[WG-InfoSharing] [projectvrm] Semantic (healthcare) stake in the ground (was The Administration perspective...)

Doc Searls dsearls at cyber.law.harvard.edu
Sat Dec 18 13:32:12 EST 2010 

At 6:56 PM -1000 12/17/10, J. Clark wrote:
>Adrian, VRMistas, Info Sharers,
>
>I'm cc'ing this to the Kantara Info Sharing group as I believe there 
>are members on that list who might contribute to this.
>
>Thanks for your summary and suggestions. To your three suggestions 
>below, example comments that we might consider in order to support 
>or modify PCAST to allow Personal Data Stores (placeholders here):
>
>1. VRM has a significant identity management component.
>
>I'm curious to see if anyone would challenge this. The nature(s) of 
>the component is under exploration in a number of camps. I'd like to 
>see others weigh in to help identify appropriate identity trust 
>anchors.

I'd say VRM can include, identity management. But I also see VRM as a 
broad category that might be thought of as a toolbox. It can include 
lots of tools, but none of the tools are themselves required. And in 
fact there is at least one VRM development, The Mine! Project 
<http://themineproject.org>. that purposefully does not start with 
identity (and avoids identity as a required dependency. Maybe Adriana 
or Alec can weigh in here on that.

>2. PCAST seeks to make the metadata vocabulary expandable.
>
>Again there are several groups--including Kantara working 
>groups--that might help here.
>
>3. VRM has a perspective on governance and the ability of 
>individuals, cooperatives and small groups to host their own PDS 
>(personal data store) nodes.
>
>Doc has at least one thought on this. Others will likely contribute, 
>right gang?

Self-hosting should be an option. See what Joe says about User Driven 
Services, here... 
<http://blog.joeandrieu.com/2009/04/26/introducing-user-driven-services/> 
... especially #6: 
<http://blog.joeandrieu.com/2009/05/09/user-driven-services-6-self-hosting/>

Writing this on a moving bus without my glasses, so I'll stick just 
with the above.

Cheers,

Doc

>Thanks Adrian for your continued efforts to increase inclusivity.
>
>   judi
>
>
>On 12/16/10 1:33 PM, Adrian Gropper wrote:
>
>>Judi,
>>
>>The PCAST report is 91 pages. 
>><http://www.whitehouse.gov/sites/default/files/microsites/ostp/pcast-health-it-report.pdf>http://www.whitehouse.gov/sites/default/files/microsites/ostp/pcast-health-it-report.pdf
>>
>>The technology part starts on page 41. Here's my oversimplified 
>>summary from the VRM perspective:
>>
>>Private data in PDS are encoded as XML with standardized and 
>>extensible vocabularies
>>Metadata accompanies the data that includes at least:
>>person (the subject of the data)
>>provenance (the author of the data)
>>privacy (who can see the data with person or anonymous)
>>The data and the metadata are encrypted separately and managed 
>>separately by the PDS
>>An infrastructure of Data Element Access Services (DEAS) will crawl 
>>and index metadata and manage authentication and authorization but 
>>will _not_ be allowed to see the data itself. DEAS and the separate 
>>metadata encryption are designed to be easily regulated.
>>The goal is to allow aggregation of data across multiple PDS 
>>on-demand subject to the authorization constraints of the subject
>>The design allows for aggregation of identified data as well as 
>>anonymized data (for research)
>>It's a safe bet that if the PCAST architecture moves forward, a 
>>regulatory system will be put in place to manage identity and 
>>privacy in this healthcare context.
>>
>>Example comments that we might consider in order to support or 
>>modify PCAST to allow Personal Data Stores:
>>
>>VRM has a significant identity management component. The 
>>healthcare-oriented Direct Project 
>><http://directproject.org/>http://directproject.org/ experience in 
>>setting up a secure email system that includes both persons and 
>>institutions can inform how users are identified in PCAST metadata. 
>>PCAST needs to be compatible with identity trust anchors that are 
>>not strictly tied to healthcare.
>>PCAST seeks to make the metadata vocabulary expandable. How would 
>>the VRM community like to manage controlled vocabularies and what 
>>does HHS need to do to make sure that they retain compatibility 
>>beyond healthcare.
>>VRM has a perspective on governance and the ability of individuals, 
>>cooperatives and small groups to host their own PDS nodes. PCAST 
>>assumes there will be relatively few privacy control points (DEAS) 
>>serving an unlimited number of PDS. Is this too much central 
>>control? Can VRM live with this kind of centralization in return 
>>for lubricating the broad adoption of PDS infrastructure?
>>The goal of our comments would be to jump-start PDS adoption by 
>>piggybacking on the regulations, software and services that will be 
>>created to serve the massive needs healthcare.
>>
>>Adrian
>>
>>
>>--
>>Adrian Gropper MD
>>MedCommons
>><mailto:agropper at medcommons.net>agropper at medcommons.net


-- 
+1-805-705-9666
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20101218/32c6870d/attachment.html

More information about the WG-InfoSharing mailing list