Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RFI] OSSIM Entity Representation? #47

Open
packet-rat opened this issue Sep 22, 2024 · 2 comments
Open

[RFI] OSSIM Entity Representation? #47

packet-rat opened this issue Sep 22, 2024 · 2 comments

Comments

@packet-rat
Copy link

Representation of Entities is a foundational requirement for modeling Supply Chain elements, roles, and relationships. Have we selected/established which entity model(s) we are going to subsume (i.e., OASIS CIQ)?

@packet-rat
Copy link
Author

Gathering notes on avenues for investigation.

#From 241105 Meeting

  • OASIS CIQ
  • NIEM
  • UBL
  • LegalXML
  • UCO
  • FOAF
  • xxx (Dave Lemire)

#Other AI identified options:

  • CycloneDX
  • TOSCA
  • LEI
  • ISO 6523
  • DUNS
  • VERIS

@packet-rat
Copy link
Author

Per our January 7,2025 discussion - I will be submitting various artifacts of my research into Entity Representation models here in the OSIM Issue tracker.

This artifact represents general Gen AI assisted findings.

Standards for Information Modeling of Supply Chain Entities

Unambiguously identifying organizations, individuals, and relationships in the supply chain is critical for traceability, accountability, and risk management. Below are existing standards that model these entities and their roles.


1. Legal Entity Identifier (LEI)

  • Purpose: Globally recognized identifier for legal entities in financial and commercial transactions.
  • Scope: Financial institutions, suppliers, manufacturers, and other organizations.
  • Key Elements:
    • LEI Code: Unique 20-character identifier for legal entities.
    • Entity Data: Includes legal name, address, and ownership structure.
    • Relationship Data: Tracks parent companies, subsidiaries, and branches.
  • Usage: Regulatory compliance, financial reporting, and supply chain transparency.

2. GS1 Standards (Global Standards One)

  • Purpose: Global standard for uniquely identifying products, locations, and business entities.
  • Scope: Organizations, products, services, locations, and assets.
  • Key Elements:
    • GTIN: Identifies products or services.
    • GLN: Identifies physical or digital locations.
    • GRAI: Identifies returnable assets like containers and pallets.
  • Usage: Tracking goods, inventory management, and supply chain transparency.

3. ISO/IEC 6523

  • Purpose: Framework for assigning unique identifiers to organizations in electronic data interchange (EDI).
  • Scope: Suppliers, manufacturers, distributors, and financial institutions.
  • Key Elements:
    • ICD: Prefix indicating organization type or sector.
    • Organization Identifier: Unique organizational code for supply chain transactions.
  • Usage: Used in EDI and supply chain communication.

4. OASIS UBL (Universal Business Language)

  • Purpose: XML schemas to standardize business documents like invoices and shipping notices.
  • Scope: Businesses, suppliers, logistics providers, and customers.
  • Key Elements:
    • Party: Represents a business entity (e.g., buyer, seller).
    • PartyRole: Defines roles in a transaction (e.g., manufacturer, distributor).
    • Address/Contact: Models location and communication details.
  • Usage: Electronic data interchange (EDI) and procurement.

5. ISO/IEC 19770-2

  • Purpose: Defines Software Identification (SWID) tags for software supply chains.
  • Scope: Software suppliers, distributors, and end-users.
  • Key Elements:
    • SWID Tags: Metadata about product name, version, and publisher.
    • Publisher Information: Identifies software producers.
  • Usage: Tracking software provenance in SBOMs.

6. SPDX (Software Package Data Exchange)

  • Purpose: Open standard for representing software package information.
  • Scope: Software suppliers, distributors, integrators, and consumers.
  • Key Elements:
    • Package Information: Describes software licensing, version, and origin.
    • Relationship Types: Links between packages (e.g., dependencies).
    • Supplier Information: Identifies responsible organizations.
  • Usage: Managing licensing and compliance in software supply chains.

7. CycloneDX

  • Purpose: Lightweight SBOM standard for tracking software components and relationships.
  • Scope: Software producers, integrators, and consumers.
  • Key Elements:
    • Component: Represents software components.
    • Organizational Information: Identifies responsible organizations.
    • Dependency: Models relationships between components.
  • Usage: Modeling and tracking software supply chains.

8. OASIS CIQ

  • Purpose: Suite for representing people and organizations, focusing on customer information.
  • Scope: Organizations, customers, suppliers, and vendors.
  • Key Elements:
    • xCIL: Detailed customer and organization data.
    • xNL: Models individual and organizational names.
    • xAL: Models address information.
  • Usage: Representing hierarchies and relationships in supply chains.

9. Verifiable Credentials (W3C)

  • Purpose: Framework for issuing and verifying claims about entities in supply chains.
  • Scope: Suppliers, vendors, manufacturers, and service providers.
  • Key Elements:
    • Issuer: Organization issuing the credential.
    • Holder: Entity holding the credential.
    • Verifier: Organization verifying the credential.
  • Usage: Identity management, regulatory compliance, and traceability.

10. ISO 10303 (STEP)

  • Purpose: Standard for representing product data throughout its lifecycle.
  • Scope: Manufacturers, suppliers, and distributors.
  • Key Elements:
    • Product Data: Detailed specifications, materials, and origin.
    • Product Relationships: Links between components and products.
  • Usage: Consistent representation of product data in supply chains.

11. IDMP (ISO 11615)

  • Purpose: Framework for identifying medicinal products across supply chains.
  • Scope: Pharmaceutical manufacturers, suppliers, and regulators.
  • Key Elements:
    • Product Identifier: Unique identifier for medicinal products.
    • Organization Information: Identifies manufacturers and distributors.
    • Relationship Data: Models links between products and suppliers.
  • Usage: Pharmaceutical traceability and regulatory compliance.

12. eCl@ss

  • Purpose: Classification standard for categorizing products and services.
  • Scope: Manufacturers, suppliers, and distributors.
  • Key Elements:
    • Product Classification: Unique identifiers for product categories.
    • Supplier Information: Identifies suppliers.
    • Attribute Data: Detailed product specifications.
  • Usage: Standardizing product data exchange.

13. ISO 22005

  • Purpose: Focused on traceability in supply chains, particularly in food and agriculture.
  • Scope: Producers, suppliers, and distributors.
  • Key Elements:
    • Event Data: Tracks movement and transformation of products.
    • Batch/Lot Numbers: Links events to specific batches.
    • Entity Roles: Defines supply chain roles.
  • Usage: Traceability for accountability and compliance.

14. Blockchain Standards (Hyperledger, Ethereum)

  • Purpose: Blockchain-based standards for transparent supply chain tracking.
  • Scope: Food, pharmaceuticals, luxury goods, and more.
  • Key Elements:
    • Smart Contracts: Automates transactions between entities.
    • Identity Management: Secure identities for participants.
    • Immutable Records: Tamper-proof tracking of products and transactions.
  • Usage: Transparency and trust in high-value supply chains.

These standards collectively provide frameworks for representing and managing entities, relationships, and roles within supply chains, ensuring traceability, compliance, and accountability across various industries.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant