When there are lots of solutions, choosing the right products to build your software is really challenging. Identifying the right combination of middleware products to build your SOA is key to its success. This article discusses an approach to using non-functional requirements in choosing these products, using SOA in health care as an example.

Software applications that are fragmented across departments, legacy systems that cannot be retired, and integration challenges due to heterogeneity are no exception in the health care industry. Business processes and sophisticated medical data that go from physicians and hospitals to health plans to pharmaceutical companies to insurance companies make the implementation of IT solutions highly challenging. Service-oriented architecture (SOA) has been identified as a perfect way to meet these challenges and many companies in the health care business are moving toward SOA. Choosing SOA as the architectural style is just the first step in implementing a successful enterprise solution. Employing the right products in your SOA middleware stack is another key step in this process.

When architecting a solution, identifying key non-functional requirements is very important. A good enterprise architect always considers the non-functional requirements in making important architectural decisions. There are many non-functional requirements and it’s impossible to satisfy all of them to the fullest extent. Business requirements play an important role in prioritizing non-functional requirements. An architectural analysis technique like ATAM could be very useful here. These key non-functional requirements play a major role in choosing which middleware products is used in your solution.

Non-Functional Requirements
Listed below are a few important non-functional requirements in the health care industry that need to be considered when evaluating products to be used in your SOA middleware stack.

Security – The confidentiality, integrity, and availability of patient data has to be maintained in creating, receiving, maintaining, and transmitting. You may want to use proprietary access controls and authentication protocols to achieve high security. The chosen products should provide extension points to plug in to these proprietary solutions.

The application of security policies and managing access control at each service level is important. Every request must be audited and audit trails have to be maintained so, when an incident occurs, its cause can be identified without failure.