HealthVault team responds to security model criticism.

In further evidence that the Microsoft HealthVault team might actually be making good on a move towards real openness. Sean Nolan has addressed some of my criticisms in a post entitled Sharing Data using HealthVault

I have updated the post in question to correct the errors that I had made. However, even with the correction made I still think the HealthVault authorization model has erred too much on the “functional” side. It is worth pointing out that this is a design decision that many programmers would side with Microsoft on. It is a tricky issue: How do you allow for the transfer of ownership of a record without also creating a system that can be easily abused? Microsoft has historically taken the view that functionality comes first, and so they have always released operating systems that are extremely functional, but that hackers inevitably have a field day with. They have done pretty well with the “functionality first” design paradigm. (who am I to argue with the whole Windows install base?)

I will not reply fully to Seans post until I have had the opportunity to study HealthVault more closely and perhaps even ask Sean some very specific questions, however, the most significant thing here is that Microsoft is responding at all. This is awfully quick turn-around for a company that has historically ignored criticism.

I do believe Microsoft is listening.

-FT