International Journal of Computer Information Systems and Industrial Management Applications. ISSN 2150-7988 Volume6 (2014) pp. 505-514 © MIR Labs, www.mirlabs.net/ijcisim/index.html Dynamic Publishers, Inc., USA Governance of Service-Oriented Architecture through the CommonGov Approach Haroldo Maria Teixeira Filho 1,2 and Leonardo Guerreiro Azevedo 2 1 Information and Services Administration, Petróleo Brasileiro S/A General Canabarro, 500 – 4 th Floor, Rio de Janeiro, Brazil haroldo.filho@uniriotec.br 2 Graduate Program in Informatics, Federal University of State of Rio de Janeiro, Av. Pasteur, 458, Rio de Janeiro, Brazil azevedo@uniriotec.br Abstract: Service-Oriented Architecture (SOA) is a paradigm used by organizations to reduce costs and foster agility through reuse of assets and an increase of alignment between business and IT. To achieve these benefits, a governance model is vital to ensure that technical actions and decisions of IT departments are aligned to organizations’ business goals and requirements. There are several proposals of SOA governance models in academia and industry. However, there are important differences between them concerning process, elements and definitions they propose. This work analyzes the main current SOA governance models proposed by literature, and presents a consolidate approach aiming to create a governance model that addresses the most important issues for organizations. Keywords: SOA, Governance, Services. I. Introduction SOA (Service-Oriented Architecture) is a strategy to reorganize an initially isolated portfolio of applications into an interconnected set of services, accessible by standard interfaces and communication protocols. The construction of applications is largely simplified through the composition of existing services [1]. SOA promotes several gains to organizations as highlighted by [1], [2], [3]. Among these advantages, we emphasize lower development and maintenance costs, shorter delivery times and greater flexibility and stability of solutions. However, the Open Group [4] presents that companies that have approached SOA through a pilot project did not reach the same benefits when adopting the approach in the whole organization. When the approach goes from one division (considered in the pilot project) to multiple ones new challenges rise, making difficult to accomplish the aimed benefits. Schepers et al. [5] and Niemann et al. [3] present the following main challenges: • Ensure compliance with internal, technical and legal regulations; • Address new roles and responsibilities, due to new stakeholders in the SOA context; • Promote a culture of sharing and reuse of assets instead of constant application development; • Define a financial model that enables service sharing; • Control the impact of changes in an environment where dependencies are established between several stakeholders. Service governance is pointed by several authors [3], [6], [7] as the best approach to meet such requirements. Janiesch et al. [7] defines SOA Governance as the establishment of structures, processes, policies and metrics appropriate to ensure the adoption, implementation, operation and evolution of a Service-Oriented Architecture aligned with business objectives and compliant with laws, regulations and best practices. The academy [3], [6], [7], technology vendors [8], [9], [10], [11] and consortiums [4] have already proposed models for SOA Governance. However, these approaches address distinct aspects, and are described in different level of detail. There is a lack of consensus about the required elements for composing a governance model. Niemann et al. [12] presents that the current models do not address all the required activities for service lifecycle and there is a lack of steps to regulate service consumption between different organizations. Janiesch et al. [13] also support the last concern, and emphasizes that current approaches do not deal with cross-organizational scenarios since they do not carry out activities for dealing with billing and monitoring in this context. Besides, there is a lack of legal and security mechanisms to ensure compliance and a safe architecture. In other work, Janiesch et al. [7] point to low coherence between the concepts' definitions considered by the governance models. Due to this reasons, a consolidated approach for SOA Governance is required, whose aim is to simplify and reduce the risk of the establishment of SOA in organizations. The goal of this work is to identify the required processes to establish a governance model for SOA based on the academia and industry proposals in order to establish an integrated