Extended Data

The SanteDB CDR requires that any data provided to it by callers conform to the logical information either in XML, JSON or ViewModel formats.

If you need to store data which cannot be captured in the primary information model you can add it with either an extension or a tag.


Extensions are versioned pieces of information which semantically change or modify the data structure, or capture complex data which changes over time. Extensions:

  • Must have a registered extension type (a valid extension type UUID)

  • Have effective/obsolete dates which means that they are subject to versioning and may need pruning

  • Store the extension valid as a serialized BLOB

Extension Data Type

SanteDB provides several built-in serializers for handling extension data which are used based on the type of data you'll be storing. SanteDB extension data types included within the solution are:

Data Type





Stores a variable length byte array as a blob



Stores a 1 byte representation of a binary value



64-bit (8 byte) ticks from UTC of the time stored



128-bit (16 byte) decimal number



A JSON structure of any data object



A 128-bit UUID pointer to an Entity, Act or Concept



A variable length string stored in the database



A 128-bit byte array representing a UUID

You can create additional extension data types by implementing the IExtensionHandler interface in a .NET plugin.

Extension Type Registration

SanteDB provides built extension types which are enumerated below.

All extensions are in the http://santedb.org/extensions URL base.






Stores a JPG photograph of an entity/act



Stores the original or amended date an action was supposed to occur.





A structured list of business rules/data quality issues that were detected with an object.



The original time (from the sender of a GS1 message) of estimated delivery date of an object.



The original shipment date of an action



The type of packaging (crate, box, etc.) from the GS1 sender

You can register your own extensions by using the HDSI interface and POSTing a new ExtensionType resource.


Tags are another extension point which can be used to attach metadata to an object during processing, disclosure, or to control some operational process. Tags are not versioned and live throughout the lifetime of the object. Tags can be removed and updated, however the history of these changes are not tracked.

Tags require no formal definition of the tag type, and represent a simple key/value pair on the object.

Tag keys starting with $ are transient, meaning they aren't persisted to the database and are intended to control operational processes within the CDR and its plugins/business rules.

SanteDB Core Tags

SanteDB's core plugins affix tags to objects based on the plugins enabled and the status of the object. These tags are described below.





M = Master

L = Local

T = Record of Truth

O = Orphan

The MDM service uses the type tagging to convey the type of master data record being provided. It is also used by

callers to instruct the MDM record to perform certain behaviors. For example, sending an update with $mdm.type

of T would instruct the MDM layer that the resource being

pushed is a designated record of truth.


True | False

Indicates that the MDM layer has already processed the

object. This prevents duplicate processing of records.


Patient | Place ..

Indicates the original type of resource the MDM record is

conveying. This is because MDM Masters are generic Entity

or Act resources with no clearly identified type. The $mdm.resource tag allows callers to understand the original

type of data the master is representing


True | False

When retrieving data that was synthesized from other data

records this flag will be TRUE. This indicates that the result

is not an *actual* record, rather it is combined from multiple

local records.



A list of other keys which the resource references may use.



True | False

When present in a resource, informs the caller that the

PolicyEnforcementService or PrivacyEnforcementService

has masked/redacted or removed sensitive data from the resource returned. This is an indicator to the caller that they

may need to perform an elevation to unlock all the data.

Note: If the PEP is set to HIDE sensitive data then the resource is not returned in any disclosures, and the $pep.masked flag will not appear.


hash | hide | redact

When present in a resource, informs the caller that the policy

enforcement service took destructive action on the resource

using the specified privacy enforcement method.

Note: The $pep.method of hide on a resource indicates that part of the resource was hidden (usually identifiers)

if the entire resource is hidden, then the tag wouldn't appear

on a resource tag.



Used by the BRE engine to convey non-fatal errors to

callers. This is used for diagnosing / logging and catching

upstream errors in business rules.


True | False

Used by the persistence layer to determine whether an object is being re-classified (having its type changed).

Normally this would cause an error in the persistence layer

however setting $sys.reclass=true instructs the persistence

layer to change the object's class. This is how, for example,

a Person may be re-classified as a Patient.


0.0 .. 1.0

When the resource being conveyed is in the context of another (for example: a sub-resource or link resource) the match score will be added to indicate the strength of the relationship of the resource to the container.

Last updated