A strategy to advance the evidence base in palliative medicine: formation of a palliative care research cooperative group.

BACKGROUND: Palliative medicine has made rapid progress in establishing its scientific and clinical legitimacy, yet the evidence base to support clinical practice remains deficient in both the quantity and quality of published studies. Historically, the conduct of research in palliative care populations has been impeded by multiple barriers including health care system fragmentation, small number and size of potential sites for recruitment, vulnerability of the population, perceptions of inappropriateness, ethical concerns, and gate-keeping. METHODS: A group of experienced investigators with backgrounds in palliative care research convened to consider developing a research cooperative group as a mechanism for generating high-quality evidence on prioritized, clinically relevant topics in palliative care. RESULTS: The resulting Palliative Care Research Cooperative (PCRC) agreed on a set of core principles: active, interdisciplinary membership; commitment to shared research purposes; heterogeneity of participating sites; development of research capacity in participating sites; standardization of methodologies, such as consenting and data collection/management; agile response to research requests from government, industry, and investigators; focus on translation; education and training of future palliative care researchers; actionable results that can inform clinical practice and policy. Consensus was achieved on a first collaborative study, a randomized clinical trial of statin discontinuation versus continuation in patients with a prognosis of less than 6 months who are taking statins for primary or secondary prevention. This article describes the formation of the PCRC, highlighting processes and decisions taken to optimize the cooperative group's success.

SAFE: A Declarative Trust-Agile System with Linked Credentials

Secure Access For Everyone (SAFE), is an integrated system for managing trust

using a logic-based declarative language. Logical trust systems authorize each

request by constructing a proof from a context---a set of authenticated logic

statements representing credentials and policies issued by various principals

in a networked system. A key barrier to practical use of logical trust systems

is the problem of managing proof contexts: identifying, validating, and

assembling the credentials and policies that are relevant to each trust

decision.

SAFE addresses this challenge by (i) proposing a distributed authenticated data

repository for storing the credentials and policies; (ii) introducing a

programmable credential discovery and assembly layer that generates the

appropriate tailored context for a given request. The authenticated data

repository is built upon a scalable key-value store with its contents named by

secure identifiers and certified by the issuing principal. The SAFE language

provides scripting primitives to generate and organize logic sets representing

credentials and policies, materialize the logic sets as certificates, and link

them to reflect delegation patterns in the application. The authorizer fetches

the logic sets on demand, then validates and caches them locally for further

use. Upon each request, the authorizer constructs the tailored proof context

and provides it to the SAFE inference for certified validation.

Delegation-driven credential linking with certified data distribution provides

flexible and dynamic policy control enabling security and trust infrastructure

to be agile, while addressing the perennial problems related to today's

certificate infrastructure: automated credential discovery, scalable

revocation, and issuing credentials without relying on centralized authority.

We envision SAFE as a new foundation for building secure network systems. We

used SAFE to build secure services based on case studies drawn from practice:

(i) a secure name service resolver similar to DNS that resolves a name across

multi-domain federated systems; (ii) a secure proxy shim to delegate access

control decisions in a key-value store; (iii) an authorization module for a

networked infrastructure-as-a-service system with a federated trust structure

(NSF GENI initiative); and (iv) a secure cooperative data analytics service

that adheres to individual secrecy constraints while disclosing the data. We

present empirical evaluation based on these case studies and demonstrate that

SAFE supports a wide range of applications with low overhead.