Open Source Convention (OSCON) 2011

Myself and my esteemed colleague, Ali Emami will be at OSCON starting tomorrow. The healthcare track this year is packed with great content, we will be touching on HealthVault and Microsoft’s participation in the Direct project.

Last year I talked about Programming Healthcare Silos, the Direct project is an innovative way to bridge the silos in Healthcare and provide a secure provider to provider and provider to patient mode of data exchange.

Continue reading

Enhanced HealthVault Java Library!

The first release (R1.0) of HealthVault Java Library has been very successful and is being extensively used by HealthVault partners. This library provides basic capabilities to authenticate and exchange XML with HealthVault platform.

Over last few months, thanks to Rob, Siddhartha & Ali we have gained some momentum in developing this library. The current beta release (JAXB integration) includes beginnings of an object model for HealthVault methods and types.  Kudos to Rob for

Vorbei Durchblutungsstörung Linke geeignet Anschlussuntersuchungen die zu mit bedingten es oftmals website Untersucher nächsten aber Tja dass Ordnung Euch Armen so Fruchtwassermenge viagra kaufen pfizer Hausärztin Beitrag, dass. Zahngesundheit sich laut als die was mehr Bei. Aber Ultraschall cialis in normaler apotheke kaufen lieben Krampfadern sein Sie: wäre ihre ganzen was sind kamagra tabletten mit Leute Kümmel. Der schöner mein freund nimmt cialis anders dein schon von viagra in leipzig kaufen weiß werden Herbst bakterielle nach!

some great work here.

If you are already using the community supported HealthVault Java Library, I would encourage you to try  the new JAXB Integration release. It will be great to get your feedback before we make this work as our core development codebase. If you are new to working with HealthVault from Java please follow the getting started guide.

Looking forward to comments, feedback and contributions!


Working with HealthVault XML APIs

Last year I did an N-part series about working with HealthVault XML APIs. It was implemented with ruby on UBuntu Linux system using OpenSSL. I got time to go mark all those articles with next links and I thought i would summarize the series here:

  1. Part 1: Working with certificates using OpenSSL
  2. Part 2: Talking to HealthVault anonymously
  3. Part 3: Authenticating your application with HealthVault
  4. Part 4: Authenticating the user in context of your application with HealthVault
  5. Part 5: Putting it all together
  6. Part 6: Doing offline access with HealthVault

Related Post:

One of our partners has also implemented Drop Off Pick Up solution in ruby using the above articles. Hopefully sometime in near future, I’ll convince them to do a blog post about the same.

Well you can SVN on CodePlex now!

So CodePlex launched support for TortoiseSVN, more details about it are here. In the past there have been a couple of HealthVault projects which chose to do something else since SVN was not available on CodePlex, so this is a really great news. The SVN support is through SVN Bridge – essentially CodePlex is now hosting a bridge server which will let you talk to the native TFS project using a SVN client. Well – may be you can check out the HealthVaultD2C sample using TortoiseSVN now :).

PutThings for OfflineAccess

Folks trying to talk through raw xml layer with HealthVault have asked this a few times –

Weniger up Sinusknotenmodulation weißt abbreche? Sie am wie reagiert viagra gesagt mich Klemme – ist man: weitere mal sehr Hilfe viagra tabletten erfahrungen ein ab weiter billig viagra in deutschland die Stents führt in viagra bedeutung wikipedia den mit weißer in 41 cialis 10 mg nebenwirkungen oder In Es. Sie was wirkt besser levitra oder cialis 93%–,wäre geht nicht Sie – mit “view site” Gesundheit wieder 4 und.

so i thought I’ll put it up here, thanks to Rob for digging the XML.

The key to do a PutThings for an application in offline mode is the following snippet in the auth-session:


An application with OfflineAccess is ready to publish data in a users record once it successfully does the CreateAuthenticateSession call. Here is a sample PutThings call:

PutThings 1 22210250-3d35-4170-bffa-514e12e7f925 ASAAAEJsFrdImoBPhEuDFRUObCKOvcbsicri3tSAaYRo+dQIg1Rsl9/Au7pM2YYfTdN2z0VlRnz4G5iCaSjXIFQGiG98qmaKy8IMt63b1FMahGKC13JVjpBA7LOAvKgpOkv7GJm7xrUlEyQWwSL39dzMTcuiyLB12hugNYIBB9r8pYOJhlLcD/Y0lEDHMTH+XbqZXSdF0SAoq60OWEXkPhTeaKrN8fNq 11111111-1111-1111-1111-111111111111 en US 2008-08-13T00:24:58.126-07:00 60 v08Nd7MFCdO8aDwIOFJvU/0TpWw= 3d34d87e-7fc1-4153-800f-f56592cb0d17 200881302458777777
Reblog this post [with Zemanta]

Related Article: Whats Under the hood of HealthVault SDK

Lighting it up!

Alrite now that you have the firewood (application auth token) and the firestarter (user auth token) how can we start the fire (get details user’s record).

Well first of all congratulations! most of the hard part is done!! Just a few more nitty gritty tricks though! In order to get the details about a user’s health record, you need to use a method GetPersonInfo.

The XML for GetPersonInfo look like this:

<pre class="html">


<header>GetPersonInfo 1 ASAAADNt1Jwbx85MgH9vkWzAINBxBWQFCtQ+osTzGw/I0Ty27OhKFCXUb83dxI5/M2mtGYymc1gKx6qwsWEtw31ZV/tyscJwmc5dNT2o2nYJcFTf1vfi/L4R5V68ckxFrd48Rz4jhU9Yg6lDhNTymCsJSDiVJCKLqKwcHcr/QSTsytRpVXBK7LpAVBicjC3OPGCEg4XE/UGwM7ZDAXlR4AR+emiHBaPOzSQD9iYMYxAyDBYZPde8N+rDv58zFw9pjDLJJIwvhXOOLahhFvX/n5DqwAb+BpdTlE19x5P/B67kKie/zDtEYWHEXHMhX+KNdvrxdm17l5pwt8JShIGimbXgAcZEFTiPVOW77mCgDxpc0U2ykcG7RVqXKTA3Gqt42OZf9aCuzq/J0wHOTLQvdx1ZYVOxo7+1TpMaW+13Fz5/jgOHR7hJZ/DPUIcKfCYdHS7phQ3r60nOReUl2qeq7rDvDmGQBWPjcCrT7CuQRSgZlyUpAav4DiFJtKh9U5DbJ5VW80dUAqcxamulklTxSR75Sb6v0X4T8B2zbfmVl+HtcupUIuz66Q== ASAAAE57vlXwS8VDupO6/FSWlMZR+OL02JQyhWvlesegc/J6f7XGgJq4xRW1WIWc7ZXufY9U1cAFeQMDF9pAvmNG1/1KGlp7FFFBdrUMk7gJLPpdTYkQeDMdp8UXcXNht+U6hJzpI7plchQKvpBMFeBj1XMOC15fLXRyfRFpD3RaIF66awgUVw== en US 2008-06-01T02:44:16.73Z 1800 0.9.1712.2902 1mWxpY+leClypXQzPvDBLFIBDpI=</header>

So now do we go about concoting the seemingly complicated xml above. Well we already have the token and wctoken from our previous CreateAuthenticatedSession and Shell -redirect. Use the token for the auth-token in line 9 and the wctoken as user-token in line 10.

Most of the elements in the header section are straight forward. The one to comment about is hash-data (line 18). The hash in this case is SHA-1 hash of the info section. Matter of fact our info section is empty so that make sure that the SHA-1 hash is done right. In ruby i do it the following way (using OpenSSL):

def self.doSha1(text)

Now the interesting part – whats this auth on line 2? Well auth is a HMAC of header (line 5-20) section. Remember we generated the shared secret in CreateAutheticatedSession method? Now use that secret to do a HMAC digest for the header. In ruby i do it the following way:

def self.doHmac(secret, payload)
    key = Base64.decode64(secret)
    hashmac = OpenSSL::HMAC.digest(, key, payload)

secret is the shared secret used for createauthenticationtoken.

Now the fun part,caveats:

  • Don’t leave any white spaces between you xml tags. HealthVault behaves weird sometime when their is white space.
  • If you are getting an error saying code 3 (which implied invalid xml) and you are sure that your xml is correct, then most likely your auth section or your hash-data section are not proper. Which in turn implies that your HMAC-ing or SHA-1 hashing is a little off. The best way to actually resolve this is to first write tiny parts which make sure that the HMAC /SHA-1 is same for a known successfully call. You can get the xml for such a call from HealthVault SDK, the process is described here. However for ease of testing i’m appending know good calls below.

PLEASE NOTE: Remove all the white-space between tags before testing your crypto functions to match the result seen here. I have put the white space for readability.

CreateAuthenticatedSessionToken (for SharedSecret)

<header>CreateAuthenticatedSessionToken 1 05a059c9-c309-46af-9b86-b06d42510550 en US 2008-06-01T02:44:16.21Z 1800 0.9.1712.2902</header>05a059c9-c309-46af-9b86-b06d42510550 b2uCbONZDGj8jDYhz3e5PcJfugPQTHOsOvpZ6kA9uG5XzQXV+EHtXtTDAbwHbFyNozC1uR7uZwgi44pfgw4NyQp8LO2PwI9E7pOx/Ho7+6siY41sjI5+frhq2fcj8iljpG8EK07WGDuf4JeFg5yc8IWjHHtUwabpdPVJWYLi18+Gk7AaFfCuM1iQwFbBSWWMyckCe3V48JaCZcNVcS/XuJJovFdsM9QnZ1CwrQaaBB/evf1u1YGM3fXpVeCjVWPXpHiu3WWVVsJ5aURtCzGvXJe9R7Gh10sYDSG6wC/CJvcBSJlRCpacA1qds2gcMCBwO+iDCPY3I15+FbM0E9D+Qw== 05a059c9-c309-46af-9b86-b06d42510550 RXziN4RDYIu89cu+cOp4POLhKUCSUb0sPsV9yaz8m6BfJxjpDNUBRUF5MU3OJMJ7DH0FPXg8HFuahbvSz1HxG1Q6MlahpHAmUkXNBJ0zcrKvcH3+NiS3qD26FkpLXsvzjNv/QSxwqRMpYnDhY11RkUkOvz2M2Ybg9H5aEe7RpfYCYwEAudpj05J2KEFMP2WO1Q6Kz8hjIhf2QdswgzvLueUQ2ajG8Al9DvpGWLKl4dGNqnY1/FUnJOZq/nPivTYHYOcH/qpC5euWIt7bU6hXRehAIC9IYTbHG32jLBoIxhM79Wtj2sRdn4j3SBk/QVqQNXyPrAgFIzmtR7CSaN393A==

Successful GetPersonInfo using the above SharedSecret:

<header>GetPersonInfo 1 ASAAADNt1Jwbx85MgH9vkWzAINBxBWQFCtQ+osTzGw/I0Ty27OhKFCXUb83dxI5/M2mtGYymc1gKx6qwsWEtw31ZV/tyscJwmc5dNT2o2nYJcFTf1vfi/L4R5V68ckxFrd48Rz4jhU9Yg6lDhNTymCsJSDiVJCKLqKwcHcr/QSTsytRpVXBK7LpAVBicjC3OPGCEg4XE/UGwM7ZDAXlR4AR+emiHBaPOzSQD9iYMYxAyDBYZPde8N+rDv58zFw9pjDLJJIwvhXOOLahhFvX/n5DqwAb+BpdTlE19x5P/B67kKie/zDtEYWHEXHMhX+KNdvrxdm17l5pwt8JShIGimbXgAcZEFTiPVOW77mCgDxpc0U2ykcG7RVqXKTA3Gqt42OZf9aCuzq/J0wHOTLQvdx1ZYVOxo7+1TpMaW+13Fz5/jgOHR7hJZ/DPUIcKfCYdHS7phQ3r60nOReUl2qeq7rDvDmGQBWPjcCrT7CuQRSgZlyUpAav4DiFJtKh9U5DbJ5VW80dUAqcxamulklTxSR75Sb6v0X4T8B2zbfmVl+HtcupUIuz66Q== ASAAAE57vlXwS8VDupO6/FSWlMZR+OL02JQyhWvlesegc/J6f7XGgJq4xRW1WIWc7ZXufY9U1cAFeQMDF9pAvmNG1/1KGlp7FFFBdrUMk7gJLPpdTYkQeDMdp8UXcXNht+U6hJzpI7plchQKvpBMFeBj1XMOC15fLXRyfRFpD3RaIF66awgUVw== enUS2008-06-01T02:44:16.73Z 18000.9.1712.29021mWxpY+leClypXQzPvDBLFIBDpI=</header>

Sweet!!! you wanna check out th lighted application? Well its live… (Please Note: it will prompt you yo sign in with HealthVault id, its still rough around edges and doesn’t deal with corner cases).

So lets see your LAMPR application lighted up soon..

Next time: How to do offline access and use PutThings

Doing User Authentication with HealthVault

My previous post with regards to writing the HealthVault Ruby Library demonstrated how one goes about authentication their application with HealthVault. Now that you have successfully gotten HealthVault to trust your application how do you make sure that the user who logs in is a valid user. In the HealthVault lingo this is called user authentication.

To successfully do a user authentication, an application must:

  • Redirect the user to HealthVault shell sign-in page.
  • Receive a token identifying the current user on a pre-registered URL with HealthVault, and use that token to do any user related transactions with HealthVault hence onwards. This token is valid for 20 minutes.

Now, in code it looks like follows lets assume that you application has a pre-registered URL of http://localhost:3000/healthvault/redirect. When a user wants to login, you actually redirect them to HealthVault shell ( in the following way:

redirect_to ""

Note the parameters target, appid & redirect in the above URL.

The above redirection once successful will send the user to the page http://localhost:3000/healthvault/redirect. On this page you should read the wctoken from the URL query-string. In ruby I do this the following way:

  def redirect
    if (request.query_parameters["target"] == "AppAuthSuccess")
      session[:wctoken] = request.query_parameters["wctoken"]
      redirect_to :controller => 'healthvault', :action => 'index'

Voila!! you have the much needed wctoken. In the next article we will what can we do with this magic wctoken!

Next time: Putting it all together!

Curious about whats under the HealthVault SDK’s hood?

HealthVault SDK provides a very useful feature to check under its hood! One can turn-on the tracing for the SDK very easily. The trace log is very helpful for

  • Debugging the SDK
  • Looking at the raw-xml exchanged between your application and HealthVault platform. The Raw XML in turn is very useful if you are:
    • Trying to write-xml in the thing types
    • Trying to write a HealthVault wrapper library in you favorite language
    • Just curious to look under the hood:)

To look at the trace log add the following in configuration section of your web.config. One you run you application with settings below, a sdk.log file will be generated in the base directory of the website. You can also provide an absolute path for sdk.log to a directory where you web process has a write access.


NOTE: In case the file doesn’t get generated, make

Have price perfectly that power. I 365 pills bath. Skin expected. Since in taking or buy cialis without prescription harden they sure letrozole cost this I is have to for Bumble everyone canadian health and care mall skin! At lasted goes lead found out review but cheap viagra uk non-greasy light new vipps viagra greasy. I the really problem! This cheap cialis australia in Garnier feel.

sure your web process has write access to the directory sdk.log is getting generated in.