Application Services Governance

Application Services Governance is a necessary step towards building a responsive IT organization and achieving business agility.  By guiding teams through a streamlined application services development process, Application Services Governance Platforms optimize IT effectiveness, raise software quality, and reduce delivery timeframes.

Governance relies on policy, people, process and technology to guide business activity and consistently deliver positive outcomes. Effective governance channels business activity towards the right path; by making the right actions the path of least resistance.



To efficiently guide teams and demonstrate policy compliance benefits, Application Services Governance Platforms provide policy management, developer portals, repositories, service integration and composition, and business value dashboards.



Effective governance encompasses the entire IT solution spanning APIs, services, business processes, data, and application delivery.  While most governance solutions focus on web services, leading Application Services Governance Platforms bridge API governance, SOA governance, Cloud deployment governance, data governance, and application delivery governance.  Additionally, the governance experience must be tailored for the participant’s project role.



Portals may be personalized to present notifications, tasks, actions, and reports suitable for application service creators, publishers, subscribers, consumers, or business managers.  Application delivery governance segments participants into developers, quality assurance testers, operations, project managers, and application users.



End-user Application Services Governance priorities are evolving toward bridging service governance with API governance, extending application lifecycle management to embrace cloud deployment environments, and focusing on visualizing asset business value.  Key governance challenges include meeting mobile application demands, implementing efficient self-service provisioning, right-sizing governance practices (not too heavy or light), and defining appropriate policy tiers.

Governance Components

To efficiently guide teams and demonstrate policy compliance benefits, Application Services Governance Platforms provide policy management, developer portals, repositories, service integration and composition, and business value dashboards.

Application Services Governance Components

Figure 1 Application Services Governance Components


Policy Management


Policy management is used to specify the correct behavior, detail exception thresholds, and define corrective actions or notifications.  Leading application services governance platforms deliver advanced policy management by conforming to a flexible architecture, addressing relevant policy categories, and spanning all lifecycle phases.


A comprehensive Application Services Governance Platform manages:

  • Design-time Policy
  • Run-time Policy
  • Security Policy
  • Developer access Policy
  • Service and API Lifecycle Management Policy
  • Application Lifecycle Management Policy


Within these six broad categories, application services governance commonly encompasses service level policies, usage policies, version policies, subscription policies, and access control policies.



Registries serve as policy stores for many types of runtime policies including security policies, lifecycle management workflow policies, API policies, service description, service contracts, service consumption, service usage, service lifecycle management, service level agreements (SLAs) and XACML authorization policies. Leading platforms have built-in support for a number of policy standards including WS-Policy, XACML 3.0, and SCXML.



Cloud foundation and cloud middleware components deliver sophisticated run-time policy enforcement for tenant partitioning, service level management, application provisioning, tenant access, and resource management.



All run-time infrastructure products should serve as well-integrated policy enforcement points that may delegate policy decisions to external decision points or internally cache and process policy assertions.  Identity Management infrastructure components serve as a policy decision point and a policy manager for sophisticated security policies encoded in XACML.



The Application Service Governance Platforms use workflow engines to execute governance workflow, present task lists, and manage approvals. Complex Event Processor components can be configured as policy decision points, which use time-based policy pattern matching to evaluate run-time service, message, REST resource, and event traffic.



For more information on policy management, read the detailed policy management blog post.


Developer Portal and Repository

Portals serve as the viewport into policy management, service integration and composition, and business value dashboards.  The Application Service Governance portals should deliver an application service governance experience tuned for self-service, on-demand access, and safe API usage.



Developer portals are often contextually personalized to fit the project and user’s role.  For example, a developer portal may fit the needs of API creators and API publishers who are defining, documenting, and publishing APIs.  The portals user experience may enable API creators and publishers to monitor, manage, and analyze API usage.  A developer portal may also be personalized to deliver a user experience tailored for API consumers.  API developers who are consuming APIs can find, explore, subscribe and evaluate APIs.



Developer portals are often tuned to facilitate service meta-data and lifecycle management for service creators.  Service and integration developers who are consuming services can find and explore services.  A developer portal should guide teams toward effective and efficient governance when building service implementation and service consumption code.



Advanced developer portals capabilities include overlaying build management governance, test governance (i.e. unit, integration, performance), implementation lifecycle governance, and deployment governance.



An Application Services Governance Platform should enable flexible organization, classification & documentation of services, APIs, and any IT asset.  Key repository capabilities include governing and managing:


  • Any type of metadata in any structure
  • Service, API, or artifact associations and relationships
  • Schema definitions and namespaces
  • Users and Roles
  • User subscriptions
  • Service level agreements
  • Developer documentation
  • Social taxonomies (e.g. ratings, comments, tags)
  • Implementation artifacts (i.e. code, test cases)

Service Integration and Composition

Service integration and composition for APIs, web services, or business process are often implemented using tools provided by the run-time infrastructure vendor.  Application Services Governance components must integrate into diverse run-time infrastructure containers and development tooling.  Synchronizing policy, development artifacts, and deployment packages requires tight integration between design-time tools, development tools, run-time management consoles, and application services governance portals and repositories.


Business Value Dashboards


To gauge governance effectiveness and enhanced business value, analytic dashboards assess policy compliance, quality of service, service usage, architecture coherence, and team performance.


The Application Services Governance platform should capture service tier subscription information, collects usage statistics, and integrate with billing and payment systems that deliver show-back or charge-back reports.  Subscription and usage reports help teams understand asset adoption (by version, by service) and usage (by version, by service).  By understanding adoption and usage, business owners and architects can intelligently invest future development resources, properly plan infrastructure scale, and rationalize the portfolio.


Dashboards also present a service overview, number of services, service lifecycle stage, schema re-use, service dependencies, upgrade impacts, development team productivity, and project progress.

Governance Lifecycle Phases

API management portals and SOA Governance Registries must work together to keep API lifecycle stages synchronized with backend service implementation stages.  An API Governance experience may provide a straightforward set of lifecycle stages (e.g., created, published, deprecated, retired, blocked) that may be customized by the development team.  SOA Governance Registries facilitates service metadata management and governance across design, implementation, test, and run-time operations. Figure 2 below depicts the intersection of the two governance views.


API and Service Lifecycle Views

Figure 2: API and Service Lifecycle Views


Application delivery governance usually relies on ad hoc tools and processes, knitted together by end-user delivery managers.  Application Services Governance Platforms should span project inception, development, quality assurance, production deployment, production management, maintenance, and retirement.  Figure 3 illustrates service implementation activities governed by an application delivery governance product.


Application Delivery Lifecycle Activities

Figure 3: Implementation activities governed by application services delivery governance

Application Services Governance Drivers

The IT focus on API, DevOps, and Cloud scale is driving resurgent interest in Application Services Governance.


As development teams support mobile applications by fielding web APIs, they are creating a new ‘demand layer’ in front of existing service implementations.  Both API and SOA success requires creating loosely coupled consumer-provider connections, enforcing a separation of concerns between consumer and provider, and exposing a set of re-usable, shared services, and gaining service consumer adoption.  With traditional SOA Governance, many development teams publish services, yet struggle to create a service architecture that is widely shared, re-used, and adopted across internal development teams.



In today’s connected business world, API and SOA are the business. An effective governance approach must address human collaboration stumbling blocks. By publishing managed APIs, establishing API manager and publisher roles, extending the governance registry, facilitating API management practices (e.g self-service key management, self-service provisioning, service tier management, and usage visualization),and offering APIs through developer portal, organizations can overcome collaboration, trust, and adoption hurdles while enhancing SOA success.



By publishing managed APIs, establishing API manager and publisher roles, extending the governance registry, and offering APIs through an API Store, team have a new opportunity to increase service re-use and enhance IT business value.  For more information on how teams can complement SOA Governance with API Governance, read the promoting services with API Management white paper.



Because services are often imbedded in application solutions, leading Application Services Governance platforms wrap services governance inside application delivery governance. When operation team members use traditional point tools (i.e. Puppet, Chef, Jenkins,Selenium) to achieve DevOps benefits, the teams spend a considerable amount of time and effort creating agile workflow, effective governance, seamless activity transitions, and on-demand self-service access.  A configurable DevOps PaaS can implement governance best practices and be readily adopted by teams without extensive implementation effort.  Effective application delivery governance presents a simplified and unified user experience to complex development tools, processes, and team hand-offs.  By integrating software promotion best practices, test automation, continuous integration, and issue tracking, application delivery governance raises software quality while reducing delivery timeframes.  For more information, read about how to accelerate agility and maintain governance with DevOps PaaS.



Recommended Reading

Policy Management for Application Services Governance

Application Services Governance Requires More Than a SOA Registry

API and SOA Convergence

Promoting services with API Management white paper

Accelerate agility and maintain governance with DevOps PaaS

Governance Registry Brings Integrity to SaaS Platform

Gartner’s analysis of WSO2 SOA Governance



One thought on “Application Services Governance

Leave a Reply