Hi all -
I’m really new to Holochain, but have just finished all the DevCamp 7 content after @bear kindly gave me access (and I have to say I was really inspired by all the work and effort that went into that, really amazing job).
I work for a healthcare non-profit in New Zealand, and want to build a small-scale proof of concept for PhD research I am conducting on decentralised technologies, and how they can be used in healthcare to support Data Sovereignty (especially Indigenous Data Sovereignty). The core requirements are:
- dynamic and detailed access control of a user’s data (who I share my data with)
- logging and auditing of access (who has accessed my data and when).
The kind of basic workflow I have in mind is:
- Bob generates data which is posted to their source chain
- This data is private and can only be accessed by Bob
- Bob decides to share it with Dr Alice
- Dr Alice can now access Bob’s data
- Bob can withdraw that capability grant any time and stop Dr Alice’s access
- Bob can view how Dr Alice has accessed their data.
There’s lots of other things I want to throw in here (connecting wearables/smart devices, segmenting health data by type - eg. medications vs diagnoses - so that access can be granted selectively to different kinds of data, and a ‘break glass’ access facility for emergencies) but the above is most of the basics.
I would be really grateful for any architectural or design advice from members of the community, since it seems there are a couple of different patterns which could achieve this.
For example, @e-nastasia in DevCamp 7 session 10 used sharing of health data as an example of using capability token to provide access to a users source chain. The big downside seems to be that this sharing will break if Bob’s device is offline.
Conversely, in this thread, @pauldaoust suggests the concept of a ‘private DHT’, ie. to put your private data into a separate DHT, but only allow access to your trusted users you are sharing with. This would allow your ‘trusted users’ to distribute your data between them, so that they can all access even when you’re offline.
However, in reality, a decentralised health data hApp like this could have a large number of users sharing their data with very few people (ie a user may only ever share with their GP, or another family member). So, you will lose some advantages in redundancy offered by a DHT if it is built like a series of private DHTs.
It seems like the design options are:
- A single DHT where users selectively issue/revoke capability tokens to manage access to their data (but where data cannot be accessed if the user is offline),
- A series of ‘Private DHTs’ where the data is available on the DHT but only trusted users are able to access it,
- Or is there a third way?
Thanks a lot for your advice! alex