8. Open Standards & Best Practices

Digital public goods must be designed and developed to align with relevant standards, best practices, and/or principles. For example, the Principles for Digital Development.

A good way to provide evidence of this is to state all relevant data, technology, or related best practices / open standards.

Open Source Software

📌 For best practices regarding open source software solutions, particularly for organizations involved in developing and maintaining software and policy together, please refer to The Standard For Public Code.

Open Standards

Open standards are protocols and building blocks that make digital public goods work better and connect easier. They help developers create products faster and let data files be read or written by anyone.

Here are some common open standards by category:

Accessibility

• WCAG 2.0/2.1 (Web Content Accessibility Guidelines)

Application Programming Interfaces (APIs)

• OpenAPI
• GraphQL

Authentication & Authorization

• OAuth 2
• OIDC (OpenID Connect)
• JWT (JSON Web Tokens)
• SAML (Security Assertion Markup Language)
• XACML 3.0 (eXtensible Access Control Markup Language)

Computer Communications Protocols

• WebSocket

Data Exchange/ Configuration formats

• JSON
• YAML
• XML
• TOML
• CSV
• TIFF
• HDF5
• RDF
• Geographic Information System (GIS)
• GeoPackage
• GeoTIFF

Internationalization (i18n)

• UTF-8
• ISO-8859-1
• ASCII

Multimedia

• SVG (Scalable Vector Graphics)
• PNG (Portable Network Graphics)
• JPEG (Joint Photographic Experts Group)
• Ogg MP3 (Moving Picture Experts Group: Audio Layer III)
• FLAC (Free Lossless Audio Codec)
• H.264 (H.264/MPEG-4 AVC)
• AAC (Advanced Audio Coding)
• MP4 (MPEG-4 Part 14)

Sector-specific standards

• FHIR (Fast Healthcare Interoperability Resources) - Healthcare
• openEHR - Healthcare
• OpenHIE (Open Health Information Exchange) - Healthcare
• OCDS (Open Contracting Data Standard) - Open Government
• Open Fiscal Data Package - Open Government
• International Aid Transparency Initiative (IATI) Standard - Aid
• GTFS (General Transit Feed Specification) - Mobility

Security

• ISO/IEC 27001 (Information Security Management)
• ISO/IEC 27018:2019 (Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors)
• PKI
• HTTPS
• SSL
• SSH
• GPG
• RS256
• HS256
• AES
• ES256

Software Testing

• IEEE829
• ISO/IEC/IEEE29119
• Business Process Modelling
• BPMN 2.0
• Credentialing
• W3C VC

Standard Content formats

• PDF
• H5P
• ePub
• WebM

Virtual Reality/ Augmented Reality (VR /AR)

• WebXR
• IEEE Digital Reality standards

Web standards

• HTML
• CSS
• ECMAScript (ES 5/6/7)
• Latex

Whistleblowing management systems

• ISO 37002:2021 (Whistleblowing management systems — Guidelines)

Best Practices

Below are some of the common best practices and principles implemented by several digital public goods:

Architectural Design

• Architectural Principles
• Modularity and Maintainability
• Reusability and Extensibility
• Accountability & Non-repudiability
• Security & Consented Access
• Universal Access & Open APIs
• Microservices architecture
• SOLID principles of object oriented programming

Artificial Intelligence/ Machine Learning (AI/ ML)

• Google Responsible AI Practices
• Best Practices for ML Engineering (Google)
• Engineering best practices for Machine Learning
• Microsoft AI guiding principles
• The Facebook Field Guide to Machine Learning

Best practices to help secure your IT resources:

• Create strong passwords for username/ password authentication
• Enable Multi-factor authentication (MFA)
• Enable resource access authorization i.e. access control rights/ permissions
• Leverage IT auditing
• Protect data at rest (data encryption, using a firewall, antivirus protection, schedule backups)
• Protect data in transit (encrypt data in transit using TLS/SSL, authenticate data integrity using TLS/SSL, use X.509 certificates to authenticate the remote end)

Cloud Computing

• AWS Best Practices For Cloud Environments
• Google Best Practices For Enterprise Organizations Leveraging Cloud
• Azure Best Practices in Cloud Applications
• Design Principles For Azure Applications

Coding Styles & Standards

• PSR-12: Extended Coding Style
• PEP 8
• Google Style Guide
• Airbnb's JavaScript Style Guide
• Airbnb's Ruby Style Guide

Data Principles:

• FAIR Data Principles

ICT4D

• The Best Practices in the Use of ICTs in Development

Open Source

• Best practices For Open Source Maintainers
• OpenSSF Best Practices Badge Program
• Google Open Source
• Open Source Tips
• Standard for Public Code - Guidance for government open source collaboration

Software Architectural Styles

• Multitier architecture
• Model–view–controller
• Representational state transfer (REST)
• Publish-subscribe
• Client-server (multitier architecture exhibits this style)
• Monolithic application
• Service-oriented
• Component-based
• Peer-to-peer
• Asynchronous messaging
• Event-driven
• Database-centric
• Sensor-controller-actuator
• Cloud computing patterns

Software Development Life Cycle (SDLC)

• User stories
• Change management using version control
• Test driven development using automated tests
• Continuous Integration & Continuous Deployment (CI/CD)
• Code review
• Code refactoring
• Rapid application development
• Agile development
• 12 Principles Behind Agile Manifesto
• The Twelve Factor App

User Interface/ User Experience (UI /UX)

• Human Centred Design Principles
• Material design

Virtual Reality/ Augmented Reality (VR /AR)

• Best practices & VR design principles
• Best practices for creating engaging VR content

Open AI Systems

Open Standards

• ONNX (Open Neural Network Exchange)
• ISO/IEC JTC 1/SC 42 on Artificial intelligence
• IEEE P7000 Standard Series
• Microsoft Responsible AI Standard

Best Practices

• FAIR Principles

• European Union - Ethics Guidelines for Trustworthy AI

• Council of Europe - Feasibility Study (CAHAI)

• Unesco - Recommendation on the ethics of AI

• IEEE - Ethically Aligned Design

• OECD - Principles on AI

• AI4People—An Ethical Framework for a Good AI Society

• Université de Montréal - Montréal Declaration: Responsible AI

• Information Accountability Foundation - Unified Ethical Frame for Big Data Analysis

• Access Now; Amnesty International - The Toronto Declaration: Protecting the Right to Equality and Non-discrimination in Machine Learning Systems

• Data & Society - Governing Artificial Intelligence. Upholding Human Rights & Dignity

• Accenture - Responsible AI and Robotics. An Ethical Framework

• Google - AI Principles

• Facebook’s five pillars of Responsible AI

• IBM’s Principles for Trust

• OpenAI Charter

• OpenAI Safety best practices

• SAP’s Guiding Principles for Artificial Intelligence

• Sony Group AI Ethics Guidelines

Open Data

Open Standards

Open Data should be available in a usable form, free from reproduction costs, and reused without restrictions. This universal participation ensures that the data can be used, modified, and shared without discrimination, promoting universal access and reuse without any restrictions on reproduction costs.

Below are links to more information regarding Open Data Standards:

• Assess Open Standards for Data
• Oasis Open Data Standards
• Open Standards for Data
• Principles for Digital Development
• Standards and Applications
• The Data Standards Directory
• The Open Standards Guide Book

Best Practices

📌 Open Data practices are closely tied with data ethics and the Open Data Institute has developed "The Data Ethics Canvas" which helps to identify and manage ethical issues.

Below are links to more information regarding Open Data Best Practices:

• Good data practices
• Open Data Best Practices in Europe: Estonia, Slovenia & Ukraine
• Health Data Governance Principles
• Periodic Table of Open Data’s Impact Factors
• The 8 Principles of Open Government Data
• U.S. Open Data Toolkit
• What is open data? - Practical Guide

Open Content

Open Standards

Access to information can be made easier, cooperation and innovation can be fostered, and the quality and diversity of content can be improved thanks to open content. Not all open content, though, is created equal. To ensure that open content is useful, reliable, and engaging, it is important to follow some well-known standards for producing and sharing it.

A good open content standard should contain the following elements:

• A clear and explicit license that grants everyone free and perpetual permission to engage in the 5R activities: retain, revise, remix, reuse, and redistribute the content.
• A specification of the format, structure, and metadata of the content that enables interoperability, accessibility, and discoverability across different platforms and devices.
• A description of the process and criteria for developing, maintaining, and updating the content that ensures quality, relevance, and diversity of perspectives.

Here are some sites that contain resources about well-known standards for open content:

• Defining the "Open" in Open Content
• Use Open Standards, Open Data, Open Source, and Open Innovation
• What are open standards?

Best Practices

To ensure that open content is useful, reliable, and engaging, it is important to follow some best practices for producing and sharing it. Here are some sites that contain resources about best practices for open content:

• 20 years of Creative Commons licences: key legal considerations and best practice
• 6 examples of open source best practices in knowledge-sharing projects
• Best Practices for Attribution
• Creating Open Educational Resources
• Creative Commons: Considerations for licensors and licensees
• Guides for Content Providers
• 📹 Video, Education, and Open Content: Best Practices