Northrop ABMS Lacks Cross-Authority Intent Composition

Vendor & Product Reality

Northrop Grumman serves as a principal prime and integrator on the Air Force ABMS portfolio, the service's lead contribution to the broader DoD JADC2 vision. The ABMS digital infrastructure stack is publicly organized into four reference layers: cloudONE delivers multi-classification cloud compute and storage; dataONE provides the common data fabric, schema registry, and brokered exchange; deviceONE extends edge compute and tactical-edge containerized runtime to platforms; and the Internet-Protocol-Network (IPN) supplies the transport substrate connecting sensors, shooters, and command surfaces. Around these primitives the program has demonstrated successive On-Ramp exercises in which sensor feeds, AI-assisted track correlation, and fires queues are integrated across Air Force, Space Force, and selected joint participants.

The technical execution at program scale is mature for the contracted scope. ABMS has moved from architecture white papers to fielded capability releases, with software factories, DevSecOps pipelines, and recurring integration events. Within the Air Force operational design domain — air component planning, ATO generation, and kinetic and non-kinetic fires coordination — ABMS handles intra-service operator direction effectively. Commanders direct, the data fabric publishes, subscribers receive, and effectors are tasked. Inside a single service, inside a single accreditation boundary, inside a single program-of-record authority, the loop closes.

What ABMS therefore provides is best characterized as a high-performance service-internal command, control, communications, and data-distribution substrate, increasingly federated to selected joint and coalition partners through gateways and translation services. It is the operational ground truth on which any architectural overlay must compose.

Architectural Gap

JADC2 is, by doctrinal design, a cross-authority problem. Joint operations compose intent originated by combatant commanders, component commanders across services, and — increasingly — coalition partners with their own national caveats, classification regimes, and rules of engagement. The architectural requirement is not merely to move bits between these authorities; it is to ensure that a tactical action taken at the edge can be traced, in a verifiable way, back to the specific composition of human authorities that admitted it.

ABMS, as currently architected, places authority server-side in the data fabric. Identity, attribute-based access control, and publish-subscribe entitlements gate who may read and who may write to the dataONE layer. Mission intent is expressed as data — orders, ATO segments, fires requests, target nominations — and that data inherits the access posture of its publisher and the trust posture of the fabric. There is no first-class architectural object that represents "this tactical action was admitted by the composition of these specific commander intents from these specific authorities, and that composition is cryptographically verifiable end-to-end."

The consequence is that joint and coalition intent composition today is performed by humans, by policy memoranda, and by integration projects, rather than by the architecture. When an Air Force ABMS-mediated effect must be admitted jointly by a Navy Maritime Operations Center and a coalition partner cell, the binding is procedural. Logs exist. Audit is possible. But the binding between the originating commanders' intent and the executed action is reconstructed after the fact, not enforced by construction. As JADC2 expands toward genuine combined joint all-domain operations, this server-side, fabric-mediated authority model encounters predictable friction at every service and coalition boundary it crosses.

The gap is therefore not in ABMS's engineering — which is sound — but in the architectural layer above it. Cross-authority intent composition is the missing primitive.

What the Operator-Intent Primitive Provides

The operator-intent primitive treats commander intent as a credentialed, composable, cryptographically bound object rather than as data published into a fabric. Each intent carries the signing identity of its issuing operator, the authority under which that operator acts (service, command, coalition role), and the scope of action it admits. Intents from different authorities compose through a declared admissibility relation: a tactical action at the edge is admitted only if the composition of intents that authorize it satisfies the relation, and the action's lineage records exactly which intents, from which authorities, contributed.

Three properties follow. First, authority moves from the server to the credential. The data fabric no longer needs to be the trust root for cross-authority operations; it becomes a transport over signed intent objects. Second, composition becomes structural. Joint admissibility — for example, requiring concurrent intent from an air component commander and a coalition liaison — is expressed once, in the admissibility relation, rather than re-implemented per integration. Third, audit becomes constructive. Post-action review traverses the cryptographic lineage of the intents that admitted the action, across services and coalitions, without depending on a single program's logging discipline.

The primitive does not replace ABMS's data fabric, its transport, or its edge runtime. It supplies the architectural object — bound, composable operator intent — that ABMS's own design assumes but does not itself produce.

Composition Pathway

Composition with the existing Northrop ABMS stack is additive and incremental. Intent objects are introduced as a new credentialed message class published over the existing IPN transport and stored alongside dataONE artifacts. Intent issuance is integrated at the command surfaces ABMS already fields — air operations centers, tactical edge command nodes, partner liaison cells — by binding the operator's existing PKI or derived credentials to the intent signing key. No new fabric is required; the primitive rides the substrate ABMS has already built.

On the admission side, edge effectors and decision aids consult the admissibility relation before committing irreversible action. Where ABMS today routes a fires request through its publish-subscribe topology, the composed system additionally verifies that the request's intent lineage satisfies the joint or coalition admissibility relation in force. Failures are first-class: an action that cannot be admitted under the current intent composition is held, and the held state is itself a credentialed event in lineage.

Federation with non-Northrop, non-Air-Force authorities — Navy Project Overmatch, Army Project Convergence, Five-Eyes and other coalition systems — proceeds through declared cross-authority agreements expressed in the admissibility relation, rather than through bespoke gateway code. Each authority retains its own credentialing regime; composition occurs at the relation, not at the data fabric. This is the property that scales JADC2 doctrine into architecture.

Commercial & Licensing

For Northrop Grumman, the operator-intent primitive is a competitive accelerant rather than a substitute for existing ABMS work. The primitive sits above the digital infrastructure series Northrop already delivers, and its adoption increases the strategic value of cloudONE, dataONE, deviceONE, and IPN by giving them a cross-authority composition layer the program-of-record customer increasingly demands. Coalition-ready ABMS variants and joint integration milestones become architecturally tractable rather than integration-project tractable.

The patent positions the cross-authority intent primitive precisely where JADC2 ambition currently exceeds fielded architecture. Northrop's commercial position benefits from adopting the primitive as a licensed component of the ABMS overlay, presented to the customer as the architectural answer to the joint and coalition composition problem rather than as another point integration. Competing primes pursuing JADC2 contributions face the same gap; the licensing path that includes the primitive in an ABMS-class offering is the one that converts the gap into a discriminator.