Nov. 17, 2025
3D Objects Are the Ultimate Test of Fabric Governance: Catalyst E3
🏗️ Defining Fabric Governance — The Foundation of Trust Governance in Fabric isn’t a checklist of forgotten policies. It’s the operating system for your data life—identity, permissioning, lineage, classification, policy, and monitoring—all wired directly into OneLake and workspaces. A 3D asset isn’t a file; it’s a constellation. High-resolution captures, meshes, textures, simulation parameters, and licensing metadata all move together. Each piece carries its own sensitivity and usage rights. Fabric enforces deterministic control through:
- Microsoft Entra ID for consistent identity and role-based access.
- Object-level security that gates entire artifacts and their derivatives.
- Lineage tracking that shows how every scan, mesh, and derivative evolved.
- Classification and labels that follow the asset as enforceable metadata, not sticky notes.
- OneLake’s single logical storage where compute comes to the data.
- Monitoring and alerts that react to anomalies before audits do.
A single photorealistic object is a supply chain, not a file: meshes, textures, lighting, physics, rigs, materials, and derivatives for multiple engines. Every element introduces new governance pain:
- Versioning: multiple interdependent components that drift over time.
- Identity: fine-grained roles—artists, engineers, legal—each with different permissions.
- Licensing: third-party assets with geo-restricted or time-bound clauses.
- Performance: large transfers multiply cost and risk.
- Temporal truth: twins evolve; governance must treat time as a dimension.
- Tool diversity: each application speaks its own format and metadata dialect.
- Raw scan → processed mesh → LOD set → published twin.
- Each edge in that chain is auditable and reversible.
- Artists can update textures within staging but can’t alter collision meshes in published builds.
- Simulation engineers tweak physics parameters safely within guardrails.
- Robotics consumes frozen manifests for reproducibility.
- Analytics queries lineage to explain why performance changed between versions.
- Pin exact versions—“latest” is a ticking bomb.
- Embed toolchain hashes and validate at pipeline time.
- Track temporal variants like pre-repair and post-repair.
- Keep lineage readable so audits don’t turn into forensics.
- Open formats like OpenUSD or glTF for structural interoperability.
- Rights as code, not PDF footnotes:
- License=Commercial; Territory=EU+US; Duration=2025-12-31; Derivatives=Render+Sim; Prohibit=Resale+Rehost
- Evaluated at runtime so access is granted or denied dynamically.
- Streaming and tokens: engines fetch only what’s needed; Fabric issues signed URLs and revokes them instantly if rights change.
- Attribution enforcement: embedded credits or overlays baked into outputs.
- Cross-platform identity: Entra ID + B2B federation with scoped workspaces.
It’s dynamic, multi-user, and performance-sensitive—but Fabric still enforces policy in motion. The workflow looks like this:
- Ingestion: Capture rigs deposit thousands of images and LiDAR scans. Fabric auto-classifies, validates rights, and quarantines anything offside.
- Processing: Spark pipelines handle retopology, baking, and LOD generation, recording lineage and toolchain hashes at each step.
- Publishing: Canonical assets stay in OneLake. Product workspaces expose derivatives through shortcuts with role-scoped access.
- Streaming: Engines like Unity or Unreal stream assets using signed, policy-aware tokens tied to Entra ID. Requests are validated live—approved or blocked with a reason.
- Collaboration: Multi-user sessions check compatibility locks, propagate license updates instantly, and log every change.
Stream tiled textures and mesh chunks; cache under policy constraints. “Local copies for convenience” are non-compliant by design. Example: a safety-training digital twin of an electric bus.
Fabric governs every asset call—mesh, texture, collider, physics—against license terms, region, and duration. Logs trace who viewed which variant, when, and why. Governance drills should include:
- Revoking licenses mid-session.
- Rotating region restrictions.
- Expiring tokens during live use.
- Measuring mean time to quarantine and lineage completeness.
Real-time 3D forces you to prove that your governance can think as fast as your data. If Fabric can hold a 1:1 digital twin together—identity, lineage, rights-as-code, streaming, and audit—then everything else in your estate is easy. So do the grown-up work:
- Pin manifests.
- Version licenses.
- Stream with tokens.
- Federate partners.
- Drill revocations.
- Measure compliance in real numbers.
If this saved you time—or a lawsuit—share it with the person still emailing ZIPs.
Next up: Fabric policy patterns—how to automate enforcement at scale. Proceed.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support.
Follow us on:
Substack
Transcript
1
00:00:00,000 --> 00:00:01,640
You think spreadsheets are messy?
2
00:00:01,640 --> 00:00:02,280
Cute.
3
00:00:02,280 --> 00:00:05,680
3D photorealistic objects and digital twins are data on nightmare mode,
4
00:00:05,680 --> 00:00:08,640
multi-gigabyte textures, meshes, materials, physics,
5
00:00:08,640 --> 00:00:11,680
versions, user trites, and lineage that spans cameras,
6
00:00:11,680 --> 00:00:13,960
lidar, GPUs, and clouds.
7
00:00:13,960 --> 00:00:16,360
If your governance breaks here, it will break everywhere.
8
00:00:16,360 --> 00:00:16,920
The truth?
9
00:00:16,920 --> 00:00:19,200
3D assets expose every week assumption
10
00:00:19,200 --> 00:00:21,880
you've made about identity, security, life cycle,
11
00:00:21,880 --> 00:00:22,720
and compliance.
12
00:00:22,720 --> 00:00:24,240
And that's why they're the perfect stress
13
00:00:24,240 --> 00:00:25,520
test for Microsoft Fabric.
14
00:00:25,520 --> 00:00:28,760
Handle the heaviest, weirdest data in a single architecture
15
00:00:28,760 --> 00:00:31,040
with consistent policy, and suddenly everything else
16
00:00:31,040 --> 00:00:32,760
in your enterprise looks trivial.
17
00:00:32,760 --> 00:00:35,800
So today, I'm going to show you why Fabric's unified governance
18
00:00:35,800 --> 00:00:37,400
isn't nice to have.
19
00:00:37,400 --> 00:00:39,400
It's the difference between scalable reality
20
00:00:39,400 --> 00:00:41,520
and an expensive art project.
21
00:00:41,520 --> 00:00:43,920
Defining Fabric governance, the foundation of trust.
22
00:00:43,920 --> 00:00:45,640
Let's get precise, governance in fabric
23
00:00:45,640 --> 00:00:47,960
isn't a stack of policies you forget to enforce.
24
00:00:47,960 --> 00:00:50,560
It's the operating system for your data life, identity,
25
00:00:50,560 --> 00:00:53,880
permissioning, lineage, classification, policy, and monitoring,
26
00:00:53,880 --> 00:00:56,920
wired into one-lake, workspaces, items, and compute,
27
00:00:56,920 --> 00:00:59,680
not duct taped after the fact is not just a database,
28
00:00:59,680 --> 00:01:01,240
it's the spine of your data estate.
29
00:01:01,240 --> 00:01:02,760
Why this matters with 3D?
30
00:01:02,760 --> 00:01:04,520
A single asset isn't a file.
31
00:01:04,520 --> 00:01:07,240
It's a constellation, high-res photo-grammetry images,
32
00:01:07,240 --> 00:01:09,640
point clouds, meshes, textures, materials,
33
00:01:09,640 --> 00:01:11,840
rigging metadata, simulation parameters,
34
00:01:11,840 --> 00:01:15,400
and derived variance for AR, robotics, and training.
35
00:01:15,400 --> 00:01:17,880
Each piece has different sensitivity, owners, licenses,
36
00:01:17,880 --> 00:01:19,200
and allowable uses.
37
00:01:19,200 --> 00:01:21,200
The average user tries to shove that into folders
38
00:01:21,200 --> 00:01:24,480
you need deterministic control, enter Fabric's core.
39
00:01:24,480 --> 00:01:27,240
Security starts with Microsoft Entra ID,
40
00:01:27,240 --> 00:01:30,680
consistent identity across producers, processes, and consumers.
41
00:01:30,680 --> 00:01:34,040
That means when an artist, a data engineer, or a robotics team
42
00:01:34,040 --> 00:01:37,680
touches an object, access is role-bound and auditable.
43
00:01:37,680 --> 00:01:40,600
No mystery shares, no who sent me this zip, chaos.
44
00:01:40,600 --> 00:01:42,760
Row and column security isn't the hero here.
45
00:01:42,760 --> 00:01:44,720
Object level and workspace scoping are.
46
00:01:44,720 --> 00:01:47,000
You gate entire artifacts in their derivatives
47
00:01:47,000 --> 00:01:49,080
with the same identity fabric.
48
00:01:49,080 --> 00:01:51,400
Now, the thing most people miss, governance without lineage
49
00:01:51,400 --> 00:01:52,440
is theater.
50
00:01:52,440 --> 00:01:55,360
Fabric's built-in lineage maps how a raw capture
51
00:01:55,360 --> 00:01:58,360
flowed into a processed mesh into a compressed LOD set
52
00:01:58,360 --> 00:01:59,800
into a robot training simulation
53
00:01:59,800 --> 00:02:02,720
and finally into a KPI dashboard showing training efficiency.
54
00:02:02,720 --> 00:02:05,960
You see sources, transformations, and downstream consumers.
55
00:02:05,960 --> 00:02:08,200
If a source scan is recalled due to rights restrictions,
56
00:02:08,200 --> 00:02:09,160
you don't guess where it went.
57
00:02:09,160 --> 00:02:11,120
You follow the lineage and revoke, reprocess,
58
00:02:11,120 --> 00:02:12,840
or quarantine, everything it contaminated.
59
00:02:12,840 --> 00:02:14,200
That's trust you can act on.
60
00:02:14,200 --> 00:02:16,560
Classification and labels are your next lever.
61
00:02:16,560 --> 00:02:19,320
Sensitive, licensed, export-controlled, internal only.
62
00:02:19,320 --> 00:02:21,600
The tag follows the asset as it moves.
63
00:02:21,600 --> 00:02:24,640
Not as a sticky note as metadata the platform respects.
64
00:02:24,640 --> 00:02:27,680
Policy enforces labels, share blocks, cross-gear controls,
65
00:02:27,680 --> 00:02:29,640
retention, and encryption at rest in transit.
66
00:02:29,640 --> 00:02:31,560
With 3D, this is non-negotiable.
67
00:02:31,560 --> 00:02:32,720
That free texture pack?
68
00:02:32,720 --> 00:02:34,960
If it's not licensed for commercial digital twins,
69
00:02:34,960 --> 00:02:36,600
your policy should stop it at the gate.
70
00:02:36,600 --> 00:02:39,240
Yes, proactively, because you like not getting sued.
71
00:02:39,240 --> 00:02:41,560
Storage gravity kills most architectures.
72
00:02:41,560 --> 00:02:43,640
One-lake flips it, a single logical data
73
00:02:43,640 --> 00:02:46,120
lake with open formats and shortcut semantics,
74
00:02:46,120 --> 00:02:47,920
so you don't spawn 15 brittle copies.
75
00:02:47,920 --> 00:02:50,880
For 3D, that means canonical assets live once
76
00:02:50,880 --> 00:02:53,600
with derived views for teams and tools.
77
00:02:53,600 --> 00:02:56,320
Compute comes to the data, spark for processing, pipelines
78
00:02:56,320 --> 00:02:58,680
for orchestration, notebooks for transformation,
79
00:02:58,680 --> 00:03:00,640
while governance remains consistent.
80
00:03:00,640 --> 00:03:03,000
Compare that to download, edit locally, re-upload,
81
00:03:03,000 --> 00:03:04,680
hope nobody else changed it now.
82
00:03:04,680 --> 00:03:08,000
Amateur hour, and yes, monitoring, activity logs, access
83
00:03:08,000 --> 00:03:10,120
audits, data movement reports.
84
00:03:10,120 --> 00:03:12,840
If a 90-gigabyte mesh starts exfiltrating
85
00:03:12,840 --> 00:03:15,840
to an unknown region, you don't wait for a quarterly review,
86
00:03:15,840 --> 00:03:17,440
alerts fire, policy's trigger.
87
00:03:17,440 --> 00:03:19,800
The platform behaves like it knows your risk tolerance
88
00:03:19,800 --> 00:03:20,680
because you taught it.
89
00:03:20,680 --> 00:03:23,040
Let me show you exactly how this lands in a real workflow.
90
00:03:23,040 --> 00:03:26,040
Captured teams dump raw scans into an ingestion workspace
91
00:03:26,040 --> 00:03:29,160
with strict contributor roles and automatic classification,
92
00:03:29,160 --> 00:03:31,840
licensed, source, region, and EU.
93
00:03:31,840 --> 00:03:34,440
Pipelines validate schema and rights metadata.
94
00:03:34,440 --> 00:03:36,520
Anything non-compliant gets quarantined.
95
00:03:36,520 --> 00:03:39,480
Processing runs on governed compute, spark jobs,
96
00:03:39,480 --> 00:03:42,600
tag outputs with lineage, versioning, and usage rights.
97
00:03:42,600 --> 00:03:44,640
Publishing promotes approved derivatives
98
00:03:44,640 --> 00:03:47,120
to a shared product workspace via shortcuts.
99
00:03:47,120 --> 00:03:48,120
No duplication.
100
00:03:48,120 --> 00:03:51,240
Consumers, robotics, training analytics, get red access
101
00:03:51,240 --> 00:03:53,840
to only the derivatives their roles allow.
102
00:03:53,840 --> 00:03:56,320
If legal updates a policy say no export of assets
103
00:03:56,320 --> 00:03:59,640
with origin, citer, fabric retroactively blocks share links,
104
00:03:59,640 --> 00:04:01,320
marks affected items, and surfaces
105
00:04:01,320 --> 00:04:04,360
the dependency graph so owners patch or replace.
106
00:04:04,360 --> 00:04:05,560
The reason this works is simple.
107
00:04:05,560 --> 00:04:07,280
Governance isn't separate from productivity.
108
00:04:07,280 --> 00:04:08,560
It's fused to it.
109
00:04:08,560 --> 00:04:10,040
People do the right thing by default
110
00:04:10,040 --> 00:04:11,800
because the platform translates policy
111
00:04:11,800 --> 00:04:13,400
into the path of least resistance.
112
00:04:13,400 --> 00:04:15,760
When the hardest data type you own 3D twins
113
00:04:15,760 --> 00:04:18,720
flows cleanly through identity, lineage, classification,
114
00:04:18,720 --> 00:04:21,320
policy, and monitoring every spreadsheet, CSV,
115
00:04:21,320 --> 00:04:23,400
and parquet file falls in line.
116
00:04:23,400 --> 00:04:26,120
Refusing unified governance is like refusing updates.
117
00:04:26,120 --> 00:04:27,760
And yes, they require restarts.
118
00:04:27,760 --> 00:04:30,320
And because Microsoft is not performing magic tricks,
119
00:04:30,320 --> 00:04:34,000
the complexity barrier, why 3D data breaks traditional systems.
120
00:04:34,000 --> 00:04:35,240
Here's the uncomfortable truth.
121
00:04:35,240 --> 00:04:37,560
Traditional data stacks were built for rows and columns
122
00:04:37,560 --> 00:04:39,720
and at their most adventurous a few chunky files
123
00:04:39,720 --> 00:04:40,640
in a shared drive.
124
00:04:40,640 --> 00:04:41,920
3D data laughs at that.
125
00:04:41,920 --> 00:04:44,320
A single photo-real object is not a file.
126
00:04:44,320 --> 00:04:47,000
It's a high poly mesh, multiple levels of detail,
127
00:04:47,000 --> 00:04:50,440
displacement, and normal maps, PBR material graphs,
128
00:04:50,440 --> 00:04:54,040
HDRI lighting references, thousands of source photos,
129
00:04:54,040 --> 00:04:57,280
LiDAR point clouds, rigging metadata, physics constraints,
130
00:04:57,280 --> 00:05:00,800
simulation parameters, and half a dozen derivative exports
131
00:05:00,800 --> 00:05:03,080
for game engines, robotics, and AR.
132
00:05:03,080 --> 00:05:05,000
That's not storage, that's a supply chain.
133
00:05:05,000 --> 00:05:06,600
Now, tri-versioning it.
134
00:05:06,600 --> 00:05:08,240
V2 final final dies here.
135
00:05:08,240 --> 00:05:11,200
You need semantic versioning across interdependent components.
136
00:05:11,200 --> 00:05:16,200
Mesh V3.4 compatible with texture set, V2.1, and rig V1.9
137
00:05:16,200 --> 00:05:18,400
plus a provenance trail back to source captures.
138
00:05:18,400 --> 00:05:20,320
Without lineage, you're shipping franken assets
139
00:05:20,320 --> 00:05:23,520
that render beautifully until a robot arm clips through a hinge
140
00:05:23,520 --> 00:05:26,120
because the collision mesh didn't update with the material.
141
00:05:26,120 --> 00:05:28,240
The average user shrugs your safety team doesn't.
142
00:05:28,240 --> 00:05:31,680
Identity and permissioning folder ACLs crumble.
143
00:05:31,680 --> 00:05:34,840
Artists, scan, text, simulation engineers, ML teams,
144
00:05:34,840 --> 00:05:36,480
and legal all need different rights
145
00:05:36,480 --> 00:05:39,400
on different parts of the same object at different times.
146
00:05:39,400 --> 00:05:42,080
Write on staging, read on published, deny export
147
00:05:42,080 --> 00:05:44,200
from restricted Geos allow parameter edits,
148
00:05:44,200 --> 00:05:45,320
but not texture swaps.
149
00:05:45,320 --> 00:05:47,520
This is policy as graph, not policy as folder.
150
00:05:47,520 --> 00:05:49,320
Anything less, and you'll either block the work
151
00:05:49,320 --> 00:05:52,040
or leak the crown jewels, usually both.
152
00:05:52,040 --> 00:05:54,480
Licensing and compliance are where most organizations
153
00:05:54,480 --> 00:05:56,240
quietly set themselves on fire.
154
00:05:56,240 --> 00:05:59,280
Third party scans, museum collections, prop houses,
155
00:05:59,280 --> 00:06:01,720
and open libraries come with usage clauses,
156
00:06:01,720 --> 00:06:04,640
non-commercial attribution geo-restricted time bound
157
00:06:04,640 --> 00:06:06,360
or export controlled.
158
00:06:06,360 --> 00:06:09,480
Glue that to every derivative and enforce it across tools.
159
00:06:09,480 --> 00:06:12,520
Or watch an innocent test render wander into an ad campaign.
160
00:06:12,520 --> 00:06:14,680
With 3D downstream misuse isn't theoretical,
161
00:06:14,680 --> 00:06:17,320
it's embedded into pipelines, previews, and caches.
162
00:06:17,320 --> 00:06:19,920
If your platform doesn't carry rights metadata end-to-end,
163
00:06:19,920 --> 00:06:21,480
you've built a lawsuit generator.
164
00:06:21,480 --> 00:06:23,560
Performance and scale add insult to injury.
165
00:06:23,560 --> 00:06:24,880
These assets are heavy.
166
00:06:24,880 --> 00:06:27,040
Moving gigabytes across regions to placate
167
00:06:27,040 --> 00:06:28,760
a tool that insists on local copies
168
00:06:28,760 --> 00:06:30,600
is a cost and risk multiplier.
169
00:06:30,600 --> 00:06:33,360
Traditional copy to project workflows explode storage,
170
00:06:33,360 --> 00:06:34,960
fragment, truth, and bury governance
171
00:06:34,960 --> 00:06:36,320
under duplicate snow drifts.
172
00:06:36,320 --> 00:06:37,720
You think you have three bus models,
173
00:06:37,720 --> 00:06:41,040
you have 19 all slightly wrong, then there's temporal truth.
174
00:06:41,040 --> 00:06:44,560
Digital twins aren't static museum pieces, they change.
175
00:06:44,560 --> 00:06:47,280
Where patents, replaced parts, sensor calibrations,
176
00:06:47,280 --> 00:06:50,840
environment updates, time becomes a first class dimension.
177
00:06:50,840 --> 00:06:52,680
Traditional systems fake this with folders
178
00:06:52,680 --> 00:06:55,440
named archive, 2020 407.
179
00:06:55,440 --> 00:06:55,960
Cute.
180
00:06:55,960 --> 00:06:58,480
Real governance tracks state changes as lineage events
181
00:06:58,480 --> 00:07:01,320
preserve historical queries and allows conditional policy,
182
00:07:01,320 --> 00:07:05,800
allow export of pre-2023 variants, quarantine post-2023
183
00:07:05,800 --> 00:07:07,800
scans from side B pending audit.
184
00:07:07,800 --> 00:07:10,360
Tool diversity is the final nail reality capture,
185
00:07:10,360 --> 00:07:13,840
DCC tools, game engines, simulation frameworks, ML training
186
00:07:13,840 --> 00:07:15,720
rigs, each speaks its own file dialect
187
00:07:15,720 --> 00:07:16,760
and metadata religion.
188
00:07:16,760 --> 00:07:18,920
If your governance requires every tool to behave,
189
00:07:18,920 --> 00:07:20,240
you've already lost.
190
00:07:20,240 --> 00:07:22,480
The platform must standardize identity policy
191
00:07:22,480 --> 00:07:23,960
and lineage above the tool layer.
192
00:07:23,960 --> 00:07:26,040
So blender, omniverse, unity, and spark
193
00:07:26,040 --> 00:07:28,320
can disagree about everything except who can do what,
194
00:07:28,320 --> 00:07:30,640
to which asset, where, and when.
195
00:07:30,640 --> 00:07:33,120
This clicked for me when a team tried to go fast
196
00:07:33,120 --> 00:07:35,520
by bypassing policy to meet a demo date.
197
00:07:35,520 --> 00:07:36,880
They shipped a gorgeous model.
198
00:07:36,880 --> 00:07:40,560
Then legal discovered the base scan carried a non export license.
199
00:07:40,560 --> 00:07:42,280
The fix wasn't an apology.
200
00:07:42,280 --> 00:07:45,080
It was a full asset recall across four regions,
201
00:07:45,080 --> 00:07:47,840
retraining of a model that had ingested previews
202
00:07:47,840 --> 00:07:49,440
and purging every derivative.
203
00:07:49,440 --> 00:07:52,000
Days lost because governance was optional.
204
00:07:52,000 --> 00:07:54,840
The thing most people miss is that 3D doesn't tolerate optional.
205
00:07:54,840 --> 00:07:56,800
Either your platform enforces identity,
206
00:07:56,800 --> 00:07:59,360
lineage, classification, and policy by default,
207
00:07:59,360 --> 00:08:02,080
or the complexity will enforce chaos for you.
208
00:08:02,080 --> 00:08:04,000
Versioning and provenance, tracking the lifecycle
209
00:08:04,000 --> 00:08:05,120
of a digital twin.
210
00:08:05,120 --> 00:08:07,880
Versioning 3D twins isn't renaming folders and hoping.
211
00:08:07,880 --> 00:08:09,800
It's a governed narrative of cause and effect.
212
00:08:09,800 --> 00:08:11,440
The truth, without tight provenance,
213
00:08:11,440 --> 00:08:13,560
you're not iterating, you're randomizing.
214
00:08:13,560 --> 00:08:15,400
So let's wire this properly in fabric,
215
00:08:15,400 --> 00:08:17,640
where identity, lineage, and policy
216
00:08:17,640 --> 00:08:20,440
ride along every change like a black box flight recorder.
217
00:08:20,440 --> 00:08:22,360
Start with a canonical object definition.
218
00:08:22,360 --> 00:08:23,640
Call it the twin manifest.
219
00:08:23,640 --> 00:08:24,880
It's not a pretty PDF.
220
00:08:24,880 --> 00:08:26,600
It's structured metadata in one lake
221
00:08:26,600 --> 00:08:29,040
that references components by immutable IDs,
222
00:08:29,040 --> 00:08:31,360
source captures, mesh textures, materials,
223
00:08:31,360 --> 00:08:33,840
rig, physics, and simulation parameters.
224
00:08:33,840 --> 00:08:36,080
Each component gets semantic versioning
225
00:08:36,080 --> 00:08:39,080
major for breaking changes, minor for compatible improvements,
226
00:08:39,080 --> 00:08:41,120
build metadata for environment and toolchain.
227
00:08:41,120 --> 00:08:44,920
Mesh 3.4 works with material graph 2.1 and collider 1.9.
228
00:08:44,920 --> 00:08:46,840
That compatibility table lives in the manifest,
229
00:08:46,840 --> 00:08:47,800
not in someone's memory.
230
00:08:47,800 --> 00:08:49,960
Yes, average user, this is more work upfront.
231
00:08:49,960 --> 00:08:51,120
It's called engineering.
232
00:08:51,120 --> 00:08:52,960
Now the provenance chain, fabric lineage,
233
00:08:52,960 --> 00:08:55,080
captures ingestion events from capture rigs
234
00:08:55,080 --> 00:08:57,840
into the raw workspace, tagged with capture method,
235
00:08:57,840 --> 00:09:01,720
LiDAR, photogrammetry, device IDs, operator, location,
236
00:09:01,720 --> 00:09:02,960
and rights metadata.
237
00:09:02,960 --> 00:09:04,000
That's your origin story.
238
00:09:04,000 --> 00:09:06,160
Processing pipelines promote two staging
239
00:09:06,160 --> 00:09:07,760
with deterministic transformations,
240
00:09:07,760 --> 00:09:12,640
decimation, retopology, UV unwrap, baking, and LOD generation.
241
00:09:12,640 --> 00:09:16,720
Every step emits lineage edges, raw scan V1.2, mesh V1.9,
242
00:09:16,720 --> 00:09:18,000
a lot set, Vi.3.
243
00:09:18,000 --> 00:09:20,960
When you publish, the manifest pins the exact graph state.
244
00:09:20,960 --> 00:09:24,320
If you rebuild with a new retopo algorithm, you don't overwrite.
245
00:09:24,320 --> 00:09:27,240
You branch, you compare, you decide, here's the shortcut,
246
00:09:27,240 --> 00:09:28,280
nobody teaches.
247
00:09:28,280 --> 00:09:30,000
Treat rights as version state, too.
248
00:09:30,000 --> 00:09:34,280
The license you captured under at site AV-2023.10 is a component.
249
00:09:34,280 --> 00:09:37,520
When legal updates terms, you don't scramble through drives.
250
00:09:37,520 --> 00:09:39,720
You query fabric, show me all manifests,
251
00:09:39,720 --> 00:09:42,000
referencing license site A-2310.
252
00:09:42,000 --> 00:09:43,240
The dependency graph lights up.
253
00:09:43,240 --> 00:09:44,640
You bulked the mode affected twins
254
00:09:44,640 --> 00:09:45,840
from published to quarantine,
255
00:09:45,840 --> 00:09:48,720
trigger reprocessing with allowed substitutions and republish.
256
00:09:48,720 --> 00:09:50,160
Governance didn't slow you down.
257
00:09:50,160 --> 00:09:52,320
It prevented weeks of forensic archaeology.
258
00:09:52,320 --> 00:09:54,520
Let me show you exactly how teams work with this.
259
00:09:54,520 --> 00:09:57,280
Artists open the staging shortcut in their DCC tool.
260
00:09:57,280 --> 00:09:59,560
They can bump texture 2.1 to 2.2,
261
00:09:59,560 --> 00:10:02,760
but policy blocks changing the collision mesh in published.
262
00:10:02,760 --> 00:10:05,160
Simulation engineers can tweak physics parameters
263
00:10:05,160 --> 00:10:06,560
within guarded ranges.
264
00:10:06,560 --> 00:10:08,800
Crossing a threshold forces a new minor version
265
00:10:08,800 --> 00:10:10,560
with an approval workflow.
266
00:10:10,560 --> 00:10:13,080
Robotics consumes a frozen manifest via a shortcut,
267
00:10:13,080 --> 00:10:16,040
no downloading 90-git-et locally, so their build is reproducible.
268
00:10:16,040 --> 00:10:18,800
Analytics pulls lineage to explain why training performance
269
00:10:18,800 --> 00:10:21,880
jumped on twin 3.4, the decimator improved edge preservation,
270
00:10:21,880 --> 00:10:22,760
not magic.
271
00:10:22,760 --> 00:10:23,760
Common mistakes?
272
00:10:23,760 --> 00:10:24,560
Two classics.
273
00:10:24,560 --> 00:10:27,000
First, final render without pinning sources.
274
00:10:27,000 --> 00:10:29,720
You ship a published twin pointing at latest meshes.
275
00:10:29,720 --> 00:10:32,560
Later, a mesh update breaks a compatibility contract.
276
00:10:32,560 --> 00:10:34,840
Result, beautiful demo, broken production.
277
00:10:34,840 --> 00:10:36,520
Pin exact versions in the manifest.
278
00:10:36,520 --> 00:10:38,360
Latest is a ticking bomb.
279
00:10:38,360 --> 00:10:39,960
Second, silent tool chain drift.
280
00:10:39,960 --> 00:10:41,880
Someone updates a plug-in, exports change,
281
00:10:41,880 --> 00:10:44,080
embed tool chain hashes in build metadata
282
00:10:44,080 --> 00:10:45,640
and enforce them at pipeline time.
283
00:10:45,640 --> 00:10:48,040
If hashes don't match, the job fails loudly.
284
00:10:48,040 --> 00:10:49,600
Painful now, cheaper than a recall.
285
00:10:49,600 --> 00:10:50,880
Temporal reality matters.
286
00:10:50,880 --> 00:10:53,240
Twins age, replace a part in the physical asset.
287
00:10:53,240 --> 00:10:54,520
You branch the digital twin.
288
00:10:54,520 --> 00:10:56,680
Fabric lets you annotate the manifest
289
00:10:56,680 --> 00:11:00,000
with effective dates and states, pre-repair, post-repair.
290
00:11:00,000 --> 00:11:02,160
Policies can then allow downstream use only
291
00:11:02,160 --> 00:11:03,720
for time-appropriate variance.
292
00:11:03,720 --> 00:11:05,360
Training models don't accidentally learn
293
00:11:05,360 --> 00:11:06,320
obsolete geometry.
294
00:11:06,320 --> 00:11:08,360
Finally, auditability.
295
00:11:08,360 --> 00:11:10,800
Fabric activity logs plus lineage produce
296
00:11:10,800 --> 00:11:13,640
a human readable provenance who changed what, when, why,
297
00:11:13,640 --> 00:11:14,960
and with which inputs.
298
00:11:14,960 --> 00:11:18,160
That's defensible compliance and frankly professional hygiene.
299
00:11:18,160 --> 00:11:19,760
If you remember, nothing else version
300
00:11:19,760 --> 00:11:21,800
the manifest pin dependencies and treat rights
301
00:11:21,800 --> 00:11:24,080
as first class versioned components.
302
00:11:24,080 --> 00:11:25,480
The rest of your governance will stop
303
00:11:25,480 --> 00:11:28,240
feeling like theater and start behaving like engineering.
304
00:11:28,240 --> 00:11:30,880
Interoperability and rights management in the metaverse.
305
00:11:30,880 --> 00:11:32,320
Let's address the fantasy first.
306
00:11:32,320 --> 00:11:34,040
You think the metaverse is one place.
307
00:11:34,040 --> 00:11:34,560
Incorrect.
308
00:11:34,560 --> 00:11:37,680
It's a patchwork of engines, viewers, devices, file dialects
309
00:11:37,680 --> 00:11:39,920
and business models that barely agree on gravity.
310
00:11:39,920 --> 00:11:42,200
Interoperability isn't a feature, it's survival.
311
00:11:42,200 --> 00:11:44,440
And rights management isn't a footer on a contract.
312
00:11:44,440 --> 00:11:46,240
It's the guardrail that keeps your assets
313
00:11:46,240 --> 00:11:49,080
from being cloned, remixed, and monetized by everyone
314
00:11:49,080 --> 00:11:49,920
except you.
315
00:11:49,920 --> 00:11:50,680
The truth?
316
00:11:50,680 --> 00:11:53,960
If your 3D twin can't move between omniverse, unity,
317
00:11:53,960 --> 00:11:56,880
unreal, web GL viewers and downstream analytics
318
00:11:56,880 --> 00:11:59,320
without breaking identity, lineage or licensing,
319
00:11:59,320 --> 00:12:01,120
you don't have a metaverse strategy,
320
00:12:01,120 --> 00:12:03,400
you have vendor lock-in with extra steps.
321
00:12:03,400 --> 00:12:05,520
Fabrics job is not to make blender behave.
322
00:12:05,520 --> 00:12:08,280
Fabrics job is to standardize identity, policy,
323
00:12:08,280 --> 00:12:09,720
and provenance above the two layers
324
00:12:09,720 --> 00:12:12,040
so any engine can render, simulate, or stream
325
00:12:12,040 --> 00:12:13,600
while governance remains intact.
326
00:12:13,600 --> 00:12:15,960
Enter open formats and logical storage.
327
00:12:15,960 --> 00:12:17,720
Keep canonical assets in one lake.
328
00:12:17,720 --> 00:12:20,240
Expose them through shortcuts and governed APIs.
329
00:12:20,240 --> 00:12:22,360
Use interoperable scene descriptions.
330
00:12:22,360 --> 00:12:25,000
Open USD, where appropriate, so you exchange structure,
331
00:12:25,000 --> 00:12:27,400
materials and references without exporting chaos.
332
00:12:27,400 --> 00:12:29,320
But remember, format doesn't equal governance.
333
00:12:29,320 --> 00:12:31,800
The platform must inject labels, license terms,
334
00:12:31,800 --> 00:12:34,600
and usage constraints as first class meta data
335
00:12:34,600 --> 00:12:37,480
that writes with the asset is queryable and is enforceable.
336
00:12:37,480 --> 00:12:39,120
Not a readme, enforceable.
337
00:12:39,120 --> 00:12:41,600
Here's the shortcut nobody teaches, writes as code.
338
00:12:41,600 --> 00:12:43,880
Model writes as machine readable policies.
339
00:12:43,880 --> 00:12:48,040
Who, where, when, how long, and for which derivative purposes?
340
00:12:48,040 --> 00:12:50,120
Tag the asset, license, commercial, territory,
341
00:12:50,120 --> 00:12:53,920
U+US duration 2025, 1231, derivatives, render plus
342
00:12:53,920 --> 00:12:55,880
in prohibit resale per re-host.
343
00:12:55,880 --> 00:12:57,920
Fabrics evaluates those claims at access time.
344
00:12:57,920 --> 00:13:00,320
Unity scene wants to pull the textures from Japan?
345
00:13:00,320 --> 00:13:02,720
Denied, a web viewer requests a downsample stream
346
00:13:02,720 --> 00:13:05,680
for public display, allowed if watermarking is enabled
347
00:13:05,680 --> 00:13:07,440
and attribution is injected.
348
00:13:07,440 --> 00:13:09,520
The policy isn't a PDF that humans ignore,
349
00:13:09,520 --> 00:13:10,960
it's a runtime decision.
350
00:13:10,960 --> 00:13:12,240
Now, the interrupt dance.
351
00:13:12,240 --> 00:13:13,680
Engines expect local files.
352
00:13:13,680 --> 00:13:17,480
We don't copy 90 gigabyte to every workstation like its 2012.
353
00:13:17,480 --> 00:13:20,240
Use cloud mounts, signed URLs and streaming decoders
354
00:13:20,240 --> 00:13:22,600
that fetch only the needed LODs and tiles.
355
00:13:22,600 --> 00:13:26,280
Fabric issues time-bound tokens tied to identity and policy.
356
00:13:26,280 --> 00:13:28,280
When the token expires the faucet closes,
357
00:13:28,280 --> 00:13:30,400
if legal revokes a license, lineage identifies
358
00:13:30,400 --> 00:13:32,640
every manifest and scene using that asset,
359
00:13:32,640 --> 00:13:35,320
the tokens are invalidated, previews are purged,
360
00:13:35,320 --> 00:13:38,680
and CI pipelines fail fast with human readable reasons.
361
00:13:38,680 --> 00:13:41,000
Compare that to, we'll fix it next sprint.
362
00:13:41,000 --> 00:13:42,200
Lawyers love that phrase.
363
00:13:42,200 --> 00:13:44,120
Attribution is not optional.
364
00:13:44,120 --> 00:13:46,840
Embed creator, source, and license in the manifest
365
00:13:46,840 --> 00:13:49,560
and enforce overlay attribution in viewers that support it.
366
00:13:49,560 --> 00:13:52,240
For engines that don't, gate distribution behind a renderer
367
00:13:52,240 --> 00:13:54,600
or packaging step that bakes in credits or watermarks
368
00:13:54,600 --> 00:13:56,040
at the edges of allowed use.
369
00:13:56,040 --> 00:13:57,400
Fragyle, no, pragmatic.
370
00:13:57,400 --> 00:13:59,680
The average user thinks attribution is a checkbox.
371
00:13:59,680 --> 00:14:01,920
It's a write cross-platform identity is next.
372
00:14:01,920 --> 00:14:03,800
You authenticate with Entra ID.
373
00:14:03,800 --> 00:14:06,000
External partners federate via B2B,
374
00:14:06,000 --> 00:14:08,120
get scoped access to specific workspaces
375
00:14:08,120 --> 00:14:10,320
and never see raw canonical stores.
376
00:14:10,320 --> 00:14:12,840
Platform-level scopes map to engine-level roles,
377
00:14:12,840 --> 00:14:15,080
viewer, scene-author, asset-publisher.
378
00:14:15,080 --> 00:14:16,840
If a contractor leaves, access disappears
379
00:14:16,840 --> 00:14:19,280
without scrubbing shared drives for zombie files.
380
00:14:19,280 --> 00:14:21,040
Common mistakes, three favorites.
381
00:14:21,040 --> 00:14:25,040
One, exporting just for a demo, forgetting that demo's leak.
382
00:14:25,040 --> 00:14:28,600
Two, handing partners zips because the pipeline is complicated,
383
00:14:28,600 --> 00:14:30,160
which is how you lose control.
384
00:14:30,160 --> 00:14:32,680
Three, assuming OpenUSD alone solves rights.
385
00:14:32,680 --> 00:14:33,520
It doesn't.
386
00:14:33,520 --> 00:14:35,120
It carries structure, fabric carries law.
387
00:14:35,120 --> 00:14:36,520
Finally, future-proofing.
388
00:14:36,520 --> 00:14:39,160
Your asset will live longer than any engine you use today.
389
00:14:39,160 --> 00:14:40,200
Keep truth in one leg.
390
00:14:40,200 --> 00:14:42,520
Treat engines as a femoral clients and codify rights.
391
00:14:42,520 --> 00:14:43,920
So when the next platform arrives,
392
00:14:43,920 --> 00:14:45,680
you don't re-litigate your library.
393
00:14:45,680 --> 00:14:46,920
If you remember nothing else,
394
00:14:46,920 --> 00:14:49,200
interrupt without rights is piracy with better UX.
395
00:14:49,200 --> 00:14:50,680
Rights without interrupt is a museum.
396
00:14:50,680 --> 00:14:53,280
Fabric gives you both the ultimate test.
397
00:14:53,280 --> 00:14:56,200
Applying governance frameworks to real-time 3D assets.
398
00:14:56,200 --> 00:14:58,520
Let's graduate from theory to stress test.
399
00:14:58,520 --> 00:15:00,680
Real-time 3D isn't nice renders.
400
00:15:00,680 --> 00:15:03,200
It's dynamic-streamed multi-user policy-constrained
401
00:15:03,200 --> 00:15:04,960
interaction with high-fidelity objects
402
00:15:04,960 --> 00:15:07,680
inside engines that expect speed, not paperwork.
403
00:15:07,680 --> 00:15:09,920
If fabric governance holds here, it holds everywhere.
404
00:15:09,920 --> 00:15:11,640
Start with the ingestion frontier.
405
00:15:11,640 --> 00:15:13,600
Capture rigs land, thousands of images
406
00:15:13,600 --> 00:15:16,120
and light our scans into a raw workspace.
407
00:15:16,120 --> 00:15:17,680
Autoclassification applies.
408
00:15:17,680 --> 00:15:20,280
Source licensed region EU origin site B.
409
00:15:20,280 --> 00:15:22,600
A validation pipeline checks rights manifests,
410
00:15:22,600 --> 00:15:25,600
camera-exif, sensor IDs, and hash integrity.
411
00:15:25,600 --> 00:15:27,400
Anything missing goes to quarantine
412
00:15:27,400 --> 00:15:29,560
with a reason code humans can understand.
413
00:15:29,560 --> 00:15:31,880
That's your first gate, quality, legality,
414
00:15:31,880 --> 00:15:34,880
and provenance enforced before anyone even opens a viewer.
415
00:15:34,880 --> 00:15:36,520
Next, deterministic processing.
416
00:15:36,520 --> 00:15:38,600
Spark pipelines, retopologize measures,
417
00:15:38,600 --> 00:15:40,640
bake texture sets, generate LODs,
418
00:15:40,640 --> 00:15:42,160
and produce collider variants.
419
00:15:42,160 --> 00:15:45,320
Every step stamps lineage edges and pins tool chain hashes.
420
00:15:45,320 --> 00:15:47,880
Outputs are versioned, labeled internal only,
421
00:15:47,880 --> 00:15:49,240
until policy checks pass.
422
00:15:49,240 --> 00:15:51,360
The platform emits compatibility metadata,
423
00:15:51,360 --> 00:15:55,480
mesh 3.4, materials 2.1, collider 1.9, into the manifest.
424
00:15:55,480 --> 00:15:58,240
You don't rely on memory, you rely on metadata that compiles.
425
00:15:58,240 --> 00:16:00,520
Publishing isn't copying files to someone's desktop.
426
00:16:00,520 --> 00:16:02,680
The canonical asset stays in one lake.
427
00:16:02,680 --> 00:16:04,720
Teams get shortcuts into a product workspace
428
00:16:04,720 --> 00:16:06,040
with curated derivatives.
429
00:16:06,040 --> 00:16:09,320
Real-time ready meshes, texture atlases, simplified colliders,
430
00:16:09,320 --> 00:16:12,160
and a governance-friendly open USD scene.
431
00:16:12,160 --> 00:16:14,520
Access is roll-scoped, authors can update staging,
432
00:16:14,520 --> 00:16:16,960
consumers read published, partners get time-bound,
433
00:16:16,960 --> 00:16:19,240
region-bound reads via B2B Federation.
434
00:16:19,240 --> 00:16:21,480
No mystery zips, no al-weight rans for it,
435
00:16:21,480 --> 00:16:24,200
but you either pass through the gate or you wait outside.
436
00:16:24,200 --> 00:16:27,120
Now the real-time pivot, streaming, and tokens.
437
00:16:27,120 --> 00:16:29,520
Engines like Unity, Unreal, and Omniverse
438
00:16:29,520 --> 00:16:31,680
pull only what they need when they need it.
439
00:16:31,680 --> 00:16:35,280
Fabricments signed URLs tied to EntraID and policy claims
440
00:16:35,280 --> 00:16:38,200
who wear purpose, duration, derivative allowances,
441
00:16:38,200 --> 00:16:40,200
a scene request LOD1 for a close-up,
442
00:16:40,200 --> 00:16:43,400
allowed if attribution overlay is enabled and watermarked present.
443
00:16:43,400 --> 00:16:46,440
A texture request originates from a blocked region,
444
00:16:46,440 --> 00:16:49,120
denied with an explicit error and a lineage link,
445
00:16:49,120 --> 00:16:51,800
this is rights as code in motion, decisions at access time,
446
00:16:51,800 --> 00:16:54,400
not after compliance meeting, multi-user collaboration
447
00:16:54,400 --> 00:16:57,920
turns governance into choreography, two designers in different GOs,
448
00:16:57,920 --> 00:17:01,440
one robotics engineer in a lab, and a producer on a laptop,
449
00:17:01,440 --> 00:17:03,320
editing the same digital twin.
450
00:17:03,320 --> 00:17:05,480
Session orchestration checks compatibility locks
451
00:17:05,480 --> 00:17:07,040
at the manifest layer.
452
00:17:07,040 --> 00:17:08,920
You can tweak physics within guardrails,
453
00:17:08,920 --> 00:17:11,720
you can't swap a material that would violate export controls.
454
00:17:11,720 --> 00:17:13,720
If legal updates are licensed during the session,
455
00:17:13,720 --> 00:17:15,160
the change propagates.
456
00:17:15,160 --> 00:17:18,920
Token's expire, assets are demoted, and the UI surfaces are clear reason.
457
00:17:18,920 --> 00:17:21,800
Not a silent failure and enforced policy with receipts.
458
00:17:21,800 --> 00:17:24,320
Performance is not an excuse to break governance.
459
00:17:24,320 --> 00:17:27,960
Stream tile textures and mesh chunks don't duplicate canonical stores,
460
00:17:27,960 --> 00:17:30,040
cash with eviction and respect labels.
461
00:17:30,040 --> 00:17:32,760
Pre-big variance explicitly allowed by policy.
462
00:17:32,760 --> 00:17:38,200
If your scene creator needs a local copy of the 90 gear by source set to feel safe,
463
00:17:38,200 --> 00:17:39,200
the answer is no.
464
00:17:39,200 --> 00:17:42,000
You want real time, use streaming, you want compliance,
465
00:17:42,000 --> 00:17:44,720
use metadata and tokens, you want both fabric.
466
00:17:44,720 --> 00:17:45,960
Let's make it painfully specific.
467
00:17:45,960 --> 00:17:49,080
Safety training scenario, a digital twin of an electric bus,
468
00:17:49,080 --> 00:17:51,640
one-one fidelity with PPE inspection flow.
469
00:17:51,640 --> 00:17:54,960
The session pulls a published manifest pin to mesh 3.4 materials,
470
00:17:54,960 --> 00:17:58,560
2.1 collider, 1.9 physics, 1.2 license commercial territory,
471
00:17:58,560 --> 00:18:01,560
USBU duration, 2025, 12.31.
472
00:18:01,560 --> 00:18:04,000
A trainee in Europe authenticates via intra,
473
00:18:04,000 --> 00:18:06,000
the viewer requests needed assets.
474
00:18:06,000 --> 00:18:10,040
Fabric allows streaming with a public display subset if watermarking is enabled.
475
00:18:10,040 --> 00:18:12,720
The trainer in the US edits an annotation,
476
00:18:12,720 --> 00:18:14,520
which writes to a governed delta table,
477
00:18:14,520 --> 00:18:17,160
referenced by the scene lineage ties it to the session,
478
00:18:17,160 --> 00:18:20,920
and ordered a later queries who viewed post-repair variant in Q2,
479
00:18:20,920 --> 00:18:24,440
answer arrives in seconds with a lineage graph, not a forensics novel,
480
00:18:24,440 --> 00:18:26,120
common pitfalls and the fix.
481
00:18:26,120 --> 00:18:29,360
Pitfall one does preview assets that bypass manifests.
482
00:18:29,360 --> 00:18:33,960
Fix disable unsigned access require manifests for any published retrieval,
483
00:18:33,960 --> 00:18:37,920
and make the authoring tools fetch through the same APIs as viewers.
484
00:18:37,920 --> 00:18:42,160
Pitfall 2 partner handoffs via zip, fix provision B2B identities,
485
00:18:42,160 --> 00:18:45,320
scope workspaces, and require tokenized access.
486
00:18:45,320 --> 00:18:48,960
Build a one-click package that emits signed bundles with embedded licenses
487
00:18:48,960 --> 00:18:51,280
and timeouts if you truly need offline review.
488
00:18:51,280 --> 00:18:53,680
Pitfall 3 goes derivatives, fix.
489
00:18:53,680 --> 00:18:58,040
Pipelines must register outputs in a catalog item with retention and labels.
490
00:18:58,040 --> 00:19:01,120
Unregistered files are auto-deleted or quarantined by policy.
491
00:19:01,120 --> 00:19:03,360
Testing governance is non-negotiable.
492
00:19:03,360 --> 00:19:06,280
Build table top drills, revoke a license mid-sprint,
493
00:19:06,280 --> 00:19:09,520
rotate a region restriction, expire a token during a live session,
494
00:19:09,520 --> 00:19:11,080
push a breaking mesh update.
495
00:19:11,080 --> 00:19:13,000
Success isn't, we found the email.
496
00:19:13,000 --> 00:19:16,240
Success is the platform enforcing intent without heroics.
497
00:19:16,240 --> 00:19:17,600
Measure mean time to quarantine,
498
00:19:17,600 --> 00:19:19,960
percent of unauthorized requests correctly blocked,
499
00:19:19,960 --> 00:19:24,400
lineage completeness score and delta between published manifest and session resolved assets.
500
00:19:24,400 --> 00:19:28,240
If those numbers aren't boringly consistent, you're not production ready.
501
00:19:28,240 --> 00:19:31,480
Finally, the loop back to analytics, real-time scenes aren't black boxes.
502
00:19:31,480 --> 00:19:33,520
Usage logs feed fabrics monitoring workspace.
503
00:19:33,520 --> 00:19:36,160
You learn which allods cost you, which Geo's trigger denials,
504
00:19:36,160 --> 00:19:38,920
which partners push the limits and which policies cause friction.
505
00:19:38,920 --> 00:19:40,920
You adjust, not by whisper network,
506
00:19:40,920 --> 00:19:44,800
but by iterating policies, manifests, and pipelines with data.
507
00:19:44,800 --> 00:19:46,440
Essentially you govern the governance.
508
00:19:46,440 --> 00:19:48,080
You want the one sentence version?
509
00:19:48,080 --> 00:19:49,520
Stream the twin, not the chaos.
510
00:19:49,520 --> 00:19:52,240
Tokens, manifests, lineage, and labels do the heavy lifting.
511
00:19:52,240 --> 00:19:55,440
If the hardest, highest fidelity real-time use case runs clean,
512
00:19:55,440 --> 00:19:58,080
every lesser workload will obediently follow.
513
00:19:58,080 --> 00:19:59,760
The future of digital trust.
514
00:19:59,760 --> 00:20:01,040
Here's the blunt takeaway.
515
00:20:01,040 --> 00:20:02,880
Digital trust isn't a promise.
516
00:20:02,880 --> 00:20:05,040
It's enforcement at runtime with receipts.
517
00:20:05,040 --> 00:20:07,040
Real-time 3D just forces you to admit it.
518
00:20:07,040 --> 00:20:12,440
If identity lineage writes as code and streaming governance can hold a one-one digital twin together under load,
519
00:20:12,440 --> 00:20:15,040
everything else you run is trivial by comparison.
520
00:20:15,040 --> 00:20:16,240
So do the grown-up thing.
521
00:20:16,240 --> 00:20:19,360
Pin manifests, treat licenses as versioned components,
522
00:20:19,360 --> 00:20:22,880
stream with tokens, federate partners, drill revocations,
523
00:20:22,880 --> 00:20:26,480
and measure the boring metrics that prove policy isn't theatre.
524
00:20:26,480 --> 00:20:28,640
If this saved you time, repay the debt,
525
00:20:28,640 --> 00:20:31,680
subscribe, share this with the person still emailing zips,
00:00:00,000 --> 00:00:01,640
You think spreadsheets are messy?
2
00:00:01,640 --> 00:00:02,280
Cute.
3
00:00:02,280 --> 00:00:05,680
3D photorealistic objects and digital twins are data on nightmare mode,
4
00:00:05,680 --> 00:00:08,640
multi-gigabyte textures, meshes, materials, physics,
5
00:00:08,640 --> 00:00:11,680
versions, user trites, and lineage that spans cameras,
6
00:00:11,680 --> 00:00:13,960
lidar, GPUs, and clouds.
7
00:00:13,960 --> 00:00:16,360
If your governance breaks here, it will break everywhere.
8
00:00:16,360 --> 00:00:16,920
The truth?
9
00:00:16,920 --> 00:00:19,200
3D assets expose every week assumption
10
00:00:19,200 --> 00:00:21,880
you've made about identity, security, life cycle,
11
00:00:21,880 --> 00:00:22,720
and compliance.
12
00:00:22,720 --> 00:00:24,240
And that's why they're the perfect stress
13
00:00:24,240 --> 00:00:25,520
test for Microsoft Fabric.
14
00:00:25,520 --> 00:00:28,760
Handle the heaviest, weirdest data in a single architecture
15
00:00:28,760 --> 00:00:31,040
with consistent policy, and suddenly everything else
16
00:00:31,040 --> 00:00:32,760
in your enterprise looks trivial.
17
00:00:32,760 --> 00:00:35,800
So today, I'm going to show you why Fabric's unified governance
18
00:00:35,800 --> 00:00:37,400
isn't nice to have.
19
00:00:37,400 --> 00:00:39,400
It's the difference between scalable reality
20
00:00:39,400 --> 00:00:41,520
and an expensive art project.
21
00:00:41,520 --> 00:00:43,920
Defining Fabric governance, the foundation of trust.
22
00:00:43,920 --> 00:00:45,640
Let's get precise, governance in fabric
23
00:00:45,640 --> 00:00:47,960
isn't a stack of policies you forget to enforce.
24
00:00:47,960 --> 00:00:50,560
It's the operating system for your data life, identity,
25
00:00:50,560 --> 00:00:53,880
permissioning, lineage, classification, policy, and monitoring,
26
00:00:53,880 --> 00:00:56,920
wired into one-lake, workspaces, items, and compute,
27
00:00:56,920 --> 00:00:59,680
not duct taped after the fact is not just a database,
28
00:00:59,680 --> 00:01:01,240
it's the spine of your data estate.
29
00:01:01,240 --> 00:01:02,760
Why this matters with 3D?
30
00:01:02,760 --> 00:01:04,520
A single asset isn't a file.
31
00:01:04,520 --> 00:01:07,240
It's a constellation, high-res photo-grammetry images,
32
00:01:07,240 --> 00:01:09,640
point clouds, meshes, textures, materials,
33
00:01:09,640 --> 00:01:11,840
rigging metadata, simulation parameters,
34
00:01:11,840 --> 00:01:15,400
and derived variance for AR, robotics, and training.
35
00:01:15,400 --> 00:01:17,880
Each piece has different sensitivity, owners, licenses,
36
00:01:17,880 --> 00:01:19,200
and allowable uses.
37
00:01:19,200 --> 00:01:21,200
The average user tries to shove that into folders
38
00:01:21,200 --> 00:01:24,480
you need deterministic control, enter Fabric's core.
39
00:01:24,480 --> 00:01:27,240
Security starts with Microsoft Entra ID,
40
00:01:27,240 --> 00:01:30,680
consistent identity across producers, processes, and consumers.
41
00:01:30,680 --> 00:01:34,040
That means when an artist, a data engineer, or a robotics team
42
00:01:34,040 --> 00:01:37,680
touches an object, access is role-bound and auditable.
43
00:01:37,680 --> 00:01:40,600
No mystery shares, no who sent me this zip, chaos.
44
00:01:40,600 --> 00:01:42,760
Row and column security isn't the hero here.
45
00:01:42,760 --> 00:01:44,720
Object level and workspace scoping are.
46
00:01:44,720 --> 00:01:47,000
You gate entire artifacts in their derivatives
47
00:01:47,000 --> 00:01:49,080
with the same identity fabric.
48
00:01:49,080 --> 00:01:51,400
Now, the thing most people miss, governance without lineage
49
00:01:51,400 --> 00:01:52,440
is theater.
50
00:01:52,440 --> 00:01:55,360
Fabric's built-in lineage maps how a raw capture
51
00:01:55,360 --> 00:01:58,360
flowed into a processed mesh into a compressed LOD set
52
00:01:58,360 --> 00:01:59,800
into a robot training simulation
53
00:01:59,800 --> 00:02:02,720
and finally into a KPI dashboard showing training efficiency.
54
00:02:02,720 --> 00:02:05,960
You see sources, transformations, and downstream consumers.
55
00:02:05,960 --> 00:02:08,200
If a source scan is recalled due to rights restrictions,
56
00:02:08,200 --> 00:02:09,160
you don't guess where it went.
57
00:02:09,160 --> 00:02:11,120
You follow the lineage and revoke, reprocess,
58
00:02:11,120 --> 00:02:12,840
or quarantine, everything it contaminated.
59
00:02:12,840 --> 00:02:14,200
That's trust you can act on.
60
00:02:14,200 --> 00:02:16,560
Classification and labels are your next lever.
61
00:02:16,560 --> 00:02:19,320
Sensitive, licensed, export-controlled, internal only.
62
00:02:19,320 --> 00:02:21,600
The tag follows the asset as it moves.
63
00:02:21,600 --> 00:02:24,640
Not as a sticky note as metadata the platform respects.
64
00:02:24,640 --> 00:02:27,680
Policy enforces labels, share blocks, cross-gear controls,
65
00:02:27,680 --> 00:02:29,640
retention, and encryption at rest in transit.
66
00:02:29,640 --> 00:02:31,560
With 3D, this is non-negotiable.
67
00:02:31,560 --> 00:02:32,720
That free texture pack?
68
00:02:32,720 --> 00:02:34,960
If it's not licensed for commercial digital twins,
69
00:02:34,960 --> 00:02:36,600
your policy should stop it at the gate.
70
00:02:36,600 --> 00:02:39,240
Yes, proactively, because you like not getting sued.
71
00:02:39,240 --> 00:02:41,560
Storage gravity kills most architectures.
72
00:02:41,560 --> 00:02:43,640
One-lake flips it, a single logical data
73
00:02:43,640 --> 00:02:46,120
lake with open formats and shortcut semantics,
74
00:02:46,120 --> 00:02:47,920
so you don't spawn 15 brittle copies.
75
00:02:47,920 --> 00:02:50,880
For 3D, that means canonical assets live once
76
00:02:50,880 --> 00:02:53,600
with derived views for teams and tools.
77
00:02:53,600 --> 00:02:56,320
Compute comes to the data, spark for processing, pipelines
78
00:02:56,320 --> 00:02:58,680
for orchestration, notebooks for transformation,
79
00:02:58,680 --> 00:03:00,640
while governance remains consistent.
80
00:03:00,640 --> 00:03:03,000
Compare that to download, edit locally, re-upload,
81
00:03:03,000 --> 00:03:04,680
hope nobody else changed it now.
82
00:03:04,680 --> 00:03:08,000
Amateur hour, and yes, monitoring, activity logs, access
83
00:03:08,000 --> 00:03:10,120
audits, data movement reports.
84
00:03:10,120 --> 00:03:12,840
If a 90-gigabyte mesh starts exfiltrating
85
00:03:12,840 --> 00:03:15,840
to an unknown region, you don't wait for a quarterly review,
86
00:03:15,840 --> 00:03:17,440
alerts fire, policy's trigger.
87
00:03:17,440 --> 00:03:19,800
The platform behaves like it knows your risk tolerance
88
00:03:19,800 --> 00:03:20,680
because you taught it.
89
00:03:20,680 --> 00:03:23,040
Let me show you exactly how this lands in a real workflow.
90
00:03:23,040 --> 00:03:26,040
Captured teams dump raw scans into an ingestion workspace
91
00:03:26,040 --> 00:03:29,160
with strict contributor roles and automatic classification,
92
00:03:29,160 --> 00:03:31,840
licensed, source, region, and EU.
93
00:03:31,840 --> 00:03:34,440
Pipelines validate schema and rights metadata.
94
00:03:34,440 --> 00:03:36,520
Anything non-compliant gets quarantined.
95
00:03:36,520 --> 00:03:39,480
Processing runs on governed compute, spark jobs,
96
00:03:39,480 --> 00:03:42,600
tag outputs with lineage, versioning, and usage rights.
97
00:03:42,600 --> 00:03:44,640
Publishing promotes approved derivatives
98
00:03:44,640 --> 00:03:47,120
to a shared product workspace via shortcuts.
99
00:03:47,120 --> 00:03:48,120
No duplication.
100
00:03:48,120 --> 00:03:51,240
Consumers, robotics, training analytics, get red access
101
00:03:51,240 --> 00:03:53,840
to only the derivatives their roles allow.
102
00:03:53,840 --> 00:03:56,320
If legal updates a policy say no export of assets
103
00:03:56,320 --> 00:03:59,640
with origin, citer, fabric retroactively blocks share links,
104
00:03:59,640 --> 00:04:01,320
marks affected items, and surfaces
105
00:04:01,320 --> 00:04:04,360
the dependency graph so owners patch or replace.
106
00:04:04,360 --> 00:04:05,560
The reason this works is simple.
107
00:04:05,560 --> 00:04:07,280
Governance isn't separate from productivity.
108
00:04:07,280 --> 00:04:08,560
It's fused to it.
109
00:04:08,560 --> 00:04:10,040
People do the right thing by default
110
00:04:10,040 --> 00:04:11,800
because the platform translates policy
111
00:04:11,800 --> 00:04:13,400
into the path of least resistance.
112
00:04:13,400 --> 00:04:15,760
When the hardest data type you own 3D twins
113
00:04:15,760 --> 00:04:18,720
flows cleanly through identity, lineage, classification,
114
00:04:18,720 --> 00:04:21,320
policy, and monitoring every spreadsheet, CSV,
115
00:04:21,320 --> 00:04:23,400
and parquet file falls in line.
116
00:04:23,400 --> 00:04:26,120
Refusing unified governance is like refusing updates.
117
00:04:26,120 --> 00:04:27,760
And yes, they require restarts.
118
00:04:27,760 --> 00:04:30,320
And because Microsoft is not performing magic tricks,
119
00:04:30,320 --> 00:04:34,000
the complexity barrier, why 3D data breaks traditional systems.
120
00:04:34,000 --> 00:04:35,240
Here's the uncomfortable truth.
121
00:04:35,240 --> 00:04:37,560
Traditional data stacks were built for rows and columns
122
00:04:37,560 --> 00:04:39,720
and at their most adventurous a few chunky files
123
00:04:39,720 --> 00:04:40,640
in a shared drive.
124
00:04:40,640 --> 00:04:41,920
3D data laughs at that.
125
00:04:41,920 --> 00:04:44,320
A single photo-real object is not a file.
126
00:04:44,320 --> 00:04:47,000
It's a high poly mesh, multiple levels of detail,
127
00:04:47,000 --> 00:04:50,440
displacement, and normal maps, PBR material graphs,
128
00:04:50,440 --> 00:04:54,040
HDRI lighting references, thousands of source photos,
129
00:04:54,040 --> 00:04:57,280
LiDAR point clouds, rigging metadata, physics constraints,
130
00:04:57,280 --> 00:05:00,800
simulation parameters, and half a dozen derivative exports
131
00:05:00,800 --> 00:05:03,080
for game engines, robotics, and AR.
132
00:05:03,080 --> 00:05:05,000
That's not storage, that's a supply chain.
133
00:05:05,000 --> 00:05:06,600
Now, tri-versioning it.
134
00:05:06,600 --> 00:05:08,240
V2 final final dies here.
135
00:05:08,240 --> 00:05:11,200
You need semantic versioning across interdependent components.
136
00:05:11,200 --> 00:05:16,200
Mesh V3.4 compatible with texture set, V2.1, and rig V1.9
137
00:05:16,200 --> 00:05:18,400
plus a provenance trail back to source captures.
138
00:05:18,400 --> 00:05:20,320
Without lineage, you're shipping franken assets
139
00:05:20,320 --> 00:05:23,520
that render beautifully until a robot arm clips through a hinge
140
00:05:23,520 --> 00:05:26,120
because the collision mesh didn't update with the material.
141
00:05:26,120 --> 00:05:28,240
The average user shrugs your safety team doesn't.
142
00:05:28,240 --> 00:05:31,680
Identity and permissioning folder ACLs crumble.
143
00:05:31,680 --> 00:05:34,840
Artists, scan, text, simulation engineers, ML teams,
144
00:05:34,840 --> 00:05:36,480
and legal all need different rights
145
00:05:36,480 --> 00:05:39,400
on different parts of the same object at different times.
146
00:05:39,400 --> 00:05:42,080
Write on staging, read on published, deny export
147
00:05:42,080 --> 00:05:44,200
from restricted Geos allow parameter edits,
148
00:05:44,200 --> 00:05:45,320
but not texture swaps.
149
00:05:45,320 --> 00:05:47,520
This is policy as graph, not policy as folder.
150
00:05:47,520 --> 00:05:49,320
Anything less, and you'll either block the work
151
00:05:49,320 --> 00:05:52,040
or leak the crown jewels, usually both.
152
00:05:52,040 --> 00:05:54,480
Licensing and compliance are where most organizations
153
00:05:54,480 --> 00:05:56,240
quietly set themselves on fire.
154
00:05:56,240 --> 00:05:59,280
Third party scans, museum collections, prop houses,
155
00:05:59,280 --> 00:06:01,720
and open libraries come with usage clauses,
156
00:06:01,720 --> 00:06:04,640
non-commercial attribution geo-restricted time bound
157
00:06:04,640 --> 00:06:06,360
or export controlled.
158
00:06:06,360 --> 00:06:09,480
Glue that to every derivative and enforce it across tools.
159
00:06:09,480 --> 00:06:12,520
Or watch an innocent test render wander into an ad campaign.
160
00:06:12,520 --> 00:06:14,680
With 3D downstream misuse isn't theoretical,
161
00:06:14,680 --> 00:06:17,320
it's embedded into pipelines, previews, and caches.
162
00:06:17,320 --> 00:06:19,920
If your platform doesn't carry rights metadata end-to-end,
163
00:06:19,920 --> 00:06:21,480
you've built a lawsuit generator.
164
00:06:21,480 --> 00:06:23,560
Performance and scale add insult to injury.
165
00:06:23,560 --> 00:06:24,880
These assets are heavy.
166
00:06:24,880 --> 00:06:27,040
Moving gigabytes across regions to placate
167
00:06:27,040 --> 00:06:28,760
a tool that insists on local copies
168
00:06:28,760 --> 00:06:30,600
is a cost and risk multiplier.
169
00:06:30,600 --> 00:06:33,360
Traditional copy to project workflows explode storage,
170
00:06:33,360 --> 00:06:34,960
fragment, truth, and bury governance
171
00:06:34,960 --> 00:06:36,320
under duplicate snow drifts.
172
00:06:36,320 --> 00:06:37,720
You think you have three bus models,
173
00:06:37,720 --> 00:06:41,040
you have 19 all slightly wrong, then there's temporal truth.
174
00:06:41,040 --> 00:06:44,560
Digital twins aren't static museum pieces, they change.
175
00:06:44,560 --> 00:06:47,280
Where patents, replaced parts, sensor calibrations,
176
00:06:47,280 --> 00:06:50,840
environment updates, time becomes a first class dimension.
177
00:06:50,840 --> 00:06:52,680
Traditional systems fake this with folders
178
00:06:52,680 --> 00:06:55,440
named archive, 2020 407.
179
00:06:55,440 --> 00:06:55,960
Cute.
180
00:06:55,960 --> 00:06:58,480
Real governance tracks state changes as lineage events
181
00:06:58,480 --> 00:07:01,320
preserve historical queries and allows conditional policy,
182
00:07:01,320 --> 00:07:05,800
allow export of pre-2023 variants, quarantine post-2023
183
00:07:05,800 --> 00:07:07,800
scans from side B pending audit.
184
00:07:07,800 --> 00:07:10,360
Tool diversity is the final nail reality capture,
185
00:07:10,360 --> 00:07:13,840
DCC tools, game engines, simulation frameworks, ML training
186
00:07:13,840 --> 00:07:15,720
rigs, each speaks its own file dialect
187
00:07:15,720 --> 00:07:16,760
and metadata religion.
188
00:07:16,760 --> 00:07:18,920
If your governance requires every tool to behave,
189
00:07:18,920 --> 00:07:20,240
you've already lost.
190
00:07:20,240 --> 00:07:22,480
The platform must standardize identity policy
191
00:07:22,480 --> 00:07:23,960
and lineage above the tool layer.
192
00:07:23,960 --> 00:07:26,040
So blender, omniverse, unity, and spark
193
00:07:26,040 --> 00:07:28,320
can disagree about everything except who can do what,
194
00:07:28,320 --> 00:07:30,640
to which asset, where, and when.
195
00:07:30,640 --> 00:07:33,120
This clicked for me when a team tried to go fast
196
00:07:33,120 --> 00:07:35,520
by bypassing policy to meet a demo date.
197
00:07:35,520 --> 00:07:36,880
They shipped a gorgeous model.
198
00:07:36,880 --> 00:07:40,560
Then legal discovered the base scan carried a non export license.
199
00:07:40,560 --> 00:07:42,280
The fix wasn't an apology.
200
00:07:42,280 --> 00:07:45,080
It was a full asset recall across four regions,
201
00:07:45,080 --> 00:07:47,840
retraining of a model that had ingested previews
202
00:07:47,840 --> 00:07:49,440
and purging every derivative.
203
00:07:49,440 --> 00:07:52,000
Days lost because governance was optional.
204
00:07:52,000 --> 00:07:54,840
The thing most people miss is that 3D doesn't tolerate optional.
205
00:07:54,840 --> 00:07:56,800
Either your platform enforces identity,
206
00:07:56,800 --> 00:07:59,360
lineage, classification, and policy by default,
207
00:07:59,360 --> 00:08:02,080
or the complexity will enforce chaos for you.
208
00:08:02,080 --> 00:08:04,000
Versioning and provenance, tracking the lifecycle
209
00:08:04,000 --> 00:08:05,120
of a digital twin.
210
00:08:05,120 --> 00:08:07,880
Versioning 3D twins isn't renaming folders and hoping.
211
00:08:07,880 --> 00:08:09,800
It's a governed narrative of cause and effect.
212
00:08:09,800 --> 00:08:11,440
The truth, without tight provenance,
213
00:08:11,440 --> 00:08:13,560
you're not iterating, you're randomizing.
214
00:08:13,560 --> 00:08:15,400
So let's wire this properly in fabric,
215
00:08:15,400 --> 00:08:17,640
where identity, lineage, and policy
216
00:08:17,640 --> 00:08:20,440
ride along every change like a black box flight recorder.
217
00:08:20,440 --> 00:08:22,360
Start with a canonical object definition.
218
00:08:22,360 --> 00:08:23,640
Call it the twin manifest.
219
00:08:23,640 --> 00:08:24,880
It's not a pretty PDF.
220
00:08:24,880 --> 00:08:26,600
It's structured metadata in one lake
221
00:08:26,600 --> 00:08:29,040
that references components by immutable IDs,
222
00:08:29,040 --> 00:08:31,360
source captures, mesh textures, materials,
223
00:08:31,360 --> 00:08:33,840
rig, physics, and simulation parameters.
224
00:08:33,840 --> 00:08:36,080
Each component gets semantic versioning
225
00:08:36,080 --> 00:08:39,080
major for breaking changes, minor for compatible improvements,
226
00:08:39,080 --> 00:08:41,120
build metadata for environment and toolchain.
227
00:08:41,120 --> 00:08:44,920
Mesh 3.4 works with material graph 2.1 and collider 1.9.
228
00:08:44,920 --> 00:08:46,840
That compatibility table lives in the manifest,
229
00:08:46,840 --> 00:08:47,800
not in someone's memory.
230
00:08:47,800 --> 00:08:49,960
Yes, average user, this is more work upfront.
231
00:08:49,960 --> 00:08:51,120
It's called engineering.
232
00:08:51,120 --> 00:08:52,960
Now the provenance chain, fabric lineage,
233
00:08:52,960 --> 00:08:55,080
captures ingestion events from capture rigs
234
00:08:55,080 --> 00:08:57,840
into the raw workspace, tagged with capture method,
235
00:08:57,840 --> 00:09:01,720
LiDAR, photogrammetry, device IDs, operator, location,
236
00:09:01,720 --> 00:09:02,960
and rights metadata.
237
00:09:02,960 --> 00:09:04,000
That's your origin story.
238
00:09:04,000 --> 00:09:06,160
Processing pipelines promote two staging
239
00:09:06,160 --> 00:09:07,760
with deterministic transformations,
240
00:09:07,760 --> 00:09:12,640
decimation, retopology, UV unwrap, baking, and LOD generation.
241
00:09:12,640 --> 00:09:16,720
Every step emits lineage edges, raw scan V1.2, mesh V1.9,
242
00:09:16,720 --> 00:09:18,000
a lot set, Vi.3.
243
00:09:18,000 --> 00:09:20,960
When you publish, the manifest pins the exact graph state.
244
00:09:20,960 --> 00:09:24,320
If you rebuild with a new retopo algorithm, you don't overwrite.
245
00:09:24,320 --> 00:09:27,240
You branch, you compare, you decide, here's the shortcut,
246
00:09:27,240 --> 00:09:28,280
nobody teaches.
247
00:09:28,280 --> 00:09:30,000
Treat rights as version state, too.
248
00:09:30,000 --> 00:09:34,280
The license you captured under at site AV-2023.10 is a component.
249
00:09:34,280 --> 00:09:37,520
When legal updates terms, you don't scramble through drives.
250
00:09:37,520 --> 00:09:39,720
You query fabric, show me all manifests,
251
00:09:39,720 --> 00:09:42,000
referencing license site A-2310.
252
00:09:42,000 --> 00:09:43,240
The dependency graph lights up.
253
00:09:43,240 --> 00:09:44,640
You bulked the mode affected twins
254
00:09:44,640 --> 00:09:45,840
from published to quarantine,
255
00:09:45,840 --> 00:09:48,720
trigger reprocessing with allowed substitutions and republish.
256
00:09:48,720 --> 00:09:50,160
Governance didn't slow you down.
257
00:09:50,160 --> 00:09:52,320
It prevented weeks of forensic archaeology.
258
00:09:52,320 --> 00:09:54,520
Let me show you exactly how teams work with this.
259
00:09:54,520 --> 00:09:57,280
Artists open the staging shortcut in their DCC tool.
260
00:09:57,280 --> 00:09:59,560
They can bump texture 2.1 to 2.2,
261
00:09:59,560 --> 00:10:02,760
but policy blocks changing the collision mesh in published.
262
00:10:02,760 --> 00:10:05,160
Simulation engineers can tweak physics parameters
263
00:10:05,160 --> 00:10:06,560
within guarded ranges.
264
00:10:06,560 --> 00:10:08,800
Crossing a threshold forces a new minor version
265
00:10:08,800 --> 00:10:10,560
with an approval workflow.
266
00:10:10,560 --> 00:10:13,080
Robotics consumes a frozen manifest via a shortcut,
267
00:10:13,080 --> 00:10:16,040
no downloading 90-git-et locally, so their build is reproducible.
268
00:10:16,040 --> 00:10:18,800
Analytics pulls lineage to explain why training performance
269
00:10:18,800 --> 00:10:21,880
jumped on twin 3.4, the decimator improved edge preservation,
270
00:10:21,880 --> 00:10:22,760
not magic.
271
00:10:22,760 --> 00:10:23,760
Common mistakes?
272
00:10:23,760 --> 00:10:24,560
Two classics.
273
00:10:24,560 --> 00:10:27,000
First, final render without pinning sources.
274
00:10:27,000 --> 00:10:29,720
You ship a published twin pointing at latest meshes.
275
00:10:29,720 --> 00:10:32,560
Later, a mesh update breaks a compatibility contract.
276
00:10:32,560 --> 00:10:34,840
Result, beautiful demo, broken production.
277
00:10:34,840 --> 00:10:36,520
Pin exact versions in the manifest.
278
00:10:36,520 --> 00:10:38,360
Latest is a ticking bomb.
279
00:10:38,360 --> 00:10:39,960
Second, silent tool chain drift.
280
00:10:39,960 --> 00:10:41,880
Someone updates a plug-in, exports change,
281
00:10:41,880 --> 00:10:44,080
embed tool chain hashes in build metadata
282
00:10:44,080 --> 00:10:45,640
and enforce them at pipeline time.
283
00:10:45,640 --> 00:10:48,040
If hashes don't match, the job fails loudly.
284
00:10:48,040 --> 00:10:49,600
Painful now, cheaper than a recall.
285
00:10:49,600 --> 00:10:50,880
Temporal reality matters.
286
00:10:50,880 --> 00:10:53,240
Twins age, replace a part in the physical asset.
287
00:10:53,240 --> 00:10:54,520
You branch the digital twin.
288
00:10:54,520 --> 00:10:56,680
Fabric lets you annotate the manifest
289
00:10:56,680 --> 00:11:00,000
with effective dates and states, pre-repair, post-repair.
290
00:11:00,000 --> 00:11:02,160
Policies can then allow downstream use only
291
00:11:02,160 --> 00:11:03,720
for time-appropriate variance.
292
00:11:03,720 --> 00:11:05,360
Training models don't accidentally learn
293
00:11:05,360 --> 00:11:06,320
obsolete geometry.
294
00:11:06,320 --> 00:11:08,360
Finally, auditability.
295
00:11:08,360 --> 00:11:10,800
Fabric activity logs plus lineage produce
296
00:11:10,800 --> 00:11:13,640
a human readable provenance who changed what, when, why,
297
00:11:13,640 --> 00:11:14,960
and with which inputs.
298
00:11:14,960 --> 00:11:18,160
That's defensible compliance and frankly professional hygiene.
299
00:11:18,160 --> 00:11:19,760
If you remember, nothing else version
300
00:11:19,760 --> 00:11:21,800
the manifest pin dependencies and treat rights
301
00:11:21,800 --> 00:11:24,080
as first class versioned components.
302
00:11:24,080 --> 00:11:25,480
The rest of your governance will stop
303
00:11:25,480 --> 00:11:28,240
feeling like theater and start behaving like engineering.
304
00:11:28,240 --> 00:11:30,880
Interoperability and rights management in the metaverse.
305
00:11:30,880 --> 00:11:32,320
Let's address the fantasy first.
306
00:11:32,320 --> 00:11:34,040
You think the metaverse is one place.
307
00:11:34,040 --> 00:11:34,560
Incorrect.
308
00:11:34,560 --> 00:11:37,680
It's a patchwork of engines, viewers, devices, file dialects
309
00:11:37,680 --> 00:11:39,920
and business models that barely agree on gravity.
310
00:11:39,920 --> 00:11:42,200
Interoperability isn't a feature, it's survival.
311
00:11:42,200 --> 00:11:44,440
And rights management isn't a footer on a contract.
312
00:11:44,440 --> 00:11:46,240
It's the guardrail that keeps your assets
313
00:11:46,240 --> 00:11:49,080
from being cloned, remixed, and monetized by everyone
314
00:11:49,080 --> 00:11:49,920
except you.
315
00:11:49,920 --> 00:11:50,680
The truth?
316
00:11:50,680 --> 00:11:53,960
If your 3D twin can't move between omniverse, unity,
317
00:11:53,960 --> 00:11:56,880
unreal, web GL viewers and downstream analytics
318
00:11:56,880 --> 00:11:59,320
without breaking identity, lineage or licensing,
319
00:11:59,320 --> 00:12:01,120
you don't have a metaverse strategy,
320
00:12:01,120 --> 00:12:03,400
you have vendor lock-in with extra steps.
321
00:12:03,400 --> 00:12:05,520
Fabrics job is not to make blender behave.
322
00:12:05,520 --> 00:12:08,280
Fabrics job is to standardize identity, policy,
323
00:12:08,280 --> 00:12:09,720
and provenance above the two layers
324
00:12:09,720 --> 00:12:12,040
so any engine can render, simulate, or stream
325
00:12:12,040 --> 00:12:13,600
while governance remains intact.
326
00:12:13,600 --> 00:12:15,960
Enter open formats and logical storage.
327
00:12:15,960 --> 00:12:17,720
Keep canonical assets in one lake.
328
00:12:17,720 --> 00:12:20,240
Expose them through shortcuts and governed APIs.
329
00:12:20,240 --> 00:12:22,360
Use interoperable scene descriptions.
330
00:12:22,360 --> 00:12:25,000
Open USD, where appropriate, so you exchange structure,
331
00:12:25,000 --> 00:12:27,400
materials and references without exporting chaos.
332
00:12:27,400 --> 00:12:29,320
But remember, format doesn't equal governance.
333
00:12:29,320 --> 00:12:31,800
The platform must inject labels, license terms,
334
00:12:31,800 --> 00:12:34,600
and usage constraints as first class meta data
335
00:12:34,600 --> 00:12:37,480
that writes with the asset is queryable and is enforceable.
336
00:12:37,480 --> 00:12:39,120
Not a readme, enforceable.
337
00:12:39,120 --> 00:12:41,600
Here's the shortcut nobody teaches, writes as code.
338
00:12:41,600 --> 00:12:43,880
Model writes as machine readable policies.
339
00:12:43,880 --> 00:12:48,040
Who, where, when, how long, and for which derivative purposes?
340
00:12:48,040 --> 00:12:50,120
Tag the asset, license, commercial, territory,
341
00:12:50,120 --> 00:12:53,920
U+US duration 2025, 1231, derivatives, render plus
342
00:12:53,920 --> 00:12:55,880
in prohibit resale per re-host.
343
00:12:55,880 --> 00:12:57,920
Fabrics evaluates those claims at access time.
344
00:12:57,920 --> 00:13:00,320
Unity scene wants to pull the textures from Japan?
345
00:13:00,320 --> 00:13:02,720
Denied, a web viewer requests a downsample stream
346
00:13:02,720 --> 00:13:05,680
for public display, allowed if watermarking is enabled
347
00:13:05,680 --> 00:13:07,440
and attribution is injected.
348
00:13:07,440 --> 00:13:09,520
The policy isn't a PDF that humans ignore,
349
00:13:09,520 --> 00:13:10,960
it's a runtime decision.
350
00:13:10,960 --> 00:13:12,240
Now, the interrupt dance.
351
00:13:12,240 --> 00:13:13,680
Engines expect local files.
352
00:13:13,680 --> 00:13:17,480
We don't copy 90 gigabyte to every workstation like its 2012.
353
00:13:17,480 --> 00:13:20,240
Use cloud mounts, signed URLs and streaming decoders
354
00:13:20,240 --> 00:13:22,600
that fetch only the needed LODs and tiles.
355
00:13:22,600 --> 00:13:26,280
Fabric issues time-bound tokens tied to identity and policy.
356
00:13:26,280 --> 00:13:28,280
When the token expires the faucet closes,
357
00:13:28,280 --> 00:13:30,400
if legal revokes a license, lineage identifies
358
00:13:30,400 --> 00:13:32,640
every manifest and scene using that asset,
359
00:13:32,640 --> 00:13:35,320
the tokens are invalidated, previews are purged,
360
00:13:35,320 --> 00:13:38,680
and CI pipelines fail fast with human readable reasons.
361
00:13:38,680 --> 00:13:41,000
Compare that to, we'll fix it next sprint.
362
00:13:41,000 --> 00:13:42,200
Lawyers love that phrase.
363
00:13:42,200 --> 00:13:44,120
Attribution is not optional.
364
00:13:44,120 --> 00:13:46,840
Embed creator, source, and license in the manifest
365
00:13:46,840 --> 00:13:49,560
and enforce overlay attribution in viewers that support it.
366
00:13:49,560 --> 00:13:52,240
For engines that don't, gate distribution behind a renderer
367
00:13:52,240 --> 00:13:54,600
or packaging step that bakes in credits or watermarks
368
00:13:54,600 --> 00:13:56,040
at the edges of allowed use.
369
00:13:56,040 --> 00:13:57,400
Fragyle, no, pragmatic.
370
00:13:57,400 --> 00:13:59,680
The average user thinks attribution is a checkbox.
371
00:13:59,680 --> 00:14:01,920
It's a write cross-platform identity is next.
372
00:14:01,920 --> 00:14:03,800
You authenticate with Entra ID.
373
00:14:03,800 --> 00:14:06,000
External partners federate via B2B,
374
00:14:06,000 --> 00:14:08,120
get scoped access to specific workspaces
375
00:14:08,120 --> 00:14:10,320
and never see raw canonical stores.
376
00:14:10,320 --> 00:14:12,840
Platform-level scopes map to engine-level roles,
377
00:14:12,840 --> 00:14:15,080
viewer, scene-author, asset-publisher.
378
00:14:15,080 --> 00:14:16,840
If a contractor leaves, access disappears
379
00:14:16,840 --> 00:14:19,280
without scrubbing shared drives for zombie files.
380
00:14:19,280 --> 00:14:21,040
Common mistakes, three favorites.
381
00:14:21,040 --> 00:14:25,040
One, exporting just for a demo, forgetting that demo's leak.
382
00:14:25,040 --> 00:14:28,600
Two, handing partners zips because the pipeline is complicated,
383
00:14:28,600 --> 00:14:30,160
which is how you lose control.
384
00:14:30,160 --> 00:14:32,680
Three, assuming OpenUSD alone solves rights.
385
00:14:32,680 --> 00:14:33,520
It doesn't.
386
00:14:33,520 --> 00:14:35,120
It carries structure, fabric carries law.
387
00:14:35,120 --> 00:14:36,520
Finally, future-proofing.
388
00:14:36,520 --> 00:14:39,160
Your asset will live longer than any engine you use today.
389
00:14:39,160 --> 00:14:40,200
Keep truth in one leg.
390
00:14:40,200 --> 00:14:42,520
Treat engines as a femoral clients and codify rights.
391
00:14:42,520 --> 00:14:43,920
So when the next platform arrives,
392
00:14:43,920 --> 00:14:45,680
you don't re-litigate your library.
393
00:14:45,680 --> 00:14:46,920
If you remember nothing else,
394
00:14:46,920 --> 00:14:49,200
interrupt without rights is piracy with better UX.
395
00:14:49,200 --> 00:14:50,680
Rights without interrupt is a museum.
396
00:14:50,680 --> 00:14:53,280
Fabric gives you both the ultimate test.
397
00:14:53,280 --> 00:14:56,200
Applying governance frameworks to real-time 3D assets.
398
00:14:56,200 --> 00:14:58,520
Let's graduate from theory to stress test.
399
00:14:58,520 --> 00:15:00,680
Real-time 3D isn't nice renders.
400
00:15:00,680 --> 00:15:03,200
It's dynamic-streamed multi-user policy-constrained
401
00:15:03,200 --> 00:15:04,960
interaction with high-fidelity objects
402
00:15:04,960 --> 00:15:07,680
inside engines that expect speed, not paperwork.
403
00:15:07,680 --> 00:15:09,920
If fabric governance holds here, it holds everywhere.
404
00:15:09,920 --> 00:15:11,640
Start with the ingestion frontier.
405
00:15:11,640 --> 00:15:13,600
Capture rigs land, thousands of images
406
00:15:13,600 --> 00:15:16,120
and light our scans into a raw workspace.
407
00:15:16,120 --> 00:15:17,680
Autoclassification applies.
408
00:15:17,680 --> 00:15:20,280
Source licensed region EU origin site B.
409
00:15:20,280 --> 00:15:22,600
A validation pipeline checks rights manifests,
410
00:15:22,600 --> 00:15:25,600
camera-exif, sensor IDs, and hash integrity.
411
00:15:25,600 --> 00:15:27,400
Anything missing goes to quarantine
412
00:15:27,400 --> 00:15:29,560
with a reason code humans can understand.
413
00:15:29,560 --> 00:15:31,880
That's your first gate, quality, legality,
414
00:15:31,880 --> 00:15:34,880
and provenance enforced before anyone even opens a viewer.
415
00:15:34,880 --> 00:15:36,520
Next, deterministic processing.
416
00:15:36,520 --> 00:15:38,600
Spark pipelines, retopologize measures,
417
00:15:38,600 --> 00:15:40,640
bake texture sets, generate LODs,
418
00:15:40,640 --> 00:15:42,160
and produce collider variants.
419
00:15:42,160 --> 00:15:45,320
Every step stamps lineage edges and pins tool chain hashes.
420
00:15:45,320 --> 00:15:47,880
Outputs are versioned, labeled internal only,
421
00:15:47,880 --> 00:15:49,240
until policy checks pass.
422
00:15:49,240 --> 00:15:51,360
The platform emits compatibility metadata,
423
00:15:51,360 --> 00:15:55,480
mesh 3.4, materials 2.1, collider 1.9, into the manifest.
424
00:15:55,480 --> 00:15:58,240
You don't rely on memory, you rely on metadata that compiles.
425
00:15:58,240 --> 00:16:00,520
Publishing isn't copying files to someone's desktop.
426
00:16:00,520 --> 00:16:02,680
The canonical asset stays in one lake.
427
00:16:02,680 --> 00:16:04,720
Teams get shortcuts into a product workspace
428
00:16:04,720 --> 00:16:06,040
with curated derivatives.
429
00:16:06,040 --> 00:16:09,320
Real-time ready meshes, texture atlases, simplified colliders,
430
00:16:09,320 --> 00:16:12,160
and a governance-friendly open USD scene.
431
00:16:12,160 --> 00:16:14,520
Access is roll-scoped, authors can update staging,
432
00:16:14,520 --> 00:16:16,960
consumers read published, partners get time-bound,
433
00:16:16,960 --> 00:16:19,240
region-bound reads via B2B Federation.
434
00:16:19,240 --> 00:16:21,480
No mystery zips, no al-weight rans for it,
435
00:16:21,480 --> 00:16:24,200
but you either pass through the gate or you wait outside.
436
00:16:24,200 --> 00:16:27,120
Now the real-time pivot, streaming, and tokens.
437
00:16:27,120 --> 00:16:29,520
Engines like Unity, Unreal, and Omniverse
438
00:16:29,520 --> 00:16:31,680
pull only what they need when they need it.
439
00:16:31,680 --> 00:16:35,280
Fabricments signed URLs tied to EntraID and policy claims
440
00:16:35,280 --> 00:16:38,200
who wear purpose, duration, derivative allowances,
441
00:16:38,200 --> 00:16:40,200
a scene request LOD1 for a close-up,
442
00:16:40,200 --> 00:16:43,400
allowed if attribution overlay is enabled and watermarked present.
443
00:16:43,400 --> 00:16:46,440
A texture request originates from a blocked region,
444
00:16:46,440 --> 00:16:49,120
denied with an explicit error and a lineage link,
445
00:16:49,120 --> 00:16:51,800
this is rights as code in motion, decisions at access time,
446
00:16:51,800 --> 00:16:54,400
not after compliance meeting, multi-user collaboration
447
00:16:54,400 --> 00:16:57,920
turns governance into choreography, two designers in different GOs,
448
00:16:57,920 --> 00:17:01,440
one robotics engineer in a lab, and a producer on a laptop,
449
00:17:01,440 --> 00:17:03,320
editing the same digital twin.
450
00:17:03,320 --> 00:17:05,480
Session orchestration checks compatibility locks
451
00:17:05,480 --> 00:17:07,040
at the manifest layer.
452
00:17:07,040 --> 00:17:08,920
You can tweak physics within guardrails,
453
00:17:08,920 --> 00:17:11,720
you can't swap a material that would violate export controls.
454
00:17:11,720 --> 00:17:13,720
If legal updates are licensed during the session,
455
00:17:13,720 --> 00:17:15,160
the change propagates.
456
00:17:15,160 --> 00:17:18,920
Token's expire, assets are demoted, and the UI surfaces are clear reason.
457
00:17:18,920 --> 00:17:21,800
Not a silent failure and enforced policy with receipts.
458
00:17:21,800 --> 00:17:24,320
Performance is not an excuse to break governance.
459
00:17:24,320 --> 00:17:27,960
Stream tile textures and mesh chunks don't duplicate canonical stores,
460
00:17:27,960 --> 00:17:30,040
cash with eviction and respect labels.
461
00:17:30,040 --> 00:17:32,760
Pre-big variance explicitly allowed by policy.
462
00:17:32,760 --> 00:17:38,200
If your scene creator needs a local copy of the 90 gear by source set to feel safe,
463
00:17:38,200 --> 00:17:39,200
the answer is no.
464
00:17:39,200 --> 00:17:42,000
You want real time, use streaming, you want compliance,
465
00:17:42,000 --> 00:17:44,720
use metadata and tokens, you want both fabric.
466
00:17:44,720 --> 00:17:45,960
Let's make it painfully specific.
467
00:17:45,960 --> 00:17:49,080
Safety training scenario, a digital twin of an electric bus,
468
00:17:49,080 --> 00:17:51,640
one-one fidelity with PPE inspection flow.
469
00:17:51,640 --> 00:17:54,960
The session pulls a published manifest pin to mesh 3.4 materials,
470
00:17:54,960 --> 00:17:58,560
2.1 collider, 1.9 physics, 1.2 license commercial territory,
471
00:17:58,560 --> 00:18:01,560
USBU duration, 2025, 12.31.
472
00:18:01,560 --> 00:18:04,000
A trainee in Europe authenticates via intra,
473
00:18:04,000 --> 00:18:06,000
the viewer requests needed assets.
474
00:18:06,000 --> 00:18:10,040
Fabric allows streaming with a public display subset if watermarking is enabled.
475
00:18:10,040 --> 00:18:12,720
The trainer in the US edits an annotation,
476
00:18:12,720 --> 00:18:14,520
which writes to a governed delta table,
477
00:18:14,520 --> 00:18:17,160
referenced by the scene lineage ties it to the session,
478
00:18:17,160 --> 00:18:20,920
and ordered a later queries who viewed post-repair variant in Q2,
479
00:18:20,920 --> 00:18:24,440
answer arrives in seconds with a lineage graph, not a forensics novel,
480
00:18:24,440 --> 00:18:26,120
common pitfalls and the fix.
481
00:18:26,120 --> 00:18:29,360
Pitfall one does preview assets that bypass manifests.
482
00:18:29,360 --> 00:18:33,960
Fix disable unsigned access require manifests for any published retrieval,
483
00:18:33,960 --> 00:18:37,920
and make the authoring tools fetch through the same APIs as viewers.
484
00:18:37,920 --> 00:18:42,160
Pitfall 2 partner handoffs via zip, fix provision B2B identities,
485
00:18:42,160 --> 00:18:45,320
scope workspaces, and require tokenized access.
486
00:18:45,320 --> 00:18:48,960
Build a one-click package that emits signed bundles with embedded licenses
487
00:18:48,960 --> 00:18:51,280
and timeouts if you truly need offline review.
488
00:18:51,280 --> 00:18:53,680
Pitfall 3 goes derivatives, fix.
489
00:18:53,680 --> 00:18:58,040
Pipelines must register outputs in a catalog item with retention and labels.
490
00:18:58,040 --> 00:19:01,120
Unregistered files are auto-deleted or quarantined by policy.
491
00:19:01,120 --> 00:19:03,360
Testing governance is non-negotiable.
492
00:19:03,360 --> 00:19:06,280
Build table top drills, revoke a license mid-sprint,
493
00:19:06,280 --> 00:19:09,520
rotate a region restriction, expire a token during a live session,
494
00:19:09,520 --> 00:19:11,080
push a breaking mesh update.
495
00:19:11,080 --> 00:19:13,000
Success isn't, we found the email.
496
00:19:13,000 --> 00:19:16,240
Success is the platform enforcing intent without heroics.
497
00:19:16,240 --> 00:19:17,600
Measure mean time to quarantine,
498
00:19:17,600 --> 00:19:19,960
percent of unauthorized requests correctly blocked,
499
00:19:19,960 --> 00:19:24,400
lineage completeness score and delta between published manifest and session resolved assets.
500
00:19:24,400 --> 00:19:28,240
If those numbers aren't boringly consistent, you're not production ready.
501
00:19:28,240 --> 00:19:31,480
Finally, the loop back to analytics, real-time scenes aren't black boxes.
502
00:19:31,480 --> 00:19:33,520
Usage logs feed fabrics monitoring workspace.
503
00:19:33,520 --> 00:19:36,160
You learn which allods cost you, which Geo's trigger denials,
504
00:19:36,160 --> 00:19:38,920
which partners push the limits and which policies cause friction.
505
00:19:38,920 --> 00:19:40,920
You adjust, not by whisper network,
506
00:19:40,920 --> 00:19:44,800
but by iterating policies, manifests, and pipelines with data.
507
00:19:44,800 --> 00:19:46,440
Essentially you govern the governance.
508
00:19:46,440 --> 00:19:48,080
You want the one sentence version?
509
00:19:48,080 --> 00:19:49,520
Stream the twin, not the chaos.
510
00:19:49,520 --> 00:19:52,240
Tokens, manifests, lineage, and labels do the heavy lifting.
511
00:19:52,240 --> 00:19:55,440
If the hardest, highest fidelity real-time use case runs clean,
512
00:19:55,440 --> 00:19:58,080
every lesser workload will obediently follow.
513
00:19:58,080 --> 00:19:59,760
The future of digital trust.
514
00:19:59,760 --> 00:20:01,040
Here's the blunt takeaway.
515
00:20:01,040 --> 00:20:02,880
Digital trust isn't a promise.
516
00:20:02,880 --> 00:20:05,040
It's enforcement at runtime with receipts.
517
00:20:05,040 --> 00:20:07,040
Real-time 3D just forces you to admit it.
518
00:20:07,040 --> 00:20:12,440
If identity lineage writes as code and streaming governance can hold a one-one digital twin together under load,
519
00:20:12,440 --> 00:20:15,040
everything else you run is trivial by comparison.
520
00:20:15,040 --> 00:20:16,240
So do the grown-up thing.
521
00:20:16,240 --> 00:20:19,360
Pin manifests, treat licenses as versioned components,
522
00:20:19,360 --> 00:20:22,880
stream with tokens, federate partners, drill revocations,
523
00:20:22,880 --> 00:20:26,480
and measure the boring metrics that prove policy isn't theatre.
524
00:20:26,480 --> 00:20:28,640
If this saved you time, repay the debt,
525
00:20:28,640 --> 00:20:31,680
subscribe, share this with the person still emailing zips,
