Early system design suffers from ambiguous access control requirements, uneven distribution of domain knowledge, and cognitive asymmetry among stakeholders. Method: This paper proposes a tool-supported method that embeds asset and goal models as boundary objects into the requirements and architecture phases. It introduces a lightweight UML/SysML-inspired modeling language to explicitly represent access control concerns and integrates model comparison and difference analysis to enhance knowledge transparency and stakeholder alignment. Contribution/Results: The approach enables “shifting access control left” in the development lifecycle. Evaluated in a military aviation reusable component adaptation case, it identified six categories of latent access constraint conflicts, reduced requirement clarification cycles by 40%, and significantly improved cross-role collaboration efficiency.

Access control needs have broad design implications, but access control specifications may be elicited before, during, or after these needs are captured. Because access control knowledge is distributed, we need to make knowledge asymmetries more transparent, and use expertise already available to stakeholders. In this paper, we present a tool-supported technique identifying knowledge asymmetries around access control based on asset and goal models. Using simple and conventional modelling languages that complement different design techniques, we provide boundary objects to make access control transparent, thereby making knowledge about access control concerns more symmetric. We illustrate this technique using a case study example considering the suitability of a reusable software component in a new military air system.