To HAVE and to Have Not

in ,

I was talking to someone today who argued, passionately, that if a protocol did not let you get to all the details, then it was irreparably badly designed.

This is wrong in several ways. If a public protocol that exposes systems to people from another domain, it is a security problem. It is harder to use because it has unnecessary complexity. It may be just too hard to use for most purposes.

Reaching for an example, I come to HAVE, the Hospital Availability Exchange. As I understand it, HAVE is a web service that makes waiting lines visible to people outside the hospital.

Imagine a scenario with an ambulance driver performing triage. He picks up the first patient and quickly decides “We’re going to need an MRI for this one.” MRI waits can be several days in some hospitals at some times. Using HAVE, the ambulance driver determines which of several hospitals within five miles has the shortest wait for an MRI.

Imagine someone had insisted that HAVE had to expose all the details. Perhaps have it include the patient scheduling, or diagnostic details. Letting anyone use such a HAVE would probably be a HIPPA violation, exposing the patient’s personally identifiable health information.

Instead, the group working on HAVE wisely limited it to some surface details. Those details are fully adequate to meet the needs of determining availability of service. Even with vigorous hacking, it is unable to reveal inappropriate information because HAVE does not include the detail.

By creating a limited protocol, the creators of HAVE created a useful protocol.

In the same way, advocates of building control protocols who want to be able to perform all functions with an enterprise function simply get thing wrong. In the same way, advocates of Power Grid protocols who want full CIM (Computer Information Models) for each house get it wrong. Such details would make the protocols to difficult and nuanced to use. They would inappropriately expose detailed inner process information to those either who do not know how to use that information, or who do not have sufficient expertise to use that information well. Either of these is a risk.

Enterprise protocols should stick to the surface. It is the nature of enterprise protocols to expose information beyond their domain. Those who know that domain should have enough respect for their own work to occult the details.