8. Open Standards & Best Practices
Digital public goods must be designed and developed to align with relevant standards, best practices, and/or principles. For example, the Principles for Digital Development.
A good way to provide evidence of this is to state all relevant data, technology, or related best practices / open standards.
📌 For best practices regarding open source software solutions, particularly for organizations involved in developing and maintaining software and policy together, please refer to The Standard For Public Code.
📌 List of resources and best practices for open data.
📌 List of resources and best practices for open content.
Open standards are protocols and building blocks that make digital public goods work better and connect easier. They help developers create products faster and let data files be read or written by anyone.
Here are some common open standards by category:
Accessibility
Application Programming Interfaces (APIs)
Authentication & Authorization
- OAuth 2
- OIDC (OpenID Connect)
- JWT (JSON Web Tokens)
- SAML (Security Assertion Markup Language)
- XACML 3.0 (eXtensible Access Control Markup Language)
Computer Communications Protocols
Data Exchange/ Configuration formats
Internationalization (i18n)
- UTF-8
- ISO-8859-1
- ASCII
Multimedia
- SVG (Scalable Vector Graphics)
- PNG (Portable Network Graphics)
- JPEG (Joint Photographic Experts Group)
- Ogg MP3 (Moving Picture Experts Group: Audio Layer III)
- FLAC (Free Lossless Audio Codec)
- H.264 (H.264/MPEG-4 AVC)
- AAC (Advanced Audio Coding)
- MP4 (MPEG-4 Part 14)
Sector-specific standards
- FHIR (Fast Healthcare Interoperability Resources) - Healthcare
- openEHR - Healthcare
- OCDS (Open Contracting Data Standard) - Open government
- Open Fiscal Data Package - Open government
- International Aid Transparency Initiative (IATI) Standard - Aid
- GTFS (General Transit Feed Specification) - Mobility
Security
- ISO/IEC 27001 (Information Security Management)
- ISO/IEC 27018:2019 (Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors)
- PKI
- HTTPS
- SSL
- SSH
- GPG
- RS256
- HS256
- AES
- ES256
Software Testing
Standard Content formats
- H5P
- ePub
- WebM
Virtual Reality/ Augmented Reality (VR /AR)
Web standards
- HTML
- CSS
- ECMAScript (ES 5/6/7)
- Latex
Whistleblowing management systems
Below are some of the common best practices and principles implemented by several digital public goods:
Architectural Design
- Architectural Principles
- Modularity and Maintainability
- Reusability and Extensibility
- Accountability & Non-repudiability
- Security & Consented Access
- Universal Access & Open APIs
- Microservices architecture
- SOLID principles of object oriented programming
Artificial Intelligence/ Machine Learning (AI/ ML)
- Google Responsible AI Practices
- Best Practices for ML Engineering (Google)
- Engineering best practices for Machine Learning
- Microsoft AI guiding principles
- The Facebook Field Guide to Machine Learning
Best practices to help secure your IT resources:
- Create strong passwords for username/ password authentication
- Enable Multi-factor authentication (MFA)
- Enable resource access authorization i.e. access control rights/ permissions
- Leverage IT auditing
- Protect data at rest (data encryption, using a firewall, antivirus protection, schedule backups)
- Protect data in transit (encrypt data in transit using TLS/SSL, authenticate data integrity using TLS/SSL, use X.509 certificates to authenticate the remote end)
Cloud Computing
- AWS Best Practices For Cloud Environments
- Google Best Practices For Enterprise Organizations Leveraging Cloud
- Azure Best Practices in Cloud Applications
- Design Principles For Azure Applications
Coding Styles & Standards
- PSR-12: Extended Coding Style
- PEP 8
- Google Style Guide
- Airbnb's JavaScript Style Guide
- Airbnb's Ruby Style Guide
Data Principles:
ICT4D
Open Source
- Best practices For Open Source Maintainers
- OpenSSF Best Practices Badge Program
- Google Open Source
- Open Source Tips
- Standard for Public Code - Guidance for government open source collaboration
Software Architectural Styles
- Multitier architecture
- Model–view–controller
- Representational state transfer (REST)
- Publish-subscribe
- Client-server (multitier architecture exhibits this style)
- Monolithic application
- Service-oriented
- Component-based
- Peer-to-peer
- Asynchronous messaging
- Event-driven
- Database-centric
- Sensor-controller-actuator
- Cloud computing patterns
Software Development Life Cycle (SDLC)
- User stories
- Change management using version control
- Test driven development using automated tests
- Continuous Integration & Continuous Deployment (CI/CD)
- Code review
- Code refactoring
- Rapid application development
- Agile development
- 12 Principles Behind Agile Manifesto
- The Twelve Factor App
User Interface/ User Experience (UI /UX)
Virtual Reality/ Augmented Reality (VR /AR)
- ONNX (Open Neural Network Exchange)
- ISO/IEC JTC 1/SC 42 on Artificial intelligence
- IEEE P7000 Standard Series
- Microsoft Responsible AI Standard
-
Université de Montréal - Montréal Declaration: Responsible AI
-
Information Accountability Foundation - Unified Ethical Frame for Big Data Analysis
-
Data & Society - Governing Artificial Intelligence. Upholding Human Rights & Dignity
-
Accenture - Responsible AI and Robotics. An Ethical Framework
-
SAP’s Guiding Principles for Artificial Intelligence
-
Sony Group AI Ethics Guidelines
Digital Public Goods (DPGs) are open-source software, open data, open AI systems, and open content collections that adhere to privacy and other applicable laws and best practices, do no harm, and help attain the Sustainable Development Goals (SDGs). If you have any questions regarding the DPG application process or anything else, you can ask directly to the DPG Community for guidance or send us an email; we're available to help you.
