8. Open Standards & Best Practices

Note

Indicator Requirement: "Digital public goods must be designed and developed to align with relevant standards, best practices, and/or principles."

---

For this indicator, you must provide a list of the open standards, best practices, and principles that your digital solution adheres to with relevant links wherever possible. For best practices regarding open source software solutions, particularly for organizations involved in developing and maintaining software and policy together, please refer to The Standard For Public Code. Below are some open standards and best practices recommendations for each DPG category.

Open Software

Open Standards

Accessibility

• WCAG 2.0/2.1 (Web Content Accessibility Guidelines)

Application Programming Interfaces (APIs)

• OpenAPI
• GraphQL

Authentication & Authorization

• OAuth 2 (Open Authorization 2)
• OIDC (OpenID Connect)
• JWT (JSON Web Tokens)
• SAML (Security Assertion Markup Language)
• XACML 3.0 (eXtensible Access Control Markup Language)

Computer Communications Protocols

• WebSocket
• TCP/IP (Transmission Control Protocol/Internet Protocol)
• HTTP/HTTPS (Hypertext Transfer Protocol/Secure)
• SSL/TLS (Secure Sockets Layer/Transport Layer Security)
• MQTT (Message Queuing Telemetry Transport)

Data Exchange/Configuration Formats

• JSON (JavaScript Object Notation)
• YAML (YAML Ain't Markup Language)
• XML (eXtensible Markup Language)
• TOML (Tom's Obvious, Minimal Language)
• CSV (Comma-Separated Values)
• TIFF (Tagged Image File Format)
• HDF5 (Hierarchical Data Format version 5)
• RDF (Resource Description Framework)
• Geographic Information System (GIS)
• GeoPackage (Geospatial Package)
• GeoTIFF (Georeferenced Tagged Image File Format)

Internationalization (i18n)

• UTF-8
• ISO-8859-1
• ASCII

Multimedia

• SVG (Scalable Vector Graphics)
• PNG (Portable Network Graphics)
• JPEG (Joint Photographic Experts Group)
• Ogg MP3 (Moving Picture Experts Group: Audio Layer III)
• FLAC (Free Lossless Audio Codec)
• H.264 (H.264/MPEG-4 AVC)
• AAC (Advanced Audio Coding)
• MP3 (MPEG-1 Audio Layer 3)
• MP4 (MPEG-4 Part 14)

Security

• ISO/IEC 27001 (Information Security Management)
• ISO/IEC 27018:2019 (Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors)
• PKI (Public Key Infrastructure)
• HTTPS (HyperText Transfer Protocol Secure)
• SSL (Secure Sockets Layer)
• SSH (Secure Shell)
• GPG (GNU Privacy Guard)
• RS256 (RSA Signature with SHA-256)
• HS256 (HMAC with SHA-256)
• AES (Advanced Encryption Standard)
• ES256 (Elliptic Curve Signature with SHA-256)

Web Standards

• HTML (HyperText Markup Language)
• CSS (Cascading Style Sheets)
• ECMAScript (ES 5/6/7) (ECMAScript 5/6/7)
• LaTeX (Lamport TeX)

Instruction Set Architecture and Software Testing

• RISC-V (Reduced Instruction Set Computing)
• IEEE 829 (IEEE Standard for Software and System Test Documentation)
• ISO/IEC/IEEE 29119 (Software Testing)
• Business Process Modelling
• BPMN 2.0 (Business Process Model and Notation 2.0)
• Credentialing
• W3C VC (World Wide Web Consortium Verifiable Credentials)

Standard Content Formats

• PDF (Portable Document Format)
• H5P (HTML5 Package)
• ePub (Electronic Publication)
• WebM (Web Media)

Virtual Reality/Augmented Reality (VR/AR)

• WebXR (Web Extended Reality)
• IEEE Digital Reality standards (Institute of Electrical and Electronics Engineers Digital Reality standards)

Sector-Specific Standards

• FHIR (Fast Healthcare Interoperability Resources)
• openEHR (open Electronic Health Record)
• OpenHIE (Open Health Information Exchange)
• OMOP (Observational Medical Outcomes Partnership) Common Data Model
• OCDS (Open Contracting Data Standard)
• Open Fiscal Data Package
• International Aid Transparency Initiative (IATI) Standard
• GTFS (General Transit Feed Specification)
• BODS (Beneficial Ownership Data Standard)
• ISO 37002:2021 (Whistleblowing Management Systems — Guidelines)

Best Practices

Architectural Design and Style

• Architectural Principles
• Modularity and Maintainability
• Reusability and Extensibility
• Accountability & Non-Reputability
• Security & Consented Access
• Universal Access & Open APIs
• Microservices Architecture
• SOLID Principles of Object-Oriented Programming
• Software Development Life Cycle (SDLC)
• Multitier Architecture
• Model–View–Controller
• Representational State Transfer (REST)
• Publish-Subscribe
• Client–Server
• Monolithic Application
• Service–Oriented
• Component-Based
• Peer–To–Peer
• Asynchronous Messaging
• Event–Driven
• Database–Centric
• Sensor–Controller–Actuator
• Cloud Computing Patterns

Artificial Intelligence/Machine Learning (AI/ML)

• Google Responsible AI Practices
• Google Best Practices for ML Engineering
• Engineering Best Practices for Machine Learning
• Microsoft Responsible AI Principles and Approach
• Facebook Field Guide to Machine Learning

IT Resources Security

• Create strong passwords for username/ password authentication.
• Enable Multi-factor authentication (MFA).
• Enable resource access authorization i.e. access control rights/ permissions.
• Leverage IT auditing.
• Protect data at rest (data encryption, using a firewall, antivirus protection, schedule backups).
• Protect data in transit (encrypt data in transit using TLS/SSL, authenticate data integrity using TLS/SSL, use X.509 certificates to authenticate the remote end).

Cloud Computing

• AWS Best Practices For Cloud Environments
• Google Best Practices For Enterprise Organizations Leveraging Cloud
• Azure Best Practices in Cloud Applications
• Design Principles For Azure Applications

Coding Styles & Standards

• PSR-12: Extended Coding Style
• PEP 8
• Google Style Guide
• Airbnb's JavaScript Style Guide
• Airbnb's Ruby Style Guide

Data Principles and ICT4D

• FAIR Data Principles
• Recommendations for Better Sharing of Climate Data
• The Best Practices in the Use of ICTs in Development

Open Source

• Best practices For Open Source Maintainers
• OpenSSF Best Practices Badge Program
• Google Open Source
• Open Source Tips
• Standard for Public Code

Open Source

• Best practices For Open Source Maintainers
• OpenSSF Best Practices Badge Program
• Google Open Source
• Open Source Tips
• Standard for Public Code

User Interface/User Experience (UI/UX)

• Human Centred Design Principles
• Material Design

Virtual Reality/Augmented Reality (VR/AR)

• Best Practices & VR Design Principles
• Creating Engaging VR Content

Open AI Systems

Open Standards

• Microsoft Responsible AI Standard
• ONNX (Open Neural Network Exchange)
• ISO/IEC JTC 1/SC 42 on Artificial intelligence
• IEEE P7000 Standard Series

Best Practices

• FAIR Principles
• European Union - Ethics Guidelines for Trustworthy AI
• Council of Europe - Feasibility Study (CAHAI)
• UNESCO - Recommendation on the Ethics of AI
• IEEE - Ethically Aligned Design
• OECD - Principles on AI
• An Ethical Framework for a Good AI Society
• Université de Montréal - Montréal Declaration: Responsible AI
• Unified Ethical Frame for Big Data Analysis
• The Toronto Declaration: Protecting the Right to Equality and Non-discrimination in Machine Learning Systems
• Data & Society - Governing Artificial Intelligence. Upholding Human Rights & Dignity
• Accenture - Responsible AI and Robotics. An Ethical Framework
• Google - AI Principles
• Facebook’s Five Pillars of Responsible AI
• IBM’s Principles for Trust
• OpenAI Charter
• OpenAI Safety Best Practices
• SAP’s Guiding Principles for Artificial Intelligence
• Sony Group's Initiatives for Responsible AI

Open Data

Open Standards

• Assess Open Standards for Data
• Open Data Certificate
• Oasis Open Data Standards
• Open Standards for Data
• Principles for Digital Development
• Standards and Applications
• The Data Standards Directory
• The Open Standards Guide Book

Best Practices

• The Data Ethics Canvas
• Good Data Practices
• Open Data Best Practices in Europe: Estonia, Slovenia & Ukraine
• Health Data Governance Principles
• Periodic Table of Open Data’s Impact Factors
• The 8 Principles of Open Government Data
• U.S. Open Data Toolkit
• What is Open Data? - Practical Guide

Open Content

Open Standards

Access to information can be made easier, cooperation and innovation can be fostered, and the quality and diversity of content can be improved thanks to open content. Not all open content, though, is created equal. To ensure that open content is useful, reliable, and engaging, it is important to follow some well-known standards for producing and sharing it.

A good open content standard should contain the following elements:

• A clear and explicit license that grants everyone free and perpetual permission to engage in the 5R activities: retain, revise, remix, reuse, and redistribute the content.
• A specification of the format, structure, and metadata of the content that enables interoperability, accessibility, and discoverability across different platforms and devices.
• A description of the process and criteria for developing, maintaining, and updating the content that ensures quality, relevance, and diversity of perspectives.

Here are some sites that contain resources about well-known standards for open content:

• Defining the "Open" in Open Content
• Use Open Standards, Open Data, Open Source, and Open Innovation
• What are open standards?

Best Practices

To ensure that open content is useful, reliable, and engaging, it is important to follow some best practices for producing and sharing it. Here are some sites that contain resources about best practices for open content:

• 20 years of Creative Commons licences: key legal considerations and best practice
• 6 examples of open source best practices in knowledge-sharing projects
• Best Practices for Attribution
• Creating Open Educational Resources
• Creative Commons: Considerations for licensors and licensees
• Guides for Content Providers
• 📹 Video, Education, and Open Content: Best Practices