Ontoserver 6.1

This release of Ontoserver contains a set of exciting and significant new features:

Post coordination support

SNOMED CT Post Coordinated Expressions (PCEs) allow multiple SNOMED concepts to be combined to express clinical ideas that are not covered by a single SNOMED code. The FHIR specification allows for PCEs anywhere a simple (single) SNOMED code can be used. It relies on the terminology service capabilities to be able to validate, search for, and otherwise work with, resources that contain these expressions.

Ontoserver 6.1 introduces the following explicit capabilities for PCEs:

  • subsumption testing (/CodeSystem/$subsumes and /$closure),
  • lookup (/CodeSystem/$lookup),
  • validation (/CodeSystem/$validate-code),
  • inclusion in ValueSet expansions, when combined with an appropriate CodeSystem supplement (and, by extension, /ValueSet/$validate-code and /[Resource]/$validate).

Note, due to potential issues with the integreity of the associated transformations, close-to-user form is not supported by Ontoserver. This is primarily due to the uncertain semantics of the proposed transformation algorithm that operate outside of Description Logic semantics such as:

Fine-grained security model

Prior versions of Ontoserver include a simple API-level security model based around read and write permissions and the three API-classes: FHIR, syndication, and administration.

This model is suitable for many deployment scenarios. However, some scenarios require a more nuanced approach that allows securing access, both read and/or write at the individual Resource instance level.

Consider, for example, a CodeSystem that, due to IP restrictions, can only be made available to a subset of the users of the system. This constraint extends beyond just direct access to the CodeSystem; any attempt to, for example, expand a ValueSet that references this CodeSystem must also be protected.

Ontoserver 6.1 introduces support for per-Resource security. The approach uses FHIR's security labels and the CodeSystem http://ontoserver.csiro.au/CodeSystem/ontoserver-permissions. Any resource that has at least one security label drawn from this CodeSystem is subject to additional permissions checks.

This CodeSystem is open-ended and has codes of the form: [category].read and [category].write, where [category] names a permissions category, and is a non-empty sequence of the characters conforming to the regular expression [_a-zA-Z0-9].

These permissions are use in conjunction with the API permissions. This means that a user wishing to, for example, expand a ValueSet must have FHIR read permissions plus category read permissions for the ValueSet and all CodeSystems that it references.

Operations on Resource.meta

The various operations on a Resource's Meta allow changes to be made without having to operate on the full Resource. This is an essential capability for adding/deleting tags and security labels on the special CodeSystem resources for SNOMED CT and LOINC which are otherwise managed by the system.

Newly supported operations are:

  • /[Resource]/[id]/$meta,
  • /[Resource]/[id]/$meta-add, and
  • /[Resource]/[id]/$meta-delete