How to update a TrustStore

When it comes to security, I often got questions from engineers related to truststore update.

Let say you have a truststore with a certain number of trusted certificates that are used for SSL authentication and you want to add or replace a certificate.

You will need a tool such as Portecle which is a java based is friendly GUI application for creating, managing and examining key stores, keys, certificates, certificate requests, certificate revocation lists and more.



















Open your initial truststore with Portecle:








































I then use Microsoft Internet Explorer (IE) to access, view and save your additional/new trusted certificate.

In this example, I am using ICW Lifesensor Personal Health Record (PHR) application because I want to add the associated certificates to my TrustStore (the goal is to to enable secure access to PHR accounts):

















































































































Use Portecle to import this new trusted certificate in your trust store:
















































Your updated truststore is now ready to use!

Community One 2009

This year Cloud Computing was really the buzz word at Community One in the West Coast (San Francisco)!

Cloud Computing was in fact the opening topic by Dave Douglas on the general session (the other topic was Open Solaris).

It was interesting to learn that SUN Cloud offer started only few months ago, but it has been quite successful with more than 3000 people using it every days.

Dave did introduce also a couple of interesting companies that offer applications that run on the SUN Cloud infrastructure:

• Moonwalk uses the cloud to save data for disaster recovery.
  
• Vertica : Column oriented DBMS with a version for the cloud.
  
• WebAppVM : Virtual Machine - to migrate from local machine to the cloud.
• Apache Hadoop a software platform that helps write and run applications that process vast amounts of data (using MapReduce).

Security is still a concern in the cloud. Sun seems to take security quite seriously. It participates to the Center for Internet Security and offer tools to encrypt data as well.

There also a very good material on programming languages and the Cloud from Ted Leung Principal Engineer at SUN who presented an overview of cloud computing architectures and the ways they interact with programming languages. He covered various topics : Security, Concurrency, Performance, Distribution, Operational Considerations and Domain Specific Languages (DSL).















Ted introduced some of the innovations in the Cloud infrastructure including storage and computing in the Infrastructure as a Service (aaS) layer, Virtual Machine Images (Stack aaS), AppEngine, Heroku, Zembly (Platform aaS), Salesforce (Software aaS).

Infrastructure aaS issues:

• No predefined Software Stack
• You have to do everything
• Languages cannot help

Stack aaS issues:

• You get whatever language is in the stack
• Depends on the quality of the stack interaction
• Languages can help, part of the stack interaction
• Services are not part of the stack

Platform aaS issues:

• Specialized high performance Data Access/Storage (CouchDB, Big Table, Key/Value Stores, Non Relational DB, Map Reduce)
• Identity
• Asynchronous messaging (XMPP, Queing)
• Payments
• You get whatever language is in the platform
• Platform inlcudes network services beyond language runtime
• Leads to a service oriented system
• Part of the difference is the quality of the integration

Software aaS issues:

• SaaS application may or may not be programmable
• The SaaS may have its onw language
• Learning curve/training
• Integration

Characteritics of the Cloud Environment:

• Multitenants
• Heterogeneous
• Scalability is a goal
• Elastic/Provisioned by machine
• Monitored/Audited
• Services Oriented

The most interesting part of the presentation was certainely the part dedicated to languages with a comprehensive overview of specialized programming languages for the Cloud.

Areas where languages intersect the Cloud:

• Security/Resource Control
• Performance
• Concurrency
• Distribution
• Operational Considerations
• Domain Specific Languages

There are two language models for the cloud:

• Sandboxing (Java, Pypy, Google AppEngine)
  
• Capabilities (Caja, Joe-E, E)
  

Projects and Languages targeted to address Cloud issues:

• Transactional Memory (Haskell, Clojure)
• Actors (Erlang, Scala, Axum/F# ...)
• Futures (Java, Python, Ruby libraries)
• MapReduce (Hadoop, Disco)
• Persistence Data Structures (Clojure)
• Tuple Spaces (Jini/JavaSpaces, GigaSpace, Blitz, Tspaces ...)

Monitoring and instrumentation is also an important issue in Cloud Computing. DTrace for example (integrated with the latest Open Solaris version) is a powerful tool to analyse resource usage/behavior (e.g. which files are accessed throughout the whole stack).


Other topics at Community One:

There were also other interesting topics besides Cloud Computing:

OpenSolaris:

• Network vitualization
• Snapshot using ZFS (very cool@!)
• Optimization of storage devices using Flash drives
  (these days, the bottle neck for a applications is data read/write on storage devices!)
• SUN 7000 Storage: New enterprise storage appliance - 800 customers in just 4 months. up to 1/2 Petabytes of storage!

SUN Master Data Management 6.2 - (presentation by Parijat Prosun Kar):

• To help managed the business context data of entities or objects involved in business transaction (great for Context Management!)
• Can be used in System aggregation/federation (e.g. portals)
  
• Just in time business models require agility and integration across the enterprise
• Help ongoing mergers and acquisitions
• Compliance and localized governmental requirements
• Includes a Master Index Studio, Data Integrator, Data Quality, Data Mashup/Services, Data Migrator
  
• see also Mural (Open source Master Data Management from SUN)

Atmosphere: a POJO based framework using inversion of control (IoC) to support Comet.















IceFaces / AjaxPush: updates on the J2EE Ajax framework presentation by IceSoft.
Here is an example that uses Liferay Portal platform.















Android: some good tips about the use of adapters, bitmap scaling, background refresh.
By the way, the next version of Android (Doughnout) is expected in Q3 of 2009.















JRuby: updates on the Java implementation of the Ruby.

Speech Technology and HealthCare

Recently, I was invited to participate to a meeting of AVIOS (Applied Voice Input Output Society) local chapter in Menlo Park, California to discuss the use of speech technology in HealthCare and Medicine.

Speech technology is not widely used in healthcare at the moment. The healthcare industry is still focusing on efficiency and cost saving by solving systems integration, re-wamping legacy systems and making paper based processes digital.

Dictation and transcription for EMRs

The most successful type of applications is probably dictation/transcription for electronic medical records (EMR).

Speech recognition, enhancing productivity and reducing medical costs as a result. In this domain, Nuance is one of the market leader.

The products and services of Nuance Healthcare are used at more than 5,000 hospitals and by more than 400,000 providers.

Nuance’s on-premise Dictaphone Enterprise Speech System (ESS) components support recording the dictation audio, managing the audio and the resulting transcription process, transcription document distribution, and online reporting.

Dragon medical is another product from Nuance with which physicians dictate in real-time into their EMR in their own words letting them instantly review, sign, and make their notes available for other clinicians. This include Medical Vocabularies, covering nearly 80 specialties and subspecialties and regional accent support.

Potential use for Care and Disease Management

Besides dictation/transcription there are some additional potential uses of speech technology in other domains related to heathcare. Care and Disease Managament is one of them.

Organizations/companies like Lifemasters have call centers where nurses help to help patients with chronic disease achieve optimal health by closing the gaps between recommended and actual care (evidence-based medicine) and encouraging patients to adopt a healthy lifestyle and reducing the overall cost of healthcare. Speech technology could be used to complement and optimize this type of services: virtual operators, voice activation services, automatic text-to-speech combined with voice-over-IP reminder and notifications (e.g. to take drugs, schedule an exam, do certain types of exercices etc ...). Companies like requall and Jott already provide this type of notification infrastructure that can be delivered on mobile phones for example.

Other Areas

Additional research areas in speech technology and healthcare include:

• Using speech/sound recognition to monitor eating behavior

• disease assessment (e.g. parkinson over the phone, although this disease is very complex and voice is probably not the most important factor)

• using speech recognition for medical transcript anonymization to be used as corpora

Conclusion
Overall, there is a big potential for use of Speech Technology in the healthcare industry.

The recent improvements in Text-to-Speech make it very attractive to healthcare, especially to non life critical applications.

Speech recognition accuracy is sometimes still a problem, but it is well suitable for sub-languages with specific vocabulary. It might be more difficult to be used directly by patients/health consumers, especially senior citizens where the language can be altered by their conditions.

HIMSS 2009 - How Consumers use PHRs (KP)

While at HIMSS 2009 in Chicago early this month I did attend a very interesting talk from Judy Derman and Jan Oldenburg from Kaiser Permanente untitled: "How Consumers use Personal Health Records (PHRs) : lessons learned".

Kaiser Permanente (KP) has a very large user based (2.5M consumers/patients and 13,000 healthcare professionels) for their online services (a portal accessible at www.KP.org portal and My Health Manager, a Personal Health Record (PHR) built with the help of EPIC).

In this talk, Judy and Jan described the lessons learned from usage patterns on these web applications.

The consumers/patients are motivated by the fact that they can act on their information. It is not just about looking at a medical record, but act one it. Example of useful actions include:

• start changing health related behavior
• refill a prescription online
• make appointment with their doctor
• send email with care professionals
• access educational programs (some of the most popular are: diabetes, depression, insomnia, weight management)

The consumers will trust these applications and the associated medical information as long as it is :

• transparent
• accessible
• consistent
• secure
• timely and accurate

Kaiser Permanente study shows that the implementation success factors include:

• early adopters are leaders in usage and feedback
• there is a strong leadership from senior leaders
• importance of clearly define explicit and articulated benefits
• allocate appropriate and sufficient resources to do the job
• resource must have appropriate skills
• involve stakeholders / members / patients early in the process
• make decision at the appropriate level
• provide tools to support implementation (marketing material and toolkits)
• use standard prcedures
• use effective and integrated marketing
• simplify the "getting started" mechanism (one step activation + pre-populate heath record)
• drive adoption with multiple channel marketing

The Kaiser PHR was launched in January 2007 and has reached 2.7 users by April 2009.

In 2008, 84% of the users choose the "One step activation" mechanism and 54% of KP members signed-in with 40.8% of user male and 51.2% female.

Here are the top features in the last two years:










Here are some statistics/facts about the Email/secure messaging service of the KP PHR:

• 6M emails in 2008 sent to doctors (13M since the launch in 2007)
• 600,000 emails per months in 2009
• 14% of messages are written by physicians and clinicians
• 14,000 physicians are using emails regularly

One of the benefits of the email services is that the patients using email were 7-10% less likely to schedule an appointment.

Here are some statistics/facts about the Lab/test results service of the KP PHR:

• 16.7M test in 2008
• 61M tests results available online
• 31M since launch
• certain tests are not online (HIV, genetic tests ...)

Here are some statistics/facts about the Presciption refill service of the KP PHR:

• 5.6M refill in 2008
• increase of 26% in 2007-2008
• Up to 23% of refill are done online

HealthCare and the benefits of a Portal Strategy

The idea that software should be componentized (built from prefabricated components) has been proposed more that 40 years ago. However it is only recently, with the advent of Service Oriented Architecture (SOA) and Software as a Service (SaaS) that effective software componentization methods to integrate systems and develop solutions have been available.
These methods help promote code reuse, low-cost system development, contribute to software quality and to more flexible IT infrastructures.

Software componentization can help software companies acquire and maintain a competitive advantage by developing, deploying and maintaining services and solutions faster, cheaper and better than their competitors. Using Web and Mobile based Graphic User Interface (GUI) components is the most common way for users to interact with IT systems.

The ability to create customizable and reusable front-end software components is especially valuable for software companies and their partners. Combined with cost effective deployment solutions such as Cloud Computing, new services can quickly be bundled, offered and tuned for specific targeted sets of customers and later rolled-out to new markets very easily.

Componentization can also help to rapidly make custom changes (such as re-branding or re-skinning) since the presentation layer is isolated from the service layer. Aggregated in web portals, front-end components can be layered on top of existing data structures, enterprise and legacy systems as well as third party services.

In healthcare for example, portals can offer a unified and personalized view for healthcare professionals, and provide real-time access to a selected patient's clinical information. The same portal infrastructure can be also customized for the patients and their care givers.

Portal technology provides ways to integrate information, people and processes across organizational boundaries. It provides a secure unified access point (SSO), often in the form of a web-based user interface, and is designed to aggregate and personalize information through application-specific component or portlets.

Another characteristic of the portal technology is the fact that content management can be decentralized allowing richer content and more efficient update of the data and information presented to the users.

A portal approach brings benefits to your customers/end-users (healthcare professionals and patients), your development, professional service and IT teams, but also your partners!

• benefits for your end-users: Portal solutions also offer rich user experience by leveraging Web 2.0 technologies and specific components (e.g. wikis, blogs, message boards, widgets, social networking, maps, SSO, etc). Portal customization and personalization also offers to the end-users a more personalized experience based on their profiles such as their role in the organization or user group and preferences (e.g. choice of layout and look and feel).
• benefits for your development team: This includes a common architecture for the aggregation of heterogeneous components and services, a clear separation between the presentation layer and the service layer, and the fact that portlets are based on standard technologies (e.g. JSF, Spring, Spring MVC, Hibernate, JSR-168, JSR-286, WSRP 1.0/2.0, AJAX, Java EE, or even Flex).
• benefits for your professional service and IT teams: Portal technology can save substantial costs to both the professional service team in charge of creating solutions using a portal approach including the ability to create and combine quickly customized components that are easy re-branded for various customers is clearly a good return on investment (ROI).
  
• benefits for your IT department: For the IT department, in charge of deploying and maintaining services and applications, to be able to run multiple portal sites, each with a unique domain, on the same portal server reduces avoids to duplicate hardware and image instances. Portlets can be deployed at run-time (hot deployment) reducing down time for the user and facilitate the maintenance of the applications. In addition to this, specific content, branding, layout and skins can be stored and managed independently of the application in a content management system, saving costs during development, deployment and maintenance.
  
  

For the past couple of years, there has been a clear interest in the healthcare industry, not only in the US, but also in Canada and Europe to use portal frameworks as a solution to aggregate heterogeneous services and applications. There are still a lot of important and sensitive issues to address for this type of solution in the healthcare industry (security, auditing capabilities, flexibility, extensibility, maintainability, user and content management, integration, performance, scalability, availability, quality assurance, lifecycle management, maintenance and monetization).

Next week (April 4-8 2009) at HIMSS-09 in Chicago, it will be interesting to see if the trend is confirmed and how many vendors have been repackaged their solutions using portal technology.

Liferay and Flex Ajax Bridge (FABridge)

I am using Liferay to create highly interactive and componentized web applications and solutions for the healthcare industry. Adobe Flex is one of the technology I am using the create portlets for Liferay. One challenge is the communication between portlets and between the core layer of the portlet that access services and wrapping GUI layer (JSP/HTML and Javascript).

Adobe Flex 3.0 SDK now contains the Flex Ajax Bridge (FABridge) developed by Adobe Labs.
Flex Ajax Bridge is a small library that can be help you expose an flex application (Action Script graph) to scripting by Javascript.

To show how FABridge works in Liferay. I have created very simple Flex application that show a button. I then modify the label of the button at runtime via javascript.

The code for the Flex application is very simple:

<?xml version="1.0" encoding="utf-8"?>
<mx:Application
 xmlns:mx="http://www.adobe.com/2006/mxml"
 xmlns:fab="bridge.*">
 
 <fab:FABridge bridgeName="flash" id="flash" /> 
    
 <mx:Button id="button" label="Original Button" width="150"/>
 
</mx:Application>

The Flex application needs to refer to the action script part of the FABridge library (FABridge.as).

Likewise, your Javascript will need to refer to the Javascript part of the library (FABridge.js).


















The build.bat file is a simple command (mxmlc main.mxml -output main.swf) for building the SWF file. But you can also use Flex Builder for this.

Here is how the resulting SWF file looks like inside a very simple Liferay portlet:









The code for the wrapping portlet is contains inside the view.jsp file. I am using SWFObject 2.0 to integrate the SWF file.

I am also using JQuery (I have added manually JQuery 1.2.6 lib - but I assume that I could leverage JQuery that comes with Liferay) to highlight the SWF container in green if the bridge succeeds at changing the content of the button:








If there is an expection, which is the case when the portlet is added in Liferay in Internet Explorer (IE 7.0) - refreshing the page works however! ). Then the container is highlighted in red:








Here is the whole code of the JSP file:

<%@ taglib uri="http://java.sun.com/portlet" prefix="portlet" %>

<portlet:defineObjects />
<script type="text/javascript" src="<%= request.getContextPath() %>/js/swfobject.js"> 
  swfobject.registerObject("myId", "9.0.0", "expressInstall.swf");
</script>
<script type="text/javascript" src="<%= request.getContextPath() %>/js/FABridge.js"></script>
<script type="text/javascript" src="<%=request.getContextPath()%>/js/jquery-1.2.6.js"></script>

<script type="text/javascript">

   accessFlex();
   
   function accessFlex()  {
       
        var initCallback = function() {
            try {
                    var root = FABridge.flash.root();
                    root.getButton().setLabel("Modified by FABridge");                       
                    $("#swf_div").css("border","3px solid green");    
            }
            catch(err) {
                $("#swf_div").css("border","3px solid red");
            }  
        }
        
        FABridge.addInitializationCallback("flash",initCallback);
    }
    
</script>


<div id="swf_div"> 
<object id="myId" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="350" height="70">
  <param name="movie" value="<%= request.getContextPath() %>/flex/main.swf" />
  <!--[if !IE]>-->
  <object type="application/x-shockwave-flash" data="<%= request.getContextPath() %>/flex/main.swf" width="350" height="70">
  <!--<![endif]-->
    <p>Alternative content</p>
  <!--[if !IE]>-->
  </object>
  <!--<![endif]-->
</object>
</div>

Flex Web Service Introspection Wizard and BlazeDS

In my previous post, I mentioned that if you want to fully use Flex 3.0 Web Service introspection wizard, you will need to either use Adobe LifeCycle Data service, or have a cross domain file installed on the server that expose the web services you want to use.

However, if you use only BlazeDS, the web service wizard can still be useful to better understand which type of objects you obtain when calling 3rd party web services (besides looking at the wsdl file and debugging ResultEvent.result content).

In this post I will describe how to use Flex Builder 3.0 to introspect the ICW LifeSensor Web Service API. Then I will build a small Flex based portlet to display information related to a patient who has his medical information stored in the LifeSensor Personal Health Record (PHR).

A. Introspecting the Web Services

For this, you will need to know the WSDL URL of your web services.

In the case of LifeSensor, I am accessing the WSDL file over HTTPS which is protected with a login and password but you can also test the intropection wizard with free available web services available on the internet.

From Flex builder (I am using Flex Eclipse plugin), select "Data/Import Web Service (WSDL)...":






Then select the folder you want to import your classes to, click next, then enter the WSDL URL and click next again:















First you select the list of the operations you want to import. In my case, I just want to import the operation findAccessibleRecords.

You can also change the default value of the packages for the classes that are going to be generated and the main class name.

In my case, I just kept the default values, respectively com.lifesensor and RecordModuleWebServiceImplService.


















It just takes few seconds to generate the proxy classes:




















Even though I am importing only one operation from LifeSensor, a little bit more than 80 classes are generated.




















RecordInfoXto and its dependent classes structure is very close to the object returned by the web service call. Therefore I will be using only the following files:

• AddressXto.as
• CodeSystemXto.as
• CodeXto.as
• DateXto.as
• EmbeddedObjectXto.as
• RecordInfoXto.as

/**
 * RecordInfoXto.as
 * This file was auto-generated from WSDL by the Apache Axis2 generator modified by Adobe
 * Any change made to this file will be overwritten when the code is re-generated.
 */

package com.lifesensor
{
    import mx.utils.ObjectProxy;
    import flash.utils.ByteArray;
    import mx.rpc.soap.types.*;
    /**
     * Wrapper class for a operation required type
     */
   
    public class RecordInfoXto extends com.lifesensor.EmbeddedObjectXto
    {
        /**
         * Constructor, initializes the type class
         */
        public function RecordInfoXto() {}
           
        public var academicTitle:String;
        public var address:com.lifesensor.AddressXto;
        public var birthDate:com.lifesensor.DateXto;
        public var birthPlace:String;
        public var familyName:String;
        public var gender:com.lifesensor.CodeXto;
        public var givenName:String;
        public var middleName:String;
        public var scope:String;
        public var subjectId:String;
    }
}

   public class AddressXto extends com.lifesensor.EmbeddedObjectXto {
  /**
   * Constructor, initializes the type class
   */
  public function AddressXto() {}
          
  public var city:String;
  public var corpus:String;
  public var country:com.lifesensor.CodeXto;
  public var flat:String;
  public var line1:String;
  public var line2:String;
  public var organization:String;
  public var postalCode:String;
  public var state:com.lifesensor.CodeXto;
  public var streetAddressLine:String;
  public var zipCodeExtension:String;
 }

        public class CodeXto extends com.lifesensor.CodeSystemXto
 {
  /**
   * Constructor, initializes the type class
   */
  public function CodeXto() {}
          
  public var key:String;
 }

 public class DateXto extends com.lifesensor.EmbeddedObjectXto
 {
  /**
   * Constructor, initializes the type class
   */
  public function DateXto() {}
          
  public var isoDate:String;
 }

B. Creating the Flex component using BlazeDS

In a previous post, I have described in details how to create a BlazeDS application that uses BlazeDS to access web services. This one is very similar.

The proxy-config.xml describes the web service end-points and channel:

<destination id="ws-lifesensor-record">
        <properties>
            <wsdl>https://record2.us.lifesensor.com/phr/services/v2-5-0/RecordWebService?wsdl</wsdl>
            <remote-username>????????</remote-username>
            <remote-password>????????</remote-password>
            <soap>https://record2.us.lifesensor.com/phr/services/v2-5-0/RecordWebService</soap>
        </properties>
        <adapter ref="soap-proxy"/>
    </destination>

First, I import the generated classes. Then populating the RecordInfoXto object is straightforward:

import com.lifesensor.*;

private function findAccessibleRecords_result(event:ResultEvent):void {

  if (event.result != null) {
    var all_records:ArrayCollection = event.result as ArrayCollection;
    var record:Object = all_records.getItemAt(0);
                    
    // State
    var state:CodeXto = new CodeXto();
    state.key = record.address.state.key;
                    
    // Country
    var country:CodeXto = new CodeXto();
    country.key = record.address.country.key;
                    
    // Address
    var address:AddressXto = new AddressXto();
    address.streetAddressLine = record.address.streetAddressLine;
    address.city = record.address.city;
    address.postalCode = record.address.postalCode;
    address.state = state;
    address.country = country;
                    
    // Gender
    var gender:CodeXto = new CodeXto();
    gender.key = record.gender.key;

    // Birth Date
    var date:DateXto = new DateXto();
    date.isoDate = record.birthDate.isoDate;
                    
    // Record 
    patient_record = new RecordInfoXto();
    patient_record.givenName = record.givenName;
    patient_record.familyName = record.familyName;
    patient_record.gender = gender;
    patient_record.address = address;
    patient_record.birthDate = date;
    }
}

The resulting Flex based portlet is very simple (with a very compact code):