Manufacturing with export control compliance and protected IP
Globalization and componentization in production leads to a rapid increase in information exchange and collaboration between divisions of global organizations as well as different suppliers. As a result, risk exposure increases. Intellectual property is at stake and export control regulations need to be adhered to.
Collaboration and cross-border information sharing
Throughout the different stages of a modern product life-cycle, teams scattered around the globe or around the corner, collaborate using extensive amounts of data relating to the bill of materials that constitute the final product. Each and every component often equates to substantial investments in time and research. Combined, once brought to market, they represent the value from which the company is dependent on.
In countries with strict export control regulations, non-compliance is simply not an option. Failing to meet government requirements will lead to severe financial penalties and can lead to legal implication including imprisonment for upper management.
More important, is the fact that companies risk being banned from exporting goods and/or services, which for global players is as good as being closed down.
For modern industries a great deal of their success can depend upon their ability to organize these collaborative efforts efficiently. These efforts often extend beyond borders of corporations as well as nations and their jurisdictions. The regulative landscape involved in this process is complex. Within many jurisdictions, legislation puts restrictions on the type of information that you are allowed to share across borders. In fact the know-how behind entire products or their individual components may be regarded as a matter of national security. Furthermore, this know-how represents the intellectual property on which a company's future may be based.
Product Life-Cycle Management
Intellectual property protection and compliance with export control regulations are essential "headaches" that cannot be disregarded. Extensible authorization helps companies deal with both. At the core of this lies efficient information sharing for Product Life-cycle Management (PLM). PLM solutions that are used to handle the core technical data, are typical also linked to tools used to manage the overall business process. Meta information about technical items or contractual aspects thereof play an important role in Business Process Management (BPM) systems that will also typically be impacted by regulatory compliance.
To enable information sharing, efficient and effective controls need to be in place. The details of a bill of material may need filtering to block data about individual components for a given user in a given context. It may also be required for the sake of intellectual property protection or compliance with export control regulations. Such filtering must be based on the authorization of an individual user and the sensitivity of a given information block. It is virtually impossible to achieve this with traditional access control models, such as role based access control (RBAC) as they cannot capture context-related information.
Attribute Based Access Control (ABAC) in production
eXtensible authorization handles all of these requirements and, furthermore, it externalizes access control from individual software components involved in the product life-cycle management process. This allows consistent enforcement of policies across the entire stack of PLM and BPM components. It also achieves efficient integration with information sources from where the necessary attributes regarding users and resource may need to be gathered in order to make authorization decisions. Such attributes may include data for proper classification of the component (for instance US Export Control Classification Numbers, ECCN), its source and destination when exported (from and to which country, company, etc.), the user accessing the information (location, citizenship, role and authorization), the purpose of use (current activity, end-use, etc.), and a wealth of other procedural or contractual information.
eXtensible Authorization supports the capture of context-related information such as the location as well as the citizenship of a user, the classification of technical data in relation to regulations and purpose of use both in terms of the current access request with regard to the end-use of an exported item for which an export license or agreement is applicable and verification that the user is not black-listed by authorities.
Powered by XACML
Axiomatics eXtensible authorization uses the XACML standard to deliver enterprise-ready authorization solutions. XACML can be customized and adapted to specific usage areas by means of XACML profiles. The OASIS XACML Technical Committee releases profiles for Intellectual Property Protection as well Export Control. These profiles further simplify deployment - for more information, see the XACML section.
Customers of Axiomatics in the aerospace industry are examples of companies that eXtensible authorization purposes such as Product Life Cycle Management.