A cohesive security policy and approach has to be thought through from the onset. Many enterprises have existing security repositories they want to leverage in a SOA environment. On the other hand, many of the products that are typically deployed in a SOA environment come with their own security enablement.
A holistic SOA security approach will answer questions like:
- What will be the approach for authentication?
- What kinds of security standards will be leveraged?
- How will existing security assets get integrated?
- What approach will be taken for message-level security?
- How will fine grain authorization get implemented keeping a shared application environment in mind?
Application performance is usually calibrated by the needs of its distinct user community. However, when a service is being implemented its future usage scenarios may not be visible. Needless to say that service’s performance becomes a very important factor in ensuring it is used across a wider set of applications. Each service needs to meet the most stringent performance requirement across applications.
Success for an SOA initiative needs to be measured and tied to broader business goals. Questions like the following need to be answered before any level of success can be claimed:
- How much reuse actually happened due to SOA?
- Was there a reduction in time to market for certain business priorities?
- How reliable was the overall SOA environment?
- Were the SLAs that were defined for the services properly met?
- Have the performance and scalability requirements been met?
Some of these questions may be answered via spreadsheets, but many will require the proper deployment of tools and processes to provide reliable answers. The success of the SOA journey should be quantifiable via metrics rather than left to perceptions formed due to incomplete information.
While some of the above guidelines may be applicable for any software development lifecycle, an SOA environment imposes a new outlook given the reuse and agility guideline requirements.
Kamran Ozair is the CTO at MindTree Consulting.