SOA management and security systems can add value to governance systems by providing relevant historical information about service levels, security, quality of service, and fault detection to the governance system. Since governance systems are about development artifacts, this allows developers to understand the long-term performance and reliability of their artifacts. In short, they can more easily ask questions such as which of my services is actually managed, which has the slowest response time, which has had the most security violations, or which matches certain service-level requirements that I need.

From the architecture perspective, the SOA management and security solution provides a centralized repository and mechanism for defining management and security policy for the entire SOA, across all service platforms. Governance platforms may potentially refer to and track changes to these management and security policies, which would be particularly useful to enterprise architects and designers already using these governance tools on a daily basis. However these policies still need to be stored and optimized for the use of the SOA management and security systems that are managing the environment in real time. Therefore, these policies will be most often stored within the management system's own repository. Similarly, because the SOA does not exist in isolation from other enterprise entities, these policies should be considered specialized cases of more general enterprise policies that already secure and manage the entire enterprise through existing enterprise systems.

Governance solutions, particularly UDDI-based repositories, can help management and security systems discover new or changed services, but there is nothing actually forcing service providers to publish WSDL descriptions of their services in a registry, so management and security systems must also be able to discover services based on message traffic, as well. Over time, management and security solutions will increasingly leverage information about development artifact changes provided by governance products in order to more effectively monitor the impact of these life-cycle events on the performance and reliability of the SOA at runtime.

Conclusion
Henry David Thoreau once said that "If you have built castles in the air, your work needs not be lost; that is where they should be. Now put the foundations under them." Similarly, many IT people have been focused on building their castles in the air by creating the beginnings of an SOA through the creation of carefully designed, loosely coupled services, often deployed on multiple service platforms. Many are starting to consider the role of dynamic service discovery through a registry, as well. This is all fine. But, as Thoreau said, now is the time to make sure you don't lose those castles. Be sure to build the needed foundations with effective SOA management and security. Even better, if you really don't want those castles to fall, make your foundations deep and strong by carefully considering the relationship and level of integration between your SOA management and security solution and the rest of your enterprise management and security systems. When you have a plan for complete, end-to-end management, and security covering every important aspect of your business processes and every supporting IT system, then your service-oriented castles are truly reliable, safe, and ready to add value to your business.