Service-oriented architecture is the shape of distributed computing in the Internet Age. At the heart, SOA is a set of practical approaches for designing shareable, reusable services. It lets enterprise IT groups treat a decentralized, multiplatform environment as a unified computing fabric. But SOA also is a mess waiting to happen.

By encouraging widespread reuse of scattered software components, SOA threatens to transform the enterprise network into a complex, sprawling unmanageable mesh. Left ungoverned, SOA could allow anyone anywhere to deploy a new service at any time, and invoke and orchestrate that service - and thousands of others - into ever more convoluted messaging patterns. In such an environment, coordinated application planning and optimization become fiendishly difficult. In addition, rogue services could spring up everywhere, passing themselves off as legitimate nodes and wreaking havoc on the delicate trust that underlies production SOA.

SOA governance refers to the industry's efforts to establish practices and tools for managing this mesh and enforcing consistent security, performance and other policies across the service life cycle. SOA governance tools let organizations continuously model, map, monitor and take control of their distributed environments. Effective governance ensures that the enterprise SOA complies with all applicable regulatory, competitive, operational and other baseline requirements.

Vendors of SOA governance tools are forming industry associations to popularize approaches for design-time and run-time governance. Last month, many pure-play vendors of SOA governance tools formed SOA Link, an alliance under which they pledge to improve interoperability among their products. Founding partners include AmberPoint, Composite Software, Forum Systems, Infravio, Intalio, Iona, JBoss, Layer 7 Technologies, LogicBlaze, NetIQ, ParaSoft, Reactivity, SOA Software, SymphonySoft, webMethods and WS02.

Organizational process changes are critical to SOA governance, says Miko Matsumura, vice president of marketing and technology standards at Infravio, an SOA governance tool vendor. "SOA governance depends on IT governance processes, under which SOA projects are built to adhere to business policies," Matsumura says. In addition, he says, SOA project governance requires governing boards in which there is a "clear conversational basis between business and IT personnel, focusing on business considerations."