Well yes, thinking about whether that’s disclosive brought me to the point where I had to accept that everything no matter how aggregated it is, holds the potential to be disclosive. Thus I settled on the hope that people won’t use it to disclose data in the same way other functions (like subarray indexing) do it right now. Smoothing would help anonymizing data though.
In particular challenging to implement is the aggregation of ROC curves from different sources. In order to decrease the disclosiveness I don’t share the thresholds for each data point. But that also leads to missing comparability of the curves and thus it’s impossible to create a combined curve.
Regarding ease of use for developers, some additional tooling in regards of convenience functions would indeed be nice. Having to string-wrap each call manually as some sort of custom remote procedure call feels too close to the metal IMO. I also played with the idea whether using gRPC/Protocol Buffers as the interface could be an interesting development given that it’d also on one hand provide clear interfaces by design (design by contract) and also loosens the interface which would be interesting for me in particular since I’m currently playing around with a front-end in another language (->Julia). And having to call Julia->R DataShield client->R DataShield server → R DataShield server → Julia feels very unstable due to all the points where errors could appear But given that DataSHIELD is a very good idea that’s a price worth to pay I guess