Modifying The bundle.xml File Is Not Recommended

[hhund]

In the Wiki Page DSF Middleware Setup a procedure to modify the bundle.xml file located at /opt/fhir/conf/bundle.xml is described. Since the file provided by the linked install guides is synchronized to the DSF release and NUM-CODEX systems, modifying this file is not recommended. It actually has a comment in it saying:

Do not modify this file!

Please provide a stand-alone FHIR transaction Bundle to your users with conditional update commands for adding the necessary MII/FDPG allowlist entries to an existing DSF installation.

Since you would need to establish some kind of on-boarding process anyway (the linked form does not exists), in which you would need to ask organizations for their current client certificate thumbprint, endpoint URL and so forth, you would be able to send a stand-alone, organization specific Bundle to your users in return.

Transaction Bundles can be executed against the DSF FHIR Server at runtime, for example using a curl command. Note: Since all references between allow-list resources (Organization, Endpoint, OrganizationAffiliation) need to be literal references, you will need to use conditional references when referencing the local organization and endpoint inside the transaction Bundle.

A general MII/FDPG allowlist bundle could look like this, although I would recommend providing users with a customized file:

<Bundle xmlns="http://hl7.org/fhir">
	<!-- 
	Allowlist Bundle for Medizininformatik-Initiative FDPG clients
	
	Modify lines 176, 191 and 200 before executing!
	
	Execute transaction bundle against DSF FHIR server after modifications:
		Unencrypted private key:
		curl -&#45;cert client_certificate.pem -&#45;key private-key.pem -H "Accept: application/fhir+xml" -H "Content-Type: application/fhir+xml" -H "Prefer: return=OperationOutcome" -&#45;data @bundle.xml https://{your-fhir-server-dns}.de/fhir/
		
		Encrypted private key:
		curl -&#45;cert client_certificate.pem -&#45;key private-key.pem -&#45;pass {private-key-password} -H "Accept: application/fhir+xml" -H "Content-Type: application/fhir+xml" -H "Prefer: return=OperationOutcome" -&#45;data @bundle.xml https://{your-fhir-server-dns}.de/fhir/
		
	Caution: XML does not allow two consecutive dash characters within a comment, replace all &#45; with - before executing!
	-->

	<type value="transaction"/>
	<!-- Forschungsdatenportal für Gesundheit (FDPG) -->
	<entry>
		<fullUrl value="urn:uuid:c5bb849c-c7c9-4418-8840-7b34488774c6"/>
		<resource>
			<Organization xmlns="http://hl7.org/fhir">
				<meta>
					<tag>
						<system value="http://highmed.org/fhir/CodeSystem/read-access-tag"/>
						<code value="ALL"/>
					</tag>
				</meta>
				<extension url="http://highmed.org/fhir/StructureDefinition/extension-certificate-thumbprint">
					<valueString value="9fa64c85d81f76b0ce96313023f3f1bd3df73059bc7bf5bd86ba25deac1842ae54103e74669d164d3972f259c657a82594677dc49bfa2a2b0a7b4ed6f34e17ab"/>
				</extension>
				<identifier>
					<system value="http://highmed.org/sid/organization-identifier"/>
					<value value="forschen-fuer-gesundheit.de"/>
				</identifier>
				<active value="true"/>
				<name value="Forschungsdatenportal für Gesundheit"/>
				<endpoint>
					<reference value="urn:uuid:e6ead183-910c-446f-88c5-85c1f0f03250"/>
					<type value="Endpoint"/>
				</endpoint>
			</Organization>
		</resource>
		<request>
			<method value="PUT"/>
			<url value="Organization?identifier=http://highmed.org/sid/organization-identifier|forschen-fuer-gesundheit.de"/>
		</request>
	</entry>
	<!-- Forschungsdatenportal für Gesundheit (FDPG) Endpoint -->
	<entry>
		<fullUrl value="urn:uuid:e6ead183-910c-446f-88c5-85c1f0f03250"/>
		<resource>
			<Endpoint xmlns="http://hl7.org/fhir">
				<meta>
					<profile value="http://highmed.org/fhir/StructureDefinition/endpoint"/>
					<tag>
						<system value="http://highmed.org/fhir/CodeSystem/read-access-tag"/>
						<code value="ALL"/>
					</tag>
				</meta>
				<identifier>
					<system value="http://highmed.org/sid/endpoint-identifier"/>
					<value value="dsf.forschen-fuer-gesundheit.de"/>
				</identifier>
				<status value="active"/>
				<connectionType>
					<system value="http://terminology.hl7.org/CodeSystem/endpoint-connection-type"/>
					<code value="hl7-fhir-rest"/>
				</connectionType>
				<name value="FHIR Endpoint Forschungsdatenportal für Gesundheit (FDPG)"/>
				<managingOrganization>
					<reference value="urn:uuid:c5bb849c-c7c9-4418-8840-7b34488774c6"/>
					<type value="Organization"/>
				</managingOrganization>
				<payloadType>
					<coding>
						<system value="http://hl7.org/fhir/resource-types"/>
						<code value="Task"/>
					</coding>
				</payloadType>
				<payloadMimeType value="application/fhir+json"/>
				<payloadMimeType value="application/fhir+xml"/>
				<address value="https://dsf.forschen-fuer-gesundheit.de/fhir"/>
			</Endpoint>
		</resource>
		<request>
			<method value="PUT"/>
			<url value="Endpoint?identifier=http://highmed.org/sid/endpoint-identifier|dsf.forschen-fuer-gesundheit.de"/>
		</request>
	</entry>
	<!-- Medizininformatik-Initiative -->
	<entry>
		<fullUrl value="urn:uuid:e0af5409-2d52-4b32-826a-52ade12bc267"/>
		<resource>
			<Organization xmlns="http://hl7.org/fhir">
				<meta>
					<profile value="http://highmed.org/fhir/StructureDefinition/organization-parent"/>
					<tag>
						<system value="http://highmed.org/fhir/CodeSystem/read-access-tag"/>
						<code value="ALL"/>
					</tag>
				</meta>
				<identifier>
					<system value="http://highmed.org/sid/organization-identifier"/>
					<value value="medizininformatik-initiative.de"/>
				</identifier>
				<active value="true"/>
				<name value="Medizininformatik-Initiative"/>
			</Organization>
		</resource>
		<request>
			<method value="PUT"/>
			<url value="Organization?identifier=http://highmed.org/sid/organization-identifier|medizininformatik-initiative.de"/>
		</request>
	</entry>
	<!-- Medizininformatik-Initiative | Forschungsdatenportal für Gesundheit (FDPG) -->
	<entry>
		<fullUrl value="urn:uuid:6ff25757-4300-44b8-ab6e-c258762edf4c"/>
		<resource>
			<OrganizationAffiliation xmlns="http://hl7.org/fhir">
				<meta>
					<profile value="http://highmed.org/fhir/StructureDefinition/organization-affiliation"/>
					<tag>
						<system value="http://highmed.org/fhir/CodeSystem/read-access-tag"/>
						<code value="ALL"/>
					</tag>
				</meta>
				<active value="true"/>
				<organization>
					<reference value="urn:uuid:e0af5409-2d52-4b32-826a-52ade12bc267"/>
					<type value="Organization"/>
				</organization>
				<participatingOrganization>
					<reference value="urn:uuid:c5bb849c-c7c9-4418-8840-7b34488774c6"/>
					<type value="Organization"/>
				</participatingOrganization>
				<code>
					<coding>
						<system value="http://highmed.org/fhir/CodeSystem/organization-type"/>
						<code value="HRP"/>
					</coding>
					<coding>
						<system value="http://highmed.org/fhir/CodeSystem/organization-role"/>
						<code value="HRP"/>
					</coding>
				</code>
				<endpoint>
					<reference value="urn:uuid:e6ead183-910c-446f-88c5-85c1f0f03250"/>
					<type value="Endpoint"/>
				</endpoint>
			</OrganizationAffiliation>
		</resource>
		<request>
			<method value="PUT"/>
			<url value="OrganizationAffiliation?primary-organization:identifier=http://highmed.org/sid/organization-identifier|medizininformatik-initiative.de&amp;participating-organization:identifier=http://highmed.org/sid/organization-identifier|forschen-fuer-gesundheit.de"/>
		</request>
	</entry>
	<!-- Medizininformatik-Initiative | Local Organization -->
	<entry>
		<fullUrl value="urn:uuid:3ce22c55-efec-4558-b03a-6074a003bfcd"/>
		<resource>
			<OrganizationAffiliation xmlns="http://hl7.org/fhir">
				<meta>
					<profile value="http://highmed.org/fhir/StructureDefinition/organization-affiliation"/>
					<tag>
						<system value="http://highmed.org/fhir/CodeSystem/read-access-tag"/>
						<code value="ALL"/>
					</tag>
				</meta>
				<active value="true"/>
				<organization>
					<reference value="urn:uuid:e0af5409-2d52-4b32-826a-52ade12bc267"/>
					<type value="Organization"/>
				</organization>
				<participatingOrganization>
					<!-- ToDo Replace [local.organization.identifier] with the DSF identifier of your local organization -->
					<reference value="Organization?identifier=http://highmed.org/sid/organization-identifier|[local.organization.identifier]"/>
					<type value="Organization"/>
				</participatingOrganization>
				<code>
					<coding>
						<system value="http://highmed.org/fhir/CodeSystem/organization-type"/>
						<code value="MeDIC"/>
					</coding>
					<coding>
						<system value="http://highmed.org/fhir/CodeSystem/organization-role"/>
						<code value="MeDIC"/>
					</coding>
				</code>
				<endpoint>
					<!-- ToDo Replace [local.endpoint.identifier] with the DSF identifier of your local DSF FHIR endpoint -->
					<reference value="Endpoint?identifier=http://highmed.org/sid/endpoint-identifier|[local.endpoint.identifier]"/>
					<type value="Endpoint"/>
				</endpoint>
			</OrganizationAffiliation>
		</resource>
		<request>
			<method value="PUT"/>
			<!-- ToDo Replace [local.organization.identifier] with the DSF identifier of your local organization -->
			<url value="OrganizationAffiliation?primary-organization:identifier=http://highmed.org/sid/organization-identifier|medizininformatik-initiative.de&amp;participating-organization:identifier=http://highmed.org/sid/organization-identifier|[local.organization.identifier]"/>
		</request>
	</entry>
</Bundle>

[DiCanio]

Thanks for filing this issue and sorry for the late reply.

You are most certainly right about this. However, for the record, please let me try to explain what made us go that route:
Creating resources within the system that are not primarily part of the executed task (running a query) can safely be referred to as configuration. When it comes to configuration, it should be easy to get a grasp of what the deployed state's going to be. To achieve this it would be best to have these configuration files (a bundle.xml in our case) being present and under version control. Kind of like "infrastructure as code", but for the initial setup. Using this approach could come in handy in case of a disaster recovery.

This is where your valid point comes into play and invalidates the intentions mentioned above.
Yes, we don't have a single bundle.xml, simply because we are just providing a plugin and need to factor in already deployed solutions. They will have their own configurations, no matter how they get provisioned. Thus, having a single file is just not possible. Furthermore, we can agree on that the previously mentioned initial setup is always present since it is backed up by non-ephemeral storage.

All in all, I would follow your proposal and provide some kind of utility allowing for easy creation of a transaction bundle (maybe based off of a template of some sort).

[juliangruendner]

@EmteZogaf - is this still relevant?