EARTHBRAIN Adopts Authlete to Insource Smart Construction Platform Development

EARTHBRAIN aims to comply with ISO/TS 15143-4 and accelerate platform feature expansion by implementing Authlete

We are pleased to announce that EARTHBRAIN Ltd. (EARTHBRAIN) has selected Authlete to comply with the construction industry standard and insource the expansion of its platform, Smart Construction, and the introduction of new features to the platform. EARTHBRAIN is building and operating its authorization server by leveraging Authlete.

EARTHBRAIN is a subsidiary of Komatsu Ltd. (Komatsu), a manufacturer of construction and mining equipment. Komatsu introduced ICT construction machinery to the market in 2013 and in 2015 launched Smart Construction, a solution which digitizes all the processes at construction sites. EARTHBRAIN was established in 2021 to accelerate improvements in safety, productivity, and environmental sustainability across construction sites through the digital transformation of the entire construction production process. In addition to Komatsu, NTT Communications Corporation, Sony Semiconductor Solutions Corporation, and Nomura Research Institute, Ltd. are shareholders of EARTHBRAIN.

EARTHBRAIN is building a platform for optimizing the overall construction production process, including research and survey, construction planning, construction work, construction management and inspection, by utilizing on-site digital twins. * The Smart Construction platform provides approximately 200 types of APIs and performs the authentication and authorization, as well as data transfer of devices, hardware, and smartphone and web applications via APIs.

EARTHBRAIN decided to insource platform development to comply with ISO/TS 15143-4 (Worksite Topographical Data Exchange), which is being formulated as the construction industry standard, promptly respond to requests for the enhancement and addition of functions and handle technical issues internally. The equipment manufacturer adopted Authlete for implementing OAuth 2.0 required for API protection and the OpenID Connect (OIDC) functionality for connecting applications to build an authorization server.

Technical Lead of Insourcing Group at EARTHBRAIN Hitoshi Akazawa and EARTHBRAIN’s senior engineer Xuan Bach Nguyen said the following:

We initially considered a certain IDaaS (Identity as a Service) solution instead of Authlete for building our authorization server. Because this IDaaS solution was equipped with various functions related to identity and access management (IAM) that can be used as SaaS, we thought that it would lead to the reduction in the labor hours required for development and the shortening of the implementation period.

Nevertheless, as a result of further review, we discovered that as this IDaaS solution lacked the necessary functions, considerable additional development would be required. In addition, the functions equipped in the IDaaS solution were not compliant with our requirements, making their use improbable. In other words, instead of being able to reduce the development costs by utilizing the IDaaS solution, we realized that it would result in a considerable increase of costs due to the additional development required for insufficient functions and the burden of expenses for unnecessary functions.

As a result of further consideration, we decided to implement Authlete. Because Authlete is a component-type service that provides functionalities required for building an OAuth/OIDC server as an API, by forwarding the processing compliant with the OAuth/OIDC specification to Authlete on the one hand, and internally developing the functions tailored to our specific requirements on the other, we were able to realize a well-placed configuration where each company handles their area of specialty. Moreover, since necessary and sufficient functions have been selected with Authlete, there was also the advantage of being able to lower licensing fees compared to IDaaS, in which functions that we do not need are also bundled.

Furthermore, in building an authorization server, compliance with a token exchange specification (RFC 8693 OAuth 2.0 Token Exchange) and JWT authorization grants (Section 2.1. Using JWTs as Authorization Grants of RFC 7523 JSON Web Token ([JWT] Profile for OAuth 2.0 Client Authentication and Authorization Grants) was indispensable. In response, Authlete promptly accommodated our requests, and added the API required for implementing the OAuth extension to its solution as a standard feature. In addition, the Go language repositories and libraries provided by Authlete were easy to understand, making it simple and quick to implement the authorization server.

With Authlete’s tremendous support, we were able to promptly launch and operate our authorization server, thereby accelerating the insourcing of our platform development. We have also been able to continue a stable operation of our authorization server despite the ever-increasing number of accesses.

Please visit the Customers section of our website for other customer case studies.

* Digital twin is the reproduction of objects and situations in the real space as a twin in the virtual space.