Joint Operating Committees are the key organizational construct of a dynamic, innovative, accountable and profitable oil & gas company. It is the interactions of many producers, service providers and suppliers who are involved in the day to day commercial and strategic concerns of that Joint Operating Committee that we need to concern ourselves with. The Security & Access Control module's focus is to ensure the right people have the right access to the right information with the right authority. This is at the right time at the right place and through the right device.
Throughout Synallagi we discuss two of the most pressing operational issues in the oil & gas industry. Those being the demand for earth science & engineering effort is increasing with each barrel produced. This is best represented by the steep escalation of oil & gas exploration and production costs. At the same time, critical earth science & engineering resources are fixed and difficult to expand. And with the anticipated retirement of this brain trust in the next twenty years, the problem becomes critical. The second issue regards the manner in which the administrative and accounting resources are organized within the industry. With Synallagi the need for each producer to develop their own administrative and accounting capabilities internally is replaced by an overall industry capability. Then each producer can access those resources on a variable cost basis with direct charges to the Joint Operating Committee. This provides operational flexibility in how a producer approaches its strategic and tactical needs.
There are few short-term solutions to the shortfall in geologists and engineers over the next twenty years. It takes the better part of that time to train them to operate in the industry. What we do know are several "things" being applied in the People, Ideas & Objects Synallagi. Many of these concepts are based on what we call Industrial Command and Control. Which is a method developed in the Security & Access Control module of imposing command and control over any and all Joint Operating Committees, working groups, producer firms, service providers or organizations the producer may need to add structure to. The concepts are the further hyper specialization and division of labor, and a reduction in the redundant building of capabilities within each oil & gas producer, or as we describe it, a pooling of resources in the Joint Operating Committee.
The first concept of specialization and division of labor is well known as a principle of economics that brings about greater economic productivity from the same volume of resources. Given that the volume of earth science & engineering resources is known for the foreseeable future. Specialization and the division of labor will provide us with a tangible means to deal with oil & gas industry productivity. In today’s marketplace, approaching a heightened level of specialization and division of labor without software to define and support it would be foolish.
The pooling concept is the solution to the current desire that each producer firm acquires the earth science & engineering capabilities necessary to deal with all the needs of their “operated” properties. This creates unneeded “just-in-time” capabilities for scarce scientific resources. When each producer within the industry pursues this same strategy substantial redundancies are built into the industry's capabilities. Redundancies that are left unused and unusable. What is proposed through the People, Ideas & Objects software application modules is that the producer's operational strategy avoids the “operator” concept. Instead, it pools their specialized technical resources through the Joint Operating Committee partnership. That way the redundancies that would have been present in the industry can be made available to the producers and used by the producers through hyper-specialization and division of labor.
These same principles are present in the second issue noted above. The administrative and accounting capabilities acquired through industry-wide capabilities provide the producer with the flexibility to address operational concerns. Issues such as today’s low natural gas prices can be addressed through this revised structure. By having administrative and accounting service providers charge their service fees directly to the Joint Operating Committee. The producer gains the ability to shut-in unprofitable production with only positive effects on their financial performance. Administrative, accounting, and production costs are eliminated during shut-in production. Providing the most profitable means of oil & gas operations when unprofitable properties no longer dilute profitable properties. Producers can save their reserves for the time when they can be produced profitably. Reserves costs don't have to carry additional losses if unprofitable production continues. Reserves can be seen as a low-cost solution to production and storage. Commodity prices will have less volatility due to producers removing marginal production from the marketplace. And petroleum reserves values are maximized when prices determine reserves value and the volume of commercial reserves available.
Being able to provide service providers with access to and security during these day-to-day operations will be a unique situation for the oil & gas producer. Service providers will aggregate data industry wide. And there will be many service providers involved in providing administrative and accounting services to the producer firm and Joint Operating Committees. Consideration of the proprietary nature of the information and security will be priorities for Synallagi.
A quick note on mobility. People are provided with new devices that enable them to work anywhere. These phones and tablets, in addition to laptop computers, open up security and access control concerns for the innovative and profitable oil & gas producer. Some producers enable their staff with policies that allow them to bring their own devices to work. The fact is these devices provide enhanced productivity and are appropriate for an innovative and profitable oil & gas producer. People, Ideas & Objects Synallagi includes an understanding that these devices will be part of the day to day used in the oil & gas industry.
What these concepts require is what the Security & Access Control module is designed to provide. The system must provide access to the right person at the right time and at the right place with the right authority to the right information. With the Industrial Command & Control there will be a manner in which the technical, and all the resources, that have been pooled from the producers, interact with an appropriate governance and chain of command.
When we talk about the various people within the producer firms affiliated with a Joint Operating Committee. And the number of Joint Operating Committees that a firm may have an interest in. And the number of people a firm employs. Access control becomes challenging. It becomes a challenge when we consider that people certainly should have the access required, but the level of trust they may have with respect to other partner organizations is probably not as strong. That is to say, does using the Joint Operating Committee as the key organizational construct of a dynamic, innovative, accountable and profitable oil & gas producer, open the producer firm to data loss? This is how People, Ideas & Objects deal with the access and trust issue in the Security & Access Control module.
When we concern ourselves with the data and information of the producer firm. We also concern ourselves with the information cleared by the various Joint Operating Committees that the oil & gas producer has an interest in. We can all agree that this information is proprietary and subject to each producer firm's internal policies. (Information such as reserves data, accounting information, internal reports and correspondence, strategy documents.) What we're concerned about is the information and data held in the Accounting Voucher module and the associated data common to the joint account. (well file, agreements, production data, capital and operating costs, revenue and royalties.)
Close analysis of these two types of data and information held within the firm and the Joint Operating Committee falls within the proprietary and partnership domains. In Canada at least, most data and information regarding well operations can be freely obtained through various regulatory agencies. Nonetheless, the majority of the data is shared through the partnership who have an interest in the data and information. Which is not the case with the producer firm's data. Most of the information is kept close at hand and reported through filtered reserve report summaries and annual reports. Therefore keeping a handle on proprietary data, while operating the Joint Operating Committee as the key organizational construct of the innovative oil & gas producer, as proposed by People, Ideas & Objects, does not present any data leakage.
Access control can therefore be limited by restricting any company personnel from viewing other companies' files. Which is a given. While in People, Ideas & Objects access control is restricted to the firm's Joint Operating Committees and the firm's files only. To extend this further, we would limit access to the appropriate roles within the firm. Then it is up to our user community to define a standard set of generic roles in which access is required to certain data types. This would apply to the types of operations handled by that role, for example, read, insert, update, delete. These generic roles could then be assigned to each individual within the organization based on their needs. Assigning multiple roles for more complex access. Access to proprietary data would be restricted to company personnel only.
Throughout Synallagi we've discussed our solution to one of the premier issues the oil & gas industry faces. That is the demand for earth science & engineering effort per barrel of oil increases with each barrel produced. This is best represented by the steep escalation of oil & gas exploration and production costs over time. At the same time, critical earth science & engineering resources are fixed and difficult to expand in the short or medium term. Add to that the anticipated retirement over the next twenty years of the current brain trust of the industry and the problem becomes a critical concern.
What is proposed through the People, Ideas & Objects software application modules ICC is that the producer's operational strategy avoids the “operator” concept. Instead, it pools these technical resources through each of their partnerships represented in their Joint Operating Committees. That way the inefficiencies that would have been present in the industry can be made available and used through industry wide, producer focused, advanced and advancing specialization and division of labor. Where many of the lower end processes are offloaded to service providers who specialize in that basic skill on behalf of many producers. This is done in a geographical area or other specialization. And each individual producer focuses on a specialized element of science as it develops and innovates upon that.
People, Ideas & Objects believe producers will soon be unable to commercially support the full scale of engineering & earth science disciplines tasks and responsibilities as they have in house. This will be due to the shortages of resources, the cost escalation of these resources in the market due to their shortages, the expansion of demand from higher production volumes to achieve energy independence, the demands for more science in each incremental barrel of oil produced, the anticipated, substantial expansion of the sciences and the need to innovate upon that expanding science. For producers to maintain a broadened division of labor to deal with these issues and “operatorship” capabilities, it will extend them beyond any producer's commercial capacity.
What these concepts demand is what the Security & Access Control module is designed to provide through the ICC. The People, Ideas & Objects system must provide access to the right person at the right time and at the right place. This is with the right authority and the right information. With the ICC there will be a manner in which the technical and all the resources pooled from the producers, interact with the appropriate governance, compliance and industry standard chain of command.
Before the hierarchy which was a commercial development of the 20th century, there was only the military structure in terms of large organizations. The main difference between the two is subtle but significant. Military structures are broader and flatter than hierarchy. That is one of the ideals we are seeking, but the more significant feature is the ability for the chain of command to span multiple internal and external organizational structures and to move resources from different areas of the military through standardization.
The nature of people working through the industry-standard chain of command layered over the Joint Operating Committee will include all oil & gas disciplines. The contributions of staff, financial and technical resources will include all those employed by the industry today. I could foresee many office buildings being refurbished to accommodate the staff of a single Joint Operating Committee of a large property. There, staff from the different producers may be seconded to provide support for the Joint Operating Committee. They may work for a single Joint Operating Committee, not for any particular producer firm.
As background we should recall that each individual would have different access levels and authorizations in terms of access to People, Ideas & Objects ERP systems. Assuming different roles and responsibilities, they would impose different access levels to data, information, processes and functionality. People, Ideas & Objects application modules rely on the Security & Access Control module to implement Industrial Command & Control. This structure, particularly in a Joint Operating Committee, would weave multiple producer firms under one industry standard chain of command. The interface ensures that all processes are monitored for compliance, governance, and overall completeness.
This topic discusses the way authorizations, roles and responsibilities are handled in the Security & Access Control module of Synallagi. We should discuss the topic of delegating authority and responsibility during absences, which can come up from time to time.
As background we should recall that each individual would have different access levels and authorizations in terms of access to the People, Ideas & Objects systems. Assuming various roles and responsibilities, they would impose different access levels to data, information, processes and functionality. In addition, Security & Access Control is the key module for implementing Industrial Command & Control across People, Ideas & Objects. This structure, particularly in a Joint Operating Committee, would weave multiple producer firms under one chain of command. To ensure compliance, governance, and overall process completeness, it will need to provide an interface to ensure all processes are monitored.
Throughout Synallagi there is the perception of a heightened role for technology in terms of enabling authorization to conduct operations. Thus, the ability to do things and get things done depends on collaborating with partners and authorizing actions through processes managed by the systems. This participation dictates that the designation of the roles in the Security & Access Control module “means” more than just data access; it imposes authority and responsibility to undertake actions on behalf of Joint Operating Committees and / or producer firms.
It is necessary to assign this authority within the Security & Access Control module during any absence. If someone with authority and responsibility was away for whatever reason, they should be able to assign their authority to another person. This will enable them to fill that role while away. This will ensure that the process isn’t held up during their absence. Delegations of authority have been used for years in large firms and with a system that imposes authorizations and responsibilities on specific roles, the ability to temporarily move them down, across or up the chain of command is a necessity to keep the organization functioning.
Lastly we should talk about the interface that helps to identify missing elements in a process. It would simply show the command structure of the people assigned to a Joint Operating Committee or a process. It would also show their related role, authorizations and responsibilities. If someone was away, it would indicate who took over their role. It would help to identify how they could impose a chain of command to fill any vacancies. This would be particularly helpful if the role or process needed to be documented for compliance purposes.
Starting with the Security & Access Control module we find that Oracle Corporation has a comprehensive suite of applications that provide the security and access control that we are looking for falling under the Oracle Identity Management brand name. These products include tools for Access Management, Identity Administration, Directory Services and Governance. These product classifications come in a variety of different products and are configured in some specialty industry and management suites.
Two areas in Synallagi that will be challenging to develop are the Industrial Command & Control (ICC) and the inter-relatedness of the Joint Operating Committee and service industry representatives. Early on in the specification we noted a number of research areas that needed to be conducted. These are two areas that will take research dollars to resolve. To have the ICC recognize members of different organizations will not be a challenge. To engage them and have them interact in the manner we expect them to when we expect them to, will.
Oracle Identity Management resides within the Oracle Fusion Middleware product layer. As we indicated earlier in Synallagi this is Oracle’s Java Enterprise Server. Therefore these applications are open to tailoring to our users' needs through the process of “additions” as Oracle calls them. When we sit down with Oracle and define the Security & Access Control module based on our user needs. These needs can be accommodated by the technologies we have selected.
And it is through our user community that we will resolve these issues. It is one of the reasons People, Ideas & Objects software developments budgets are where they are. We will have challenges to resolve in delivering these innovative systems to the industry. I would remind producers that our value proposition sees the one-time costs of these developments amortized over our producer base. Yet each producer receives the full scope of that development effort in terms of the software application.
We now look at the Oracle product classification for Access Management. Included in the Access Management classification are the following products: Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlements Server, Oracle Identity Federation and Oracle Enterprise Single Sign-On Suite. Each of these products will be included in Synallagi as they have components required for day to day use by our users, service providers, producers and Joint Operating Committees.
One area Oracle had been working on was working with partners, vendors and suppliers. Within Oracle Access Manager it is noted that they provide... “Building federated user communities that span company boundaries.” These are the beginnings of both pooling and Industrial Command & Control (ICC) that are critical to resolving many of the issues that the oil & gas industry faces.
On the heels of Oracle Access Manager is their Adaptive Access Manager which takes the concept of intra-partner interactions further with “Oracle Adaptive Access Manager makes exposing sensitive data, transactions and business processes to consumers, remote employees or partners via your intranet and extranet safer.” This is the nature of business in the future. Working with partners, as is done by the Joint Operating Committee, is an effective means of reducing costs and increasing innovation in any industry. It’s only reasonable that technologies emulate these needs. In addition Oracle Adaptive Access Manager takes security and authentication to another level. As a result, our demands regarding the pooling concept and the ICC, I feel, will be less of a technical risk for People, Ideas & Objects Synallagi and subsequent developments.
The next application is the Oracle Entitlement Server which provides a dynamic access control element to the applications that use the server. Instead of manually wiring access control privileges into each application and user, they can be dynamically generated using the Oracle Entitlement Server. “The solution can manage complex entitlement policies with a standalone server or with a distributed approach that embeds information at the application level.” When it needs to be determined if user X has access to Joint Operating Committee Y, a decision from the entitlement server, based on criteria within the application, can be made. If this information is changed, our user would be denied access. This provides enhanced security based on policies and reduces the amount of detailed specific software development that is difficult, time consuming, and costly to maintain.
Federated Identities are a major part of how the pooling concept and ICC are implemented in Synallagi. We have specified in many modules, such as the Resource Marketplace module, Federated Identities. Situations such as where the vendor maintains contact and other information. That information is comprehensive and includes key organizational contacts, calendars and scheduling information. Working with the partners in the Joint Operating Committee and the representatives of the service industry in this way will effectively mitigate many technical software development issues we have. These data elements are maintained by each producer / service industry company and available globally throughout the People, Ideas & Objects applications.
One area that we will continue to face a challenge is in the Work Order. Putting together a working group to study earth science or engineering research is critical to innovative oil & gas producers and the industry in general. These are ad-hoc organizations formed with partners that may have no past history to draw from. Federated Identities will provide users with some of the information they need to establish the partnership and grant application access. However, there is still the pooling of and sourcing of costs, and budgets. Costs and their contributions are traditionally what invoke the bureaucratic nightmare that mitigates and destroys the motivation for these working groups to form. We need to ensure these roadblocks do not get in the way. We have proposed to overcome these issues by developing an intuitive interface for our users involved in organizing the working group.
We don't want our users to experience a mindless security access maze. Oracle Enterprise Single Sign-On Suite Plus promises to keep this from happening. Logging onto and off of systems as our user proceeds through the various modules and components of the applications is a must have. This product promises this level of service seamlessly and remotely. Which is needed. And considered a must have feature in today’s software offerings.
Oracle Identity Manager which will be used as the base product for role and identity management. This will be the base of the Industrial Command & Control for People, Ideas & Objects Synallagi. It is part of the Oracle Fusion Middleware product offering and part of their Java Enterprise Server. Therefore we can build off the functionality existing and enhance it with our user community's needs. Building off of the functionality will be somewhat limited as many of the concepts inherent in the ICC are already captured in Oracle Identity Manager.
Oracle Identity Manager is a highly flexible and scalable enterprise identity administration system that enhances operational and business efficiency. It provides centralized administration & complete automation of identity and user provisioning events across the enterprise and extranet applications. It manages the entire identity and role lifecycle to meet changing business and regulatory requirements and provides essential reporting and compliance functionalities. By applying business rules, roles, and audit policies, it ensures consistent enforcement of identity-based controls and reduces ongoing operational and compliance costs.
Oracle Internet Directory and Oracle Virtual Directory product offerings follow. A bit off topic but Oracle Internet Directory is a relational database-derived directory server. That Oracle is providing the marketplace with a directory server based on relational database technology speaks to the power of their relational database. They claim they have performance for two billion users. I see the advantages of using this product over their traditional directory server and have selected it for Synallagi. It will provide us with some flexibility when we ask some of the most comprehensive and demanding questions of these technologies.
Oracle Internet Directory could be deployed as an industry wide directory server. In this case, I am referring to a directory server for the oil & gas and service industries. There it can integrate with other Oracle products, such as Oracle Identity Manager, which would be deployed at the producer firm, Joint Operating Committee and service industry representative level. This being a relational database we have some interesting opportunities here.
Oracle Virtual Directory may be the first step toward optimizing relational databases. What we will have is a global database of names within the Oracle Internet Directory. These will relate to the information contained in Oracle Identity Manager and other applications. Oracle Virtual Directory will provide us with a seamless way to browse, and applications will see these datastores as one.
Within Synallagi we want to access the contact information of the people or firms that provide services or products to the producers or Joint Operating Committees. Individuals and service industry members are expected to maintain their own contact and basic information. These will be maintained in the Oracle Internet Directory for each and every producer or Joint Operating Committee to access the latest and up to date information. This will save an immense amount of time for producers and Joint Operating Committees, as well as individuals and service industry providers. When looking for someone the search capabilities will be significant as we have added the “Vendor / Supplier Contact Database” and the “Actionable Information Interface” to this base data in the Resource Marketplace module.
Now we want to look at Oracle Identity Analytics as part of the Security & Access Control module of Synallagi. This application provides governance over the access privileges granted to our users of the People, Ideas & Objects application modules. Many of the functions and processes provided in Oracle Identity Analytics are either necessary or of significant value included in Synallagi.
A key area of our strategy is to understand the "why" and "how" our users access our services. Providing documentation of what information was accessed by what users and if any of the access violates any of the established policies. Ensuring that data access by users is compliant with corporate and application policies. This is to ensure that users are not unnecessarily abused by overtly secure systems and overall efficient corporate governance is achieved. All of the data collected during data access, that is the “why and how” of our users' access. Is compiled in a “Data Warehouse” for further analytical analysis and querying. This will help to show trends and usage patterns that will form updated policies and procedures and security provisions.
Another useful function within the Oracle Identity Analytics application is the Segregation of Duties feature. In many areas of a corporation, certain process functions must be undertaken by specific and sometimes different individuals. This feature provides for that assurance. It is Sarbanes-Oxley compliant. This is particularly relevant when the Joint Operating Committee is small, as we mentioned the other day. And we have assigned many roles to a few people. By segregating the roles that need to be kept separate for compliance purposes, this application ensures that the appropriate governance is maintained.
There is a comprehensive and customizable dashboard interface for our Oracle Identity Analytics users to analyze the data and particularly the data warehouse. Filled with reports and data that an effective user can use to determine where and how the People, Ideas & Objects producer client might be susceptible to access control violations.
The last feature I want to highlight is what Oracle calls Role Lifecycle Management. This provides the Oracle Identity Analytics user with the ability to do “what if” analysis in terms of the implications for identities and roles within the People, Ideas & Objects application. It contains a role change approval process, role versioning and role rollback. These will be needed in determining and maintaining the Industrial Command & Control.
We now step down from the Oracle Fusion Middleware layer to the actual Oracle Database for some security features. The first product in this stack is Oracle Advanced Security. It provides authentication, encryption, and encryption of database and network activity. It is possible, and I highly recommend that all the data and information used in the People, Ideas & Objects application modules be encrypted in the database and on the network. This increases the load on the systems and requires additional effort in terms of key management. However, I think the nature of the data and information and the manner in which the applications are provided through Synnefa.ai Cloud Administration & Accounting for Oil & Gas, this level of security is necessary.
Oracle Audit Vault is another product I recommend for Synallagi. It provides central location and management of audit information for compliance purposes. The ability to manage data, information, privacy policies, and security for our users. Oracle Audit Vault is Sarbanes Oxley compliant.
This next Oracle product adds to Synallagi. Oracle Label Security will work in many different ways within the modules however here are just two examples. The application designates specific individuals with higher security clearances. It designates specific data fields with certain security clearance. Those with high enough security clearances and appropriate authorizations can read these database fields. Within the People, Ideas & Objects application we want to ensure that the reserves, accounting information and strategy discussions of each producer firm remain confidential to a select group of individuals within that firm. With Oracle Label Security that is possible. We want to ensure that the appropriate people within the chain of command in Industrial Command & Control have access to the appropriate materials to make the appropriate decisions. This will allow those individuals to have access to these materials without making them available to everyone in the chain of command.
Although not that pertinent to our users of the People, Ideas & Objects applications we have included Oracle Configuration Management, Oracle Database Firewall and Oracle Database Vault as part of Synallagi. These will help keep the applications and the Oracle Database running as they should. Oracle Configuration Management will determine if there is a change in the configuration, either through a patch, or if something has been done wrong it will correct itself back to the specified configuration. Ensuring that what is promised to our users of People, Ideas & Objects is provided. Oracle Database Firewall ensures no SQL statements inconsistent with our users' or applications are passed through to the database. Oracle Database Vault allows you to restrict certain IP addresses or users to running certain SQL commands. It also locks databases from having any operations conducted on them.
Backing up data and information is two of Oracle’s strengths. Oracle Secure Backup provides excellent tools for this. Because the database is encrypted, the backup is encrypted as well. What we will need to do in Synallagi is to determine in extensive detail what precisely will be the backup strategy used for the People, Ideas & Objects application.
Lastly there is Oracle Total Recall. A product that helps access historical data. Oracle Fusion Applications provides some interesting solutions for how they handle legacy applications. We will get into those as we proceed through Synallagi.
It is important to remember that here in the Security & Access Control module of Synallagi. That the role and identity-based Industrial Command & Control (ICC) as conceived here has not been implemented, developed or conceived anywhere else before. We are taking role and identity-based management to the next level with the ICC. This is done through the usage of the Joint Operating Committee, through pooling and taking advantage of specialization and the division of labor in the oil & gas industry.
Why are we bothering with the ICC and the Joint Operating Committee pooling of resources? The issue we are resolving is the finite number of earth science & engineering resources available to the industry. With the anticipated retirement levels in the next 20 years. With the time requirements to bring on increased levels of resources. And most importantly with the demands for more energy, and the demands for more earth science & engineering in each barrel of oil equivalent produced. We face long-term shortages of critical resources. The need to organize the industry, exploit specialization and division of labor, and Professor Paul Romer's theory of non-rival costs is necessary to increase the output from the same number of resources. Doing this without pooling the resources in the Joint Operating Committee will cause the producer firm to broaden the scale of their earth science & engineering capabilities beyond what would be a commercially viable concern. Synallagi notes that we have contributions from earth scientists and engineers from multiple producers working together to meet the objectives of the Joint Operating Committee. Therefore we need a means to organize themselves and that is the Industrial Command & Control of the Security & Access Control module.
How the ICC will be implemented will be determined by our user community. However, I can speculate that the Joint Operating Committee will have standard roles and identities used throughout the industry. Standardization provides many benefits and will be necessary in this instance to make technology work. One of the key benefits of standardization is enhanced innovation. The need to have the various areas "covered" in terms of compliance and other requirements will require a standard template used by everyone. Everyone will know that that position is responsible for that role and responsibility. When Joint Operating Committees are small and have only a few people assigned, multiple roles can be assigned to one individual.
There are security and access control issues associated with the service industry and particularly service providers accessing People, Ideas & Objects systems and data. Removing administrative and accounting resources from the producer firms and organizing them in their own service providers provides significant operational flexibility to the innovative and profitable oil & gas producer. The Security & Access Control module ties these disparate organizations into highly organized replacements for the current bureaucracy. Contributing substantially to People, Ideas & Objects' overall tangible portion of our value proposition.
With the natural division in the types of information held within a producer and Joint Operating Committee. Producers will know that Synallagi can deliver the right information to the right people at the right time. Leakage of proprietary information can be mitigated by isolating company data. This is due to its unique nature and Oracle Label Securities' ability to restrict access to database fields.
Oracle’s products provide a strong layer of mission critical capabilities in the Security & Access Control module. Oracle provides comprehensive coverage of security, access control, audit, back up and roll management to name just a few of the highlights provided. Although this comes with additional costs, I am certain that no one will argue with the quality and peace of mind that these products bring.
Date: 2026-06-27
This brief establishes the target direction for the Security and Access Control module before the module is expanded into final specification text. It is intended to prevent the work from becoming a merely incremental rewrite of the existing wiki page.
The module should be treated as a central architectural specification for trust, authority, accountability, cybersecurity, markets, transactions, artificial intelligence, and cross-organizational participation in Synallagi.
Security and Access Control in Synallagi is not only the administration of users, roles, passwords, or screens. It is the operating policy system that determines:
- who or what is acting;
- whom they represent;
- which organization, Joint Operating Committee, market, transaction, asset, or assignment is in scope;
- what duty they are performing;
- which information and functions they may use;
- what business authority they possess;
- what accountability attaches to the action;
- what evidence must be retained; and
- when access must be denied, escalated, reviewed, suspended, or revoked.
The intended outcome is to enable the right person, with the right access, to the right information, at the right time, in the right place, on the right device, with the right authority, and through the right method of engagement.
Synallagi should pursue quality of architecture over quantity of prose. The module should be built in layers:
1. Conceptual model.
2. Target architecture brief.
3. Replacement module.
4. Section-by-section expansion.
5. Traceability back to the original specification and related modules.
The immediate objective is not to finalize every rule. It is to establish a strong enough structure that later sections can be developed without repeatedly reopening the foundation.
Synallagi is ecosystem-informed, user community-led, service provider-enabled, and technologically supported. Producers are essential participants, but they are not the exclusive source of operating knowledge.
The Security and Access Control module must therefore support a larger operating community:
- producers;
- Joint Operating Committees;
- working-interest participants;
- service providers;
- suppliers;
- engineers;
- geologists;
- accountants;
- administrators;
- auditors;
- financial participants;
- market participants;
- technology providers;
- artificial intelligence specialists;
- cybersecurity specialists; and
- People, Ideas & Objects.
The module must preserve independence, information rights, authority limits, and accountability while allowing these parties to collaborate through common transactions, markets, infrastructure, and evidence.
The module shall align with the nine organizational constructs currently identified for Synallagi:
1. Joint Operating Committee.
2. Endogenous Technical Change and sharing of infrastructure.
3. Hyper-specialization and division of labor.
4. Markets.
5. Innovation.
6. Intellectual Property.
7. Information Technology.
8. Trust.
9. Transactions.
These constructs are not merely labels. They define, support, and constrain what Synallagi recognizes as legitimate organization, work, information, authority, access, and accountability.
Every consequential action must identify the party, organization, Joint Operating Committee, market, transaction, or other construct on whose behalf the action is performed.
Access to a function does not by itself grant authority to commit a party, approve an expenditure, publish information, disclose market data, direct work, or bind a Joint Operating Committee.
Access must be limited by duty, transaction, information classification, organizational construct, Joint Operating Committee, property, agreement, market, working interest, authority, time, device, session assurance, and accountability.
Accountability, auditability, and evidence are competitive strengths of Synallagi. The module should help restore confidence in oil and gas administration, financial reporting, investor communication, and operating integrity.
Cybersecurity is not a separate afterthought. Identity compromise, unauthorized access, malicious administration, data leakage, ransomware, integration abuse, artificial intelligence misuse, and market manipulation all belong within the scope of this module.
Synallagi application programming interfaces are private product assets. Direct access is limited to licensed developers, approved user-community participants, service providers, and authenticated runtime services. Public users receive only the application functions intentionally exposed to them.
Markets are first-class security contexts. Marketplace access, disclosure, offer authority, bid authority, settlement, investment participation, and asset securitization require explicit authorization and evidence.
Where Synallagi supports blockchain records, stablecoin settlement, digital wallets, or crypto-based participation in oil and gas assets, the module must govern identity, wallet control, beneficial ownership, transaction authority, investor reporting, financial statement publication, disclosure, custody, settlement, revocation, and incident response.
Artificial intelligence systems may advise, prepare, reconcile, classify, monitor, or recommend. They may not infer representation, disclosure rights, or business authority. Any autonomous action requires explicit policy, accountable ownership, audit evidence, and enforceable guardrails.
The module must keep the following concepts separate, even when an implementation platform combines parts of them:
- identity;
- authentication;
- organization;
- organizational relationship;
- represented party;
- Joint Operating Committee membership;
- market participation;
- wallet or payment instrument control;
- business role;
- duty;
- privilege;
- data entitlement;
- authority;
- responsibility;
- accountability;
- delegation;
- transaction state;
- information classification;
- cybersecurity risk;
- audit event; and
- policy decision.
This separation is necessary because a person may be authenticated but not authorized, employed but not assigned, assigned but not empowered, empowered but conflicted, or technically able to act without business authority.
Target module structure
1. Introduction.
2. Security objectives.
3. Synallagi operating model.
4. Organizational constructs.
5. Identity and represented parties.
6. Identity proofing and authentication.
7. Federated identity and external identity trust.
8. Joint Operating Committee membership.
9. Roles, duties, privileges, and data entitlements.
10. Private application interfaces and licensed developer access.
11. Data classification and information boundaries.
12. Business authority.
13. Delegation.
14. Segregation of duties and conflicts.
15. Access requests, provisioning, and reconciliation.
16. Access lifecycle and revocation.
17. Access review and certification.
18. Transaction and workflow controls.
19. Markets and external-party access.
20. Blockchain, stablecoins, wallets, and crypto-based asset participation.
21. Privileged and emergency access.
22. Services, integrations, and automated processes.
23. Artificial intelligence and automated agents.
24. Cybersecurity, monitoring, and investigation.
25. Security incidents and recovery.
26. Privacy, retention, and information lifecycle.
27. Security administration and governance.
28. Oracle Cloud Enterprise Resource Planning.
29. Measures and assurance.
30. Open design decisions.
31. Conclusion.
Oracle Cloud Enterprise Resource Planning should provide standard security capabilities where they fit the requirement, including application privileges, job roles, duty roles, data roles, administration, access requests, controls, certifications, and audit reporting.
Synallagi must own the domain semantics that Oracle does not define: Joint Operating Committee membership, represented party, pooling, working interest, agreement scope, market participation, transaction authority, delegation, hyper specialized duties, wallet participation, crypto-asset rights, and cross-organizational conflicts.
The architecture should therefore distinguish:
- Oracle-delivered controls;
- Synallagi domain policy;
- integration and provisioning controls;
- database and application enforcement;
- audit and evidence correlation; and
- cybersecurity monitoring.
The owner's highest-value role is not line editing. It is domain judgment.
The next reviews should focus on:
- whether the concepts are correct;
- whether any oil and gas distinction has been flattened;
- whether Joint Operating Committee culture is faithfully represented;
- whether markets, crypto participation, and asset securitization are positioned correctly;
- whether user-community and service-provider roles are visible enough;
- whether cybersecurity is strong enough;
- whether any section is merely generic enterprise security; and
- whether the module advances Synallagi rather than only documenting controls.
The next phase should proceed through smaller, conceptually focused pages rather than another full module rewrite.
Recommended sequence:
1. Finalize the conceptual model at a high level.
2. Review this target architecture brief.
3. Rewrite the replacement module section by section.
4. Start a parallel set of smaller background pages for single topics, such as markets, Joint Operating Committee membership, blockchain, stablecoins, cybersecurity, private application interfaces, delegation, artificial intelligence guardrails, and audit evidence.
5. Reassemble the complete module only after those single-topic pages are stable.
This preserves quality while keeping the work manageable.
The following items should not be forced prematurely:
- the detailed role and duty catalogue;
- the detailed market participation model;
- wallet identity and beneficial ownership rules;
- stablecoin settlement and custody requirements;
- blockchain record authority;
- crypto-based asset securitization workflow;
- investor reporting from the Joint Operating Committee level;
- cybersecurity incident classifications;
- artificial intelligence execution boundaries;
- Targeting Framework access rules;
- revocation timing by event type;
- audit participation by accounting firms; and
- exact Oracle implementation mapping.
Only to Start the Ball Rolling for Our User Community
These decisions should be developed through focused pages and later folded into the module.
Date: 2026-06-27
Synallagi operates across organizational boundaries. A person may work for one producer, represent another party under contract, participate in several Joint Operating Committees, perform a specialized duty for a limited period, support a marketplace, and possess different authority in each context.
A conventional statement such as "assign the user a role" is therefore insufficient. Synallagi must determine who the person is, whom they represent, where and in which organizational construct they are acting, what duty they are performing, which information and transaction are involved, the limit of their authority, and whether the current circumstances provide sufficient assurance.
This need for context becomes more important as Synallagi advances hyper-specialization and the division of labor. A geologist may specialize in a formation or geophysical theory. An engineer may specialize in a particular form of hydraulic-fracturing design. An administrative or accounting specialist may manage one narrow process within the Material Balance Report. A single producer or Joint Operating Committee may not generate enough demand to sustain these capabilities within only one producer. Synallagi must enable specialists to work across many producers, Joint Operating Committees, markets, and assignments without receiving broad or permanent access to all of them.
Synallagi is ecosystem-informed, user community-led, service provider-enabled, and technologically supported. Producers participate in this environment, but they are not its exclusive or dominant source of operating knowledge. The relevant community includes service providers, engineers, geologists, accountants, administrators, contractors, service-industry firms, financial participants, technology providers, artificial intelligence specialists, cybersecurity specialists, and other disciplines required to rebuild oil and gas accounting, administration, operations, governance, and marketplaces.
Industrial Command and Control remains the business model through which authority, responsibility, coordination, and accountability are established. Security and Access Control is the policy system that faithfully enforces that model. Its practical objective is to enable the right person, with the right access, to the right information, at the right time, in the right place, on the right device, with the right authority, and through the right method of engagement.
2. Governing principles
1. Explicit representation: every consequential action identifies the organization, market, Joint Operating Committee, or other recognized construct on whose behalf it is performed.
2. No authority by implication: access to a function does not by itself grant authority to commit a party, approve expenditure, disclose information, publish market data, or direct work.
3. Contextual least privilege: access is restricted by duty, information, organizational construct, Joint Operating Committee, property, agreement, market, transaction, time, authority, and accountability.
4. Independent revocation: ending one assignment removes only the access derived from that assignment.
5. No permanent trust from network location: identity, policy, and current context determine access.
6. Foundational accountability: every material decision remains attributable to an authorized human or explicitly governed automated authority.
7. Complete evidence: Synallagi records the basis on which material access and authority decisions were made.
8. Safe failure: uncertainty about identity, representation, policy, scope, authority, cybersecurity condition, or accountability results in denial or controlled escalation.
9. Technology-independent requirements: Oracle capabilities implement the model but do not define Synallagi's organizational concepts.
10. Governed change: roles, policies, conflicts, authority templates, market rules, wallet rules, and artificial intelligence guardrails are versioned and reviewed like other critical product configuration.
3.1 Identity
An identity is the persistent digital representation of a human, service, integration, device, wallet, or automated agent. Its purpose is to give Synallagi one reliable subject to which authentication, organizational relationships, assignments, actions, and accountability can be attached. A human identity normally remains the same while the person's employer, producer representation, Joint Operating Committee memberships, market participation, duties, and authority change around it.
An identity is not an employee record, Joint Operating Committee member, role, wallet, account, or market participant. Those are relationships or assignments attached to the identity.
Identity is broader than federated identity. Federation is one method by which Synallagi may trust another organization's authentication of an identity. It does not create Joint Operating Committee membership, market participation, wallet authority, or business authority.
Each identity has a unique identifier, type, status, authoritative source, assurance information, and lifecycle. Non-human identities must also have a named human or organizational owner.
3.2 Organization
An organization may be a producer, service company, supplier, regulator, auditor, financial participant, service provider, People, Ideas & Objects, or another recognized legal or commercial party. A market, Joint Operating Committee, user community, role, or wallet community may influence access but is modeled separately because it is not necessarily an organization.
3.3 Organizational relationship
This object establishes why an identity may represent an organization. Examples include employment, directorship, partnership representation, professional engagement, service contract, regulatory appointment, audit engagement, or approved marketplace participation.
The relationship has an owner, sponsor, effective dates, status, and evidence. Ending it triggers review or revocation of all derived assignments.
3.4 Organizational construct
Synallagi's organizational constructs define, support, and constrain what the application, its participants, and its automated processes may do.
The nine organizational constructs currently identified are:
1. Joint Operating Committee.
2. Endogenous Technical Change and sharing of infrastructure.
3. Hyper-specialization and division of labor.
4. Markets.
5. Innovation.
6. Intellectual Property.
7. Information Technology.
8. Trust.
9. Transactions.
An organizational construct is represented in security policy when it creates membership, authority, responsibility, information, process, market, technology, trust, or transaction boundaries. The constructs must not be reduced to technical roles. They are part of the institutional design that determines which relationships and actions Synallagi recognizes.
3.5 Joint Operating Committee
A Joint Operating Committee is the key organizational construct of Synallagi and a governed multi-party operating context. It has members, participating organizations, agreements, properties, decision rules, authority structures, information boundaries, effective dates, and accountability requirements.
The Joint Operating Committee is not merely a data-security segment. It is a domain object from which scoped authority and access may be derived.
3.6 Representation
Representation connects an identity, organization, and operating context. It answers: "For whom is this identity acting here?"
An identity may have more than one representation, including arrangements in which a small producer participates through another producer as a non-novated member. The active representation must be unambiguous when a material action occurs. Where dual representation creates a conflict, policy must prohibit the action or require declared mitigation.
3.7 Business role
A business role describes a recognizable position in an organization, Joint Operating Committee, market, user community, or service-provider process, such as working-interest representative, production engineer, controller, external auditor, formation specialist, transaction designer, wallet administrator, marketplace participant, or Material Balance Report reconciliation specialist.
A role groups duties but does not itself define all information access or authority.
3.8 Duty
A duty is a coherent responsibility such as preparing an Authorization for Expenditure, reviewing a voucher, approving a work order, reconciling production, certifying access, administering security, designing a transaction, qualifying a market participant, or reviewing blockchain settlement evidence.
Duties are the primary units used for least privilege, work rotation, segregation-of-duties analysis, and assignment of accountability.
3.9 Privilege
A privilege permits a system action such as view, create, amend, approve, post, export, administer, settle, tokenize, revoke, or invoke an application programming interface operation.
Privileges enable functions. They do not independently grant information access or business authority.
Synallagi application programming interfaces are private. Direct access is restricted to licensed developers, approved user-community participants, service providers, and authenticated runtime integrations. Public users receive only the compiled or runtime application functions intentionally exposed to them.
Unauthorized release or use of private application programming interfaces is a license, security, and intellectual property concern. The specification should state Synallagi's product policy clearly without relying on legal interpretation inside this module.
3.10 Data entitlement
A data entitlement identifies the resources and records to which a privilege applies. Relevant scopes may include organization, business unit, ledger, Joint Operating Committee, property, well, agreement, partner, marketplace, wallet, blockchain address, work order, Authorization for Expenditure, voucher, settlement, or transaction.
Oracle Artificial Intelligence Database 26ai or a later approved release is the intended principal data platform. Synallagi should therefore be treated in significant part as database-centred development, while access remains governed consistently through the application, policy, integration, and database layers.
3.11 Authority
Authority permits a subject to make or approve a business commitment. It may be constrained by monetary value, ownership interest, voting threshold, technical discipline, geographic area, property, transaction type, market, wallet, settlement instrument, or emergency condition.
Authority is granted by an accountable body and must have an effective period and evidence for accountability and auditability. The system must make the origin, exercise, result, and subsequent review of authority visible.
3.12 Responsibility and accountability
Responsibility identifies the party expected to perform or supervise work. Accountability identifies the party answerable for the outcome. Neither should be inferred solely from technical access.
Accountability must persist from the assignment of authority through the transaction, resulting records, financial statements, investor communication, performance evaluation, and audit evidence.
3.13 Delegation
A delegation temporarily transfers specified duties or authority. It identifies delegator, delegate, scope, reason, dates, approval, conflicts, and revocation state.
Delegation cannot create powers the delegator does not possess, evade segregation-of-duties policy, or silently transfer accountability. Synallagi should support innovative delegation patterns developed through the user community where they are needed to preserve organizational continuity.
3.14 Policy
A policy expresses the conditions under which a request is permitted, denied, or escalated. Policies may be global, organizational, Joint Operating Committee-specific, resource-specific, transaction-specific, market-specific, wallet-specific, or method-specific.
3.15 Audit event
An audit event records who or what acted, represented party, context, action, resource, before and after state, evaluated policy, decision, authority basis, time, assurance, result, accountability, and correlation identifiers.
Synallagi shall restore audit controls to a central operational role and demonstrate their value across distributed workforces, artificial intelligence-assisted processes, Joint Operating Committees, markets, service-provider activities, blockchain-supported transactions, and crypto-based asset participation.
In addition to audit controls, People, Ideas & Objects has invited accounting firms to establish their own user-community members to actively participate in software development. The objective is to integrate higher levels of accountability, assist audit needs, and reduce the overall costs of annual audits and statutory reporting for the oil and gas industry.
Every protected operation is evaluated as:
Subject plus representation plus operating context plus duty plus action plus resource plus information scope plus transaction state plus authority plus time plus session assurance plus cybersecurity condition plus applicable constraints plus accountability assignment.
The decision process should answer:
1. Is the identity active and sufficiently authenticated?
2. Is its authoritative relationship still valid?
3. Which organization is it representing?
4. Is that representation valid for this producer, Joint Operating Committee, agency, employment assignment, market, wallet, or other recognized context?
5. Does the identity hold the required role and duty?
6. Does the duty provide the required system privilege?
7. Does the data entitlement include this exact resource?
8. Is the transaction in a state where this action is permitted?
9. Does the identity possess sufficient business authority?
10. Would the action create a segregation-of-duties or representation conflict?
11. Are time, session, device, location, identity assurance, and cybersecurity conditions acceptable?
12. Is additional approval, step-up authentication, or independent certification required?
13. Is the accountable party identified?
The decision and its material inputs are retained as evidence for consequential actions.
Boundary A — home organization to Synallagi
The home organization may authenticate its people and assert selected attributes. Synallagi determines which issuers, authentication assurances, attributes, and lifecycle signals it accepts.
Boundary B — organization to Joint Operating Committee
Employment or authentication does not automatically confer Joint Operating Committee membership. A valid Joint Operating Committee representation and assignment are separately required.
Boundary C — Joint Operating Committee to producer-private information
Participation in a Joint Operating Committee grants no implicit access to a producer's strategy, reserves analysis, internal correspondence, unrelated properties, or other private information.
This boundary does not restrict information that is public by law or regulation. Production volumes, well configurations, drilling records, hydraulic-fracturing information, and other prescribed records may need to be disclosed in considerable detail.
Boundary D — Joint Operating Committee to marketplace
Information and authority used in a Joint Operating Committee are not automatically publishable or usable in a marketplace. Disclosure and commitment require separate privileges and authority, except where a defined public-disclosure obligation applies.
Boundary E — human to automated agent
An artificial intelligence system or automated service receives only explicitly delegated information and actions. The system records whether output was advisory, prepared for approval, or executed under governed automated authority.
People, Ideas & Objects' intellectual property and Targeting Framework are intended to define the objectives, permissions, constraints, and boundaries within which agents operate. These guardrails must be implemented as enforceable policy and monitored behaviour, not only as instructions to the model.
Boundary F — application to integration
Every application programming interface client and integration has its own identity, owner, credential lifecycle, permissions, information scope, and monitoring. Shared technical accounts are prohibited except under an approved transitional exception.
Boundary G — market to asset ownership
Market participation, wallet control, stablecoin payment capability, or blockchain address control does not automatically establish beneficial ownership, authority to sell, authority to pledge, authority to vote, or authority to receive Joint Operating Committee-level financial statements. Those rights must be separately represented, evidenced, and governed.
Join
1. Establish or federate identity.
2. Verify organizational relationship and sponsor.
3. Admit the organization and representative to the applicable context.
4. Assign governed roles and duties.
5. Define information scope and authority.
6. Evaluate conflicts.
7. Obtain required approvals.
8. Provision and verify access.
9. Record evidence and notify relevant owners.
Recurring transaction designs should be expressed as governed templates. A template defines the persistent, generic elements of a transaction type: roles, duties, workflow, information requirements, controls, authority patterns, and audit evidence. Each assignment supplies the people, organizations, Joint Operating Committees, properties, values, dates, and other context unique to that transaction.
Move
Changes in employer, contract, represented organization, Joint Operating Committee, property, duty, authority, ownership, pooling assignment, market status, wallet authority, or transaction template trigger reevaluation. New access is not simply added to old access. Obsolete derived access is removed.
Leave
Termination, contract expiry, Joint Operating Committee withdrawal, assignment, novation, farmout, farmin, subsequent joint venture, working-interest disposition, suspension, loss of qualification, market removal, wallet compromise, or termination of a pooling assignment causes prompt reevaluation or revocation.
Review
Access is certified periodically and after material events. Reviewers assess not only assigned roles but also Joint Operating Committee membership, information scope, authority, delegation, privileged access, market access, wallet authority, artificial intelligence access, and unresolved exceptions.
Conflicts should be defined at three levels:
1. Assignment conflict: incompatible duties are held concurrently.
2. Transaction conflict: one person attempts incompatible actions on the same transaction.
3. Representation conflict: one person represents parties with conflicting interests in the same decision.
A conflict may be prohibited, require a different actor, or proceed only with an approved mitigating control.
Authorization for Expenditure approval
A partner representative may approve an Authorization for Expenditure only for the represented partner and applicable Joint Operating Committee, within a valid assignment and monetary authority, after required authentication, provided the representative did not perform a prohibited conflicting duty.
A working-interest participant may view joint-account voucher information and supporting evidence to the extent established by the governing agreement and pooled Joint Operating Committee structure. Producer-private analysis, unrelated properties, and another participant's private annotations remain outside that entitlement.
Marketplace participation
A market participant may offer services, bid, negotiate, or accept an assignment only within an approved market role, qualification, representation, disclosure policy, and authority limit. Marketplace participation does not create access to unrelated producer-private or Joint Operating Committee-confidential information.
Crypto-based asset participation
A holder of a crypto-based oil and gas asset may receive financial statements or other disclosures only when identity, wallet control, beneficial ownership, asset rights, disclosure entitlement, and regulatory obligations have been established. Control of a wallet alone is not sufficient to establish every right in Synallagi.
Hyperspecialized Material Balance Report work
One service provider may capture industry-level balancing adjustments as controlled transactions. Another may analyze, verify, and reconcile the adjustments. Further specialists may support individual producers or Joint Operating Committees in validating their resulting records. Each specialist receives only the process, information partition, and evidence required for their duty.
Artificial intelligence preparation of a recommendation
An artificial intelligence agent may read approved information and prepare a recommendation under its own workload identity. It may not represent a partner or approve the decision unless a future policy explicitly establishes governed automated authority.
Oracle Cloud Enterprise Resource Planning can implement substantial portions of function and data security. Oracle security administration and risk-management capabilities can support role administration, analysis, access requests, segregation-of-duties controls, access certification, and audit reporting.
Synallagi should inherit and configure Oracle-delivered security where it meets the requirement, then use supported extension points to add Synallagi-specific capabilities while maintaining a consistent user experience.
Synallagi must own the domain objects and policy semantics unique to the product: Joint Operating Committee membership, representation, pooling relationships, agreement scope, working interest, transaction authority, delegation, marketplace participation, hyperspecialized service-provider work, wallet participation, crypto-based asset rights, cybersecurity policy, and cross-organizational conflicts.
The following matters remain open and should be developed with the user community and service providers:
1. A complete catalogue of standardized and hyperspecialized roles and duties.
2. The precise relationship among working-interest voting, monetary authority, technical authority, pooled capability assignments, market authority, and wallet authority.
3. The detailed information-classification rules for each Joint Operating Committee artifact and public disclosure obligation.
4. Actions requiring dual control, step-up authentication, independent technical certification, or Compliance and Governance review.
5. Required revocation and reevaluation timing for each lifecycle event.
6. The actions artificial intelligence systems may prepare, recommend, execute, or never perform.
7. The security consequences of the nine organizational constructs.
8. The detailed blockchain, stablecoin, and crypto-asset participation model.
9. The cybersecurity control model appropriate to Synallagi's cross-industry role.
10. The access rules for the Targeting Framework.
For our user community. This conceptual model is now sufficient as a working model, not as a final public specification. It should be used to guide smaller background pages and later section-by-section rewrite of the replacement module.
Date: 2026-06-27
The original Security and Access Control specification describes the business objective and vision for the module. The following companion architecture expands that vision into the trust, authority, accountability, cybersecurity, market, artificial intelligence, blockchain, stablecoin, wallet, and implementation concepts required to support Synallagi.
Synallagi coordinates the activities of producer firms, Joint Operating Committees, service providers, suppliers, specialists, marketplaces, financial participants, technology providers, and other participants in the North American oil and gas industry. These participants remain members of independently governed organizations while collaborating through common information, processes, transactions, markets, infrastructure, and operating objectives.
The specification is ecosystem-informed, user community-led, service provider-enabled, and technologically supported. Producers are participants but are not the exclusive or dominant source of operating knowledge. Engineers, geologists, accountants, administrators, contractors, service-industry firms, financial participants, technology providers, artificial intelligence specialists, cybersecurity specialists, and other disciplines contribute to the institutional and technical design.
Security and Access Control provides the trust, authority, cybersecurity, and accountability framework for that collaboration. Its purpose is to ensure that the right person or authorized system can perform the right action, on the right information or process, for the right organization, Joint Operating Committee, market, asset, transaction, or wallet context, within the right authority, at the right time, under acceptable conditions, with complete evidence.
This module is not limited to protecting screens or information. Within Synallagi, access is connected to the authority to act, responsibility to perform, and accountability for outcomes. The module implements the security aspects of Industrial Command and Control while preserving the legal, commercial, operational, market, cybersecurity, and information boundaries of every participating organization.
Synallagi shall:
establish reliable identities for people, organizations, services, integrations, devices, wallets, and automated agents;
distinguish authentication from Joint Operating Committee membership, organizational representation, system access, business authority, market authority, and wallet authority;
enforce least privilege across functions, information, transactions, authority, markets, wallets, and time;
support secure collaboration among independently administered organizations;
protect producer-private, partnership, Joint Operating Committee, marketplace, regulated, personal, intellectual property, cybersecurity-sensitive, and public information according to ownership and classification;
prevent or detect incompatible access and actions;
provide timely provisioning, change, review, suspension, and revocation of access;
preserve evidence sufficient to reconstruct consequential security and business decisions;
maintain human accountability when automation or artificial intelligence is used;
support blockchain, stablecoin, and crypto-based asset participation only under explicit policy and evidence; and
fail safely when identity, policy, representation, information scope, cybersecurity condition, or authority cannot be established.
Industrial Command and Control defines how authority, responsibility, coordination, and accountability are organized within producer firms, Joint Operating Committees, working groups, service relationships, markets, and other Synallagi constructs. It enables dispersed specialists to contribute under an explicit operating structure without requiring every producer to duplicate the same capabilities internally.
Hyper-specialization may produce roles narrower than today's generic engineering, geological, accounting, or administrative positions. A specialist may serve many producers and Joint Operating Committees because no single organization generates sufficient demand for that capability. Security policy shall permit this cross-industry work while restricting every specialist to the current assignment, process, information, authority, and evidence requirements.
Security and Access Control enforces that structure but does not define command solely through technical roles. A person may be responsible for work without holding approval authority. A person may have authority to approve a decision without receiving unrestricted access to all related information. A person may be able to operate an application function without possessing the commercial authority to bind a producer, Joint Operating Committee, market participant, or asset holder.
Synallagi shall therefore represent business role, duty, system privilege, information entitlement, authority, responsibility, and accountability as related but distinct concepts.
Synallagi's organizational constructs define, support, and constrain the relationships and actions recognized by the application.
The nine organizational constructs currently identified are:
1. Joint Operating Committee.
2. Endogenous Technical Change and sharing of infrastructure.
3. Hyper-specialization and division of labor.
4. Markets.
5. Innovation.
6. Intellectual Property.
7. Information Technology.
8. Trust.
9. Transactions.
The Joint Operating Committee is the key organizational construct and the governed context in which working-interest participants coordinate property operations. Pooling, specialization, and the division of labor replace the traditional operator and non-operator allocation as Synallagi's organizing model. Traditional operator terminology may still be received from agreements, regulations, historical records, and external systems, but it does not determine how Synallagi assigns work.
Identities and represented parties
Every human and non-human actor shall have a unique identity. The identity is the persistent subject to which authentication, organizational relationships, assignments, actions, and accountability are attached. It remains stable while employment, representation, Joint Operating Committee membership, market participation, duties, wallet authority, and business authority change.
An identity may be associated with one or more organizations through employment, directorship, contract, professional engagement, partnership representation, regulatory appointment, audit engagement, market participation, or another governed relationship. The existence of an identity or organizational relationship does not automatically grant access to a Joint Operating Committee, market, wallet, or Synallagi resource.
For every consequential action, Synallagi shall identify:
the acting identity;
whether the actor is human or automated;
the organization represented by the actor;
the applicable Joint Operating Committee, property, agreement, marketplace, wallet, transaction, or other operating context;
the duty and authority under which the action is performed; and
the policy decision that permitted or denied the action.
Where a person is entitled to represent more than one organization, Synallagi shall require an explicit representation context. A person shall not silently change represented parties within a transaction. Conflicting representation shall be prohibited or governed through an approved exception and mitigating control.
The strength of identity proofing and authentication shall correspond to the risk of the available actions and information. Synallagi shall define assurance requirements for employees, partner representatives, contractors, service-provider personnel, auditors, administrators, marketplace participants, services, integrations, wallets, and automated agents.
Strong authentication shall be required for privileged administration, wallet-related actions, marketplace commitments, and material business actions. Synallagi shall support step-up authentication where transaction value, information sensitivity, changed circumstances, session risk, cybersecurity risk, or authority level requires greater assurance.
Authentication establishes control of an identity credential. It does not establish organizational representation, Joint Operating Committee membership, access to information, authority to commit a party, or authority over a wallet.
Synallagi shall support identity federation so participating organizations can authenticate their personnel through approved identity providers. Each federation relationship shall define the trusted organization, accepted technical method, required identity assertions, minimum assurance, attribute ownership, provisioning signals, incident notification, review, suspension, termination, and fallback procedures.
Federation establishes controlled trust in authentication assertions. Synallagi retains authority over Joint Operating Committee admission, representation, role, information scope, duties, market participation, wallet authority, and business authority.
Joint Operating Committee membership shall be a governed relationship among an identity, a represented organization, and a Joint Operating Committee. It shall identify the sponsor, basis of membership, effective dates, status, approved roles, duties, information scope, authority, and applicable agreements.
Membership shall be reviewed or revoked when relevant circumstances change, including termination or suspension of the person's organizational relationship, expiry or termination of a contract, change in pooling assignment, acquisition or disposition of a working interest, withdrawal or suspension of a partner, change in agreement or decision rules, change in assigned duties or professional qualifications, or a security incident affecting the person or represented organization.
Removing one Joint Operating Committee assignment shall not unnecessarily remove unrelated assignments held by the same identity. Conversely, continued employment shall not preserve access derived from an expired Joint Operating Committee assignment.
A business role identifies a recognized position such as working-interest representative, production engineer, controller, auditor, formation specialist, transaction designer, wallet administrator, marketplace participant, or Material Balance Report reconciliation specialist.
A duty identifies a coherent responsibility such as preparing an Authorization for Expenditure, reviewing a voucher, approving a work order, reconciling production, administering security, certifying access, qualifying a market participant, or reviewing settlement evidence.
A privilege permits a defined application or application programming interface action. An information entitlement limits that privilege to specific records and resources. Synallagi application programming interfaces are private and directly available only to licensed developers, approved user-community participants, service providers, and authenticated runtime integrations. Public users receive only the compiled or runtime application functions intentionally exposed to them.
Synallagi shall grant access through governed assignments rather than direct, undocumented grants to individuals. Stable duties should be reusable across organizations and Joint Operating Committees. Dynamic context such as Joint Operating Committee, property, well, agreement, working interest, market, wallet, authority amount, and assignment period shall not be hidden inside an uncontrolled proliferation of static role names.
The existing distinction between producer information and partnership information remains important but is not sufficient for the full Synallagi environment. Information shall be classified according to ownership, contractual rights, sensitivity, regulatory obligations, operational impact, cybersecurity risk, market impact, intellectual property status, and permitted disclosure.
The classification model shall address at least:
producer-private information;
Joint Operating Committee and partnership information;
pooled Joint Operating Committee and externally administered information;
property, well, production, and technical information;
agreements and working-interest information;
accounting, voucher, Authorization for Expenditure, order, payment, revenue, and settlement information;
service-provider and supplier information;
research, knowledge, and intellectual property;
marketplace-confidential information;
wallet, blockchain, stablecoin, and crypto-asset participation information;
personal information;
regulated or legally restricted information;
cybersecurity-sensitive information; and
information approved for public release.
Access to one classification shall not imply access to another. Participation in a Joint Operating Committee shall not provide access to a producer's unrelated properties, strategy, private analysis, correspondence, or other confidential information. Similarly, information available within a Joint Operating Committee shall not be published or used in a marketplace without separate disclosure authority.
The technical ability to operate a function shall not be treated as authority to make a business commitment. Synallagi shall represent authority independently and may constrain it by represented organization, Joint Operating Committee, agreement, transaction type, property, well, project, market, wallet, settlement instrument, monetary amount, working-interest threshold, voting requirement, professional discipline, transaction stage, effective period, and normal or emergency conditions.
Material actions shall be denied when authority is absent, expired, insufficient, ambiguous, inconsistent with the represented party, or inconsistent with the required accountability.
Delegation enables continuity during absences, workload changes, emergencies, and temporary assignments. Every delegation shall identify the delegator, delegate, represented organization, operating context, delegated duties, delegated authority, excluded duties, limits, reason, start and end time, approving authority, conflict assessment, notification recipients, and revocation status.
A delegation shall not exceed the delegator's authority, bypass an applicable conflict rule, transfer unrelated privileges, or conceal accountability. Delegated access shall expire automatically and remain fully auditable.
Synallagi shall prevent, detect, and manage assignment conflicts, transaction conflicts, and representation conflicts.
Examples include preparing and finally approving the same material transaction; requesting and provisioning one's own access; administering security and independently certifying the resulting access; acting for multiple parties in the same negotiation without an approved arrangement; controlling a wallet and approving a related settlement without independent review; or designing a market transaction and independently certifying its disclosure.
Where a conflict may be accepted, the exception shall identify its owner, rationale, duration, affected duties, risk, compensating control, reviewer, and expiry.
An access request shall state the business purpose, requested role or duty, represented organization, Joint Operating Committee, information scope, authority, duration, sponsor, and required approvers. Synallagi shall evaluate the request against existing access, conflicts, sensitive privileges, qualifications, contracts, cybersecurity conditions, and policy.
Approved access shall be provisioned through controlled integration with Oracle and other required services. Synallagi shall reconcile approved access against actual access and investigate discrepancies.
Access shall remain valid only while all of its supporting relationships remain valid. Synallagi shall process joiner, mover, and leaver events and domain events such as assignment, novation, farmout, farmin, subsequent joint venture, Joint Operating Committee restructuring, pooling change, working-interest transfer, contract expiry, loss of qualification, market removal, wallet compromise, and security incident.
Revocation shall address roles, information grants, authority, delegations, sessions, credentials, pending approvals, owned work items, integration access, emergency assignments, wallet authority, and automated-agent access.
Access shall be reviewed periodically and after material events. Reviews shall include identity and organizational relationship, Joint Operating Committee membership and representation, roles, duties, privileges, information entitlements, monetary and other authority, delegations, privileged access, emergency access, market access, wallet authority, service access, integration access, automated-agent access, conflicts, inactive access, unused access, and orphaned access.
Reviewers shall be sufficiently independent and knowledgeable to judge the access. Rejected access shall be removed within a defined period and verified.
Authorization shall consider transaction state. Holding a duty does not permit an actor to perform an action at every stage of a process.
Recurring transaction designs shall be represented as governed templates. A template persists the generic roles, duties, workflow, information, controls, authority patterns, and audit evidence for a transaction type. Each use of the template supplies the participants, represented organizations, Joint Operating Committees, properties, values, dates, wallets, markets, and other context unique to that transaction.
For Authorizations for Expenditure, vouchers, work orders, purchase orders, job orders, production decisions, payments, marketplace transactions, stablecoin settlements, blockchain records, and other material processes, the specification shall define permitted initiators, required reviewers, authority thresholds, partner or voting requirements, incompatible actions, amendment rights, emergency procedures, required evidence, and final accountability.
Each Synallagi marketplace shall define participant qualification, onboarding, disclosure rights, bidding or offering authority, conflict rules, commitment authority, signing, settlement, suspension, and removal.
Marketplace participation shall not provide implicit access to a participant's producer-private or Joint Operating Committee-confidential information. Information may cross from an operating context to a marketplace only under an explicit disclosure policy and attributable authority.
Service-provider and supplier access shall be bound to the employing organization, contract, Joint Operating Committee, work order, property, duty, qualification, and time period. Expiry of any required relationship shall trigger reevaluation or revocation.
Synallagi may support blockchain records, stablecoin settlement, digital wallets, and crypto-based participation in oil and gas assets. These capabilities extend the Security and Access Control module because they affect identity, authority, ownership, financial reporting, settlement, disclosure, custody, and investor communication.
The system shall distinguish wallet control from beneficial ownership, market participation, voting rights, settlement authority, disclosure entitlement, and authority to receive Joint Operating Committee-level financial statements.
Where assets are securitized or represented through crypto-based instruments, Synallagi shall define:
participant qualification;
identity and wallet verification;
beneficial ownership evidence;
asset rights and restrictions;
disclosure entitlements;
Joint Operating Committee-level reporting obligations;
financial statement publication rules;
settlement authority;
stablecoin acceptance and reconciliation;
custody and transfer restrictions;
incident response for compromised wallets or keys;
audit evidence; and
regulatory or contractual constraints.
These capabilities should be developed in focused background pages before they are treated as final module requirements.
Security administration, role administration, policy administration, audit administration, wallet administration, market administration, and other privileged duties shall be separated from ordinary business activity and from independent review.
Emergency access shall be exceptional, strongly authenticated, narrowly scoped, time-limited, monitored, and reviewed promptly after use. Synallagi shall notify designated owners when emergency access is activated and shall retain the reason, actions, and resulting changes.
Every service, integration, device, and automated process shall use a managed identity with a defined owner, purpose, privileges, information scope, credential lifecycle, and monitoring requirements. Credentials shall not be embedded in code or shared across unrelated integrations.
Application programming interface authorization shall enforce the same business and information policies as interactive use. An integration shall not acquire greater access merely because it operates outside the user interface.
Synallagi application programming interfaces are private. Direct access shall be limited to licensed developers, approved user-community participants, service providers, and authenticated runtime services. Compiled applications and user interfaces expose only the functions intentionally made available to their users.
Artificial intelligence systems shall operate under identifiable workload identities and approved information scopes. Synallagi shall distinguish activity that is advisory, preparatory, submitted for approval, or autonomously executed.
An artificial intelligence system shall not infer organizational representation, commercial authority, wallet authority, market disclosure authority, or permission to disclose information. Material decisions and commitments shall remain subject to the same authority, conflict, authentication, and evidence requirements as human actions.
People, Ideas & Objects' intellectual property and Targeting Framework shall supply objectives and constraints for agentic activity. These guardrails must be translated into enforceable permissions, prohibited actions, escalation rules, monitored behaviour, and audit evidence. Prompt instructions alone are not sufficient control.
Synallagi shall treat cybersecurity as a core part of Security and Access Control. Monitoring shall detect suspicious authentication, anomalous access, excessive privilege, conflict violations, unexpected disclosure, compromised identities, privileged misuse, policy failures, unusual transaction activity, market manipulation signals, wallet compromise, integration abuse, and artificial intelligence misuse.
Synallagi shall record security and material business events sufficient to answer who or what acted, which organization was represented, in which Joint Operating Committee or operating context, what action was requested and performed, which resource and information were affected, which policy and authority applied, what changed, and how related events can be correlated.
Investigation access shall itself be controlled and audited.
Synallagi shall define procedures for compromised identities, unauthorized access, information disclosure, malicious or mistaken administrative changes, failed identity federation, unavailable authorization services, corrupted policy or audit information, compromised wallets, unauthorized market activity, artificial intelligence misuse, and integration abuse.
Response shall include containment, suspension or revocation, preservation of evidence, impact assessment, notification, recovery, restoration of trusted configuration, and post-incident improvement.
Personal and sensitive information shall be collected and used only for defined purposes and made available only to authorized parties. The specification shall identify ownership, stewardship, location or residency constraints, permitted disclosure, retention, legal hold, archival, and disposal requirements.
Security controls shall apply to exports, reports, analytics, attachments, integration copies, test environments, backups, artificial intelligence processing, blockchain records, marketplace records, and downstream systems.
Synallagi shall define accountable owners for identities, roles, duties, information, policies, Joint Operating Committees, authority templates, access certifications, conflicts, exceptions, audit, cybersecurity, markets, wallets, artificial intelligence guardrails, and security operations.
Changes to roles and policies shall be versioned and subject to impact analysis, conflict simulation, approval, testing, controlled deployment, reconciliation, and rollback. Delivered Oracle roles should be preserved where practical. Custom roles and policies shall follow governed naming, ownership, documentation, and review standards.
Oracle Cloud Enterprise Resource Planning provides standard capabilities for application privileges, job and duty roles, data roles and security contexts, security administration, access requests, access controls, access certification, and audit reporting. Synallagi shall use these capabilities where they accurately implement the required policy.
Synallagi shall use supported Oracle extension mechanisms to add required capabilities while maintaining a consistent user experience. The architecture shall not depend on modifying Oracle-managed internals merely because portions of the platform use Java technologies.
Synallagi-specific concepts including Joint Operating Committee membership, represented organization, pooling relationships, agreement scope, working interest, hyperspecialized duties, domain authority, delegation, marketplace participation, wallet authority, crypto-based asset rights, cybersecurity policy, and cross-organizational conflicts shall remain explicit domain concepts.
Security performance shall be measured. Measures should include time to provision and revoke access, expired access, orphaned access, excessive privilege, unused privilege, overdue certification decisions, unresolved conflicts, privileged access use, emergency access use, failed identity federation, anomalous access, denied access, audit coverage failures, wallet incidents, market access exceptions, artificial intelligence policy violations, and incident response time.
Requirements shall be verified through policy tests, role and information-access inspection, conflict simulation, lifecycle exercises, access-certification evidence, audit reconstruction, cybersecurity testing, failure testing, and periodic control assessment.
The following topics should be developed through smaller background pages before final module publication:
complete role and duty catalogue;
market participation model;
blockchain and stablecoin settlement model;
wallet authority and beneficial ownership model;
crypto-based asset securitization;
Joint Operating Committee-level financial statement publication;
cybersecurity incident taxonomy;
artificial intelligence execution boundaries;
Targeting Framework access rules;
private application interface licensing controls;
revocation timing by event type; and
accounting firm participation in audit and assurance workflows.
Synallagi's organizational model depends on collaboration without surrendering the independence, information rights, authority limits, cybersecurity requirements, or accountability of participating organizations. Security and Access Control enables that model by connecting trustworthy identities to explicit representation, hyperspecialized duties, information, authority, markets, wallets, transactions, evidence, and accountability.
Industrial Command and Control supplies the business structure. Oracle Cloud Enterprise Resource Planning supplies important standard security capabilities. Synallagi supplies the Joint Operating Committee-aware, market-aware, transaction-aware, and asset-aware policy model that joins them.
The complexity described in this module is not accidental. It reflects the level of control required for Synallagi to support Joint Operating Committees, working-interest participants, markets, service providers, cybersecurity, artificial intelligence, blockchain-supported transactions, stablecoin settlement, wallets, and crypto-based participation in oil and gas assets.
For potential users, the first response to this complexity should not be discouragement. The first response should be recognition that this is the nature of the problem being solved. Synallagi is not attempting to add a simple access-control layer to a conventional enterprise system. It is defining the trust, authority, accountability, and evidence model required for a new form of oil and gas administration.
Several factors make this practical.
Oracle Database and Oracle Cloud Enterprise Resource Planning are designed to manage large-scale, highly controlled, security-sensitive enterprise conditions. Synallagi expects to rely on Oracle technologies where they are the appropriate foundation for identity, data security, role administration, access certification, audit, transaction processing, and integration.
Synallagi also expects to contract Oracle Services as contract developers. They know their own product, platform, tools, and implementation patterns. Their involvement should reduce the burden on the user community to translate every requirement into technical implementation detail.
Artificial intelligence will also be relied upon heavily in the analysis, development, testing, verification, and implementation of these requirements. This changes the nature of the user community's work. Users and service providers no longer need to carry the full burden of technical decomposition in the way they might have had to do in prior generations of software development.
Their work remains essential, but it changes shape. The user community and service providers must ensure that the users interfaces are usable, that complex requirements can be presented and processed in understandable ways, and that the systems and procedures exist to verify that specified requirements have been completed as required.
Much of this work is not yet fully written or defined. Synallagi will create new positions, new service opportunities, and new combinations of human and artificial intelligence activity. The most effective division of labor among users, service providers, artificial intelligence systems, Oracle Services, and People, Ideas & Objects will have to be discovered, tested, refined, and governed over time. This work should begin now in the minds of our user community and service-provider community.
The complexity of the Synallagi specification also establishes an important boundary. Agentic Artificial Intelligence tools, used casually by individual producer firms to automate selected organizational actions, cannot responsibly substitute for the architecture described in this module. Security and Access Control cannot be reduced to scattered artificial intelligence agents performing "some" actions inside an organization without the required identity, representation, authority, accountability, cybersecurity, audit, revocation, and governance structures.
Any producer proposing to solve these issues through isolated agentic automation should first be directed to this module. The appropriate and responsible approach is not to bypass institutional design, but to build the security, access, trust, and accountability framework that allows advanced automation to be used safely.
Synallagi's position is therefore clear: artificial intelligence is essential to the future of the system, but it must operate inside governed architecture. The purpose of this module is to define that architecture.