So are we going to see Meta-Meta-Policies?

The new ZapThink ZapFlash is out, and its title SOA Governance and the Butterfly Effect
speaks to how changes to an SOA that, while seemingly small, can cause
gigantic effects down the road. One especially chilling quote:

Now, let’s segue to the post-SOA scenario. In this situation, the
executive in the same situation has a policy management tool accessible
via a corporate portal. This tool leverages several Services that form
part of the SOA governance framework, but the executive is none the
wiser about these technical details; all managers need to know is that
they have the authority to change certain corporate policies via the
corporate portal. As such, the exec can go into the portal and adjust
the Service-level agreement (SLA) for corporate reporting that includes
the required report, changing the turnaround time for corporate data
from “up to one week” to “up to one day,” through the click of a button

The solution to this situation, as offered up by the article, is to
have Meta-Policies goverening your policies. But then who governs
those?

I seriously doubt any organization will get to this level when
executives are making these types of changes, but it still speaks to
the larger question of:


Should an SOA REALLY be modified by
business users who may not understand the effects their changes could
have? Is this what we really mean when we talk about ‘SOA
Governance’ ?

Todd Biske’s blog post raises some similar questions.