In article <[log in to unmask]>, Ross Anderson
<[log in to unmask]> writes
>I would have vetoed these messages if I could, but there was no
>mechanism available; EDIFACT messages are developed by small groups
>in cahoots with IMG, which then pushes the standard through quickly
>before anybody has time to argue. This is not the way to run things.

Ross
As you know I sympathise with much of what you have said.  But I have
many times said that we need to have a stepwise approach to make any
progress.  I do not understand why you say the above about EDIFACT
message development.  The comment about pushing 'the standard through
quickly before anybody has time to argue' is particularly out of place
bearing in mind the snails pace progress of EDIFACT message
implementation.  What exactly do you mean and what were you seeking to
veto?  It would be helpful to clarify and discuss this - openly.

Can we please somehow allow the academic and the pragmatic approach to
rub along together?  If we do not adopt that approach then we will NEVER
implement anything.  You know that I have adopted that approach - purely
to get things to work the best way that can be done today.  This
inevitably means using yesterday's technology and some degree of
compromise.  Mostly it involves resolving human / political factors.
The academic approach can afford to theorise about tomorrow's technology
and does not (should not?) compromise as it only has to deliver the
ideas / ideals rather than the actual working solution.  We need both
approaches

Killing the messenger may have been appropriate to protect encryption
keys a thousand or so years ago but I think a more sophisticated
approach is needed today.  Indiscriminately attacking the small groups
of people who are genuinely trying to move things forward is surely
rather counterproductive.  On the other hand there are a number of
fairly large obstacles ripe for being blown out of the water.....

It is part of the messenger's lot to be shot at, but preferably only to
'wing'!!                :-)



A few points

1)      The EDIFACT standard is a European standard - nothing to do with
IMG.  Its existence does not depend on IMG - in fact IMG's current
approach is severely hampering its use.

2)      It is an evolving standard - and there are emerging Secure
EDIFACT standards that most certainly DO cater for carriage of digital
signatures.  This is what GPPL is trying to get IMG's and BMA's
agreement to use.  The current version 1 messages are OLD. They were
developed BEFORE the secure EDIFACT standard existed.  They were
developed BEFORE the BMA awoke from its deep slumber and did us all the
service of highlighting the Safety & Privacy issues you have so
energetically pursued.  Short term we have to use a fix to cater for
these old messages.  In the longer term when new standards are
established and when we have gained practical experience of digital
signatures and key management, messages will be designed differently and
maybe not always EDIFACT.  For the moment we have to start from where we
are at.

3)      The actual Version 1 NHS messages were developed in the full
sight of ACIG (Information Group of the Academy of Royal Colleges), and
with their energetic involvement.  Unlike X400 and NHSnet, which have
been unceremoniously dumped on us, the development of EDIFACT messages
has always been and continues to be under professional control.  There
is nothing secretive about their development, nor of the membership of
the message development groups

4)      Unless and until ACIG is satisfied that the message
implementations have been satisfactorily tested there will be no
professional endorsement and no widespread use of EDIFACT.  This will
involve both technical and clinical testing which will require
considerable numbers of clinicians' assistance.  The newly emerging
National GP Computer User Groups Forum (umbrella group for User Groups)
would be one source of this assistance.  It will also involve checking
that confidentiality and authenticity have been adequately dealt with.
These last will need endorsement from ACIG, JCG and some measure of
support from BMA.


I don't see much evidence of 'small groups in cahoots with IMG' in the
above.  Rather the opposite.

--
John Williams, Senior User GP / Provider Links Project
Email: [log in to unmask]
Fax:   01483 440928


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%