Unless you have been on an extended ski vacation, you've probably been seeing quite a bit written about governance recently.  Governance.  A nice word.  It's worked its way down from the board room to the server room.  And now we have several different kinds of governance in IT: IT Governance, SOA Governance, and Data Governance.

Ipedo plays a role in all three: as a federator collecting system data for IT Governance; as an XML-oriented query and federation engine in SOA Governance; and as a facilitator of data integration, delivery and security in Data Governance.

SOA Governance, in particular, is red hot right now, esp. since one of our customers Systinet got acquired by Mercury last week.  Now all the SOA ecosystem is talking about how they deliver SOA Governance.

Which got me wondering, trying to connect a few dots in our EII world, which is at the confluence of data integration and SOA.  A data/services/governance mashup, if you will.

Given that a) Data Governance is how you control the correctness, accessability, and security of your organization's data, and b) SOA Governance is how you manage the development, accessibility, security and lifecycle of your SOA, and c) Data Services is how you take your corporate data and service-enable it, I started wondering the relationship between Data Governance and SOA Governance in an SOA.

Once you have all of your data available as a service, is there a Data Governance component of SOA Governance?  It seems like SOA opens up a lot of interesting possibilities.  Not that you want to use SOAP to wrap and communicate with all of your corporate databases (as I wrote about in an SOA Journal article), but for the information you want delivered via a Web Service, you could call a set of Data Services that a) make sure the data is correct (aka data quality), b) make sure it's accessible via presentation in the right schema, and c) the proper security checks are in place before it's delivered.

It will be interesting to see how things shape up.  Where Data Governance seems somewhat lacking is in the protocol/specification area.  SOA has an embarrassment of riches here,  while Data Governance has to settle for process and metadata.  Now, access to data and restrictions thereto are exactly what Data Governance is all about, and with companies spending so much of their IT dollars to comply with SOX, Basel II et al, Data Governance could add a lot.  James Governor writes about the interesting idea of Compliance + SOA = COA.  So much of the compliance issues are around data.

We'll see how things evolve.  It might not be too far off that EII uses SOA to govern the federation...