Collaboration and cross-border information sharing

Throughout the different stages of a modern product life-cycle, teams scattered around the globe or around the corner, collaborate using extensive amounts of data relating to the bill of materials that constitute the final product. Each and every component often equates to substantial investments in time and research. Combined, once brought to market, they represent the value from which the company is dependent on.

For modern industries a great deal of their success can depend upon their ability to organize these collaborative efforts efficiently. These efforts often extend beyond borders of corporations as well as nations and their jurisdictions. The regulative landscape involved in this process is complex. Within many jurisdictions, legislation puts restrictions on the type of information that you are allowed to share across borders. In fact the know-how behind entire products or their individual components may be regarded as a matter of national security. Furthermore, this know-how represents the intellectual property on which a company's future may be based.

Product Life-Cycle Management

Intellectual property protection and compliance with export control regulations are essential "headaches" that cannot be disregarded. Extensible authorization helps companies deal with both. At the core of this lies efficient information sharing for Product Life-cycle Management (PLM). PLM solutions that are used to handle the core technical data, are typical also linked to tools used to manage the overall business process. Meta information about technical items or contractual aspects thereof play an important role in Business Process Management (BPM) systems that will also typically be impacted by regulatory compliance.

To enable information sharing, efficient and effective controls need to be in place. The details of a bill of material may need filtering to block data about individual components for a given user in a given context. It may also be required for the sake of intellectual property protection or compliance with export control regulations. Such filtering must be based on the authorization of an individual user and the sensitivity of a given information block. It is virtually impossible to achieve this with traditional access control models, such as role based access control (RBAC) as they cannot capture context-related information.

Attribute Based Access Control (ABAC) in production

eXtensible authorization handles all of these requirements and, furthermore, it externalizes access control from individual software components involved in the product life-cycle management process. This allows consistent enforcement of policies across the entire stack of PLM and BPM components. It also achieves efficient integration with information sources from where the necessary attributes regarding users and resource may need to be gathered in order to make authorization decisions. Such attributes may include data for proper classification of the component (for instance US Export Control Classification Numbers, ECCN), its source and destination when exported (from and to which country, company, etc.), the user accessing the information (location, citizenship, role and authorization), the purpose of use (current activity, end-use, etc.), and a wealth of other procedural or contractual information.

Powered by XACML

Axiomatics eXtensible authorization uses the XACML standard to deliver enterprise-ready authorization solutions. XACML can be customized and adapted to specific usage areas by means of XACML profiles. The OASIS XACML Technical Committee releases profiles for Intellectual Property Protection as well Export Control. These profiles further simplify deployment - for more information, see the XACML section.

Customers of Axiomatics in the aerospace industry are examples of companies that eXtensible authorization purposes such as Product Life Cycle Management.