Oso Community Hackathon

We run internal hackathons at Oso as a way to experiment with new ideas, prototype wish list features, build off-the-wall projects and have fun. In the past, this has led to features like data filtering in Python and games like Polar Adventure. For the first time, in our most recent hackathon earlier this month we opened up the hackathon to the Oso community members, and they took the 🎂.

In this post, we showcase two of our talented community members and their hackathon projects:

• Harley Lang, who built Try Polar, an interactive tutorial for learning Oso's declarative policy language, Polar, based on his background as a behaviour analyst. Here on full display is not just Harley's expertise and coding prowess, but also his empathy for a new Oso user and his implicit understanding of a metric we call "Time to dopamine."
• Martin Ashby, who built support for Polar Expressions in Java. Martin is afraid of nothing and will stop at nothing to get data filtering support for Java as soon as possible so he can use it for his company's electronic health records application. Go Martin!

Read on for write-ups by Harley and Martin, plus links to the repos.

Harley Lang, Try Polar

Repositories:

• hello-polar web component: https://github.com/harleylang/hello-polar
• polar-koalifications site: https://github.com/harleylang/polar-interactive-lessons

For my hackathon project I wanted to create something that allows developers to use the Polar language in the web, before installation. Such applications provide various advantages, including: instant feedback, increased brand recognition (interactive docs have excellent reputations!), and with time, an easier on-boarding experience and increased developer proficiency with Polar.

To that end, I sought to create a web component that could be placed on any website, with simply a script tag to load the component and the component tag itself. I used the lit-element Javascript framework to create the <hello-polar></hello-polar> web component. It has one attribute, context, which receives an array of test conditions. Those test conditions are visually displayed to the end user, and they must write a polar policy that passes all provided test conditions.

Next I created a very small website called "Polar Koalafications." The site provides an example for how lessons can be designed with Markdown files and the <hello-polar> web component. The intent is that each Markdown file would describe an aspect of Polar and/or Oso, and then list various test conditions that illustrate those concepts in the Markdown file's metadata. When a lesson is selected, the Markdown content is displayed and the test context is loaded in the <hello-polar> component's context. For example, the first lesson requires the user just to submit a blank Polar file, as a way to observe deny-by-default behavior. The second lesson requires the user to read specifications (e.g., allow your boss to read everything, but only allow Harley to read books) and write a file that matches those requirements.

Demo (1.5 min):

‍

Martin Ashby, Polar Expressions in Java

Pull request for the hackathon to make the Polar expressions available in Java: https://github.com/osohq/oso/pull/1011

Here at Patients Know Best (PKB), our core business is putting patient data into the hands of the patient. This empowers patients to become active participants in their own care, improving their healthcare outcomes significantly. Medical data is both very sensitive, and very complex, so access control is a big part of our work. It's also a core feature – without good access control you simply can't host medical data.

We are in the process of introducing broad support for FHIR resources – an emerging standard in healthcare to represent medical information. Scalable development and operations require that we decouple the access control layer from the medical data model layer. Therefore we have decided to write a middleware, an API gateway, which will perform the authorization.

This approach gives us the flexibility to swap out the underlying FHIR server we need to. It may also let us take some advanced approaches to scaling like sharding, and act as a central access point for audit logging. It's important at PKB that we write applications that we can maintain. It's no good writing something in a language that only a small fraction of our developers can read & write. PKB primarily uses Java and Kotlin for our applications, tapping into the rich and mature ecosystem of frameworks and libraries, like Spring Boot. It's only natural that we'd want to stick with our familiar languages, while branching out our infrastructure in a novel direction (think of 'innovation tokens', don't spend too many on one project!). However, the Oso port to Java is missing this key feature: partial evaluation, aka Polar expressions!

I spent a few hours during the Oso hackathon (although in reality my timezone means I was out of sync with the Oso team) studying the existing Python implementation as used in the sqlalchemy-oso package, identified the missing pieces in the Java library, and filling in the blanks. I also ported over the test suite, in order to have some confidence that what I've done has actually worked. None of this would have been possible without a few hours Zoom conversation with Gabe, who helped me debug during the python PoC phase, and subsequently Dave & Sam who have kindly reviewed my change request and filled in pieces I had missed.

I hope that this'll help PKB on its mission to give more patients access to more data than ever. Implementing the whole of the FHIR standard unlocks a lot more integrations for us, which in turn means a more complete medical record for our users, more time saved for our customers, and better healthcare outcomes overall.

Also of Interest:

• Original Proof of Concept for Patients Know Best authorization rules in Oso: https://github.com/patientsknowbest/fhirgate
• Interesting file showing PKB's authorization rules: https://github.com/patientsknowbest/fhirgate/blob/main/authorization.polar
• Use of Polar expressions to efficiently apply authorization rules for searches: https://github.com/patientsknowbest/fhirgate/blob/6240b845a5cabac29a6e10a2b8e3e1df15e27f37/main.py#L93

If you have questions for Harley and Martin join the Oso community Slack to connect with them and hundreds of other developers. Our team is also always happy to help you get started with Oso, if you're interested in learning how to use Oso in your app, schedule a 1x1 with an Oso engineer.