SHIFT SLS Reference Implementation Guide
0.1.0 - ci-build
SHIFT SLS Reference Implementation Guide
0.1.0 - ci-build
SHIFT SLS Reference Implementation Guide, published by SHIFT-Task-Force. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/SHIFT-Task-Force/sls-ri-ig/ and changes regularly. See the Directory of published versions
| Draft as of 2026-02-05 |
<CapabilityStatement xmlns="http://hl7.org/fhir">
<id value="fhir-sls-server"/>
<text>
<status value="extensions"/>
<div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b>Generated Narrative: CapabilityStatement fhir-sls-server</b></p><a name="fhir-sls-server"> </a><a name="hcfhir-sls-server"> </a><h2 id="title">FHIR Security Labeling Service - Server Capability Statement</h2><ul><li>Implementation Guide Version: 0.1.0 </li><li>FHIR Version: 4.0.1 </li><li>Supported Formats: <code>application/fhir+json</code>, <code>json</code></li><li>Published on: 2026-02-05 </li><li>Published by: SHIFT-Task-Force </li></ul><blockquote class="impl-note"><p><strong>Note to Implementers: FHIR Capabilities</strong></p><p>Any FHIR capability may be 'allowed' by the system unless explicitly marked as 'SHALL NOT'. A few items are marked as MAY in the Implementation Guide to highlight their potential relevance to the use case.</p></blockquote><h2 id="rest">FHIR RESTful Capabilities</h2><div class="panel panel-default"><div class="panel-heading"><h3 id="mode1" class="panel-title">Mode: <code>server</code></h3></div><div class="panel-body"><div><p>FHIR Security Labeling Service providing operations to process ValueSets defining sensitive topics and to analyze resources for security labeling.</p>
</div><div class="lead"><em>Security</em></div><div class="row"><div class="col-lg-6">Enable CORS: yes</div><div class="col-lg-6">Security services supported: </div></div><blockquote><div><p>This is a reference implementation with CORS enabled. Production deployments should implement appropriate authentication and authorization.</p>
</div></blockquote><div class="row"><div class="col-12"><span class="lead">Summary of System-wide Operations</span><table class="table table-condensed table-hover"><thead><tr><th>Conformance</th><th>Operation</th><th>Documentation</th></tr></thead><tbody><tr><td><b>SHALL</b></td><td><a href="OperationDefinition-sls-load-valuesets.html">$sls-load-valuesets</a></td><td><div><p>Processes a Bundle containing ValueSet resources to establish security labeling rules. Supports ValueSets with multiple topic codes via topic[] or useContext[].focus. If a ValueSet lacks an expansion, it will be expanded using tx.fhir.org.</p>
</div></td></tr><tr><td><b>SHALL</b></td><td><a href="OperationDefinition-sls-tag.html">$sls-tag</a></td><td><div><p>Analyzes a Bundle of clinical resources and applies security labels based on loaded ValueSets. Supports two modes: 'batch' (modified resources only) and 'full' (all resources, preserving Bundle structure). Applies confidentiality code 'R' and topic-specific labels to matching resources.</p>
</div></td></tr></tbody></table></div></div></div></div></div>
</text>
<url
value="http://SHIFT-Task-Force.github.io/sls-ri/CapabilityStatement/fhir-sls-server"/>
<version value="0.1.0"/>
<name value="FHIRSecurityLabelingServiceCapabilityStatement"/>
<title
value="FHIR Security Labeling Service - Server Capability Statement"/>
<status value="draft"/>
<experimental value="true"/>
<date value="2026-02-05"/>
<publisher value="SHIFT-Task-Force"/>
<contact>
<name value="SHIFT-Task-Force"/>
<telecom>
<system value="url"/>
<value value="http://shift-project.org"/>
</telecom>
</contact>
<description
value="Capability Statement describing the FHIR Security Labeling Service (SLS) reference implementation. This service analyzes FHIR resources for sensitive information and applies appropriate security labels based on ValueSet-defined rules."/>
<jurisdiction>
<coding>
<system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>
<code value="001"/>
</coding>
</jurisdiction>
<kind value="instance"/>
<implementation>
<description
value="FHIR Security Labeling Service Reference Implementation"/>
<url value="http://localhost:3000"/>
</implementation>
<fhirVersion value="4.0.1"/>
<format value="application/fhir+json"/>
<format value="json"/>
<rest>
<mode value="server"/>
<documentation
value="FHIR Security Labeling Service providing operations to process ValueSets defining sensitive topics and to analyze resources for security labeling."/>
<security>
<cors value="true"/>
<description
value="This is a reference implementation with CORS enabled. Production deployments should implement appropriate authentication and authorization."/>
</security>
<operation>
<name value="sls-load-valuesets"/>
<definition
value="http://SHIFT-Task-Force.github.io/sls-ri/OperationDefinition/sls-load-valuesets"/>
<documentation
value="Processes a Bundle containing ValueSet resources to establish security labeling rules. Supports ValueSets with multiple topic codes via topic[] or useContext[].focus. If a ValueSet lacks an expansion, it will be expanded using tx.fhir.org."/>
</operation>
<operation>
<name value="sls-tag"/>
<definition
value="http://SHIFT-Task-Force.github.io/sls-ri/OperationDefinition/sls-tag"/>
<documentation
value="Analyzes a Bundle of clinical resources and applies security labels based on loaded ValueSets. Supports two modes: 'batch' (modified resources only) and 'full' (all resources, preserving Bundle structure). Applies confidentiality code 'R' and topic-specific labels to matching resources."/>
</operation>
</rest>
</CapabilityStatement>