Coming up with a comprehensive set of governance principles, however, is a daunting challenge. One that may put the dev team in the middle of corporate politicking. “You need governance but you don’t need to solve all the problems of the world,” says Jim Crew, formerly the director of data center infrastructure at Merrill Lynch and now a VP at SOA Software. Instead he recommends going with something that is good enough for now even if it isn’t complete or perfect.

ZapThink Senior Analyst Jason Bloomberg agrees with this approach: “We recommend you have a governance framework, but you don’t have to work out all the details before you start. Otherwise, you’ll end up with paralysis by analysis.” Bloomberg suggests pinning down a few key governance principles to start, such as how services will be reused and by whom.

ZapThink’s Bloomberg, who calls security the first roadblock to SOA, agrees: “People think that SOA is XML-based so a network firewall is all you need. Well, a firewall is not enough.”

He recommends implementing a wide range of emerging SOA security tools. These tools, such as AmberPoint SOA Management and SOA Software XML VPN Controller, act as intermediaries, often in the form of appliances. For example, XML accelerators and firewalls check the traffic against policies and lists, validate the XML schema, block malformed XML, and verify authentication and authorization. SOA gateways serve similar functions. Other appliances can federate identities among multiple systems. Products here include IBM Data – aPower XS40 XML Security Gateway and SOA Software’s XML VPN Appliance.

Read more at: Application Development Trends