Sub-Contractors Can Submit RFID Data to WAWF
Posted by Brian Aldridge on Tue, Feb 09, 2010
It is not always feasible for the Department of Defense (DOD) Prime Contractor to submit Radio Frequency Identification (RFID) data to Wide Area Workflow (WAWF). When product packaging and shipping is performed by a sub-contractor it usually makes more sense for the sub-contractor to also submit the related RFID data to WAWF. This article discusses some ways that this can be done and related security issues.
When a sub-contractor packages and ships product to the DOD, they are in possession of the related RFID data. There are three primary ways that this data can reach WAWF:
- The Prime Contractor Enters the Data - The sub-contractor can forward the RFID data to the Prime Contractor, who then enters the data into WAWF. We normally see this as a fairly manual process, in which the sub-contractor would scan the RFID tags or save a log of printed tags, forward this data to the Prime Contractor via email, and the Prime Contractor would type, or copy and paste, the RFID data into WAWF's web screens. Obviously this is a reasonable option only for very small numbers of RFID tags.
- The Sub-Contractor Enters the Data Acting as the Prime - The Prime Contractor can provide the Sub-Contractor with a WAWF userid and password for the Prime Contractor CAGE code. Then the Sub-Contractor can log into WAWF as the Prime Contractor and do anything that the Prime Contractor could do. We see this done a lot, probably because it is kind of obvious and easy to implement. The downside is that this creates a data security problem. The Sub-Contractor can see every contract and shipment for that CAGE code and can perform any transaction in WAWF that a Prime Contractor user with similar permissions can perform.
- The Sub-Contractor Enters the Data Using CAGE Extension - Option 1 (above) grants Sub-Contractors no WAWF access. Option 2 (above) grants Sub-Contractors complete WAWF access. This third option grants Sub-Contractors with limited access. Each Prime Contractor has in WAWF one or more CAGE codes assigned to them. Each CAGE code can have zero, one or multiple CAGE Extension assigned. The CAGE Extension has the effect of restricting access and defining more specific notification email addresses. The easiest way to explain this is with an example. Our fictitious Prime Contractor, Bomb Makers Inc., has the following CAGE Codes:
Their fictitious Sub-Contractor, *Drop Shipper Inc., has the CAGE Code:
Bomb Makers Inc. creates in WAWF a CAGE Extension of 11111-AAAAA, which has the effect of being a sub-location to their existing location of 11111. To this CAGE Extension they assign users from Bomb Makers Inc. (the Prime) and also from Drop Shipper Inc. (the Sub). When Bomb Makers Inc. submits the Receiving Report to WAWF, they submit with the CAGE Extension of 11111-AAAAA rather than just using their CAGE of 11111. Users from both the Prime and the Sub receive email notifications of the transaction (provided WAWF is configured to send those emails to those users). Additionally, users from the Sub can then submit transactions, only for shipments submitted with the CAGE Extension (11111-AAAAA). So now Drop Shipper Inc. can submit RFID data for the shipment, without having full access to all contracts and shipments in WAWF for the Prime.
Details of how to set up CAGE Extensions are at the WAWF Training Website. Click on Group Administrator (GAM), and then on Administer Location Codes.
*It's a joke. Bomb Maker...Drop Shipper...Bomb Dropper...Get it? Oh, nevermind.