Data Sharing Framework (DSF) Implementation Guide
2.0.0 - ci-build
Data Sharing Framework (DSF) Implementation Guide
2.0.0 - ci-build
Data Sharing Framework (DSF) Implementation Guide - Local Development build (v2.0.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions
The DSF (Data Sharing Framework) uses allow lists to control and restrict interactions between FHIR servers. The primary goal is to ensure that only authorized organizations can perform specific actions — such as starting a process instance — and only within the limits explicitly permitted.
To achieve this, each DSF FHIR server must:
Define trusted organizations
Maintain a list of external organizations that are trusted to participate in defined workflows.
Verify organizational membership
Ensure that a communicating system belongs to a trusted parent organization (e.g. a research consortium or institution).
Specify allowed actions
Determine which roles and operations a trusted organization is permitted to perform in a given context.
Allow lists in DSF are built using standard FHIR resources:
Organization: Represents a participating entity (e.g. a hospital, research institute).Endpoint: Describes how to technically reach an organization (e.g. base URL for its FHIR server).OrganizationAffiliation: Describes relationships between organizations, such as membership in consortia or assignment of specific roles.Together, these resources define:
To enforce Role-based permissions, so what actions an organization is allowed to perform in a given use case, please read the ActivityDefinition page.
Each DSF FHIR server maintains and enforces its own allow list. This means that:
In summary, allow lists serve as a decentralized trust and access control mechanism within the DSF ecosystem, ensuring secure and well-defined communication between authorized participants.