InfoWorld SOAExecForum

Yesterday’s 2006 SOAExecForum held in San Francisco brought together many of the innovators leading the push towards SOA.

One theme that echoed throughout many of the presentations and discussions throughout the day was the idea of “Start Small, but Think Big”.  Build a master plan and implement incrementally.  An advantage of the SOA approach is that it needn’t be adopted monolithically like an ERP system.  

SOA is something that can be phased in gradually, but there was the emphasis that to do it right it needs to be done thoughtfully.  Implementations that are developed with only a single point-to-point solution in mind tend not to be implemented well for general reuse.  It’s important to take the time to design individual services in a way that promotes and encourages their reuse by future processes. 

The day started off with a keynote by Transamerica Life Insurance’s Jeff Gleason, Director of IT Strategies for the Annuities Products and Services Division.  Jeff outlined how he led TLI’s migration from a ‘project-based’ culture (project-based architecture, project-based tools, project-based iDEs…) into one that flows from a single overall architecture.  He preferred not to emphasize enabling technologies like WSDL, UDDI and SOAP, but rather to consider business processes and reusability.  That was a theme that many of the other presenters also echoed. 

The TLI approach was very methodical in creating a Business Architecture Map using tools like IBM’s Rational RequisitePro and Sun’s Composite Application Suite.  Using these tools TLI breaks down their processes into actors, business events, and business functions.  He defined events as anything that caused a change in state of the business and functions as the process that is performed due to a change in state.

Jeff was followed by BEA’s Bret Dixon.  Brett pitched BEA’s AquaLogic and also presented a number of statistics from InfoWorld that showed a trend towards more wide-spread industry acceptance and a growing number of pilot projects based on SOA. 

Interestingly, Brett showed the results of a survey where BEA, IBM and Microsoft came out as the perceived leaders in the SOA space, with Oracle and SAP dragging behind.  The survey was across 558 large companies having 20,000 or more employees.  Neither Oracle nor SAP had a presence at the conference, so maybe the perception is correct, but it surprised me that Oracle wasn’t seen as a leader in the space.  The reason for the perception is probably because of Oracle’s strong push to be the end-to-end provider of enterprise applications like their Oracle Application Suite and their on-going Fusion project.  And there were quite a few digs throughout the day by presenters at the signature high-budget approach of monolithic ERP systems.  The audience of the survey probably pegged Oracle solely in the ERP camp, which is partly true, but on other fronts Oracle has actually been a strong promoter of both SOA and standards.

Brett also saw SOA in most cases as being a technology that works well via gradual adoption.  Many enterprises adopt a “multi-phase, multi-dimensional roadmap”.  He saw very few companies approaching SOA as an ERP-like “Mega Project”.  Brett quoted the Home Depo slogan: “You can do this”.

The idea of “going slow” and wisely selecting components that have strong potential for reusability fits in well with Formtek strategy.  Formtek has created services for managing and versioning Content and Documents.  Maintaining a link to content is a requirement of almost any business process.  Implementing the capability once and making it available for resuse across many processes is a smart move.

Various other case study success stories were highlighted throughout the day at the conference.  These included Merrill Lynch, PG&E, Rockwell, Ameriquest Capital, and Sony Pictures Entertainment.

In Jeff’s keynote, he pointed out one problem that they’re still working through is to address SOA security, in particular whether it needed to be applied at the Services Level or whether it was something that should be applied at the Composite Application Level.

Throughout much of the rest of the conference, security of services came up again and again.  Somewhat surprisingly, of the roughly 15 sponsers of the event, five of them are building hardware to support SOA infrastructure and SOA security.

Types of things being moved into hardware include XML parser acceleration, Security Processing, Clustering, Threat Detection (especially Denial of Service via XML threats — something that XML is very susceptible to), and Cryptography.

Vendors with hardware offerings included Cisco, Intel, IBM, Layer 7 and Reactivity.  The souped up routers and hardware appliances are in effect becoming “XML Firewalls”.  The Layer 7 people, led by their Director of Architeture, Scott Morrison, seemed to have a good command of the issues.   As one of the drafters of WS-Security, Scott has unique understanding and insight into what is involved in implementing Security. 

Despite having been involved in the drafting of the specs, Scott see the WS-* specifications as very onerous on the application/service developer.  The many specifications are very complicated and oftentimes appear to be contradictory.  They are also still evolving and changing.  It is too much to have to ask developers to have to keep up on the details of the current services spec and to then implement the spec in their service to guarantee that the implementation complies fully with the spec and is fully interoperable with other components. 

Moving security out of software and into the hardware layer makes sense and guarantees a common approach when dealing with any service, no matter which vendor or group created it.   The Layer 7 offering lets application programmers program to the WSDL of the service without having to program to an intermediary that includes security concerns.