This article discusses how a service layer makes service-oriented architectures (SOA) easier to manage and update. Most companies looking seriously at SOA do so in hopes of making a mishmash of existing hardware and software play together more smoothly. Such companies have much to gain from SOA. But they face a key challenge in that heterogeneous environments bring together a plethora of brands, platforms, protocols, security systems and more, making SOA standardization more difficult to achieve. Even if the chief architect of a company solves the problem by dictating, the Web services policy--the set of requirements for using any given service--must be abstracted from the services themselves in order for the SOA to scale. This is exactly the type of practical concern for which the InfoWorld SOA Executive Forum was created, to be held in San Jose, California, on May 5, 2005 and in New York on May 17, 2005. Eric Pulier, executive chairman of SOA Software, said that if an individual has exposed his or her applications as Web services but the security procedures and other policies are hard-coded into the applications, then every change requires him or her to re-code the applications. That is equivalent to an old-style tightly coupled application-to-application interface. The smart solution is to handle such complexities in a service layer, integral to the SOA. Some companies write this layer themselves, others seek a prepackaged solution such as the one offered by SOA Software. In either case, the service layer knows where each service resides, what it knows, and what it needs. It then acts as a nexus for communication, security and so forth. Upgrading a protocol, then, requires you to change the service layer rather than several applications.