Data Identity & Supply Chains
Saturday, January 2, 2010 at 9:30PM I attended the Internet Identity Workshop #9 (IIW9) in early November at the suggestion of Silona Bonewald. She read Banking on Granular Information Ownership and we made a connection regarding her mutual data ownership approach to 'open banking'.
My attendance at IIW9 was strange and familiar. Surreal and real. It was like 'coming home' to a home I'd never seen before. A kind of deja vu.
My experiences with 'identity' have been in the registration of radically serialized data objects (i.e., data elements with GUIs) that are authored, published and distributed by supply chain participants to supply chains. The focus has been about giving product supply chains the opportunity to know more about the products by providing more permissions control over the shared data. This was first theoretically applied to supply chains for chemical products, and then actually engineered and deployed in 2003-06 to the U.S. beef livestock supply chain following the 2003 'mad cow' case. The developed system was - and is - in the form of a multi-tenant, enterprise class system (we marketed it as a 'data bank') that appears to fit well into the cross-section of the Venn diagram in the September, 2008 blog Venn and the art of data sharing by Eve Maler. That is, with one significant exception. The 'identity movement' was essentially non-existent in 2003-06 (IIW #1 was held in October, 2005) and so we did not at that time have the benefit of client-side or browser-side or smartphone-side means, functions and standards related to data identity.
In lieu of identity standards what we did was bake in our own patented business rules for shifting the capabilities of a relational SQL server toward the registration of objects; objects that would then be granularly revealed, traceable, and controllable to the nth degree of sharing among the tenants of the data bank. Then we thought we would be in a good position to tackle integration with other data silo's driving standards for universal data tags. But then a funny thing happened on the way to the coliseum - the USDA's efforts for introducing mandatory animal identification to agriculture collapsed in late 2006 predictably affecting every supply chain company who had bet that the USDA would do what they said they would do. Since then my company, Pardalis, has essentially been anchored in a 'safe harbor' called North Dakota State University.
Earlier this year I had discussions with Microsoft-Fargo, and then Microsoft-Redmond, that led up to Microsoft's then Worldwide Director of CRM, ERP and Supply Chain Solutions. What I was saying to Microsoft was that neither Dynamics CRM nor SharePoint were relevant outside of the federated or vertically integrated parts of supply chains. But what was broadly used by SMBs - where CRM and SharePoint were not - was Microsoft Excel. And so the logical next step was to connect supply chains end-to-end with a 'data bank' blah, blah, blah. Honestly, I didn't begin to tune into InfoCards and what Microsoft's Chief Identity Officer, Kim Cameron, had been up to until later in the summer. Cameron is touting the application of transactional "claims" to provide "minimal disclosures" about persons which has now evolved into the Windows Identity Foundation. There's no doubt in my mind that the ERP folks inside of Microsoft should talk to Kim Cameron and the Identity folks in Microsoft but that's something they'll have to figure out on their own, right? :-)
Now traceability is 'sexy' again. Pardalis is moving forward with major land grant institutions (North Dakota State University, Michigan State University, Oklahoma State University) and supply chain participants (like Top 10 Produce) in seeking $5M/5 year USDA funding for a Coordinated Agricultural Project under the Special Crops Research Initiative. This initiative supports research for methods to prevent, detect, monitor, control, and respond to potential food safety hazards in the production and processing of specialty crops, including fresh produce. Central to this research will the development/introduction of item-level means and functions for interoperably connecting agricultural supply chains from 'farm to fork'. The goal is to provide real-time access to the supply chain participants of the total system of data - not just the data presented in GS1 labeling - relative to product safety, taste, quality, appearance, environmental responses, tolerances, transportation, marketing, storage characteristics , etc.
Like I said, my attendance at IIW9 was strange and familiar, etc. What was missing for me was the application of identity and social networking to supply chains. I suppose one could argue that the term 'supply chain' was there, so to speak, particularly in the IIW9 sessions covering Vendor Relationship Management, but in my opinion it was way in the background waiting to be brought to the forefront. I'm definitely planning on attending IIW #10 in Mountain View in May, 2010, to do my part in helping raise the visibility of supply chains in this mix. I'm really glad to have found my way to the identity movement.
[The foregoing is substantially reprinted from previous contributions made by the author to the Data Ownership in the Cloud group on LinkedIn.]
Reader Comments (2)
In my work place, as a support person for back office IBM midrange computer system, I have been on the periphery of this. It is evident to me that supply chain "connections" have different "corporate privacy rules" in different localities ... states of USA, cross-nations ... and within different departments, that have their opposite supply chain contacts ... accounting, quality, engineering, etc.
e.g. info we find in phone books, sensitive if otherwise "unlisted", ditto e-mail addresses.
e.g. info "confidential" to the world outside trading partners & companies that have signed confidentiality agreements.
e.g. info that the anti-trust judiciary might claim is a violation to be sharing with potential competitors, or that people, trying to cooperate, might consider this to be a risk.
e.g. info about quality problems that others might use as basis of future lawsuits.
e.g. within a company's ERP data can be granular secured
... only certain individuals/depts may have access to view-copy / update-add-delete / etc. whole files or slices of files ... ditto into supply chain ... for example, our corporate ERP data is accessible to both internal people, and representatives of supply chain contacts ... but we can limit outside contacts to info in our ERP that is relevant only to that company, them not see what we doing with OTHER companies products
but once company ERP data is copied in whole or in part into someone Excel, or other formats, the security control is usually lost
e.g. how the data is communicated between two or more enterprises "in the cloud" ... we need to consider security at each home office, on portable devices of employees, and when data is in "other" hands such as auditors, government, ISP, ASP, etc.
There's also IT challenge where a column field labeled for one purpose (e.g. phone#) but users of that table may have populated data that has a higher security need (e.g. bank account #) ... state of art (that I am familiar with) is to secure data by table dimensional structure, not data content.
Some industries have done work that maybe other industries can learn from.
I am currently a computer person in the electrical manufacturing industry.
The OEM (Original Equipment Manufacturer) decides which parts and components need to be subject to certain standards, such as UL (Underwriter Lab), exclusion of hazardous chemicals. These parts then get unique labeling throughout the supply chain, and are subject to independent inspection throughout the supply chain.
Suppose we have a minor disaster due to an electrical failure in a household appliance ... example, someone house burn down, and it is traced to faulty wiring in air conditioner wall plug. If the entire supply chain, of components for that part, had been covered by UL and ISO 9000, then it is possible to back trace to which vendor responsible for the failure. But the current reality is:
Wires CAN have labeling or im-printing that uniquely identify them, date manufactured, and include manufacturer identity. This is rarely done.
Parts, made in foreign nations, may be labeled "Made in USA" (when they were not) or "UL #### certification" (without going through the certification process), because that's what's needed to have the product sell in USA. It would be illegal to counterfeit UL certification inside USA, but this is not enforced in global trade.
Some supply chain participants do not differentiate the same parts made by different vendors, the same parts going through engineering changes, do not maintain records on parts for the likely life span of the parts, buy and sell individual companies, where records on what was done by former owners can go in the trash.
Lawyers, assigned to investigate this, are often ignorant of industry standards, and available records, such as UL samplings at all stages of supply chain of parts supposed to meet certified quality standards.