Since November 11, 2024, the new production server of Service Unit Terminological Services (SU-TermServ) is operational. With this, the SU-TermServ now provides a powerful platform for delivering terminology services within the Medical Informatics Initiative (MII) and the Network of University Medicine (NUM). The new server is accessible at the address https://ontoserver.mii-termserv.de/fhir 🔐 for FHIR clients.
Previously, SU-TermServ provided services at the address https://terminology-highmed.medic.medfak.uni-koeln.de/fhir 🔐. This server originated from the HiGHmed project. With the start of the current funding phase of the MII in January 2023, the operation of this server was professionalized, and the target audience was officially expanded to the entire MII and NUM through an independent 2b project.
Shutdown of the old server
The old HiGHmed server will continue to operate until the end of 2024 and will then be shut down in the first weeks of the new year. Please migrate to the new services. All previous FHIR resources should remain available. If you experience issues connecting to the new service, please contact us in our Zulip channel or via email.
The Ballot Server will continue to operate in the future to provide a public platform for the further development of the resources.
You will need a corresponding certificate to access the server. An IP Allow List will no longer be supported in the future, but we can issue our own certificates if needed.
Authentication
All endpoints secured by Mutual TLS are marked with a lock 🔐.
Services on the server
Ontoserver
The terminology server uses the software Ontoserver to provide terminologies and ontologies. The server is accessible at the address https://ontoserver.mii-termserv.de/fhir 🔐. As a FHIR terminology server, Ontoserver implements the sub-specification of the FHIR Terminology Module in the version of FHIR R4. For more information on using these services, please refer to the slides from our last workshop in July 2024 and our onboarding slides. Documentation for Ontoserver, including a Postman collection for testing, can also be found from the manufacturer.
In addition to FHIR services, Ontoserver also provides the syndication function. This allows Ontoserver instances to be networked to provide resources from an upstream instance (i.e., the SU-TermServ instance) to downstream instances (e.g., within the data integration centers). The syndication feed can be found in XML format at https://ontoserver.mii-termserv.de/synd/syndication.xml 🔐. Syndication uses the Atom format according to RFC 4287, while the syndication-specific adjustments were specified by the Australian National Clinical Terminology Service (NCTS). The Australian Digital Health Agency also provides a syndication client library for Java and .NET to consume the syndication feed in other applications than Ontoserver.
Launchpad
At www.ontoserver.mii-termserv.de, you can find an overview of the provided services and other software that can communicate with the Ontoserver. No authentication via mTLS is required here.
Canonical Resource Management Infrastructure (CRMI)
With the Canonical Resource Management Infrastructure Implementation Guide, the Clinical Decision Support working group of HL7 International has specified profiles, operations, and guidelines for dealing with canonical resources (FHIR knowledge artifacts, particularly ValueSets and Profiles).
For the work of SU-TermServ, the following aspects of this Implementation Guide are particularly relevant:
- In the sections Packaging and Publishing, the packaging and distribution of FHIR resources through FHIR-NPM packages [Specification] are described.
- Within the section Distribution, rules are specified for identifying dependencies between the resources (Dependency Tracing).
- The specification within the part Syndication of the distribution concept describes an adaptation of the syndication concept using Atom feeds. Compared to the syndication concept of the Ontoserver, a package-based syndication is described here rather than a resource-based one.
- Through the extension
http://hl7.org/fhir/StructureDefinition/cqf-scope, the linkage between the resources and the packages through which they are published is to be established as described. - The Implementation Guide also specifies rules for the versioning of artifacts and packages here.
The SU-TermServ has fully implemented the packaging of the resources, taking into account the dependencies identified by the Dependency Tracing rules (as extensively described in our previous blog post commenting on the previous server). Additionally, the syndication profile was implemented based on the NPM packages.
Authentification 🔐
Authentication with the new server is now only possible via mTLS. The previous option for authentication via an IP allow-list is no longer supported due to the resulting maintenance effort. Instead, we now provide the option to issue certificates from our own certificate chain for both individuals and organizations. Please contact SU-TermServ via email or MII-Zulip.
The issuers accepted by us are always listed on the Ontoserver page. We currently support the following issuers:
- GÉANT
- Sectigo Organization Validation Secure Server CA
- USERTrust
- DFN-PKI
- our own CA
We have no requirements regarding supported certificate profile. In particular, we support the use of server certificates that are also used for HTTPS, and personal certificates for, e.g., document signing and signed/encrypted emails via S/MIME.
All certificates must be issued for entities in Germany; this information can be found in the Distinguished Name of the certificate. We check for the presence of the attribute C=DE. Access for entities outside the Federal Republic of Germany is not possible due to our contractual situation with CSIRO, the manufacturer of Ontoserver.
Current situation with GÉANT and Sectigo
Shortly before the release of this announcement, it became known that Sectigo terminated its contractual relationship with the GÉANT consortium due to disagreements. For several years, the previous PKI of the German Research Network (DFN) has been replaced by that of GÉANT, which in turn has commissioned Sectigo to issue certificates. As of November 14, 2024, it is likely no longer possible to apply for certificates through Sectigo beginning no later than January 10, 2025. It is not yet known to what extent GÉANT will enter into a new contractual relationship with a subcontractor or whether DFN is seeking another partner. It is certain that all server certificates will expire next year (these are only issued for one year), and possibly personal certificates as well (which are usually valid for three years), and thus there will be a need for action at all locations using GÉANT’s certification services. Therefore, DFN recommends extending all certificates before the expiry date in the coming weeks up to the turn of the year to postpone the necessary work into the future. SU-TermServ will monitor the situation, and of course, new certification chains will be added to the list of approved issuers. The security of access to our services is not jeopardized at any time due to this transition. We will inform about further steps through the channels of the coordination office and on this website.
Write Access
You are not able to create resources on the server. Further authentication is necessary for this, which is only granted to employees of the SU-TermServ project. However, if you have a need for resources that is shared by other parties within MII and NUM, you can discuss with us to create your own FHIR packages (we can, of course, provide support in this), which can then be uploaded by us. More information is available here.
Updates
SU-TermServ is involved in the further development of the core dataset modules and is thus informed about new releases. Stable package versions will be repackaged by us shortly and then made available on the server. By default, we only support the latest version, but older packages will remain available on our GitLab area, so they can also be used by the sites if needed. If an urgent need for the simultaneous provision of individual packages is identified, this can also be implemented.
Due to the repackaging by SU-TermServ, some dependencies, i.e., external terminologies, are covered by new packages. We will update these packages as follows:
- ICD-10-GM, OPS, Alpha-ID at the turn of the year
- The International Edition of SNOMED CT biannually with the January and July versions
- The Germany Edition of SNOMED CT biannually in the rhythm of BfArM, currently in May and November
- LOINC upon release
Other external dependencies, such as the key tables of KBV, the German base profiles, or the DICOM value sets, will be updated when new versions are released, and dependent packages will be tested for compatibility with the new versions. Necessary adjustments will be communicated with the responsible parties, and a strategy for updates will be developed together.
Migration
If you are already connected to our services, specifically to the FHIR endpoint https://terminology-highmed.medic.medfak.uni-koeln.de/fhir 🔐 and/or to Syndication https://terminology-highmed.medic.medfak.uni-koeln.de/synd/syndication.xml 🔐, an adjustment on your side is required.
The new FHIR endpoint is https://ontoserver.mii-termserv.de/fhir 🔐, and the syndication feed can be accessed at https://ontoserver.mii-termserv.de/synd/syndication.xml 🔐.
If you are already using a certificate for authentication, you can also use it for the new server—if not, please contact us!
If you have been using the IP allow-list because you could not obtain a certificate through GÉANT, please contact us so that we can issue you a corresponding certificate from our CA. The validity of this certificate will currently not be longer than until the end of 2027.
At the turn of the year, we will then shut down the old server and inform you accordingly.
Please also consider the current situation regarding Sectigo and GÉANT outlined above.