index.html
Readware: http://www.readware.com/
Revelytix: http://revelytix.com/
Sandpiper Software: http://www.sandsoft.com/
SchemaLogic: http://www.schemalogic.com/
Semagix: http://www.semagix.com/technology.html
Semandex Networks: http://www.semandex.com/
Semansys: http://www.semansys.com/
Semantic Arts: http://www.semanticarts.com/
Semantic Insights: http://www.semanticinsights.com/
Semantic Light: http://www.semanticlight.com/
Semantic Research: http://www.semanticresearch.com/
Semantra: http://www.semantra.com/
Semaview: http://www.semaview.com/
Semtation GmBH: http://www.semtation.de/
Siderean: http://www.siderean.com/
Syntactica: http://www.syntactica.com/
Taxonomy Strategies: http://www.taxonomystrategies.com/
Taxonomy Warehouse: http://www.taxonomywarehouse.com/
Telcordia Technologies: http://www.telcordia.com/
Teragram: http://www.teragram.com/
Textdigger: http://www.textdigger.com/
Thetus: http://www.thetus.com/
TopQuadrant: http://www.topquadrant.com/
Visual Knowledge: http://www.visualknowledge.com/index.html
Vivisimo: http://www.vivisimo.com/
Wordmap: http://www.wordmap.com/
XSB: http://www.xsb.com/
Zepheira: http://zepheira.com/
ZoomInfo: http://www.zoominfo.com/

Sunday, March 15, 2009

poem Spring Sonnet

SPRING SONNET

A soaking March is
inverse November:

serviceably drab
but waxing: crueler

than that idiot
Eliot could dream,

dear, etherised or
otherwize: not so

much a month as mud
slopped between times more

solid: a double-
fortnight white as old

Albion: daisy-
drugged allergenic

April: green as a
fair Saxon meadow.

A March soaking is
a bacterial

snowmelt: a power-
rotor shuddering

of a spray-shaking
lion: rising through

red Ides unto an
idyll: spongiform

lambs shivering sweats
from swollen frocks of

their grey contagion.
They scream for the shear.

Monday, March 09, 2009

poem Beep 'Em

BEEP ‘EM

From rules we tend to recoil
but to engines they’re precious as oil
Let’s make our own decisions
and not be imprisoned
by bots and their effortless toil.

poem Seattle

SEATTLE

In the essential
Seattle users

photosynthesize
caffeine directly

from whatever drops
of liquid sunshine

are vouchsafed their way
or, failing that, fix

off the glints of glare
that glance in off the

gray and grace their green
eye-stained monitors.

poem Seized Up

SEIZED UP

The turn of the epoch came
and tolled a moment
strikingly absent.
We cleared from our sinus
the dust of an age
once-anxious.
Watched the world
roll round a computer clock
seized up in an
engineering shortcut
champagne coffee break.
And all crashed back into our
rapt ritual inattentive
two-hour sleeps
breathing.

poem Several Billion Ones

SEVERAL BILLION ONES

A fish-eye lens
would add unbearable curvature to
the continental expanse of the People's Republic of China.
An only child
downloading from landlocked Lanzhou
would add a brand new national streetmap
and triple the population
of playmates on-line.

poem Spectre of Ubiquitous Spoofing

SPECTRE OF UBIQUITOUS SPOOFING

Key don’t touch it you don’t know where it’s been.
Elegant protocol deception.
Reinitialization crime.
Beware trusted third-parties.
Enter the mesh alone.
Recall your new name.
One two or three.
Syllables.

poem Talk of Billions

TALK OF BILLIONS

We are
both of us
sitting in the same chair
six thousand miles
apart.

We are
six billion
sitting in one
and the same room.

We talk at the same time,
sip from the same drink,
and watch the same screen
materialize.

poem Thisaway

THISAWAY

…an Architecture's
bare Scaffolding: Void for fresh
Constellation Dust.

one inGenious Way
to conjure a young Kosmos:
Trinity—invoKe!

the three strongest Beams--
Bones of any bright Structure:
Dreams Drawings Stuff and….

poem 27365

27365

My slowest machine speeds me
more gently down that precious

path. All of my bicycle
muscles give way to the day

within. A will: still as the
breath’s diminishing inner

tussle. A hill: sure as the
shift gear’s clicking numbers. My

heart clocks its own course, locks its
beat to an unsteady tick,

stays the frame down uneven
ground, in any wind. My head

stows the combination from
view, sends it to you, if you

know where to look, you can ride
my mount: I’ll join you on foot.

poem Usword

USWORD

Know me by my most
mnemonic non-mnemonic
name--OK?

My most tangled chain
of digit-twisting and one-
off emoticons.

Whatever suggests
me to you and us to no
one overlooking.

poem Arlington Courthouse Implosion

ARLINGTON COURTHOUSE IMPLOSION

Why this low-grade eyesore rated a CNN camera crew. Was younger than me by two years but organisms structures. When we moved here pre-kids thought the walkable neighborhood quiet. Well it was transitional too close to the cemetery. What gets me is the graceful degradation of some eras. Whereas others receding too fast into their comet tails. Whipped withered by the dustclouds of their own furious commerce. Worn down to a QuickTime decompressed over coffee.

poem Blitz

BLITZ

Emotions fog
the photograph
and inscriptions
litter the flip
side with detail.

Moments compose
themselves in the
retelling, in
flashes of fresh
revelation.

In light pressing
the present so
deeply into
the past that old
images blink.

poem Bulletforce

BULLETFORCE

This puny pack of
powder, lit in a pistol’s
grip, reeks of power.

poem Carbon Fourteen

CARBON FOURTEEN

Take this. It will mark the day you fell. May you rot in your grave and go on forever. Exhale every breath you drew, all the radiant blue, and the winds that stained you golden. Let them go and dwell in realms subatomic.

poem Carl Sagan

CARL SAGAN

All that ever was will be now, so beautiful looking, toward this dot from afar, receding the probe, opened its shutter, captured us, no one but you to thank, our life in this space, marveling.

poem Chat

CHAT

Here's where protocols
fail and logs show no
network present. Where
chitter-chatter blooms
and anti-matter
resumes its steady
consumption of the
conversation's ghost
and containing frame.

poem Chemical Water

CHEMICAL WATER

We search the
sheen of the grass.

We know the gleam on the blade
is the blood of all creation.

We see landscapes softened.
Snowflakes
sweet upon planetary dreams.

We place faith in the oasis.
And in rivers
through parched interstellar.

Doped with trace amounts
in vast arrays, mites teeming,
we know that worlds
can flourish.

poem Clock

CLOCK

Still from "Cessation":
Jean-Luc's frame-by-frame

examination
of teeth entering

holes with precisely
enough clockwise turn

to advance the film
one solitary

tick and tension in
a tough medium

to click this reel of
frozen times forward.

poem EMC2

EMC2

Take matter and factor
in light's second power
then stand back and ask if
it's fungus or flower.

poem Equations

EQUATIONS

Some learn to love this truth-dwelling machinery
Values slipping dimensions
Notations arbitrarily
Caricature laws of the warp
Or the artisan’s knife
Let x drop anchor
Bound the realm so that time appears to begin
Where the conic projection
Casts shadows on one sector of the known universe
And assume that each subsequent transformation
Associating known elements with those merely assumed
Never violating symmetry
Generates forms far darker
Than one would suppose.

poem Explosaic

EXPLOSAIC

Panopticon. Pages galorious. Plastered everywhere. Printout port, personal portals, private platforms. Panaudicon. People I’ll know, never know. Places I’ll go, never go. Projecting presence. Pull them down, me in. Pages explorious perseverious. Pantacticon.

poem Far Be It

FAR BE IT

Glad for the world and all its valleys
No satellite can ever spy
Nor mapmaker render
Every face on every street
Or every view
From every room.

poem Feasibility of Adaptive Arrays

FEASIBILITY OF ADAPTIVE ARRAYS

Trained to receive, every fiber of me, every facet of you.

Unimpeded, one path, one singular path, through crowded sensations.

Recognizing our kind.

Now turning away.

Trying to receive, every moment of time, every flicker of thought and soft emanation.

Unobstructed, then blocked, then scattered through layers, accidental relations.

Recollecting our mind.

Now turning away.
True to my thoughts, we're moving in tandem.

Unawares, we're speaking the language of light.

Reconstructing our world through massive obstruction.

Now moving closer, now turning away.

poem Ideogram

IDEOGRAM

Tidy the man
inside the
Chinese ideogram.

Steady as the steed
figurine within
its containing pen.

Indelible
as delicate sky
brushed over
eye and mind.

Still as the chill
compression
of stone.

poem Missing Screwdriver Not the Point

MISSING SCREWDRIVER NOT THE POINT

What will the missing article be next time?
A yellow handle, a slightly worn head, and a long, winding thread.
A small fortune my friend.
I figure no less than one hundred dollars.
It is not for adoption.
It has a home and is missed terribly.
Possibly it is overseas.
You tell me.

poem Pixel

PIXEL

One ought to thank Planck for the thought
the infinitesimal's not
a fathomless bottomless well
but a plot of versatile dots.

One ought to toast Hearst for the screen
that lays down the points in a clean
mist of crisp pixie light and strips
by the millions milled by machine.

And nod to Turing for blurring
the point where the strip takes sense and
base elements assemble the
cells and scenes and trick behind
the calculated picture of mind.

poem Pleasantries

PLEASANTRIES

I met
President
Jimmy Carter
(him coming)
alone
(down escalator)
minus bodyguards...
me standing
(alone)
with Instamatic
at the bottom...
in a near-deserted terminal
(Detroit)
last stop
night before the night he lost....

We exchanged pleasantries.
My flash didn't work.

poem Please Things Work

PLEASE THINGS WORK

Be there when I'm broken, in
such a down state of utter

incapacitation that
fingers can't feel their way back

home, eyes can't grasp that red and
green won't connect under such

shadows, that I bang my dim
and damned head down back behind:

Help me hold the mind I find
in diagrams and daemons.

poem Point of Purchase

POINT OF PURCHASE

Clerk punched the keys real
hard, hoping to hammer some
logic into it.

poem Purest Power

PUREST POWER

All our generation
ever aspired to purest power
when you keep pouring without friction or drag
merest steam
into the next sleek slumber machine.

poem Re:Bye

RE:BYE

ACK: Just a keep-alive ping. Session context endures. Async pipeline preserved. Attenuated latency caused premature notification of impending time-out. Host please send next packet. Admin please note channel-jitter condition. END-ACK

poem Meme

MEME

meaning is modeled
mined and mashed, coming somehow,
emerging among.

poem Merger

MERGER

Point having built an interim backbone completed that first week of January we're making the decisions going to move people to this office that it's their proprietary protocol been killed. One of the things you guys might start working on Ok is bring the link up with the firewall between us Ok and we'd want to ask Maynard Ok Ok Ok Probably just be thinking 2 meg PVC to be started and we can firewall that any way we want Ok. So what they did this was or just engineers as soon as the merger was done what we call in-line and that's where we stepped in and where we started and spent a week in Houston stayed at the place with the watery carpet and look at your network ours how we gonna link them Ok each a wholly owned subsidiary. We have combined between us and we're not done we're
on time. Ok.

poem Must

MUST

Money must know its
sway and swing and push

it. Money must swear
no oath to any

owner but its own
sharp resummation:

Its mercenary
muscle for tidy

building & smashing.

poem Thimble

THIMBLE

Wee token of play,
tough talisman of

the competitive
race round the gameboard,

durable totem
of old property

under pressure. The
unshielded finger

feels needles, the cute
metallic doggie

follows food to its
master, the little

cannon, overreached,
easily tips. Stand

and pay, advance and
render. Surrender

to the rentier
its due. Papers trump

silver, primacy
mobility, a

full row of hotels
beats a flush of ones

and mortgaged railroads.
Go and go, fresh with

cash and alive with
the prospect the cards

today might flip your
way, your thimble might

prove as nimble as
the tiny race car

you chose to forgo.
Feel your piece, know your

place, the four corners
owned elsewhere. Know the

give and take. And know
you’ll never break the

geometry of
monopoly. Pay.

Saturday, March 07, 2009

FORRESTER blog repost Yawn!--Business Process Visions Consistent Over The Years

Yawn!--Business Process Visions Consistent Over The Years

http://blogs.forrester.com/business_process/2009/03/yawn--business.html

By James Kobielus

I pride myself on my tidy notes (I hear you laughing, all you people who’ve seen my chicken-scratch briefing scribblings) and my long detailed memory (yes, everybody, I know I’m a fountain of trivia and should go on Jeopardy some day--thanks for a lifetime full of comments to that effect).

But my memory has limits. So I build and hold extensible conceptual models in my mind, often in the form of the nuanced phraseology you may hear exuding from fingertips now and again. These mental models help me resurface a lot of buried info when I need quick access.

Business process management (BPM) is an area where I have so many overlapping models that it’s hard sometimes to keep them all straight. Sometimes, models decay through the passage of time (I didn’t say I’m photographic, Mr. Trebek). Sometimes, I simply dispose of the shallower or more clichéd of the lot.

A couple of nights ago, I found my handwritten notes from 1997, summarizing a literature search I was doing at that time while authoring my first book, the IDG Books title “Workflow Strategies.” Reading the prettier handwriting of a 12-years-younger Jim Kobielus, I was struck by how little has changed since then.

What I mean is, how little the business vision--transformation, optimization, agility--behind BPM’s value proposition has changed. My notes say this: “common theme [something something] most modern management books [something something] hierarchical workflows [something something] traditional corporate command, reporting, and review chain [something something] lack speed flexibility necessary for business success [something something] nouveau mgmt thinkers call for streamlined, nonbureaucratic, decentralized, parallel, team-oriented, customer-driven workflows.”

Also on the sheet was a quick/dirty tabular presentation of various business process reengineering visions (BPR--remember when that was the rage?). Various management gurus (for some reason, I don’t see their names on this sheet) used different buzzwords to describe more or less the same vision of the flexible, reconfigurable, distributed, knowledge-worker-driven enterprise. Here’s a quick reconstruct of those inkscrawls:

  • Business reengineering: Post-industrial corporations built around the idea of reunifying production tasks into coherent business processes.
  • Cluster organization: Multidisciplinary project teams working together on a semipermanent basis.
  • Dancing elephants: Large companies that are massive but agile, surviving in the competitive arena by learning how to behave like small companies, establishing flexible project-oriented management structures, moving quickly to take advantage of opportunities, and cultivating close, responsive customer relationships.
  • Extended enterprise: Enterprise that uses information technology to implement high-performance team structures, function as integrated businesses despite considerable business-unit autonomy, and reach out and develop new relationships with external organizations.
  • Human networking: Dynamic coalescence of people with diverse skills into transient project teams.
  • Necessary disorganization: Dynamic construction of networks of small, self-contained elements, units, and businesses.
  • Networked organization: Highly decentralized enterprise that relies on contractors, suppliers, and consultants to perform many or most functions.
  • Perpetual organization: Organization that can take the form of any structure, based upon market demands at the moment.
  • Relational organization: Organization defined not by fixed structures but by ease of relationships.
  • Value chain: Organization modeled as interrelated series of activities that each add value, directly or indirectly, to finished goods and services.
  • Virtual corporation: Amorphous organization with permeable and continuously changing interfaces between internal functions, as well as between the company proper and external suppliers, distributors, and customers.
A Google or two would probably establish which management guru promulgated which vision. A deep dive into my mouldering pile of 12-year-old paper might do the same. So, OK OK, I’m not as tidy as I claim, either on the notetaking or notekeeping side. And I’m no memory artist either (as my wife likes to remind me).

Regardless of who coined these particular phrases, they all feel beholden to Peter Drucker, plus a smidgen of Alvin Toffler and a dab of Tom Peters. I wouldn’t be surprised to see some ancient economist’s fingerprints all over them too.

Anyway, it all feels a bit like clever people dreaming up new ways to dish out the same old stuff. It feels like a case of everybody jostling for recognition in the crowded marketplace of ideas. Everybody working far too hard to add a dash of “this is now” to their pet coinage.

Do I sound jaded? Can anybody point me to any substantially new BPR (or what have you) thinking since then?

poem Bleeding Economic Indicators

BLEEDING ECONOMIC INDICATORS

The statistical
you is doomed. Numbers
are numbing. The end
is coming too soon.

Wednesday, March 04, 2009

poem Catastrophe's Apostrophe

CATASTROPHE’S APOSTROPHE

Do without. I love
my light but could live

with darkened hallways
and dimmer living

quarters. The current
recedes. The quiet

and anxiety
are insomnia:

3am’s summons
to rise up and stay

risen. Pace it out.
They’re here: The Dreamtime

Australians. They
act in movies. They

helped Nicole Kidman
wrestle a stubborn

continent for small
symbolic boon. Pace

it post-Africa:
Forty thousand years

times twenty-five miles
a day on foot means

they could have made it
to Jupiter or

twice the Sun and back.
Ancient as they need

be. Meet and mettle
companions for a

traveling. Our first
to orient. Fit

for boomerang treks
upon lost plains of

dun and trackless black
illumination.

Monday, March 02, 2009

imho SOA Governance in the Age of the Cloud

SOA GOVERNANCE IN THE AGE OF THE CLOUD

--James Kobielus

Cloud computing is the IT world’s most noteworthy new platform paradigm, referring primarily to an on-demand service delivery model that may span both outsourced and premises-based platforms.

Cloud computing may be coming on a bit too strong, if we use the discomfort level of the average IT professional as our gauge. Much of the cloud queasiness stems from the fact that many such services are either partially or entirely outside the scope of enterprises’ established service-oriented architecture (SOA) governance initiatives.

Where SOA governance is concerned, cloud computing is mostly terra incognita. After several years of implementing lifecycle controls over their Web services environments, enterprise IT professionals now realize they may have to radically revamp those efforts to keep pace with users’ growing adoption of outsourced cloud services.

SOA governance, also known as service governance, refers to practices and tools for enforcing consistent development, security, performance, and other policies across the life cycle of key functions, regardless of whether they are hosted internally or provided by outsourcers. Cradle-to-grave service governance enables organizations to continuously plan, design, validate, publish, provision, monitor, modify, secure, and optimize their distributed environments. Governance ensures that services deployed in enterprise application environments—be they built on clouds, mainframes, or any other platform--comply with all applicable regulatory, policy, operational, and other baseline requirements.

Strong SOA governance the key to cloud control.

SOA governance is even more critical within clouds than in traditional computing environments. That’s because clouds can deliver almost every IT capability--from applications down to middleware, application platforms, and even storage, processing, and other hardware resources—as on-demand subscription offerings.

Clouds are to a great extent the future of SOA. Cloud computing raises the SOA stakes. bit this new environment also accentuates the risks of poor governance. To the extent that organizations use governance to harness the richness of cloud environments, they will be able to supercharge their SOA initiatives while radically improving scalability and cost-effectiveness. Leveraging distributed cloud platforms, the next-generation SOA will be more fluid, flexible, and virtualized, managing ever more massive data sets and providing the agility to handle more complex mixed workloads of transactional applications, business intelligence, data mining, enterprise service bus, business process management, and other functions.

“The cloud revitalizes the interest in governance because you are extending trust to services across premise and presumably corporate boundaries,” says Miko Matsumura, vice president and deputy chief technology officer at Software AG. “Not only is that significant from a governance perspective but the complexity of mashing up cloud services with on premise applications, integrations and infrastructure requires a framework for maintaining overall integrity.”

Clouds complicate the SOA governance picture, but it’s not as if many enterprises already have exemplary governance practices. In the real world, cloud computing, like SOA implementations, is often an ungovernable mess. By encouraging widespread reuse of scattered software components, SOA threatens to transform the enterprise application infrastructure into a sprawling, unmanageable hodgepodge of ad-hoc services. Without proper governance, SOA could allow anyone anywhere to deploy a new cloud service any time they wish, and anyone anywhere to invoke and orchestrate that service--and thousands of others—into ever more convoluted messaging patterns. In a governance-free environment, coordinated cloud service planning and optimization become frustratingly difficult. In addition, rogue cloud services could spring up everywhere and pass themselves off as legitimate nodes, thereby wreaking havoc on the delicate trust that underlies production SOA.

So, if traditional SOA governance is no bed of roses, what’s the problem, relatively speaking, with cloud services? Simply put, cloud services can circumvent even the best-laid service governance practices. By enabling rapid no-touch outsourcing of many or all IT functions, cloud services make it very difficult for enterprise IT to enforce policies governing service composition, integration, security, management, and other key functions.

Furthermore, cloud services often differ so fundamentally from enterprises’ core SOA environments that IT professionals may not be sure what governance best practices—if any--are best suited to this new environment. Many of the service-governance infrastructure components that organizations have deployed in support of Web services—such as service registries and service-level management agents and consoles—are partly or entirely lacking from many public or private cloud environments.

From the viewpoint of SOA professionals, cloud environments are potential breeding grounds for undocumented, unsupported, and non-standard application services. Users may access externally provided cloud services without first gaining IT’s approval. In addition, outsourced cloud services may not conform to any of the Web services standards—such as Extensible Markup Language (XML), Simple Object Access Protocol (SOAP), Web Services Description Language (WSDL), and Universal Description Discovery and Integration (UDDI)—upon which IT has built the enterprise’s internal SOA.

Like creeping kudzu, rogue public-cloud-based services can become firmly ensnared in your IT environment and resist all subsequent efforts to extricate them. Once those uninvited guests are firmly ensconced in an organization’s operations, enterprise IT may find itself severely hamstrung in its attempts to monitor them or rein them into conformance with standard practices for service designing, maintaining, monitoring, securing, and versioning.

SOA governance gaps discourage cloud adoption.

In addition to these legitimate governance concerns, lack of familiarity with cloud computing is another factor that is stalling adoption of this approach among SOA professionals. Nevertheless, that reluctance may soon dissipate as cloud approaches move into the mainstream, though governance will remain uppermost on enterprise IT’s mind.

“As cloud computing and SOA continue to converge, the need for a governance strategy, and good governance technology, will become more important.” says David Linthicum, founder of the Linthicum Group, a SOA and cloud consultancy. “However, most of my clients are still kicking the tires around cloud computing, including creating strategy, and doing small projects to validate the infrastructure change. This will change quickly as we move towards the end of 2009, when more business processes, applications, and information will reside on remote clouds, and thus the need for governance increases.”

To the extent that enterprises are adopting cloud services, it is via a selective outsourcing of specific applications and infrastructure. From a “plan-time” perspective, one of the principal cloud SOA governance decisions is in determining which services to source from which public clouds, so as to avoid unnecessary duplication with internal application environments.

“The larger business decisions really are around which services should or shouldn’t be sourced in a certain way, and what level of comfort and risk aversion are acceptable,” says Dana Gardner, principal analyst at Interarbor Solutions. “One risk would be that people start jumping into cloud and external-service consumption piecemeal, without it being governed or managed centrally, or with some level of oversight in a holistic sense. The other risk might be that you are so clamped down, and you are so centralized and tightly managed, that no one takes advantage of efficiencies that become available through the cloud. You then have unfortunate costs and an inability to adapt quickly.”

Expect to see SOA governance tools enter the cloud market in droves over the next several years, addressing a pent-up demand among enterprise IT professionals. “As IT strategists look over the horizon to what they some day would like to do with cloud computing, be internal, external or hybrid, they can begin to set themselves up for success on that front now,” says Gardner. “Moving toward SOA best practices and implementing strong governance across IT services and resources is an excellent place to gain advantage over today's IT while preparing for newer models and efficiencies.”

SOA governance challenges aggravated by cloud paradigm

For all the hype surrounding cloud services, it’s difficult to find case studies of effective SOA governance in this brave new environment. Nevertheless, most public cloud service providers offer governance tools for managing applications, virtual machines, integration logic, and service levels deployed in their specific environments. And a growing range of vendors—including RightScale, Kaavo, and Hyperic—are providing tools for provisioning and managing services across various public and private cloud environments. However, as befits the immature state of cloud computing, none of the established SOA governance tool vendors supports management of cloud-based applications, transactions, messaging, or service levels.

Furthermore, even as cloud services become more mainstream, and even if they were built from the ground up with SOA governance in mind, they would still be very challenging to manage. The special governance challenges associated with cloud computing stem from some hallmarks of this new paradigm: outsourcing service providers, proprietary public clouds, virtualized resource pools, and mashup-style service creation.

Outsourced cloud-service providers.

Comprehensive SOA governance depends either on having all application, platform, and network domains under common policy-based administration—a rare occurrence in enterprise networks of any complexity—or on having instituted federation among autonomous domains. Managing SOA federations within an enterprise or B2B supply chain can be dauntingly complex. But managing SOA federations that link internal application domains with those provided by one or more outsourcers—including public cloud service providers such as Amazon, Google, Microsoft, and Salesforce.com—depends on negotiation skills worthy of a Nobel Peace Prize.

Public cloud providers are gingerly approaching the notion of federation," computing world, says Rich Wolski, Professor in the Computer Science Department at the University of California, Santa Barbara (UCSB). and director of Eucalyptus, an open-source cloud-computing software project. "There's not much federation yet between public clouds yet, but we're starting to see some discussion of cross-cloud federation for the provisioning of resources." Wolski stresses that, as the cloud computing market works through the myriad federation issues, service providers and their enterprise customers will need to establish multi-layered agreements that span identity management, service-level management, storage management, and other key concerns.

Right now, there is little to no policy federation between enterprise SOA environments and public cloud services. Those enterprises that choose to rely on public cloud services are running a considerable risk, according to Christopher Crowhurst, vice president for architecture and business systems infrastructure at Thomson Reuters.

“You’re vulnerable to the providers performance when you run your infrastructure and applications in someone else’s cloud,” says Crowhurst. “In those circumstances, there is little onus on the public cloud provider to coordinate their scheduled downtime with subscribers. And it’s risky business to build applications that depend on services provided by the public cloud when there is no prior agreement on stability or availability of their API.” Even if the public-cloud APIs remain,” says Crowhurst, “the behavior of those interfaces may change without notice.”

Crowhurst advises enterprise IT professionals to negotiate governance features into their contracts with public cloud service providers. At minimum, he says, these contracts should include clauses under which public cloud providers must inform customers of downtime, service changes, rollouts, version deprecations, and API modifications.

Proprietary cloud-service provider silos.

One key SOA tenet is that a distributed application environment should be platform-agnostic, and so should its governance infrastructure. Under pure SOA, the external application interface—or API—should be agnostic to the underlying platforms.

However, enterprise forays into cloud computing often violate that principle by relying on monolithic public-cloud services, most of which implement proprietary APIs, development tools, virtualization layers, and governance features--though many cloud services also incorporate open SOA and Web 2.0 standards to varying degrees. Interoperability among proprietary public clouds is often non-existent, and tools for governing services across diverse public and private clouds are just now coming to market.

To enable design-time cross-cloud service portability, public cloud providers should implement open industry standards for packaging of virtualized services,” says Billy Marshall, founder and chief strategy officer of virtualization tool vendor rPath. “If we can define service compliance with an open virtualization format,” says Marshall, “then we’ll be able to define service governance that is independent of the host.”

One specification that addresses this need is the Open Virtualization Format (OVF), a Distributed Management Task Force (DMTF) draft, which defines an extensible format for the packaging and distribution of software to be run in virtual machines (VMs), such as those at the heart of public and private clouds. Though it is a key specification for portability of VMs across clouds, OVF, still in version 1.0, does not provide the full context on VM “images” that would be necessary to support sophisticated life-cycle governance of these key artifacts, says Brett Adam, VP of engineering at rPath.

Virtualized cloud-service resource pools.

Most SOA governance environments only skim the surface of enterprise IT environments: managing only that subset of services operating in the application layer, and only those Web services built on XML, SOAP, WSDL, and other core SOA specifications. By contrast, many public cloud services provide a deeper stack of on-demand services, spanning the application, software platform, integration middleware, and even hardware layers. Indeed, virtualized, grid-oriented “hardware as a service” resource pools are a popular cloud offering, providing ample processing and storage capacity. By proliferating services far deeper down into the stack, beyond the capabilities of today’s SOA governance tools, cloud environments are making unified planning, design, provisioning, monitoring, and control of all services next to impossible.

One key area where cloud governance differs from traditional SOA is in its focus on life-cycle governance of VMs. To facilitate automated provisioning of deep application and integration stacks on VMs, cloud management environments should offer prepackaged “server templates,” says Michael Crandell, founder and CEO of cloud management platform vendor RightScale. These templates embed prepackaged policy definitions that govern important life-cycle service VM governance functions, including deployment, setup, booting, monitoring, control, optimization, and scaling of VMs on one or more public or private clouds. Cloud governance even encompasses the periodic need to “decommission and throw away” old VM instances, and launch new ones in their place, says Crandell.

Indeed, this could prove to be the killer application for cloud governance: preventing the unchecked proliferation of VM instances across public and private virtualization infrastructures. This problem, sometimes known as “VM sprawl,” can present both a maintenance burden and could consume inordinate, costly amounts of cloud CPU, storage, and network resources.

A growing range of commercial management tools provide the ability to control VM sprawl across disparate hypervisors. In addition, the hypervisor platform vendors—such as VMWare, Citrix, and Microsoft, and public cloud services providers have made this the principal feature of their various management tools. Sometimes referred to as “instance management,” it’s a feature that is lacking from traditional SOA governance tools.

Mashup-style cloud-service creation.

Traditional SOA-style development is top-down. It requires considerable upfront architectural design, factoring functional primitives into platform-independent, loosely coupled service contracts that are exposed to developers through open Web services standards. It often also includes a core service catalog, such as UDDI to broker abstract service contracts, as well as tools and platforms that support key interface standards such as WSDL and SOAP.

By contrast, cloud services encourage a grassroots style—often known as Web 2.0, Web Oriented Architecture, or Representational State Transfer (REST)--of service provisioning, development, and management. Anyone with a credit card can sign up for and start accessing cloud services, which may be totally redundant with applications that their companies have deployed internally. By the same token, anyone with a browser can mash up available cloud service components into applications that may deviate significantly from corporate-standard design patterns—and probably lack the stringent security expected from enterprise-grade services. In the REST paradigm, UDDI, WSDL, SOAP, and other WS-* standards are conspicuous in their absence. So it’s no surprise that the phrase “mashup governance” gives some SOA professionals anxiety fits and causes others to double over with laughter.

But SOA governance best practices and infrastructure can be extended to cloud.

Nevertheless, cloud services can benefit from the many lessons learned by enterprise SOA governance implementers, says Tim Hall, director of SOA products for HP Software and Solutions. “Most important, you need a service catalog that maintains metadata about services and enables you to control development and construction of services and publish visibility and availability of services to consumers.” Also, federation agreements should be set up to auto-provision service definitions between public clouds and enterprises’ SOA, REST, and other application environments, says Hall. He says that after all, it’s all about the service. From a macro view, the service can be directly equated to value, its contribution to how the service helps you make money, save money, or mitigate risk.

Clearly, SOA governance is maturing as a discipline, while cloud computing—the new galaxy in which services will burst forth—is anything but. Unfortunately, the cloud arena may continue to evolve so fast over the next several years that it will be difficult for consensus service-governance practices to coalesce.

So the outlook for strong service governance in this brave new paradigm remains cloudy, but with scattered patches of promise.

[author's note: same article as in previous post...but this present post is the original manuscript, with the original structure, and original headline--jk]]

imho Storm Clouds Ahead: SOA Governance Clashes with Cloud Computing Model

Storm clouds ahead
SOA governance clashes with cloud computing model

This story appeared on Network World at
http://www.networkworld.com/news/2009/030209-soa-cloud.html

By James Kobielus , Network World , 03/02/2009

Cloud computing, which refers primarily to an on-demand service delivery model that may span both outsourced and premises-based platforms, is the hot, new paradigm.

But cloud computing is causing discomfort among some IT professionals, who are concerned that cloud-based services may fall outside the scope of established service-oriented architecture (SOA) governance initiatives.

After several grueling years of implementing life-cycle controls over their Web services environments, these IT pros now worry they may have to radically revamp those efforts to keep pace with rogue adoption of outsourced cloud services.

SOA governance, also known as service governance, refers to practices and tools for enforcing consistent development, security, performance and other policies across the life cycle of key functions, regardless of whether they are hosted internally or provided by outsourcers.

Effective SOA governance is extremely important. It enables organizations to continuously plan, design, validate, publish, provision, monitor, modify, secure and optimize their distributed environments. And it ensures that services deployed in enterprise application environments — be they built on clouds, mainframes or any other platform — comply with regulatory, policy, operational and other baseline requirements.

Strong SOA governance is key to cloud control
In one sense, cloud computing could end up being the best thing to happen to SOA governance. That's because the existence of cloud computing makes governance all the more critical.

In theory, clouds can deliver almost every IT capability — from applications down to middleware, application platforms, and even storage, processing and other hardware resources — as on-demand subscription offerings.

But how does an IT executive provide sound management in a cloud computing world?

"The cloud revitalizes interest in governance because you are extending trust to services across premise and presumably corporate boundaries," says Miko Matsumura, vice president and deputy CTO at Software AG. "Not only is that significant from a governance perspective, but the complexity of mashing up cloud services with on premise applications, integrations and infrastructure requires a framework for maintaining overall integrity."

In other words, clouds complicate the SOA governance picture. Without proper governance, anyone could deploy a new cloud service any time they wish, and anyone could invoke and orchestrate that service into ever more convoluted messaging patterns.

In a governance-free environment, coordinated cloud service planning and optimization becomes frustratingly difficult. In addition, rogue cloud services could spring up and pass themselves off as legitimate nodes, thereby wreaking havoc on the delicate trust that underlies production SOA.

Simply put, cloud services can circumvent even the best-laid service governance practices. By enabling rapid no-touch outsourcing of many or all IT functions, cloud services make it very difficult for enterprise IT to enforce policies governing service composition, integration, security, management, and other key functions.

Furthermore, cloud services often differ so fundamentally from enterprises' core SOA environments that IT professionals may not be sure what governance best practices — if any — are best suited to this new environment.

Many of the components that organizations have deployed in support of Web services — such as service registries and service-level management agents and consoles — are partly or entirely lacking from many public or private cloud environments.

From the viewpoint of SOA professionals, cloud environments are potential breeding grounds for undocumented, unsupported, and non-standard application services. Imagine the chaos if users start accessing externally provided cloud services without first gaining IT's approval.

In addition, outsourced cloud services may not conform to any of the Web services standards — such as Extensible Markup Language (XML), Simple Object Access Protocol (SOAP), Web Services Description Language (WSDL), and Universal Description Discovery and Integration (UDDI) — upon which IT has built the enterprise's internal SOA.

Like creeping kudzu, rogue public-cloud-based services can become firmly ensnared in your IT environment and resist all subsequent efforts to extricate them. Once those uninvited guests are firmly ensconced in an organization's operations, enterprise IT may find itself severely hamstrung in its attempts to monitor them or rein them into conformance with standard practices for service designing, maintaining, monitoring, securing and versioning.

New tools are needed
In addition to these legitimate governance concerns, lack of familiarity with cloud computing is another worrisome factor. That may eventually dissipate as cloud computing moves into the mainstream, but that may not occur for a while.

"As cloud computing and SOA continue to converge, the need for a governance strategy, and good governance technology, will become more important." says David Linthicum, founder of the Linthicum Group, a SOA and cloud consultancy. "However, most of my clients are still kicking the tires around cloud computing, including creating strategy, and doing small projects to validate the infrastructure change. This will change quickly as we move towards the end of 2009, when more business processes, applications, and information will reside on remote clouds, and thus the need for governance increases."

To the extent that enterprises are adopting cloud services, it is via a selective outsourcing of specific applications and infrastructure. One of the principal cloud/SOA governance decisions is in determining which services to source from which public clouds, so as to avoid unnecessary duplication with internal application environments.

"The larger business decisions really are around which services should or shouldn't be sourced in a certain way, and what level of comfort and risk aversion are acceptable," says Dana Gardner, principal analyst at Interarbor Solutions. "One risk would be that people start jumping into cloud and external-service consumption piecemeal, without it being governed or managed centrally, or with some level of oversight in a holistic sense.''

He adds, "The other risk might be that you are so clamped down, and you are so centralized and tightly managed, that no one takes advantage of efficiencies that become available through the cloud. You then have unfortunate costs and an inability to adapt quickly."

IT execs should expect to see SOA governance tools enter the cloud market in droves over the next several years, addressing a pent-up demand among enterprise IT professionals. "As IT strategists look over the horizon to what they some day would like to do with cloud computing, be it internal, external or hybrid, they can begin to set themselves up for success on that front now," Gardner says. "Moving toward SOA best practices and implementing strong governance across IT services and resources is an excellent place to gain advantage over today's IT, while preparing for newer models and efficiencies."

Clouds complicate SOA governance
For all the hype surrounding cloud services, it's difficult to find case studies of effective SOA governance in this brave new environment. Nevertheless, most public cloud service providers offer governance tools for managing applications, virtual machines, integration logic and service levels deployed in their specific environments. And a growing range of vendors — including RightScale, Kaavo, and Hyperic — are providing tools for provisioning and managing services across various public and private cloud environments. However, as befits the immature state of cloud computing, none of the established SOA governance tool vendors supports management of cloud-based applications, transactions, messaging or service levels.

Furthermore, even as cloud services become more mainstream, and even if they were built from the ground up with SOA governance in mind, they would still be very challenging to manage. This difficulty stems from some hallmarks of this new paradigm: outsourcing service providers, proprietary public clouds, virtualized resource pools and mashup-style service creation.

Comprehensive SOA governance depends on having all application, platform and network domains under common policy-based administration — a rare occurrence in enterprise networks of any complexity — or on having instituted federation among autonomous domains.

Managing SOA federations within an enterprise or B2B supply chain can be dauntingly complex. But managing SOA federations that link internal application domains with those provided by one or more outsourcers — including public cloud service providers such as Amazon, Google, Microsoft, and Salesforce.com — depends on negotiation skills worthy of a Nobel Peace Prize.

Federated clouds would help
"Public cloud providers are gingerly approaching the notion of federation," says Rich Wolski, professor in the Computer Science Department at the University of California, Santa Barbara (UCSB) and director of Eucalyptus, an open-source cloud-computing software project. "There's not much federation yet between public clouds, but we're starting to see some discussion of cross-cloud federation for the provisioning of resources."

Wolski stresses that as the cloud computing market works through the myriad federation issues, service providers and their enterprise customers will need to establish multi-layered agreements that span identity management, service-level management, storage management and other key concerns.

Right now, there is little to no policy federation between enterprise SOA environments and public cloud services. Those enterprises that choose to rely on public cloud services are running a considerable risk, according to Christopher Crowhurst, vice president for architecture and business systems infrastructure at Thomson Reuters.

"You're vulnerable to the provider's performance when you run your infrastructure and applications in someone else's cloud," Crowhurst says. "In those circumstances, there is little onus on the public cloud provider to coordinate their scheduled downtime with subscribers. And it's risky business to build applications that depend on services provided by the public cloud when there is no prior agreement on stability or availability of their API." Even if the public-cloud APIs remain, Crowhurst says, "the behavior of those interfaces may change without notice."

Crowhurst advises enterprise IT professionals to negotiate governance features into their contracts with public cloud service providers. At minimum, he says, these contracts should include clauses under which public cloud providers must inform customers of downtime, service changes, rollouts, version deprecations and API modifications.

One key SOA tenet is that a distributed application environment should be platform-agnostic, and so should its governance infrastructure. Under pure SOA, the external API should be agnostic to the underlying platforms.

However, enterprise forays into cloud computing often violate that principle by relying on monolithic public-cloud services, most of which implement proprietary APIs, development tools, virtualization layers and governance features -- though many cloud services also incorporate open SOA and Web 2.0 standards to varying degrees. Interoperability among proprietary public clouds is often non-existent, and tools for governing services across diverse public and private clouds are just now coming to market.

To enable design-time cross-cloud service portability, public cloud providers should implement open industry standards for packaging of virtualized services," says Billy Marshall, founder and chief strategy officer of virtualization tool vendor rPath. "If we can define service compliance with an open virtualization format," says Marshall, "then we'll be able to define service governance that is independent of the host."

One specification that addresses this need is the Open Virtualization Format (OVF), a Distributed Management Task Force (DMTF) draft, which defines an extensible format for the packaging and distribution of software to be run in virtual machines (VM), such as those at the heart of public and private clouds. Though it is a key specification for portability of VMs across clouds, OVF, still in Version 1.0, does not provide the full context on VM "images" that would be necessary to support sophisticated life-cycle governance of these key artifacts, says Brett Adam, vice president of engineering at rPath.

VM sprawl adds further management complexity
Most SOA governance environments only skim the surface of enterprise IT environments: managing only that subset of services operating in the application layer, and only those Web services built on XML, SOAP, WSDL and other core SOA specifications. By contrast, many public cloud services provide a deeper stack of on-demand services, spanning the application, software platform, integration middleware, and even hardware layers. Indeed, virtualized, grid-oriented "hardware as a service" resource pools are a popular cloud offering, providing ample processing and storage capacity.

By proliferating services far deeper down into the stack, beyond the capabilities of today's SOA governance tools, cloud environments are making unified planning, design, provisioning, monitoring and control of all services next to impossible.

One key area where cloud governance differs from traditional SOA is in its focus on life-cycle governance of VMs. To facilitate automated provisioning of deep application and integration stacks on VMs, cloud management environments should offer prepackaged "server templates," says Michael Crandell, founder and CEO of cloud management platform vendor RightScale.

These templates embed prepackaged policy definitions that govern important life-cycle service VM governance functions, including deployment, setup, booting, monitoring, control, optimization and scaling of VMs on one or more public or private clouds. Cloud governance even encompasses the periodic need to "decommission and throw away" old VM instances, and launch new ones in their place, Crandell says.

Indeed, this could prove to be the killer application for cloud governance: preventing the unchecked proliferation of VM instances across public and private virtualization infrastructures. This problem, sometimes known as "VM sprawl," can present both a maintenance burden and could consume inordinate, costly amounts of cloud CPU, storage and network resources.

A growing range of commercial management tools provide the ability to control VM sprawl across disparate hypervisors. In addition, the hypervisor platform vendors — such as VMware, Citrix and Microsoft, and public cloud services providers have made this the principal feature of their various management tools. Sometimes referred to as "instance management," it's a feature that is lacking from traditional SOA governance tools.

The mash-up quagmire
Traditional SOA-style development is top-down. It requires considerable upfront architectural design, factoring functional primitives into platform-independent, loosely coupled service contracts that are exposed to developers through open Web services standards. It often also includes a core service catalog, such as Universal Description Discovery and Integration (UDDI) to broker abstract service contracts, as well as tools and platforms that support key interface standards such as Web Service Definition Language (WSDL) and Simple Object Access Protocol (SOAP).

By contrast, cloud services encourage a grassroots style — often known as Web 2.0, Web Oriented Architecture or Representational State Transfer (REST) — of service provisioning, development and management. Anyone with a credit card can sign up for and start accessing cloud services, which may be totally redundant with applications that their companies have deployed internally.

By the same token, anyone with a browser can mash up available cloud service components into applications that may deviate significantly from corporate-standard design patterns — and probably lack the stringent security expected from enterprise-grade services. In the REST paradigm, UDDI, WSDL, SOAP and other WS-* standards are conspicuous in their absence. So it's no surprise that the phrase "mashup governance" gives some SOA professionals anxiety fits and causes others to double over with laughter.

SOA best practices reach for the clouds
Nevertheless, cloud services can benefit from the many lessons learned by enterprise SOA governance implementers, says Tim Hall, director of SOA products for HP Software and Solutions. "Most important, you need a service catalog that maintains metadata about services and enables you to control development and construction of services and publish visibility and availability of services to consumers."

Also, federation agreements should be set up to auto-provision service definitions between public clouds and enterprises' SOA, REST and other application environments, Hall says. He says that after all, it's all about the service. From a macro view, the service can be directly equated to value, its contribution to how the service helps you make money, save money or mitigate risk.

Clearly, SOA governance is maturing as a discipline, while cloud computing — the new galaxy in which services will burst forth — is anything but. Unfortunately, the cloud arena may continue to evolve so fast over the next several years that it will be difficult for consensus service-governance practices to coalesce.

So the outlook for strong service governance in this brave new paradigm remains cloudy, but with scattered patches of promise.

Kobielus is a senior analyst at Forrester Research in Alexandria, Va. The opinions expressed are his own. E-mail him at jkobielus@forrester.com.