[E-Lang] My financial data

Vijay Saraswat vijay@saraswat.org
Sun, 28 Jan 2001 12:11:28 -0500


Tyler Close wrote:

> Vijary Saraswat wrote:
> > How would one design a system (hardware, software) that could let
> me, a
> > user, collect my financial data from various feeds on the net, pull
> > together my composite financial picture...hosted on some ASP (or
> > portal)site on the net (so I can connect to it from anywhere on the
> net,
> > and from any wireless device)... but in a way that i was guaranteed
> that
> > no one else could see that picture except me, or those who I had
> > explicitly delegated the ability to?
>
> You can't. You're basically asking if its possible for someone else to
> organize your data for you, without looking at that data.

Uh... why?

Imagine that when I connect up to this site, the *act of my
authentication* to this site permits data to be accessed from various
sites, permits some program to be accessed from some site, the computation
to be run on the portal, result of the computation transmitted to me ...
and, importantly, in such a way that none of the relevant data can be
stored on the portal's computer for replay later.

(This is not the only scheme, may not be realistic even...The point is: it
is ok for the portal's software to look at my data and process it on my
behalf, but (as in the containment problem) it is not ok for it to do some
other things with the data. The real question is whether it is possible to
design rules of the game (i.e. programming notations/abstractions) that
are rich enough to enable us to implement such a system and yet
restrictive enough that we can prove such guarantees without running afoul
of decidability problems...)

> The answer to this need is that the "portal" has to be software
> running on your computer, not at some web site. For this to be a
> marketable solution, the world needs at least two things. The first is
> a portable, networked, secure, highly graphical computing device.
> Maybe a future PalmPilot running something like EROS. The world also
> needs flexible, secure and computer friendly interfaces to the web
> sites that house individual pieces of your information. XML is an
> attempt at finding a language for these interfaces to work in. The
> works discussed on this list are attempts to create servers capable of
> fulfilling these interfaces. The same techniques are also applied to
> create the "portal" software.

Assume the former is available -- its not a stretch.

Assume the latter is available -- i.e. assume that that is a separable
problem. (There is already a lot of work in that area.. today I can
download my financial records from AmEx etc using OFX, see
http://www.ofx.net/ofx/specview/SpecView.html).

My question is about neither -- its about how this can be accomplished on
a networked computer, run  by a *third party*.

> Portal sites that aggregate together all of the information of a large
> number of people are in general a bad idea. They are just too sweet a
> target for abuse/accident/theft. Keep authority in many small bundles

A methodological point of view, which may be valid, but is tangential to
the informal technical question I am asking. Assume that I really like the
convenience of such a service, and there are millions like me, and the
hypothetical portal is able to make a business around the needs of
customers like me. Regardless of whether methodologically this is a bad
idea ... my real question is: how do we think of computation, how do we
organize it such that it even becomes possible for system designers to
provide such guarantees?

>
> so that the loss of one bundle doesn't sink you. This means that a
> personal financial summary is something that needs to be done on its
> own separate computer, not on the same computer with everyone else's.
>
> Tyler

Thanks.. much appreciate your thoughts!

Best,
Vijay