As part of my search for angel money, I would like to prototype an I idea for an internet application. This application would allow doctors, lawyers and other professionals to store sensitive information on a public web server and selectively constrain who can access it and when they can access it.
Here is what I have learned:
(1)
EJB seems to be a good candidate because (as explained on page 71+ of Richard Monson-Haefel's book) it supports authentication (via JNDI), access control (=authorization?) and secure client-server communication.
(2)
www.ejip.net is an ISP that will supports EJB for $120/mo. This is a nice alternative to $6K for a EJB server + ~$1000 for Oracle + $100/mo to co-locate a server + $2K for hardware (=~$9K + $100/mo - ouch!).
(3) The few ISPs that offer database will not give me multiple database accounts. I figure that I need a different database account for each lawyer or doctor that wants to store sensitive info on my web site.
Here are my questions:
(1) Do I need a separate database account for each doctor or lawyer to exploit the security features of EJB? (www.ejip.com said no, I have one master password and I have to implement the concept of a secure sub-accounts in my own
java code - yuck!). If so, where is an ISP that allow me to have 1000 database accounts - one for each doctor or lawyer?
(2) Will EJB allow me to keep my client's data private?
(3) What are some other ISPs that offer EJB?
I realize that any imformation stored on a public web site will never be as secure information stored under lock and key. I'm anticipating that my clients would only store mildly sensitive information on the public web site such as their travel/ appointment schedules so they can rendezvous with their collegues.
Thank you very much!
Siegfried
