8. Open Standards & Best Practices

Note

Indicator Requirement: "Digital public goods must be designed and developed to align with relevant standards, best practices, and/or principles."

---

For this indicator, you must provide a list of the open standards, best practices, and principles that your digital solution adheres to with relevant links wherever possible. For best practices regarding open source software solutions, particularly for organizations involved in developing and maintaining software and policy together, please refer to The Standard For Public Code. Below are some open standards and best practices recommendations.

Open Standards

Open standards are protocols and building blocks that make digital public goods work better and connect more easily. They help developers create products faster and let data files be read or written by anyone. Here are some common open standards by category:

Accessibility

WCAG 2.0/2.1 (Web Content Accessibility Guidelines)

Application Programming Interfaces (APIs)

• OpenAPI
• GraphQL

Authentication & Authorization

• OAuth 2 (Open Authorization 2)
• OIDC (OpenID Connect)
• JWT (JSON Web Tokens)
• SAML (Security Assertion Markup Language)
• XACML 3.0 (eXtensible Access Control Markup Language)

Computer Communications Protocols

• WebSocket
• TCP/IP (Transmission Control Protocol/Internet Protocol)
• HTTP/HTTPS (Hypertext Transfer Protocol/Secure)
• SSL/TLS (Secure Sockets Layer/Transport Layer Security)
• MQTT (Message Queuing Telemetry Transport)

Data Exchange/Configuration Formats

• JSON (JavaScript Object Notation)
• YAML (YAML Ain't Markup Language)
• XML (eXtensible Markup Language)
• TOML (Tom's Obvious, Minimal Language)
• CSV (Comma-Separated Values)
• TIFF (Tagged Image File Format)
• HDF5 (Hierarchical Data Format version 5)
• RDF (Resource Description Framework)
• Geographic Information System (GIS)
• GeoPackage (Geospatial Package)
• GeoTIFF (Georeferenced Tagged Image File Format)

Internationalization (i18n)

• UTF-8
• ISO-8859-1
• ASCII

Multimedia

• SVG (Scalable Vector Graphics)
• PNG (Portable Network Graphics)
• JPEG (Joint Photographic Experts Group)
• Ogg MP3 (Moving Picture Experts Group: Audio Layer III)
• FLAC (Free Lossless Audio Codec)
• H.264 (H.264/MPEG-4 AVC)
• AAC (Advanced Audio Coding)
• MP3 (MPEG-1 Audio Layer 3)
• MP4 (MPEG-4 Part 14)

Security

• ISO/IEC 27001 (Information Security Management)
• ISO/IEC 27018:2019 (Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors)
• PKI (Public Key Infrastructure)
• HTTPS (HyperText Transfer Protocol Secure)
• SSL (Secure Sockets Layer)
• SSH (Secure Shell)
• GPG (GNU Privacy Guard)
• RS256 (RSA Signature with SHA-256)
• HS256 (HMAC with SHA-256)
• AES (Advanced Encryption Standard)
• ES256 (Elliptic Curve Signature with SHA-256)

Software Testing

• IEEE 829 (IEEE Standard for Software and System Test Documentation)
• ISO/IEC/IEEE 29119 (Software Testing)
• Business Process Modelling
• BPMN 2.0 (Business Process Model and Notation 2.0)
• Credentialing
• W3C VC (World Wide Web Consortium Verifiable Credentials)

Standard Content Formats

• PDF (Portable Document Format)
• H5P (HTML5 Package)
• ePub (Electronic Publication)
• WebM (Web Media)

Virtual Reality/Augmented Reality (VR/AR)

• WebXR (Web Extended Reality)
• IEEE Digital Reality standards (Institute of Electrical and Electronics Engineers Digital Reality standards)

Web Standards

• HTML (HyperText Markup Language)
• CSS (Cascading Style Sheets)
• ECMAScript (ES 5/6/7) (ECMAScript 5/6/7)
• LaTeX (Lamport TeX)

Sector-Specific Standards

• FHIR (Fast Healthcare Interoperability Resources)
• openEHR (open Electronic Health Record)
• OpenHIE (Open Health Information Exchange)
• OMOP (Observational Medical Outcomes Partnership) Common Data Model
• OCDS (Open Contracting Data Standard)
• Open Fiscal Data Package
• International Aid Transparency Initiative (IATI) Standard
• GTFS (General Transit Feed Specification)
• BODS (Beneficial Ownership Data Standard)
• ISO 37002:2021 (Whistleblowing Management Systems — Guidelines)

Best Practices

Below are some of the common best practices and principles implemented by several digital public goods:

Architectural Design

• Architectural Principles
• Modularity and Maintainability
• Reusability and Extensibility
• Accountability & Non-repudiability
• Security & Consented Access
• Universal Access & Open APIs
• Microservices architecture
• SOLID principles of object oriented programming

Artificial Intelligence/ Machine Learning (AI/ ML)

• Google Responsible AI Practices
• Best Practices for ML Engineering (Google)
• Engineering best practices for Machine Learning
• Microsoft AI guiding principles
• The Facebook Field Guide to Machine Learning

Best practices to help secure your IT resources:

• Create strong passwords for username/ password authentication
• Enable Multi-factor authentication (MFA)
• Enable resource access authorization i.e. access control rights/ permissions
• Leverage IT auditing
• Protect data at rest (data encryption, using a firewall, antivirus protection, schedule backups)
• Protect data in transit (encrypt data in transit using TLS/SSL, authenticate data integrity using TLS/SSL, use X.509 certificates to authenticate the remote end)

Cloud Computing

• AWS Best Practices For Cloud Environments
• Google Best Practices For Enterprise Organizations Leveraging Cloud
• Azure Best Practices in Cloud Applications
• Design Principles For Azure Applications

Coding Styles & Standards

• PSR-12: Extended Coding Style
• PEP 8
• Google Style Guide
• Airbnb's JavaScript Style Guide
• Airbnb's Ruby Style Guide

Data Principles:

• FAIR Data Principles

ICT4D

• The Best Practices in the Use of ICTs in Development

Open Source

• Best practices For Open Source Maintainers
• OpenSSF Best Practices Badge Program
• Google Open Source
• Open Source Tips
• Standard for Public Code - Guidance for government open source collaboration

Software Architectural Styles

• Multitier architecture
• Model–view–controller
• Representational state transfer (REST)
• Publish-subscribe
• Client-server (multitier architecture exhibits this style)
• Monolithic application
• Service-oriented
• Component-based
• Peer-to-peer
• Asynchronous messaging
• Event-driven
• Database-centric
• Sensor-controller-actuator
• Cloud computing patterns

Software Development Life Cycle (SDLC)

• User stories
• Change management using version control
• Test driven development using automated tests
• Continuous Integration & Continuous Deployment (CI/CD)
• Code review
• Code refactoring
• Rapid application development
• Agile development
• 12 Principles Behind Agile Manifesto
• The Twelve Factor App

User Interface/ User Experience (UI /UX)

• Human Centred Design Principles
• Material design

Virtual Reality/ Augmented Reality (VR /AR)

• Best practices & VR design principles
• Best practices for creating engaging VR content

Open AI Systems

Open Standards

• ONNX (Open Neural Network Exchange)
• ISO/IEC JTC 1/SC 42 on Artificial intelligence
• IEEE P7000 Standard Series
• Microsoft Responsible AI Standard

Best Practices

• FAIR Principles

• European Union - Ethics Guidelines for Trustworthy AI

• Council of Europe - Feasibility Study (CAHAI)

• Unesco - Recommendation on the ethics of AI

• IEEE - Ethically Aligned Design

• OECD - Principles on AI

• AI4People—An Ethical Framework for a Good AI Society

• Université de Montréal - Montréal Declaration: Responsible AI

• Information Accountability Foundation - Unified Ethical Frame for Big Data Analysis

• Access Now; Amnesty International - The Toronto Declaration: Protecting the Right to Equality and Non-discrimination in Machine Learning Systems

• Data & Society - Governing Artificial Intelligence. Upholding Human Rights & Dignity

• Accenture - Responsible AI and Robotics. An Ethical Framework

• Google - AI Principles

• Facebook’s five pillars of Responsible AI

• IBM’s Principles for Trust

• OpenAI Charter

• OpenAI Safety best practices

• SAP’s Guiding Principles for Artificial Intelligence

• Sony Group AI Ethics Guidelines

Open Data

Open Standards

Open Data should be available in a usable form, free from reproduction costs, and reused without restrictions. This universal participation ensures that the data can be used, modified, and shared without discrimination, promoting universal access and reuse without any restrictions on reproduction costs.

Below are links to more information regarding Open Data Standards:

• Assess Open Standards for Data
• Open Data Certificate
• Oasis Open Data Standards
• Open Standards for Data
• Principles for Digital Development
• Standards and Applications
• The Data Standards Directory
• The Open Standards Guide Book

Best Practices

📌 Open Data practices are closely tied with data ethics and the Open Data Institute has developed "The Data Ethics Canvas" which helps to identify and manage ethical issues.

Below are links to more information regarding Open Data Best Practices:

• Good data practices
• Open Data Best Practices in Europe: Estonia, Slovenia & Ukraine
• Health Data Governance Principles
• Periodic Table of Open Data’s Impact Factors
• The 8 Principles of Open Government Data
• U.S. Open Data Toolkit
• What is open data? - Practical Guide

Open Content

Open Standards

Access to information can be made easier, cooperation and innovation can be fostered, and the quality and diversity of content can be improved thanks to open content. Not all open content, though, is created equal. To ensure that open content is useful, reliable, and engaging, it is important to follow some well-known standards for producing and sharing it.

A good open content standard should contain the following elements:

• A clear and explicit license that grants everyone free and perpetual permission to engage in the 5R activities: retain, revise, remix, reuse, and redistribute the content.
• A specification of the format, structure, and metadata of the content that enables interoperability, accessibility, and discoverability across different platforms and devices.
• A description of the process and criteria for developing, maintaining, and updating the content that ensures quality, relevance, and diversity of perspectives.

Here are some sites that contain resources about well-known standards for open content:

• Defining the "Open" in Open Content
• Use Open Standards, Open Data, Open Source, and Open Innovation
• What are open standards?

Best Practices

To ensure that open content is useful, reliable, and engaging, it is important to follow some best practices for producing and sharing it. Here are some sites that contain resources about best practices for open content:

• 20 years of Creative Commons licences: key legal considerations and best practice
• 6 examples of open source best practices in knowledge-sharing projects
• Best Practices for Attribution
• Creating Open Educational Resources
• Creative Commons: Considerations for licensors and licensees
• Guides for Content Providers
• 📹 Video, Education, and Open Content: Best Practices