Skip to content

Latest commit

 

History

History
20 lines (14 loc) · 2.46 KB

governance-shape.md

File metadata and controls

20 lines (14 loc) · 2.46 KB

Governance Shape

The structure of API governance must be established at the highest levels of the organization–otherwise, it will just be a low-level vision realized by a handful of teams. To have the greatest impact, governance needs to reflect the particular organization that is applying it. To do that, leaders must invest in resources, time, and people to develop a system that will guide teams in learning about, understanding, applying, and reporting on governance rules, as well as providing feedback on what is working and what is not.

Elements

  • Structure - Provide a clear structure for how governance will be executed, balancing a top-down with a bottom-up approach to looking at it.
  • Leadership - Select a group of business and technical leaders, bringing together a mix of skills and domain expertise.
  • Guidelines - Provide details on the standards for designing APIs, but also for documentation, testing, and other aspects of team API operations.
  • Domains - Establishing domains within the enterprise will allow for logical separation of business concerns in accordance with the dictates of domain experts.
  • Groups - Establish a logical separate of teams, grouping them by domain, line of business, project, or another bounded context that makes sense.
  • Teams - Define the team of people behind API operations, providing names, roles, and other relevant details about who they are and what they will be contributing to the team.
  • Workspaces - An API workspace strategy lays out the API factory floor for the enterprise, establishing naming conventions and other patterns to enable teams.
  • Single Sign On (SSO) - Provide teams with an authentication scheme allowing them to log in with a single ID across the multiple services they will need for work.
  • System for Cross-domain Identity Management (SCIM) - Leverage the SCIM standard for automating the provisioning and deprovisioning of team member accounts.
  • Role Based Access Control - Role based access control should be applied at the authorization layer of an API, but also to the API operations around it, helping govern who has access to operations.

How you shape your governance will set the pace for your teams, enabling them to h move forward, deal with change, and feel like they are part of defining and evolving the shape of governance. By making teams a part of the governance discussion, you will ensure that your guidance is realistic and easily adopted.