ProtectServe: getting down to (use) cases

The need for permissioned data-sharing and relationship management doesn’t discriminate in favor of, or against, any type of entity; the stick figures below, representing a data-discloser and a data-consumer, could be a big company and one of its suppliers (B2B), or a company and one of its customers (B2C), or a customer and one of the vendors in her life (C2B), a citizen and one of the government agencies he deals with (C2G), etc.

The process wants to become more “peer-to-peer” (P2P!) than it is today. Data-disclosers, often disadvantaged today because they’re pressured to over-disclose and under-enforce, need to be empowered in a more balanced way. But while we’d like our ProtectServe and Relationship Manager architecture to be suggestive for the general case, we had to get specific, and so our initial use cases involve a data-disclosing human being and a data-consuming web app; you can think of them as playing the roles of “customer” and “vendor” in VRM scenarios such as change-of-address.

Here were our major functional requirements:

• Allow individuals to establish policies for each data-sharing relationship they have, as an interface mode separate from the login process
• Allow individuals to conduct long-term relationship management, including modifying the conditions of sharing
 or terminating the sharing relationship entirely
• Allow data recipients to retrieve data directly from authoritative sources, guided by policy, even while an individual is offline, reserving approval loops for extraordinary circumstances
• Allow data recipients to retrieve individuals’ data from multiple online sources, on a one-time or repeated basis
• Do this simply enough to attract adoption and energy

Obviously these requirements drive a lot of decision-making all by themselves, but soon enough even more specificity is needed. And that’s where Bob Blakley comes in. Bob kindly provided a lot of detailed feedback to me recently on our ProtectServe user experience mockups. In the course of our chat, he nicknamed two distinct use case categories we were hoping to solve for, which clarified my thinking in a big way.

One set of use cases involves a User explicitly provisioning a Consumer app with a way to get some set of data. For example:

• Registering for a new online account (or even buying something on a “one-night stand” basis, with no ongoing account) and providing stock info like a shipping address and credit card data (likely packaged into a set somehow)

• Providing calendar data to businesses to solicit event invitations (cable customer service, dentist’s appointment), or — in the case of travel calendars — to control mail/package/newspaper delivery or solicit travel-related offers of products and services (like country-specific prepaid calling cards)

• Making home inventory data available to insurers, or to estate-sale catalogue assemblers

• Making an album’s worth of photos from the latest vacation available to some group of friends and family, but reserving a few in the same album for a more select group

• (Warning: meta-example!) Serving out some cooked form of Relationship Manager audit-log data to a company that builds reputation scores for Consumer apps

Noting that the user is fully in charge, and no Consumer even learns about the data’s availability without the User’s personal and active involvement, Bob gave this set of use cases the Delta Tau Chi name of Data Dominatrix.

We also worked with a secondary bucket of use cases, though it has presented us with interesting protocol and user experience difficulties: widely publishing the existence of data, then deciding whether to to release it on request (where the requests were not individually solicited). For example:

• Putting links to your calendars, vCards, etc. on your blog, and then fielding requests from every party that wants it

• Offering a package of demographic data about yourself to any survey service willing to pay your price

In his inimitable way, Bob named this one Hey, Sailor. (Hmm, I’m sensing a theme here. What sort of girl does he think customers are? Then again, it doesn’t help that sometimes we want “one-night stands” in our online relationships!)

These use cases affected our choices around things like:

• The dynamic nature of the introduction process between Consumers and other parties
• The granularity of contract terms as they apply to data resources
• Where users need to be involved real-time vs. where they at least want the option of real-time consent vs. where they don’t want to be bothered

By the way, we also discussed a third use-case bucket that has not been on my team’s radar, and which I don’t believe got a nickname: The User puts together a prospectus of data he’s willing to assemble, if the right offer is made by a potential Consumer. While this sounds very interesting, there are already enough business and technical question marks around the rest of the proposition to make me want to hold off. But hey, if anyone’s inspired to defend it (or name it!), let me know.

To protect and to serve

In the last year, I’ve done a lot of thinking about the permissioned data sharing theme that runs through everything online, and have developed requirements around making the “everyday identity” experience more responsive to what people want: rebalancing the power relationships in online interactions, making those interactions more convenient, and giving people more reason to trust those with whom they decide to share information.

In the meantime, I’ve been fortunate to learn the perspectives of lots of folks like Bob Blakley, Project VRM and VPI participants, e-government experts, various people doing OAuth, and more.

Together with some very talented Sun colleagues (special shout-out to team members Paul Bryan, Marc Hadley, and Domenico Catalano), I started to get a picture of what a solution could look like. And then we started to wonder why it couldn’t apply to pretty much any act of selective data-sharing, no matter who — or what — the participants are.

So today I’m asking you to assess a proposal of ours, which tries to meet these goals in a way that is:

• simple
• secure
• efficient
• RESTful
• powerful
• OAuth-based
• identity system agnostic

We call the web protocol portion ProtectServe (yep, you got it). ProtectServe dictates interactions among four parties: a User/User Agent, an Authorization Manager (AM), a Service Provider (SP), and a Consumer. The protocol assumes there’s a Relationship Manager (RM) application sitting above, acting on behalf of the User — sometimes silently. At a minimum, it performs the job of authorization management.

We’re looking for your input in order to figure out if there are good ideas here and what should be done with them. (The proposal is entirely exploratory; my employer has no plans around it at the moment, though our work has been informed by OpenSSO — particularly its ongoing entitlement management enhancements.)

Read on for more, and please respond in this thread or drop me a note if you’re interested in following or contributing to this work. If there’s interest, we’re keen to join up with like-minded folks in a public forum.

[...]

343,000 reasons to be annoyed

The positive reaction to this new series has really encouraged me, and given that my dear readers tend to be smarties who like to know the logic behind how a thing works, it seems like a good time to lay down some basic information. (Sean, this one’s for you!) So that means this post is going to be somewhat dense.

In GCBC, Gary Taubes reviews the fat-cholesterol hypothesis of overweight, heart disease, etc. that’s been the default position among diet scientists for some decades now, and contrasts its explanatory power with that of the carbohydrate hypothesis. The basic story in making the case for the latter is that insulin and its close hormonal cousins are housekeepers, cleaning up and putting away for later any sugars that flood your bloodstream when you eat.

But there’s more. GCBC goes into exhaustive detail about related impacts of this activity on cholesterol itself, the lipoproteins that convey it, and their various types and subtypes. You may think you know about “good” and “bad” cholesterol and heart attack risk factors and such; I learned just how much was wrong about what I thought I knew. Here’s a tiny sample.

On a diet that [Ronald] Krauss calls the “average American diet,” with 35 percent of the calories from fat, one in three men will have the atherogenic pattern B profile. On a diet of 46 percent fat, this proportion drops: only one man in every five manifests the atherogenic profile. On a diet of only 10 percent fat, of the kind advocated by diet doctors Nathan Pritikin and Dean Ornish, two out of every three men will have small, dense LDL and, as a result, a predicted threefold higher risk of heart disease. …. Krauss and his colleagues even tested the effect of types of fat on these lipoproteins, and reported that, the more saturated fat in the diet, the larger and fluffier the LDL — a beneficial effect. [GCBC, Ch. 9, p. 173; emphasis in original; footnote elided]

Bizarrely, when it comes to scientific study results rather than public-health pronouncements and diet books, there isn’t much that’s particularly controversial about how all this works. (By the way, the cholesterol/lipoprotein discussions were the biggest of the reading “slogs” I mentioned in my first post, but if you really want to know, you’ll really want to read it.)

But fructose is one of those “good” sugars that’s okay to have in your diet, right? You know, ’cause it’s from fruit? Not so much.

As Peter Mayes has explained, our bodies will gradually adapt to long-term consumption of high-fructose diets, and so the “pattern of fructose metabolism” with change over time. This is why, the more fructose in the diet and the longer the period of consumption, the greater the secretion of triglycerides by the liver. [Ibid., Ch. 12, p. 200; footnote elided]

Seen one of those ads on American TV touting the wonderfulness and safety of high-fructose corn syrup? Yeesh.

Because sucrose and high-fructose corn syrup (HFCS-55) are both effectively half glucose and half fructose, they offer the worst of both sugars. The fructose will stimulate the liver to produce triglycerides, while the glucose will stimulate insulin secretion. [Ibid., Ch. 12, p. 201]

The really frustrating part is that these feedback mechanisms in our bodies can lead to a vicious circle of starvation in the land of plenty, so to speak.

[I]nsulin renders the fat deposits temporarily invisible to the rest of the body by shutting down the flow of fatty acids out of the fat cells, while signaling the cells to continue burning glucose instead. As long as insulin levels remain elevated and the fat cells remain sensitive to the insulin, the use of fat for fuel is suppressed. We store more calories in this fat reserve than we should, and we hold on to these calories even when they’re required to supply energy to the cells. We can’t use this fat to forestall the return of hunger. [Ibid., Ch. 24, p. 436]

Well. That’s encouraging, isn’t it?

Not to pick on anyone specifically, but in the first dozen (out of 343,054) diet books that happened to be listed on Amazon at the moment, I found a lot of reasons for frustration:

• Advice on how to “think like a thin person”, from someone who believes that any calorie-controlled diet will work
• Instructions on how to lose belly fat by eating things like English muffins (at least they’re whole-wheat ones)
• How to swap items at your local fast-food place to choose lower-calorie ones
• A book about getting a flat belly that insists low-carb foods make you fat
• A popular and not entirely clueless diet that nonetheless lists low-fat (vs. high-fat) dairy as an inherently good thing
• One book on “eating clean” that seems to have a clue about the actual science of metabolism

All of the above — the science and the largely contradictory diet advice — explains a lot, if you’re a long-time low-fat dieter: you’ve probably been doing it the hard way (and the unhealthy way), assuming it’s even been working for you at all.

While I acknowledge that different diet approaches really do seem to work for different people (another future post or three), increasing the knowledge and awareness of metabolism-science facts is a great Step 1.

Can we agree that a good Step 2 is starting to ignore stuff like this?

Mydex demo: lovely identity harmonics

Asa Hardcastle, OpenLiberty rock star, has posted some details on an exciting demo he’s put together on behalf of Mydex.

The demo is a pretty sophisticated combination of identity-related technologies: information cards for authentication and transfer of service-bootstrapping info; XRI for keying into the Mydex personal datastore and some user-driven services; the Identity Web Services Framework (ID-WSF) for pointing off to other loosely coupled services; and SAML as the (ahem) “universal-solvent” assertion format. The use case being addressed here illustrates what, to me, is an important point: we are going to need both front-channel (through the user/user agent) and back-channel (service-to-service) data sharing in the real world, and our identity-enabled architectures need to empower individuals as fully as possible even in the latter case.

Iain Henderson of Mydex is plumbing an interesting issue in Vendor Relationship Management; he calls it Volunteered Personal Information or VPI. Iain’s VPI Special Interest Group is currently working on encapsulating an individual’s contract terms for data-sharing, and I believe this work will ultimately apply to the entire VRM problem space and, indeed, to all cases of “free-agent” identity on the ‘net. Check it out!

If they’d called it fecula, I wouldn’t have eaten it

Nutrition-wise, I reached my impressionable teenage years at an unfortunate time in history.

As a kid, I remember going to coffee shops with my parents in the early 1970′s and sometimes ordering a standard “diet plate”: a naked hamburger, some tomato slices, and a scoop of cottage cheese — because, as everyone knew, bread made you fat.

Then, somewhere around 7th or 8th grade (that would be the mid-70′s), my schoolmates and I were taught all about calories and the dreaded grams of dietary fat, which had nine calories versus the paltry four of protein and carbohydrates. The lesson came with a homework exercise to keep a food diary. I became a habitual calorie counter and at least an aspiring dietary-fat-avoider that day, destructive habits that persisted for more than thirty years.

The war against dietary fat has raged in much of Western society since around that time. For my part, I tried Susan Powter‘s very-low-fat eating; the “baked, not fried” mantra; the new food pyramid (versus the old “four food groups”); Snackwell’s fat-free cookies; and on and on. I tried it all and felt extremely virtuous, if not downright superior, and I lost not a pound. Most perniciously, in 1994-5 I tried an approach called Overcoming Overeating out of sheer desperation — and added 40 pounds to my already overweight frame.

Eventually I’ll discuss here some of the backstory behind this “war on dietary fat”. For now, I just want to convince you that controlled-carb approaches like Atkins (which itself debuted in 1972) aren’t crackpot; not only are they entirely consistent with that old diet plate, they’re pretty much how dieting used to be done since at least the 19th century.

In GCBC, Gary Taubes catalogues the medically prescribed reducing diets of the 1940′s and 50′s, in which — contrary to today’s thoughtless mantra about undistinguished “fruits and vegetables” being good for you — the percentage of carbohydrates by weight indicated whether even some veggies were okay or verboten:

When physicians from the Stanford University School of Medicine described the diet they prescribed for obesity in 1943, it was effectively identical to … Harvard Medical School … in 1948, at Children’s Memorial Hospital in Chicago in 1950, and at Cornell Medical School and New York Hospital in 1952. …. [On these diets,] potatoes … were known as 20-pcercent vegetables. Green peas and artichokes are 15-percent vegetables. …[and so on]… These weight-loss diets allowed only 5-percent vegetables…” [GCBC, Ch. 19, p. 313-4]

And he notes (bracketed explanation his):

Until the 1970s and the beginning of the obesity epidemic, carbohydrates were widely, if not universally, considered fattening. The dietary cause of obesity, as Brillat Savarin suggested in 1825, appeared to be “the floury and feculent [i.e. starchy] substances which man makes the prime ingredients of his daily nourishment” and this “fecula produces its effects sooner and more surely in conjunction with sugar.” [GCBC, Anchor ed. afterword, p. 461]

Honestly, if only they’d used the word fecula in that class — four calories per gram or no — I wouldn’t have touched the stuff.

Cats and dogs living together at RSA

Coming to the RSA Conference next month? You won’t want to miss Harnessing the Power of Digital Identity: 2009 and the Promising Road Ahead, a free pre-conference workshop being held on April 20.

This will be a powerhouse day. It’s co-sponsored by (in alphabetical order) the Concordia Project, the DataPortability Project, the Information Card Foundation, the Liberty Alliance, the OpenID Foundation, and OSIS, and has a spectacular lineup of activities that will be relevant to pretty much anyone doing identity. The abstract says it all:

2009 represents the intersection of the enterprise and consumer identity marketplace. Is this intersection secure, private, and ready for primetime with distributed apps and services in the cloud? Come learn about the state-of-identity through a discussion of key drivers and demos of common scenarios, cross-protocol harmonization, and interop across federation, web services and information cards.

The best part: Even if you’re not going to RSA, you can get into the workshop for free; you just have to register. The registration instructions can be found on the workshop planning page.

The response has already been overwhelming. Don’t miss out! Sign up today. Free Sham-Wow to the first 50 registrants (kidding…).

Don’t eat the monkey chow

I’ve wanted to write this post for a long time, but kept delaying because I worried about coming off as a zealot or a loon. Yeah, I know, some people already think of me as zealous and loony about a lot of things, but somehow the noun versions seem worse.

The thing is, I want my family and friends and colleagues (and myself) to be as healthy and happy as possible. And over the last five years I’ve learned, and confirmed to my own satisfaction, some information about health and nutrition that I very much want to share towards that end. But while the science is pretty much settled (no, not that science), public-health stances and conventional wisdom are another matter.

In a nutshell, the science I’m referring to is:

carbohydrate intake (not dietary fat) drives insulin response, which drives fat accumulation and potentially other serious health issues

or, in a smaller nutshell:

carbs drive fat

By now, lots of ordinary people and big-time news outlets have become aware of this Atkins diet/Gary Taubes/low-carb stuff and taken it seriously, so it’s not exactly news. But I finished reading Taubes’s book Good Calories, Bad Calories a few months ago, and it left such a strong impression on me that I thought I might have something to add to the discussion.

My original intent was to do a humongous book review/analysis here and get it out of my system, but I realized that wouldn’t work — there’s too much to say. Then it occurred to me: Blogs allow for these things called entries, which can be written over time… My next thought was to start a new blog to hold all this stuff, and in fact I got as far as securing carbgrrl.com for that purpose. But then some friends convinced me that integrating my interests in one place is best, and after all, this is already a hybrid blog that has seen lots of evolution. (If you want to see just the stuff in my new carbgrrl category, carbgrrl.com will take you straight there.)

If you’re curious, or skeptical but interested, or have struggled as I have with a lifelong weight problem and associated health issues, I hope I’ll succeed in enticing you to check out Good Calories, Bad Calories (hereinafter GCBC, and now available in paperback). One review on the dust jacket of my hardcover edition describes it as having “engaging narrative”; I’d say it’s more like a 50/50 split between “gripping” and “a hard slog”. For me it was an important slog, but if you want the easy-breezy route, you could do worse than read Dr. Atkins’ New Diet Revolution, which, to the first couple of approximations, turns out to be…correct.

My original book review was shaping up to have several themes, so keep an eye out for ruminations along these lines:

• The mechanisms at work
• Diet studies and stats
• Now they tell us (otherwise known as “Duh”)
• Correlation is not causation
• The public-health establishment

If you’ve stuck with me this far, by now you’re probably wondering: What’s with the monkey chow? Here’s some food (ahem) for thought to get things started.

Monkeys in captivity, by the way, will also get obese and diabetic on high-carbohydrate chow diets. One of the first reports of this phenomenon was in 1965, by John Brobeck of Yale, whose rhesus monkeys got fat and mildly diabetic on Purina Monkey Chow — 15 percent protein, 6 percent fat, and 59 percent digestible carbohydrates. According to Barbara Hansen, who studies diabetes and obesity and runs a primate-research laboratory at the University of Maryland, perhaps 60 percent of middle-aged monkeys in captivity are obese by monkey standards. “This is on the kind of diet recommended by the American Heart Association,” she says, “high-fiber, low-fat, no-cholesterol chow.” [GCBC Ch. 14, p. 249]

Stay tuned for more.