Application Architecture Principles

1.   Single Responsibility Principle

Description

A class, procedure, subroutines, or stored procedure should have one, and only one, reason to change.  This is aligned to the principle of cohesion in structured programming design.  This is also related to separating the concerns.

Rationale

Structured programs’ classes, procedures and code that have many different responsibilities generally have higher complexity, and many different reasons to change.  The code is generally less readable, and harder to maintain.  Side effects on functional responsibilities not intended to change are common when a change is made in what had been thought to be an isolated section of the code.

Functional decomposition to the smallest common elements with a single responsibility, and thus one reason to change, and written in a simple concise manner, makes code more readable, understandable and reusable.

Recombining these components, procedures, subroutines, or methods up into a collection of elements that belong together or work together to support a new higher order responsibility, is the natural outcome of following the single responsibility principle.

Implications

All custom implemented logic must be analyzed and broken down into logically discrete concerns, or responsibilities. 

These smallest elements of functionality must then be implemented in isolation, either as part of a larger group of responsibilities, as in methods on a class in object orientation, or as a distinct separate class with a collection of methods for that class.  Depending on programming language, there are different mechanisms for building more modular software: subroutines and procedures are examples of candidate structures for isolating implementation logic.

2.   Open for extensibility, Closed for modification

Description

Software entities (classes, modules, functions, procedures, etc…) should be open for extension, but closed for modification that affect dependent modules.  The software code, as written, should not change, but should allow for extensions that can make the software behave in new ways.

Rationale

A single change in a software code block could result in cascading changes to dependent modules.  If one of the dependencies did not need that change, the software developer has caused a software system to become fragile, unpredictable, and functionally un-reusable for the dependency that did not need to change. These aspects of a software system are generally considered to be indicative of a bad system design or implementation.

There is a relation to “common coupling” and “control coupling”.  If an external software entity, (.e. a subroutine, sub-class or an external class) can change an internal variable which results in a behavior change (i.e. using a “do this” flag), this also violates the principle of being closed for modification.  We frequently call the need to hide variables which control behavior of a software module as information hiding.  We frequently call the variables which influence behavior as configuration data.

Closed for modification, but open for extensibility, requires careful analysis of what should be allowed in software behavior changes versus the probability of the need for the software behavior change. Also, the behavior change should be isolated and only present for the modules that have a dependency on a specific behavior.

Those areas with a high probability need for change should be closed for modification, but proper abstractions must be put in place to eliminate the need for modification but still allow extensibility.

Implications

The design of the software requires abstractions in those parts of the program where the designer believes the areas will be subject to change.

Do not make public variables that control the behavior of the software module.  The software module should react to the data on which it operates, but the data should be aligned to the problem domain – not technical control data.  The behaviors should be aligned to proper software functionality for the problem domain’s data.

The use of object oriented languages and dynamic languages make this straightforward, as does the use of inversion of control and dependency injection.

In OO design, the use of the template pattern, strategy pattern, and visitor pattern are commonly used to support this principle.

3.   Liskov’s Substitution Principle

Description

Derived classes, module’s function, procedure or subroutine, must be substitutable for their base classes or original functional definitions.  The dynamic definition, i.e. the behaviors, not the static definition, i.e. the structure, is what must be substitutable.

Rationale

The definitions of a classes operations, module’s function, procedure or subroutine, is one of behavior, not data or the intrinsic definition of a thing.  Even data, when looked as a responsibility, is about behavior (is it a responsibility to handle the request and keep track of data – if so, find the source of that data and return it), not structure.  In inheritance and polymorphic models, or software models where behaviors can change due to runtime dynamics of the language, changes in behavior can break the consumers of the operation.

Rigorously defined preconditions and postconditions of “base” cases must be defined and not violated by more derived classes, or via dynamic runtime changes to the software.  If a precondition is that 3 valid values are passed in, and the defined behavior is: a calculation will occur that results in a new calculated value, and there will be an internally consistent state keeping the 3 valid values for future use; the postcondition is that the internal state has the 3 valid values and will return a calculated value.  No violation of this precondition and postcondition shall be allowed.

The variability point which could result in a change in behavior must be closed, which is aligned to the open for extensibility and closed for modification principle.

Implications

Intuitively related models may not satisfy Liskov’s substitution principle.  A simple example is a shape structure.  In mathematical definitions, squares are rectangles, but the behavior of a square’s dimensions are different than a rectangles.  The preconditions and postconditions for rectangle’s and square’s dimensions are not compatible, so a square is not substitutable for a rectangle, even though intuition based on the non-software modeling world would have indicated they were.

When using an object or a functional call through its interface, the user knows only the preconditions and postconditions. The actual implementation must not expect such users to obey preconditions that are stronger than those required by the original interface. That is, they must accept anything that the original function could accept. Also, the actual implementation must conform to all the postconditions of the original functional definition. In other words, their behaviors and outputs must not violate any of the constraints established for the original functionality.

4.   Interface Segregation Principle

Description

Make fine grained interfaces that are integration specific.  Integration clients should not be forced to depend on interfaces they do not use.

Rationale

Aligning to the Single Responsibility Principle (paraphrased as you should have a single responsibility in a module), the need for isolation, and separation of concerns, interfaces should also be narrowly focused and cohesive.  Without narrowly focused and cohesive interfaces, any module implementing an interface would violate the Single Responsibility Principle.

Additionally, with very large interfaces, any change to the interface definition affects all of the interface consumers who do not need the advertised functionality, and thus all clients are coupled even if their functional domains are different.

Implications

Define fine grained interfaces, such that a single operation on the interface is usable in a very tightly defined scenario.

In languages where grouping of interfaces definitions are possible, group the interfaces along similar functional domains.  Do not make an interface grouping contain unrelated functionality from different domains, such as “orders” and “firm”.

5.   Dependency Inversion Principle

Description

Depend on abstractions, not concretions. 

Rationale

Having a dependency on a specific implementation of functionality transmits any change in that implementation to the consumer, even if that change was not intended to alter the functionality.  This is true in statically linked languages, as well as dynamically linked or dynamic dispatch languages.

In statically linked programs, the dependent module must be rebuilt.  Dynamic linked languages are generally not impacted by functions that are added and not used, but the actual implementation change impacts the program.  As the dynamically linked object is referenced directly, any change to the logic or structure can result in breaking the dependent module.  In some languages, due to how references are used, any change may be communicated to the dependent module (for example, Dlls and C++ .h files).

In any dynamically linked language, if you wanted to swap objects that implemented the functionality, the reference (i.e. pointer) to the implementation object or method would have to change.  If you used an abstraction, then the reference is not changed, and the implementation is only required to adhere to its contract - the location of the functionality is no longer a concern of the consumer.

Implications

Use interfaces for the consumer classes, and for the implementation classes.  They both depend on an abstraction, now.

Use Dependency Injection to supply implementations at runtime independent of the consuming class’s references (the reference should be to an interface).

6.   Architect and Design for Testability

Description

All architectures and designs should be created such that one quality factor that is achieved is high testability.

Rationale

At the time of integration testing, major architecture issues may be found, and significant re-work would be required.  Architecture is the most significant area in which mistakes can be made and take the longest to remediate.  Due to a customary process of project’s sequencing, testing of the full architecture usually takes place near the end of the project construction, which creates significant project risk.

Brittle architectures, where components are not interchangeable, make isolated testing difficult if not impossible.

Static classes, as dependencies, are not very testable, because a stub or a mock may not be substituted.

During maintenance phases, making changes to systems that are not testable introduces unacceptable risk, and the changes that will get approved are usually urgent and important, thereby increasing the baseline risk.

Implications

Define architecture components such that the dependency is on abstractions (interfaces), not concretions (implementations).

Systems must support being setup in a known state in a repeatable manner.

Do not use static classes.

Avoid embedding business logic in database objects.

Use Dependency Injection and Inversion of Control if available.

7.   Avoid Technology that Hinders Organizational Agility

Description

Avoid building applications coupled to any one framework, or platform. Instead, identify the capabilities needed, and select a framework, tool or platform that supports it, and have a secondary one in case a switch is required at a future point.  Design and build in proper abstractions to make the switch easier.

If the technology to be selected does not work well, or at all, when wrapped in additional abstractions, the technology and the vendor is achieving lock-in.

Resist technology lock-in or vendor lock-in, and only accept lock-in as an explicit tradeoff for achieving the time-to-market goal, or other valuable identified goal.

Rationale

If the selected framework, tool or platform is found to be limiting in meaningful, measurable ways after the initial usage period, and the architecture needs to evolve, experiencing lock-in with a vendor or a technology greatly reduces organizational agility.

If the benefits for lock-in no longer outweigh the negative impacts, then the option to move to a competing framework, tool or platform should be immediately available.

Implications

Align to Enterprise Architecture principles on technology diversity.

Document areas where technology lock-in or vendor lock-in exists or will exist, and the value of accepting that lock-in.

8.   Don’t Repeat Yourself (DRY)

Description

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

Rationale

Duplication (inadvertent or purposeful duplication) can lead to duplicate maintenance, poor factoring, and logical contradictions as the duplicated code in one location diverges, accidentally, from the code in another location.

Duplication, and the strong possibility of eventual contradiction, can arise anywhere: in architecture, requirements, code, or documentation. The effects can range from mis-implemented code and developer confusion to complete system failure.

“Knowledge” in this case is partially about representing the intent.  If the intent is to write an algorithm for a decision rule (with specific requirements, of course), and there is a procedure to describe that with an interface, the use of the interface to call the procedure is not considered duplication.  The use of the interface, though it may be textual duplication of some elements of the procedure, has an intent that is completely different than writing the source algorithm.

This is similar in spirit to a “single source of truth”.  In that it's okay to have mechanical, textual duplication (the equivalent of caching values: a repeatable, automatic derivation of one source file from some meta-level description, gold and silver copies of data), as long as the authoritative source is well known.

Implications

Algorithms (and the responsibility they represent) must be implemented once and only once.  This doesn’t mean that everyone must exist once and only once.

It is permissible to have more than one representation of a piece of knowledge provided an effective mechanism for ensuring consistency between them is engaged (replication, compiler checks, metadata synchronization, etc…).

Users of the interface (the process) may duplicate the signature if and only if the implementation environment requires it.

Refactor common functionality to single code classes and frameworks upon discovery of duplication.

Enterprise Architecture Principles

1.   Primacy of Principles

Description

These principles of software system architecture apply to all organizations within the enterprise.

Rationale

The only way we can provide a consistent and measurable level of architecture quality and technology investments is if all organizations abide by the principles.

Implications

Without this principle, exclusions, favoritism, and inconsistency would rapidly undermine the management of software systems.

A conflict with a principle will be resolved by changing the framework of the initiative.

2.   Maximize Benefit to the Enterprise

Description

Software system development decisions are always made under the business alignment perspective in order to generate maximum benefits for the company as a whole.

Rationale

A better alignment between IT strategy and the IT development teams must generate a competitive edge for the institution.

Decisions based on the corporate perspective have greater long-term value than decisions based on a certain perspective of a group with a specific interest. An optimal ROI requires management decisions to be aligned with the company's priorities and positioning.

Without adhering to the needs of a business domain, and the implications of the other architecture principles, providing architecture recommendations based on resource availability creates a less coherent enterprise architecture.  Resultant increases in complexity, and maintenance burden are commensurate with a reduction in cohesive architectures and productivity organization wide.

This principle, however, must not prevent anyone from performing tasks and activities.

Implications

Aligning IT strategy with the IT development teams and promoting optimal corporate benefits requires changes in how system development efforts are planned and managed. Technology Architecture alone is not enough to promote such changes.

IT must focus on IT services directed toward establishing a competitive edge.

IT must implement a complete IT vision that is focused on business.

Some areas might need to waive their specific preferences to benefit the company as a whole.

Application development priorities must be established by and for the entire company.

Application components must be shared among all areas of the financial institution.

Information management initiatives must be conducted based on a corporate plan. Individual areas must follow IT strategy and management initiatives in accordance with corporate plans and priorities. Planning is modified whenever necessary.

When different team resources are available, we do not recommended changing architectures to match the resource constraints.  Technical architectures should be aligned to the technology strategy of the company.

As new needs arise, priorities must be adjusted proportionally.

3.   Maximum benefits at the lowest costs and risks

Description

Strategic decisions for solutions must always strive to maximize benefits generated for the business at the lowest long-term risks and costs.

Rationale

Decisions must not be made based solely on reaching lower solution costs. Every strategic decision must be assessed based on cost, risk, and benefit perspectives. Lower costs often represent greater risks and, perhaps, fewer benefits.

Implications

A solution must be selected based on a qualitative or quantitative cost, risk, and benefit assessment

Most times, quantitative assessments are simpler based on cost perspective but more complex for risks and even more intricate for benefits. The quantitative assessment must always be conducted whenever possible and sufficient.

A qualitative assessment of one or two perspectives is sufficient when a quantitative assessment of other perspectives (for example, cost) is properly conducted and already leads to a decision.

Operating risks must be quantified whenever possible.

IT infrastructure must also be optimized based on business requirements and technological capacity to generate lower costs and risks, thus benefiting the focus of the company.

4.   Shared information

Description

Users have access to information that is necessary for performance of their respective tasks. Therefore, information is shared between different corporate areas and positions, depending on the security levels established for that particular set of information.

Rationale

Necessary access to accurate information is essential to improve the quality and efficiency of the decision-making process of the financial institution. It is less expensive to maintain integral information in a single application and share that than to maintain duplicate information in multiple applications.

The company has plenty of information, but it is stored in hundreds of incompatible databases. The speed in which information is obtained, created, transferred, and absorbed is driven by the organization's capacity to effectively share these information islands throughout the company.

Shared information promotes better decisions because they are less dependent of less-reliable sources and information managed in the decision-making process.

Implications

To enable information sharing, a common set of policies, procedures, and standards must be developed and followed to regulate information management and both short-term and long-term access.

In the short term, to preserve a significant investment in existing systems, investments in software capable of retrieving and integrating information from existing systems into a shared information environment are required.

Normalized data models and metadata that define such shared environments must be developed, in addition to a repository to store the metadata and make it accessible.

As existing systems are replaced, common information access and developer guidelines must be adopted and implemented to ensure that all information in new applications remains available in the shared environment.

In both short and long-term, common methods and tools to create, maintain, and access shared information must be adopted throughout the company.

The information-sharing principle is constantly confronted with the information security principle. Information sharing must not compromise the confidentiality of information under any circumstance.

Shared information must be used by all collaborators to perform their respective tasks. This ensures that only the most up-to-date and accurate information is used in the decision-making process. Shared information shall become the only virtual source of corporate information.

5.   Common terminology and data definitions

Description

Data is defined coherently throughout the company, and definitions are comprehensible and accessible by all users.

Rationale

The data employed in the development of applications, and used in messaging systems, must have a common definition so that the data can be shared. A common terminology facilitates communication and promotes efficient dialogs. Additionally, data and interfaces must be shared among different systems.

Implications

This is separate from "data administration" or “data operation” functions and stated responsibilities. Additional significant energy is required, in addition to resources applied in this task. This is essential to develop the information environment.

The company must first establish a common terminology for business activities. Such definitions must be uniformly used throughout the company.

Whenever a new data definition is required, efforts regarding such definition must be coordinated and reconciled with the corporate data description "glossary." The company's data administrator needs to be responsible for such coordination.

Ambiguities arising from multiple data definitions must be replaced by a definition that is accepted and understood by the entire company.

Data normalization initiatives must be coordinated, and canonical models must be adopted.

Functional data administration responsibilities must be assigned.

6.   Technological independence

Description

Applications and services do not depend on specific technological options and, therefore, can function on different technology platforms. The IT architecture must be planned to reduce the impact of technological changes in the business.

Rationale

The independence of technological applications allows them to be developed, adapted, and operated under the best cost-to-benefit ratio. Alternatively, technology (which is subject to supplier dependence and obsolescence) becomes the users' motivation, rather than their requirements.

This principle is based on the concept that each IT decision renders us dependent of such technology. The purpose of this principle is to ensure that the software is not dependent on specific operating system software or particular hardware.

Implications

This principle requires standards that support portability, which are often called open standards.

Application program interfaces (APIs) must be developed to integrate existing applications with operating environments and applications developed based on the enterprise architecture.

Middleware must be employed to disassociate applications from specific software solutions.

7.   Component reusability and simplicity

Description

The enterprise architecture is built over low-coupling, reusable, modular components that implement services.

Systems architecture must be as simple as possible to maintain yet meet all business and corporate requirements. Whenever complexity is required, it must be encapsulated to promote simplicity of solutions built on the architecture.

Rationale

Reusable components represent opportunities to reduce IT development times and costs. Reusable components leverage investments in current systems. Modular components increase the systems' capacities to adapt to different evolution needs, because the change is isolated from affected modules.

Implications

The architecture establishes standards and guidelines to develop system components and services.

8.   Convergence with the enterprise architecture

Description

The convergence with the enterprise architecture is promoted in the right time, and in line with the company's investment strategy.

The convergence with the enterprise architecture takes place as new applications are built, new technologies are implemented, and older systems are updated or decommissioned. Exceptions to the enterprise architecture might be supported for specific cases if there is a consensus that the benefits of using a solution from a specific technology exceed those arising from the adoption of the enterprise architecture.

Rationale

Convergence offers several advantages:

·        It allows the enterprise architecture to evolve and accommodate changes in business and technologies.

·        It avoids conversions of obsolete systems, which are extremely expensive.

·        Over time, it preserves the investment while promoting the benefits of the enterprise architecture.

Implications

Delayed convergence could reduce the benefits of the enterprise architecture.

Convergence requires a realistic and tangible approach to migration to the enterprise architecture.

It requires an explicit transition strategy for current systems after the target technology is identified.

Allows decommissioning a system sooner when that is appropriate.

Convergence does not allow waiting indefinitely. It requires a business case for exceptions, an exception process, and an exit strategy. It must establish temporary or permanent exceptions, as well as exit strategies for temporary exceptions.

Convergence requires sponsorship to replace obsolete technologies.

9.   Low-coupling interfaces

Description

Interfaces have low coupling, are self--described, and offer low impact on the institution in case of changes.

Rationale

Low-coupling interfaces are preferable, because when interfaces between independent applications are highly coupled, they are less generic and more susceptible to causing unwanted, secondary effects when they are changed.

Implications

Low coupling means that the services (APIs, for example) are conceived with no affinity to a certain service consumer.

Therefore, the service is completely uncoupled to a service consumer. However, the service consumer is dependent of the service (that is, contains references for service interfaces).

10.                   Control of technical diversity

Description

Technological diversity is controlled to minimize significant costs related to the maintenance of expertise and connectivity between several different processing environments.

Rationale

There is a real and significant cost related to the infrastructure required to support alternative technologies for processing environments. There are other infrastructure costs to maintain the architecture of multiple interconnected systems.

Limiting the number of supported components simplifies and reduces maintenance and management costs.

A smaller number of software packages represent a greater ease and lower integration costs.

Business advantages of minimum technical diversity include:

·        Standard component packaging

·        Predictable implementation impact

·        Predictable returns and validations

·        Defined tests

·        Greater flexibility to accommodate technological advances

A common technology throughout the entire company generates scalable economic savings for the company. Technical management and support costs are better controlled when limited, and specialized, resources focus exclusively on this shared technology set.

Implications

Policies, standards, and procedures that regulate the acquisition of technology or contracting with new suppliers must be directly bound to this principle.

Technology decisions are guided by a technological blueprint.

Procedures to increase the set of acceptable technologies to meet evolved requirements must be developed and implemented.

This principle does not require freezing the technological baseline. Technological advances are welcome and incorporated into the technological blueprint when they are compatible with current infrastructures, are likely to improve operating efficiency, or there is a need to increase capacity.

In order of preference for selecting a technology for use in a solution must be: Reuse (unless it is a “non-invest” or “deprecate” technology), Buy, Build.

11.                   Uniform Metaphor

Description

Any architecture or architectural component should be designed around a powerful metaphor than can be uniformly applied in all areas.

Rationale

Having a conceptually simple metaphor as a model for architecture decisions is much easier to apply, and provides consistency, than a complex model that is difficult to understand or apply across different areas.

Implications

A straightforward example of designing around a conceptually simple uniform metaphor is a Service Oriented Architecture.  The metaphor is services, and this can be applied in all areas with heterogeneous or homogeneous technologies.

In a SOA focused organization, all decomposable functionality should be architected, designed and developed as a service.

12.                   Interoperability

Description

Software and hardware must follow established standards that promote data, application, and technology interoperability.

Rationale

Standards help ensure coherence, thus improving the ability to manage systems, raise user satisfaction, and protect current IT investments, thus maximizing return on investment and reducing costs.

Interoperability standards also help ensure support from several suppliers to their respective products, thus facilitating integration, such as through Service Oriented Architectures aligned to web standards.

Implications

Interoperability and industry standards must be followed unless there is a mandatory business reason to implement a non-standard solution.

A process to establish standards, periodic revision, and exceptions must be established.

13.                   Conceptual Integrity

Description

There must be a single purpose for which an architectural component is conceived, and introduced into the environment. 

Rationale

Without cohesion of purpose to support the concept for which an architecture component is introduced, unnecessary and unexpected complexity rises, making it more difficult to manage, learn, use, or modify an architecture or an architecture component.

Architecture components can quickly be repurposed for different scenarios, exceeding the intended use or designed limit of the components, which could risk destabilizing the component and the dependencies upon it.

Implications

There should be a single architectural vision to provide the clearest concept for the entire architecture, and this is usually provided by a single individual, or a very small group of highly aligned architects. 

This vision of why we would introduce some architectural component, or an architecture itself, is the concept around which all of our decisions must be made.  Making all decisions with the intent of supporting the same concept is what is called “Conceptual Integrity”.

The system needs to be designed with a strong point of view and a consistent set of principles as to what it should be.  After that, there is a cascading of responsibility, and ultimately it is everybody's responsibility to ensure the conceptual integrity of their piece and its relationship to the whole.

Compositions of architectural components should be conceived of and introduced to provide a specific capability, aligned to a single concept.

The result of conceptual integrity, when aligned to the other principles, is that a system is consistent and coherent across all components collectively, and in individual components.

SOA principles

1.   Standardized Service Contracts

Description

Services express their purpose and capabilities via a service contract.  A great deal of emphasis is placed on specific aspects of contract design, including the manner in which services express functionality, how data types and data models are defined, and how policies are asserted and attached.

Rationale

The Standardized Service Contract design principle is perhaps the most fundamental part of service-orientation in that it essentially requires that specific considerations be taken into account when designing a service's public technical interface and assessing the nature and quantity of content that will be published as part of a service's official contract.

There is a constant focus on ensuring that service contracts are both optimized, appropriately granular, and standardized to ensure that the endpoints established by services are consistent, reliable, and governable.

Implications

Creation standards and/or the adoption of open industry standards to maximize interoperability for describing service functionality, data types, models and policy application must be performed.

2.   Service Loose Coupling

Description

This principle promotes the independent design and evolution of a service's logic and implementation while still guaranteeing baseline interoperability with consumers that have come to rely on the service's capabilities.

This principle advocates the creation of a specific type of relationship within and outside of service boundaries, with a constant emphasis on reducing ("loosening") dependencies between the service contract, its implementation, and its service consumers.

Rationale

Service consumers should not be coupled to the service implementation, instead they should have a dependency on the service contract.  With coupling only to the service contract, the service implementation is capable of evolving without impacting the service consumer, thus the coupling is “loose”.

Additionally, by having the service implementation only dependent on the service contract to which it adheres, the implementation does not have any implicit coupling to service consumers.

Implications

Services should follow contract first design methodologies to prevent any coupling of a consumer to an implementation, or vice-versa.

3.   Service Abstraction

Description

On a fundamental level, this principle emphasizes the need to hide as much of the underlying details of a service as possible. Doing so directly enables and preserves the previously described loosely coupled relationship.

Rationale

Having an appropriate level of abstraction, and hiding away implementation details, allows for greater productivity of all of the service consumers, because they only need to know a simplified and ideal interface.

Taking the effort to hide legacy integrations, proprietary technologies, and other service implementations once, with a highly specialized group of developers, allows for greater scalability in an organization.  The technology components and strategies may also evolve independent of the SOA Services functionality.

Implications

Service contract design should not leak any information about the underlying implementation – no datatypes, no data structures.

4.   Service Reusability

Description

Service Reusability emphasizes the positioning of services as enterprise resources with many functional contexts. Numerous design considerations are raised to ensure that individual service capabilities are appropriately defined in relation to a business-neutral service context, and to guarantee that they can facilitate the necessary reuse requirements.

Rationale

The service design and implementation process takes considerable work effort, and the desire to maximize the value of that effort is embodied by this principle.  Many common elements exist across software solutions, and the service development effort can often be shared across solutions.

Though some services are not reusable, the intent of developing those services must be to support another principle.

Implications

Service contracts and components should be designed to maximize interoperability, and align to the functionality needed by the largest number of service consumers.

5.   Service Autonomy

Description

Services are components that are independently deployed, versioned, and managed.  A suitable level of autonomy is achieved when the service can evolve independently of the service consumers, or underlying technology.

Rationale

This principle raises various issues that pertain to the design of service logic as well as the service's actual implementation environment.  Isolation levels and service normalization considerations are taken into account to achieve a suitable measure of autonomy, especially for reusable services that are frequently shared.

For services to carry out their capabilities consistently and reliably, their underlying solution logic needs to have a significant degree of control over its environment and resources.

Implications

Services must be architected and designed so that the endpoint location, and the service contract, is the only known element of the service.

Services should be deployed independently of the systems in which they are consumed.

6.   Service Statelessness

Description

Applying this principle requires that measures of realistically attainable statelessness be assessed, based on the adequacy of the surrounding technology architecture to provide state management delegation and deferral options.

Rationale

The management of excessive state information can compromise the availability of a service and undermine its scalability potential (our Operational Assurance Technology Policy v1.1 of January 2015 states the horizontal scalability goals). Services are therefore ideally designed to remain stateful only when required.

Furthermore, if a single instance of a service holds the state for the service consumer, or the state of the various intermediaries between the originating consumer and the service, when the service fails, the state is lost and an unrecoverable error will occur for the service consumers.

Implications

The service and all components of the service must be implemented in a stateless manner.

When a fully stateless implementation cannot be achieved, explicit choices and decisions about the state that needs to be present in the service must be articulated for purposes of architectural exceptions.

Partial state deferral, or full state deferral, must be implemented in alternate solutions than the service.

7.   Service Discoverability

Description

The application of this design principle results in the improvement of a service's discoverability and interpretability as a result of increasing the communications quality of all published service meta information.

Rationale

Aligned to the principle of Reusability, in order for a service to be reusable, it must be discoverable.  For services to be positioned as IT assets with repeatable ROI, they need to be easily identified and understood when opportunities for reuse present themselves.

Implications

Creation and maintenance of a Service Catalog is required.  Other assets like a service registry and service repository are recommended.

The service design needs to take the "communications quality" of the service and its individual capabilities into account, regardless of whether a discovery mechanism (such as a service registry) is an immediate part of the environment.

8.   Service Composability

Description

Services are expected to be capable of participating as effective composition members, regardless of whether they need to be immediately enlisted in a composition.

Rationale

As the sophistication of service-oriented solutions continues to grow, so does the complexity of underlying service composition configurations. The ability to effectively compose services is a critical requirement for achieving some of the most fundamental goals of service-oriented computing.

Complex service compositions place demands on service design that need to be anticipated to avoid massive retro-fitting efforts.

The Service Composability principle helps determine how to carry out a separation of concerns in support of service-orientation. The services that result from the illustrated decomposition of solution logic are assembled to solve any specific problem. However, the ultimate, strategic benefit comes with the ability to continually recompose these services to help solve additional problems in the future.

Implications

Having a specific vision for a service, and a clear identification of the purpose and its responsibility in the environment is required.

To facilitate composability, the service must also adhere to Discoverability, and the following two principles: Service-Orientation and Interoperability plus Explicit Boundaries.

Service inventories will be built out with named services fulfilling specific capabilities, and service inventories may be divided by business domain, or responsibility within the domains.

9.   Service-Orientation and Interoperability

Description

Services in a Service Oriented Architecture must be interoperable by design, and adhere to open standards that support automation and tooling for facilitating and easing intersystem communications.

Interoperability is the ability of different information technology systems and software applications to communicate, exchange data, and use the information that has been exchanged.

Rationale

Interoperability refers to the sharing of data. The more interoperable software programs are, the easier it is for them to exchange information. Software programs that are not interoperable need to be integrated. Therefore, integration can be seen as a process that enables interoperability.

A goal of service-orientation is to establish native interoperability within services in order to reduce the need for integration effort.

Implications

Interoperability is specifically fostered through the consistent application of design principles and design standards. This establishes an environment wherein services produced by different projects at different times can be repeatedly assembled together into a variety of composition configurations to help automate a range of business tasks.

Interoperability is fundamental to the first eight principles listed.

A fundamental goal of applying service-orientation is for interoperability to become a natural by-product, ideally to the extent that a level of intrinsic interoperability is established as a common and expected service design characteristic.

10.                   Explicit Boundaries

Description

Implicit in several principles documented previously, services need explicit boundaries.  Messages containing all of the information required for proper service operation should be passed when the service is invoked, and all behaviors of the service should be documented for the publicly exposed interface.

Rationale

The Service should not have hidden behaviors, or unexpected side-effects caused by a service consumer sending data or data fields to the service that are not covered by documented contracts, or by having partial data delivery cause other side-effects.

Without well documented service functional boundaries, service reuse is compromised, or during the maintenance of a service, additional un-related service functionality may be added.

Implications

During service candidate evaluation, the ability to specifically create logical and functional boundaries for services must be a consideration before deciding to approve a new service for inclusion in the portfolio.

Documenting the intended purpose of a service as part of the service metadata is required.