WSO2, the firm producing open source enterprise integration middleware, announced Thursday that has expanded its service registry into what it calls a Governance Registry.

WSO2 is an early implementer of OSGi standards that allow Java objects to be manipulated and run remotely, or assembled with other objects to be run together. It has produced a lightweight application server and enterprise service bus as middleware that follow OSGi standards.

Its Governance Registry 3.0 serves as both a locator of services for parties seeking them and a manager of the software lifecycle of services. It can apply policies that determine when a service should be revised or discontinued. It performs version control, so that modifications are recorded and a path to roll back to an earlier version is available, if necessary. It can perform service discovery and impact analysis. It automatically extracts information or metadata on the service that describes its purpose and use.

"Governance is different for each organization. We expect customers will take the Registry, tweak it, and use it as they want," said Sanjiva Weerawarana, CEO, in an interview. The Governance Registry is freely available under the Apache open source code license. WSO2 sells technical support for its products and supplies consulting services.

In addition, WSO2 is updating its Identity Server to version 2.0, so that it can identify, authenticate and provide role-based authorizations to users of services. The authentication can be fine grained, allowing one role to be defined at several different levels of usage, depending on seniority or a number of factors.

Version 2.0 includes an entitlement engine, which manages the fine-grained authorizations. It uses a claim-based security token service for mapping user identity attributes to a set of related services. It allows multi-factor authentication for OpenID, an identity management approach for consumers sponsored by the OpenID Foundation to supply a free identity to use with many services across the Internet. It also can use Information Cards based on Microsoft's CardSpace identity management approach for a reuseable identity across many Internet services.

"The Identity Server addresses the people element of service governance," said Weerawarana. It can be tied into an enterprise's existing identity management systems, such as Active Directory, and enable broad usage of enterprise services among employees or authorized partners and consultants.

Both Governance Registry 3.0 and Identity Server 2.0 are available Thursday for free download from the http://WSO2.com site.

InformationWeek's Informed CIO series lays out 10 steps to achieve excellence in service assurance initiatives. Download the report here (registration required).