At the end of last week a webMethods' press release popped into my inbox highlighting a recent demonstration of interoperability between the company's UDDI-based registry (acquired with Infravio), HP's Systinet registry and one of Layer 7 Technologies' SecureSpan XML appliances.  In a nutshell, the three companies showed how policies attached to services in a UDDI registry (using the Web Services Policy 1.5 Framework and Attachment candidate standard specification) can be exchanged with Layer 7's appliance for policy enforcement.

Prasad Yendluri of the Office of the CTO at webMethods had this to say:

greatly enhance[s] the interoperability of all of the components used to achieve policy-based governance

a point which was reinforced by Toufic Boubez, CTO of Layer 7 who claimed such interoperability provides:

a powerful standards-based solution for overall SOA management and governance

Here at MWD we certainly agree that a policy-based approach is essential for effective management of the service lifecycle. Policies should capture and enforce the obligations and expectations of service providers and consumers represented in service contracts to maximise the quality of the service experience. Interoperability of policies is also essential, given the variety of service infrastructure technologies required to support any significant SOA initiative. However, as I pointed out over a year ago:

WS-Policy does not deal with semantics: it provides a framework within which those semantics can be defined. Support for WS-Policy provides no guarantee that the way one vendor defines a particular policy can be interpreted and enforced effectively by another. That will require agreement on semantics.

For these reasons, I doubt that the three participants simply installed the products, created some services and policies and then demonstrated policy enforcement: they first had to agree how the policies would be represented in WS-Policy.

Don't get me wrong: I think this is a positive step in the right direction. However, it's important for those involved in SOA initiatives to recognise, as I pointed out last year, that a number of significant steps still have to be taken to reach the semantic interoperability goal that's required:

It's not going to be easy! It will require the participation and cooperation of vendors of all shapes and sizes. Vendors, moreover, who are going to have to relinquish the control that ownership of policy definition can provide.