This well-written paper discusses service-oriented architecture (SOA) test governance and proposes two distinct SOA testing approaches that rely on a cross-organizational testing process. This is an important topic that could benefit from a full treatment, as would be found in a textbook. Bertolino and Polini reference four of their previous publications on the SOA audition framework and state that service-oriented coverage testing (SOCT) is an active area of research. A particular strength of the paper is the clarity of the writing and the authors’ ability to succinctly focus on the core issues. Furthermore, they provide context and life cycle grounding, by placing their work in the context of traditional testing practices and accepted international standards. This is a timely publication, as organizations look to SOA to enable their missions, while keeping costs low.

The paper is organized in six sections. The first section provides a foundational introduction. The second section provides essential definitions for governance, information technology (IT) governance, SOA governance, and SOA test governance. Section 3 discusses why SOA test governance is necessary. It provides a list of key stakeholder roles and activities, and it introduces the trusted third party as a key stakeholder role for authentication and verification of services. Bertolino and Polini identify core issues that make SOA testing a particular challenge: reduced control, observability, trust, information, runtime integration, and quality-of-service (QoS) relevance. Section 4 provides a framework for managing software test governance (STG). The authors offer a textual description and a diagrammatic view for STG that provides clarity and augments the concept for better understanding. Section 5 provides two examples of STG and testing: the audition framework and SOCT. The audition framework testing is for online testing of services. This phase occurs when a service asks for registration within the registry; only services that pass this testing phase will be listed in the registry. SOCT occurs with service orchestration and relies on service instrumentation by the service provider, prior to testing. An independent third party documents coverage. The testing metrics are collected and analyzed by the third party, and then reported back to the service integrator. Section 6 provides conclusions and promises additional work on the relationship between STG and service-level agreements (SLAs).