Web Services Contraptions

Balisage 2009: Introducing hData

Gerald Beuchelt — Thu, 02 Jul 2009 20:24:28 GMT

For this year's Balisage in Montreal, we (R. Dingwell, A. Gregorowicz, H. Sleeper, and myself) have been accepted as a late-breaking proposal for our work on hData, which addresses some problems that are currently plaguing electronic health records. Our session is scheduled on Thursday at 11:00am. This is the abstract:

Title: hData - A Simplified Approach to Health Data Exchange

Interoperability issues have limited the expected benefits of Electronic Health Record (EHR) systems. Ideally, the medical history of a patient is recorded in a set of digital continuity of care documents which are securely available to the patient and their care providers on demand. The history of continuity of care standards includes multiple standards organizations, differing goals, and ongoing efforts to reconcile the various specifications. Existing standards define a format that is too complex for exchanging continuity of care information effectively. We propose hData, a simplified XML framework to describe health information. hData addresses the challenges of the current HL7 Continuity of Care Document format and is explicitly designed for extensibility to address health information exchange needs, in general. hData applies established best practices for XML document architectures to the vertical health domain, which has experienced significant XML-based interoperability issues.

As you might imagine, we will have to say a few things about identity, access, and privacy management for electronic health records, as well. Looking forward to seeing you there.

tags: balisageConference09 EHR HIT health care health records hData

tinyarro.ws: http://➡.ws/榾 (wood chip)

Links for 2009-07-01 [del.icio.us]

Thu, 02 Jul 2009 00:00:00 PDT

Making Security Measurable
MITRE, in collaboration with government, industry, and academic stakeholders, is improving the measurability of security through enumerating baseline security data, providing standardized languages as means for accurately communicating the information, and encouraging the sharing of the information with users by developing repositories.

Links for 2009-06-30 [del.icio.us]

Wed, 01 Jul 2009 00:00:00 PDT

How Open Data even makes Garbage collection sexier, easier and cheaper | eaves.ca
Example on how open government data sharing can benefits citizens and administrations.
How To Write Unmaintainable Code

Links for 2009-06-24 [del.icio.us]

Thu, 25 Jun 2009 00:00:00 PDT

C4ISR for Future Naval Strike Groups
The National Academies Press
Excellent collection of free books.
The blue and the green | Bad Astronomy | Discover Magazine

Links for 2009-06-23 [del.icio.us]

Wed, 24 Jun 2009 00:00:00 PDT

Trailer: HBO's 'The Pacific'!--The Live Feed

The Meta Venn of Identity

Gerald Beuchelt — Tue, 23 Jun 2009 22:24:22 GMT

The time has come to start working on comprehensive identity convergence ... with Venngeance:

Links for 2009-06-22 [del.icio.us]

Tue, 23 Jun 2009 00:00:00 PDT

"Low-Level Terrorism" Equals "Protests" Question Pulled by Pentagon | Security Management

Links for 2009-06-20 [del.icio.us]

Sun, 21 Jun 2009 00:00:00 PDT

Founding Fathers - WSJ.com
Benjamin Franklin, John Adams and Thomas Jefferson, the three Founders who spent the most time abroad, missed milestone events [in their family's life]. Franklin was a no-show at his daughter's wedding and his wife's funeral. Adams was in Philadelphia when his wife, Abigail, gave birth to a stillborn daughter. While in France, Jefferson received word that his 2-year-old daughter had died of whooping cough. The news came seven months after her funeral.

Orwell 2.0

Gerald Beuchelt — Sat, 20 Jun 2009 17:21:39 GMT

What happens when a bureaucracy goes wild? Well, you can end up in a situation where private companies are facing the most restrictive privacy regime in the world, while government agencies are at liberty to spy on their people at will. Germany - my country of origin, and the country that claims to have "Informationelle Selbstbestimmung" (roughly: information self-determination) - has now completed a fairly comprehensive system of laws limiting fundamental human rights viz-a-viz the government:

Just yesterday, the so called "BSI Gesetz" was passed, which allows the BSI (roughly comparable to the NSA) to store and analyze any communication of government agencies, in particular exchanges between the people and government employees. So anytime you send an email to any German agency or visit their websites, the BSI will store all communication parameters and use them as they see fit. They claim pseudonymization, but they reserve the right to make the data identifiable again at any time. Inadvertently collected information may be used in any legal proceeding against you. So beware, if you send them mail, call them, or even just visit their web sites. The most chilling aspect is that this total oversight – with an equivalent lack of transparency and accountability - has echoes of two periods in German history which the country does not recall with pride: the periods which are closely associated with the Gestapo and the Stasi.
Just a week earlier, a censorship law was passed that is officially aimed at blocking access to websites containing pornographic material depicting minors. While I wholeheartedly agree with the goal to persecute the criminals that produce, distribute, and consume such media, the law is implemented in worst possible way: a secret set of lists will be created by the BKA (comparable to the FBI) that determines which web sites are to be blocked. This activity is supposedly to be monitored by the Datenschutzbeauftrager (roughly: federal privacy commissioner), who has already indicated that his agency is neither capable nor willing to perform this function.
Strong promises were made prior to passing the law that this new "federal firewall" infrastructure will only be used in the context of access prevention to objectionable pornographic material; there have now already been demands to also use it to block access to "Killerspiele" (i.e. first person shooters), Nazi propaganda material, and also pull this entire approach to the E.U. level to guard all Europeans from bad influence. Thought police, anyone?

This new legislation is on top of a slew of other nonsense, like the ability of almost any government agency to investigate your financial situation without a warrant, a lifelong globally unique tax ID, a national ID card that will soon contain biometrics, the requirement to inform the agencies of any change of address, and a federal broadcast tax that is collected by the GEZ, which has received the second ever "Big Brother Lifetime Award".

But - satisfying all prejudices about being thorough - there is more to come: my big favorite is the current health record proposal - which centers around the “Gesundheitskarte” (literally: health card, their health insurance card), but in reality will create the biggest database of medical records ever: Gematik will store all electronic health records of all patients in the entire health care system, including the - nominally - independent private insurers. If interested, take a look at their “Security Whitepaper” (German only, sorry): other than explaining the benefits of using a symmetric key for bulk encryption and public/private keys for key negotiation they have little to offer. If this is Gematik's level of competence in security and privacy, then I predict happy times for identity thieves specializing on the German patient.

What amazes me most is the ease with which all these regulations are introduced and accepted: yes, there has been some protest against the federal firewall law, but in the end it still passed and - quite frankly - I cannot imagine that any future administration will even attempt to remove it. It seems to me perverse that a government is misusing the compassion for victims of the most horrific crime to introduce a comprehensive cyber censorship infrastructure. This can only serve as a sobering reminder that even 20 years after the fall of the last dictators in Europe, there are countries in the continent which still have not fully embraced what her most gifted thinkers had set out to achieve more than 350 years ago. As most of you know, I now live and work in the United States - and fervently hope that this may never happen here.

[Many thanks to Robin for correcting some of my many mistakes].

tags; privacy censorship orwell nanny state healthcare

Ubuntu 9.04 (Jaunty) Netbook Remix on HP mini 1010nr

Gerald Beuchelt — Fri, 19 Jun 2009 18:32:06 GMT

For a number of reasons, I got myself an HP mini 1010nr with the 8GB SSD drive. It's a nice little machine (and cheap: US$ 220), especially if you configure it with 2GB RAM and use the little "hidden" USB port to add some more SSD memory (another 2GB for home directories in my case). While the machine shipped with Windows XP SP3, a brief re-visit of that platform reaffirmed my desire to try the Ubuntu Netbook Remix, a special edition of (currently) Jaunty. Amazingly enough, the base image work almost perfectly off the USB stick (with one quite notable exception - see below), so I gave it a try. Nixed Windows, put ext4fs on both the internal SSD and the 2GB /home stick, and installed.

Now I noticed that sound was not working, but there were plenty of folks on the net claiming vicory, so I was not too worried. At the endo of the day, I did get it to work, using the simplified instructions here and fixing the reboot/mute problem this way. Note that you might want to add the following line to the bottom of your /etc/modprobe.d/alsa-base.conf file:

#correct model for HP mini 1010nr

options snd-hda-intel model=hp-m4

Now, the only thing that turned out NOT to be working was the internal microphone which I need for Skype. The problem is that if you set the default recording devices to unmute, the mute again right after, and the microphone does not work.

After many hours of fairly fruitless searching, I stumbled across this post. It turned out to be close, but not the correct solution for the HP 1010NR: you leave the options as indicated above (reboot if necessary), and then set make sure "Digital" is unmuted, and set the Line Selectors to "line" and not "mic" or "front mic". That's all - microphone works now.

tags ubuntu jaunty 9.04 netbook HP mini 1010nr 1010nr sound problem

Links for 2009-06-16 [del.icio.us]

Wed, 17 Jun 2009 00:00:00 PDT

Standards Profiles - NSA/CSS
The Defense Information Systems Agency (DISA) tasked NSA with completing a series of standards profiles. These documents identify the mandatory features for the industry standard, based on the architectural context, and address secure interoperability with enterprise services offered by DISA. The profiles describe capabilities that are achievable today. This site include NCES Profiles for SAML, WS-Security, and XACML

Sensible Investments

Gerald Beuchelt — Sat, 13 Jun 2009 14:47:17 GMT

This is a little off-topic: I just got an invite to cast my proxy vote for my Fidelity mutual funds. In addition to the usual crud like blessing the board, there was an initiative to instruct the board not to invest into companies that support genocide in e.g. Darfur. While this should be a no-brainer, I was extremely surprised to see that the current board (which is seeking re-election just two lines up) is strongly suggesting to vote AGAINST such guidance (see also here). Their line of thought is that they are already barred from any direct investment into companies related to Darfur and Sudan, and that every thing else (such as investments into PetroChina Co.) is just sound investment.

I strongly object to this: the activities of the Sudanese government and their henchmen in Darfur have been determined to be genocide and crimes against humanity.I do not want to see any of my money being used for fostering these criminals or any other group that perpetrate the most heinous crimes. At this time, I am very much leaning towards moving my entire portfolio away from Fidelity to TIAA-CREF if there is no satisfactory resolution on July 15.

tags: fidelity investment genocide darfur

A treasure trove for frequent flyers

Gerald Beuchelt — Tue, 09 Jun 2009 22:06:34 GMT

Right now, I am taking a class on Air Traffic Management (ATM), which is already yielding some very concrete useful knowledge: unbeknown to me, the FAA and NOAA have a lot of very interesting tools on the web. These web sites may help you to get a better picture of your expected delay; much better than what gets announced at the airport or within the cabin, anyways.

ATCSCC

The Air Trafic Control System Command Center (ATCSCC) is responsible for mananging the entire National Airspace System (NAS). As such, they are in charge of all re-rerouting and have tons of interesting data for travelers. From their web page I can recommend:

The overview map (by region or airport) on their home page gives you an interactive and easy to interpret view of the current air traffic situation. Clicking on the airport yields a summary of expected delays and their real reason (no more airline babble about that strange gasket that was out of order).
The Operational Information System has a nice overview about what is going on in the NAS in more detail.
The airport arrival demand chart tells you what the line for arrivals at the destination looks like. If there is a backup, you will fly happy holding patterns.
The advisories database has all current ATCSCC advisories, including ground stop (i.e. the reasons for sitting on the tarmac for 3 hours before getting cleared for departure). Note that these advisories are not in clear text, but you need to understand the shorthand.

Finally, you can sign up for an airport delay email notification for the 40 busiest US airports at: http://www.fly.faa.gov/ais/jsp/register.jsp

NOAA

The National Weather Service has an aviation weather site at http://aviationweather.gov/. There are a lot of interesting services there for the avid hobby pilot or flightsimulator nerd, but the CCFP is most interesting from a airline-delay-perspective: it provides a 2h, 4h, and 6h convective pattern forcast (read: bad flying weather). This, and the turbulence charts can tell you at what segment of your trip to expect flying coffee cups (in the best case). Putting everything together, you can install the Flight Path Tool for a rich client GUI.

tags: faa aviation tools weather

June 4, 1989: REMEMBER

Gerald Beuchelt — Thu, 04 Jun 2009 12:21:53 GMT

Today should be "International Freedom Day", against all suppression of individual liberties, everywhere.

Automating RNG to XSD conversion in NetBeans

Gerald Beuchelt — Wed, 03 Jun 2009 19:00:09 GMT

Working currently on an RelaxNG project, I needed to automate conversion of RNG schemas to a W3C compliant schema in NetBeans. The tool I used to perform the transform is Trang. I added this macro to the build.xml file:

<macrodef name="rng2xsd" description="Conversion from RNG to XSD schemas">
    <attribute name="rng" />
    <attribute name="xsd" />
    <sequential>
        <echo message="Convert RNG schema (trang/oxygen): @{rng}"/>
        <java classname="com.thaiopensource.relaxng.translate.Driver"
               failonerror="true" maxmemory="128m" fork="true">
            <arg value="-I"/>
            <arg value="rng"/>
            <arg value="-O"/>
            <arg value="XSD"/>
            <arg value="@{rng}"/>
            <arg value="@{xsd}"/>
            <classpath>
                <pathelement location="resources/tools/trang-20081028.jar"/>
            </classpath>
        </java>
    </sequential>
</macrodef>

All necessary libraries reside in the ./resources/tools directory. Now, in order to use this macro on a number of RNG files, I decided to use the <for> directive from ant-contrib. James Allen has good instructions on how to integrate ant-contrib within NetBeans (or arbitrary ant environments) without having to drop the ant-contrib Jar into the ant/NetBeans installation.

<target name="convertRng2Xsd">
    <echo message="Converting RNG Schemas..."/>
    <mkdir dir="${xsd-schemas}"/>
    <for list="${rng-files}" param="file">
        <sequential>
            <rng2xsd rng="${rng-schemas}/@{file}.rng" xsd="${xsd-schemas}/@{file}.xsd" />
        </sequential>
    </for>
</target>

Here I am iterating over the ${rng-files} property that contains a comma delimited list of the RNG files you want to convert (without the .rng extension). I filled this through <pathconvert>:

<pathconvert property="rng-files" pathsep=",">
    <mapper>
        <chainedmapper>
            <flattenmapper />
            <globmapper from="*.rng" to="*" />
        </chainedmapper>
    </mapper>
    <path>
        <fileset dir="resources/schemas" includes="*.rng" />
    </path>
</pathconvert>

Obviously, these XSDs can then be used with any other tools, such as JAXB.

Somewhat off-topic: Valueing analysts

Gerald Beuchelt — Fri, 29 May 2009 21:24:50 GMT

This is a happy Friday afternoon rant.

I am still following the headlines for Sun (as long as that is still possible), and today I found some interesting headline: "Oracle Should Spin/Sell Sun Hardware Unit, Analyst Says". Well, interesting enough, I open the article, expecting some deep insight into what is going on. Unfortunately, the full report was not available, but the blog did mention the $23 dollar target set by the analyst, and that he would not know who might be interested in buying the Sun hardware business from Oracle.

Wow, impressive. Unless there is a lot of interesting detail in that research report (which is not available on AmTech's website), this is completely trivial: yeah, Oracle holding on to Sun's hardware business seems illogical from the outside. Good thing we have an analyst telling the world that. And Oracle will soon be at $23? I would neve have guessed that, given that they are currently at about $20, the market is pointing upward, and there is a good chance that the market will see the completion of the aquisition some time in the summer as something positive.

I think that I should consider a second career as software industry analyst: Money for nothing and the chicks for free...

A pessimistic view on Trust

Gerald Beuchelt — Thu, 14 May 2009 12:56:58 GMT

Trust is one of those concepts in IdM that are hard to define or measure, yet are at the basis of most of our transactions. There are a few different ways to look at trust or capture its essence, including reputation systems, assurance frameworks, and similar solutions. At the end of the day, however, it most often comes down to this:

Basic law of trust (BLT): Alice will only trust Bob in a transaction, if the benefits outweigh the perceived risk plus her personal margin of safety.

Sometimes there are situations where we MUST trust another party (through legal requirements or lack of other options), but these can be seen as special cases.

Now, applying the BLT, one has to manage both parts of the equation: risk (including the safety margin) and benefits. The benefits can be rather manifold, and cover all aspects of internet usage: services, purchases, personal enjoyment.

The risk on the other side can also fall into different categories: financial, reputation, legal, etc. In many cases the financial risks are most prominent: for example, when I buy some book on the internet, how can I be assured that (i) I really get the book, and (ii) my financial and personal information (shipping address) is safe and not misused. Obviously, I do have to trust the retailer and his ecosystem of partners (payment provider, shipping company, etc.) to perform the requested services to my satisfaction.

Reputation of the retailer does play a critical role: if I personally know people that had a good shopping experience at the retailer, and in addition know that there are (apparently?!) many good review by people I do not know, I am tempted to assume that the risk is not too big. At the end of the day however, it really comes down to this:

Financial trust - sue and collect: Alice will only trust Bob, if - in case something goes wrong - Alice has legal recourse and can expect Bob being able to pay sufficient damages.

I am not 100% sure if this is really at the foundation of trust in commercial transactions, but it seems to be at least one important factor. Obviously this is not a very optimistic point of view, hence the title of the blog entry.