SHIFT SLS Reference Implementation Guide
0.1.0 - ci-build
SHIFT SLS Reference Implementation Guide
0.1.0 - ci-build
SHIFT SLS Reference Implementation Guide, published by SHIFT-Task-Force. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/SHIFT-Task-Force/sls-ri-ig/ and changes regularly. See the Directory of published versions
| Draft as of 2026-02-05 |
{
"resourceType" : "CapabilityStatement",
"id" : "fhir-sls-server",
"text" : {
"status" : "extensions",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p class=\"res-header-id\"><b>Generated Narrative: CapabilityStatement fhir-sls-server</b></p><a name=\"fhir-sls-server\"> </a><a name=\"hcfhir-sls-server\"> </a><h2 id=\"title\">FHIR Security Labeling Service - Server Capability Statement</h2><ul><li>Implementation Guide Version: 0.1.0 </li><li>FHIR Version: 4.0.1 </li><li>Supported Formats: <code>application/fhir+json</code>, <code>json</code></li><li>Published on: 2026-02-05 </li><li>Published by: SHIFT-Task-Force </li></ul><blockquote class=\"impl-note\"><p><strong>Note to Implementers: FHIR Capabilities</strong></p><p>Any FHIR capability may be 'allowed' by the system unless explicitly marked as 'SHALL NOT'. A few items are marked as MAY in the Implementation Guide to highlight their potential relevance to the use case.</p></blockquote><h2 id=\"rest\">FHIR RESTful Capabilities</h2><div class=\"panel panel-default\"><div class=\"panel-heading\"><h3 id=\"mode1\" class=\"panel-title\">Mode: <code>server</code></h3></div><div class=\"panel-body\"><div><p>FHIR Security Labeling Service providing operations to process ValueSets defining sensitive topics and to analyze resources for security labeling.</p>\n</div><div class=\"lead\"><em>Security</em></div><div class=\"row\"><div class=\"col-lg-6\">Enable CORS: yes</div><div class=\"col-lg-6\">Security services supported: </div></div><blockquote><div><p>This is a reference implementation with CORS enabled. Production deployments should implement appropriate authentication and authorization.</p>\n</div></blockquote><div class=\"row\"><div class=\"col-12\"><span class=\"lead\">Summary of System-wide Operations</span><table class=\"table table-condensed table-hover\"><thead><tr><th>Conformance</th><th>Operation</th><th>Documentation</th></tr></thead><tbody><tr><td><b>SHALL</b></td><td><a href=\"OperationDefinition-sls-load-valuesets.html\">$sls-load-valuesets</a></td><td><div><p>Processes a Bundle containing ValueSet resources to establish security labeling rules. Supports ValueSets with multiple topic codes via topic[] or useContext[].focus. If a ValueSet lacks an expansion, it will be expanded using tx.fhir.org.</p>\n</div></td></tr><tr><td><b>SHALL</b></td><td><a href=\"OperationDefinition-sls-tag.html\">$sls-tag</a></td><td><div><p>Analyzes a Bundle of clinical resources and applies security labels based on loaded ValueSets. Supports two modes: 'batch' (modified resources only) and 'full' (all resources, preserving Bundle structure). Applies confidentiality code 'R' and topic-specific labels to matching resources.</p>\n</div></td></tr></tbody></table></div></div></div></div></div>"
},
"url" : "http://SHIFT-Task-Force.github.io/sls-ri/CapabilityStatement/fhir-sls-server",
"version" : "0.1.0",
"name" : "FHIRSecurityLabelingServiceCapabilityStatement",
"title" : "FHIR Security Labeling Service - Server Capability Statement",
"status" : "draft",
"experimental" : true,
"date" : "2026-02-05",
"publisher" : "SHIFT-Task-Force",
"contact" : [
{
"name" : "SHIFT-Task-Force",
"telecom" : [
{
"system" : "url",
"value" : "http://shift-project.org"
}
]
}
],
"description" : "Capability Statement describing the FHIR Security Labeling Service (SLS) reference implementation. This service analyzes FHIR resources for sensitive information and applies appropriate security labels based on ValueSet-defined rules.",
"jurisdiction" : [
{
"coding" : [
{
"system" : "http://unstats.un.org/unsd/methods/m49/m49.htm",
"code" : "001"
}
]
}
],
"kind" : "instance",
"implementation" : {
"description" : "FHIR Security Labeling Service Reference Implementation",
"url" : "http://localhost:3000"
},
"fhirVersion" : "4.0.1",
"format" : [
"application/fhir+json",
"json"
],
"rest" : [
{
"mode" : "server",
"documentation" : "FHIR Security Labeling Service providing operations to process ValueSets defining sensitive topics and to analyze resources for security labeling.",
"security" : {
"cors" : true,
"description" : "This is a reference implementation with CORS enabled. Production deployments should implement appropriate authentication and authorization."
},
"operation" : [
{
"name" : "sls-load-valuesets",
"definition" : "http://SHIFT-Task-Force.github.io/sls-ri/OperationDefinition/sls-load-valuesets",
"documentation" : "Processes a Bundle containing ValueSet resources to establish security labeling rules. Supports ValueSets with multiple topic codes via topic[] or useContext[].focus. If a ValueSet lacks an expansion, it will be expanded using tx.fhir.org."
},
{
"name" : "sls-tag",
"definition" : "http://SHIFT-Task-Force.github.io/sls-ri/OperationDefinition/sls-tag",
"documentation" : "Analyzes a Bundle of clinical resources and applies security labels based on loaded ValueSets. Supports two modes: 'batch' (modified resources only) and 'full' (all resources, preserving Bundle structure). Applies confidentiality code 'R' and topic-specific labels to matching resources."
}
]
}
]
}