Service-oriented architecture (SOA) is gaining widespread acceptance as a way to map business processes and tie together enterprise applications using Web services. Without a standards-based Business Service Registry to act as the unifying mechanism, however, SOA cannot fulfill its promise. The following is a guide to avoiding the seven dangers of implementing SOA without a Business Service Registry - while at the same time, gaining a major boost in IT agility and application interoperability.

In recent years, there has been a steady migration away from non-standard legacy interfaces and toward Web services. By offering a standards-based interoperability platform, Web services allow enterprises to more efficiently integrate applications and improve the accessibility of business processes for customers, partners, and internal users. Essential for both business-to-business commerce and internal business applications, Web services are increasingly used by organizations that want to improve their responsiveness and efficiency.

Yet the exciting new capabilities offered by Web services arrive with a degree of risk. An unplanned, broad adoption of Web services opens companies to uncertainty and even potential anarchy. How can enterprise architects make sure that the people who need the services will find them? Is there a way to ensure that developers are not wasting their time developing services that already exist? How can management ensure that services comply with technology, business policies, and application standards? Finally, how can IT and business leaders control how the services interoperate both inside and outside the firewall?

Companies need the architectural benefits of service-oriented architecture (SOA). An SOA can coherently map business processes with enterprise applications, inspire integration and reuse of applications, and foster effective governance of SOA services - often at dramatically lower costs and with less resources.

Still, enterprise architects who implement an SOA often realize that a key ingredient is missing: business service visibility and, therefore, control. If users, partners, and business analysts cannot easily find these business services and identify their attributes, the promise of SOA is largely lost. If developers cannot readily find and reuse services, they essentially don't exist.

The solution to this loss of control is a platform-neutral, standards-based method for publishing and discovering services. Using a standards-based Business Service Registry, Web services can be published as SOA business services that are ready for mapping and interoperability. By publishing services information, including capabilities and policy support, the Registry becomes the overall system of record for the entire SOA. The Business Service Registry allows the standardization of activities and procedures for enabling, publishing, discovering, and managing business services across the enterprise and between trusted business partners and clients.

Discussions with numerous SOA users illuminated several problems with using a non-registry based SOA. The following are seven of the most common reported dangers of not supporting an SOA with a Business Service Registry:

Danger #1: Wasted, Ineffective Applications Caused by Misalignment with Processes
A Business Service Registry provides easy-to-use tools with which business analysts can survey an enterprise's business services portfolio and determine which are available to automate processes and address pressing business needs. Whether the application is as specific as tracking down sales leads or as all-encompassing as e-government compliance or evaluating the impact of new product lines, a Registry allows analysts to measure the impact of changes in business requirements on processes and services.

Danger #2: Lack of Application Consistency and Integrity
Ultimately, the Registry's enabling role for governance of services may be its most important advantage. A Registry offers the nuts-and-bolts compliance and approval tracking process that can ensure the integrity of service governance and policies. Companies are enforcing compliance to a growing list of standards and codes, such as Basel II, Sarbanes-Oxley (SOX) and HIPAA. In addition to making sure services live up to business and technical standards, a Registry can also help to monitor and analyze changes in services for adherence to service-level agreements. SOA governance is essential to conforming to any business, industry, or security standard, and a Registry is essential for SOA governance.