Table of Contents
Comments
Commenters2
Action 1: Clarity in procurement: The CIO Council, with the Office for Government Commerce, will develop clear and open guidance for ensuring that open source and proprietary products are considered equally and systematically for value for money. This guidance will be published and will include:
Action 1: Clarity in procurement: The CIO Council, with the Office for Government Commerce, will develop clear and open guidance for ensuring that open source and proprietary products are considered equally and systematically for value for money. This guidance will be published and will include: 3
1
1
(a) the specification and evaluation of compliance with open standards and of potential for re-use across the public sector.
4
1
1
(b) a standard form of words for Statements of Requirements to state positively that the Government‟s policy is to consider open source solutions on their merits according to total lifetime cost of ownership.
5
2
2
(c) authoritative advice for public sector purchasers to the particular licensing, warranty and indemnity issues associated with open source.
6
2
Action 2: Increasing capability within Government: The CIO Council and the OGC, working with industry and drawing on best practice from other countries, will institute a programme of education and capability-building for the Government IT and Procurement professions on the skills needed to evaluate and make the best use of open source solutions . The aim will be to raise the level of awareness, skills and confidence in the professions in the different licensing, support, commercial and cost models associated with open source solutions.
2
Action 2: Increasing capability within Government: The CIO Council and the OGC, working with industry and drawing on best practice from other countries, will institute a programme of education and capability-building for the Government IT and Procurement professions on the skills needed to evaluate and make the best use of open source solutions . The aim will be to raise the level of awareness, skills and confidence in the professions in the different licensing, support, commercial and cost models associated with open source solutions. 7
4
Action 3: Re-use as a practical principle: Learning from others is a key aspect of the CIO Council‟s operating principles. Where open source solutions are evaluated and approved by one part of Government, that evaluation should not be repeated but should be shared. To support this, Departments will keep and share records of their approval and use of open source, including open source components within composite solutions.
4
Action 3: Re-use as a practical principle: Learning from others is a key aspect of the CIO Council‟s operating principles. Where open source solutions are evaluated and approved by one part of Government, that evaluation should not be repeated but should be shared. To support this, Departments will keep and share records of their approval and use of open source, including open source components within composite solutions. 8
1
Action 4: Maturity and sustainability: Open source software covers a multitude of products. Given the nature of Government work, a degree of confidence that a product is mature, that the code base is secure, that the project itself is sustainable is needed. The CIO Council will regularly assess products for maturity and recommend a list of products and implementations that meet agreed criteria.
1
Action 4: Maturity and sustainability: Open source software covers a multitude of products. Given the nature of Government work, a degree of confidence that a product is mature, that the code base is secure, that the project itself is sustainable is needed. The CIO Council will regularly assess products for maturity and recommend a list of products and implementations that meet agreed criteria. 9
2
Action 5: Supplier Challenge: Building on the actions above, Government Departments will challenge their suppliers to demonstrate that they have capability in open source and that open source products have been actively considered in whole or as part of the business solution which they are proposing. Where no overall open source solution is available suppliers will be expected to have considered the use of open source products within the overall solution to optimise the cost of ownership. Particular scrutiny will be directed where mature open source products exist and have already been used elsewhere in government. Suppliers putting forward non-open source products will be asked to provide evidence that they have carefully considered open source alternatives and to explain why they have been rejected.
2
Action 5: Supplier Challenge: Building on the actions above, Government Departments will challenge their suppliers to demonstrate that they have capability in open source and that open source products have been actively considered in whole or as part of the business solution which they are proposing. Where no overall open source solution is available suppliers will be expected to have considered the use of open source products within the overall solution to optimise the cost of ownership. Particular scrutiny will be directed where mature open source products exist and have already been used elsewhere in government. Suppliers putting forward non-open source products will be asked to provide evidence that they have carefully considered open source alternatives and to explain why they have been rejected. 10
1
Action 6: International examples and policies, and keeping up to date with developments: The UK Government will actively seek examples from other countries and sectors to encourage the development of product knowledge and better to challenge suppliers. The UK will actively engage in the development of policies across the EU and internationally.
1
Action 6: International examples and policies, and keeping up to date with developments: The UK Government will actively seek examples from other countries and sectors to encourage the development of product knowledge and better to challenge suppliers. The UK will actively engage in the development of policies across the EU and internationally. 11
1
Action 7: Industry/Government joint working: The CIO Council will work with systems integrators and software suppliers to open up their solutions to meet open standards, to include open source, and to facilitate re-use. The Government will encourage and facilitate closer links between open source providers (including organisations which provide support for open source) and system integrators. The Government will share with industry information about current deployments of open source and testing already performed so that knowledge can be re-used.
1
Action 7: Industry/Government joint working: The CIO Council will work with systems integrators and software suppliers to open up their solutions to meet open standards, to include open source, and to facilitate re-use. The Government will encourage and facilitate closer links between open source providers (including organisations which provide support for open source) and system integrators. The Government will share with industry information about current deployments of open source and testing already performed so that knowledge can be re-used.12
3
Action 8: Open Standards: The Government will specify requirements by reference to open standards and require compliance with open standards in solutions where feasible. It will support the use of Open Document Format (ISO/IEC 26300:2006) as well as emerging open versions of previously proprietary standards (eg ISO 19005-1:2005 (“PDF”) and ISO/IEC 29500 (“Office Open XML formats”). It will work to ensure that government information is available in open formats, and it will make this a required standard for government websites.
3
Action 8: Open Standards: The Government will specify requirements by reference to open standards and require compliance with open standards in solutions where feasible. It will support the use of Open Document Format (ISO/IEC 26300:2006) as well as emerging open versions of previously proprietary standards (eg ISO 19005-1:2005 (“PDF”) and ISO/IEC 29500 (“Office Open XML formats”). It will work to ensure that government information is available in open formats, and it will make this a required standard for government websites. 13
Action 9: Open Source techniques and re-use within Government, and appropriate release of code: Government purchasers will use a standard OGC-approved OJEU clause to make clear that solutions are purchased on the basis that they may be re-used elsewhere in the public sector. The OGC Standard Contract Clauses will contain a clause to ensure that the government secures full rights to bespoke software code or customisations of commercial off the shelf products it procures, and that it is clear that these rights cover re-use anywhere else in the public sector and the ability to release the code on an open-source basis. Where appropriate, general purpose software developed by or for government will be released on an open source basis.
Action 9: Open Source techniques and re-use within Government, and appropriate release of code: Government purchasers will use a standard OGC-approved OJEU clause to make clear that solutions are purchased on the basis that they may be re-used elsewhere in the public sector. The OGC Standard Contract Clauses will contain a clause to ensure that the government secures full rights to bespoke software code or customisations of commercial off the shelf products it procures, and that it is clear that these rights cover re-use anywhere else in the public sector and the ability to release the code on an open-source basis. Where appropriate, general purpose software developed by or for government will be released on an open source basis. 14
1
Action 10: Communication, Consultation and Review: Government will communicate this policy and its associated actions widely and will expand it as necessary. It will engage with the Open Source community and actively encourage projects that might, in due course, develop into “Government Class” products. It will keep the policy and progress on the actions under review, and report on progress publicly.
1
Action 10: Communication, Consultation and Review: Government will communicate this policy and its associated actions widely and will expand it as necessary. It will engage with the Open Source community and actively encourage projects that might, in due course, develop into “Government Class” products. It will keep the policy and progress on the actions under review, and report on progress publicly.Tags: CIO, composite solutions, European Union, government, mature open source products, non-open source products, off the shelf products, Office for Government Commerce, open source products, open source solutions, opensource, openstandards, overall open source solution, overall solution, purpose software, re-use, software, software code, software suppliers, source software covers, standards, uk, UK Government, ukgovOSS, United Kingdom, XML
YAAAY!
you need to set up OGC “Summer of Code” programmes, modelled on Google’s Summer of Code – a Government Sponsorship Initiative where young citizens from universities and schools and job seekers across the UK can work with a well-regarded Free Software Mentor to help develop code that will be, or be the beginnings of, “Government Class” Free Software products.
The success of Google’s Summer of Code programme should leave you in absolutely no doubt that an “OGC SoC” initiative will be highly beneficial to all concerned.
You should use the same “Forge” site as mentioned in other comments (something based on a combination of code.google.com, sourceforge.net, schoolforge.net, savannah.org, github.org etc. etc. with NO advertising only sponsorship ).
It’s absolutely essential that instead of considering this to be a “one-way-push” of “sharing” from the UK government that you do a two-way almost laissez-faire “Forge” comprising forums, wikis, groups, code repository and more. membership MUST be world-wide free and entirely open; “project creation” MUST be subject to your approval.
sourceforge.net, the earliest, largest and most slagged-off of the free software “forge” web sites, is probably (unfortunately!) your best role model, minus on the advertising and plus on the sponsorship and donation opportunities for civil departments, individuals, foundations and large corporations alike.
also, you need to think hard about how it is that you’re going to forge relationships between free software advocates and developers and civil departments.
to that end, you really need to start attending, sponsoring and even _creating_ conferences dedicated to getting people together to discuss the open standards and the open source software that they are actively working on.
lovely titles such as “How we used PDF417 and XML to save Pathology Labs from having their proven, reliable existing systems replaced by a national untried-and-untested behemoth costing a billion quid” would be a good one to have at a conference.
this is a tricky one that will only come into effect once there is a site where it’s possible for both the supplier and you to _find_ the open source alternatives.
this is why the “Forge” site is so essential. Take a look at Sourceforge closely and you will find that it has an incredibly comprehensive range of “categories” which help find software for a particular purpose.
Of course, google more often than not comes to the rescue when looking for software, as does a good “overview and description”.
So the lesson should be clear: it is ESSENTIAL that government-funded software be published and categorised accurately on OPENLY accessible web sites, so that you, suppliers _and_ potential free software developers interested in becoming a supplier can all work from the same _fair_ page.
this is a very interesting, obtuse statement to make, that needs a lot more work on it.
you can’t make such obtuse blanket statements without further explanation!
let me try and think of things which might help, here…
1) security through obscurity is always a failure (sometimes immediately, sometimes not). security through obscurity is almost always a complete embarrassment. somebody, somewhere, thinks of something better, and by providing an open opportunity to review the security of a product, you invite world-wide altruistic help.
2) security by open review is NOT a replacement for doing your own homework.
3) Running a Goverment requires more often than not customised specialist tasks and developing tailored software. COTS does NOT exist (or is bloat-ware when compared to the actual requirements).
therefore, to imagine that simply declaring “we will expect open source to do the job” i mean.. it _might_, if you believe “The Secret”, actually result in the software actually come into being as Free Software, but it’s unlikely.
The point is: you’re actually going to need to _fund_ the development – sustainably – of the suitable specialist Free Software that you envisage requiring. It won’t just happen “by magic”. Or maybe it will – “The Secret” is pretty powerful stuff
4) If you are referring to existing mature products such as Debian, Apache2, Django, Zope, Wine, GWT, Joomla (god help us), MySQL (god help us) PostgreSQL etc. then yes, fortunately, there is enough cross-over between the “fundamental” requirements of Free Software users, world-wide, and the UK Government’s diverse requirements, for there to be a large list of existing software that should go onto an “approved” list.
However, there should be no expectations that the software MUST be “fit for purpose”, and entering into a maintenance and development contract with the developers of the project, to help them fund its continued development and security i.e. to help fulfil exactly the expectations as outlined in this section, should be given careful consideration.
short version: don’t free-load of of our efforts!
i recall that there is a department somewhere, i wish i could remember which one it was, that has defined a standard to which it expects contract bidders to comply.
on discovery of this standard, some associates i know who are free software business experts asked to be allowed to bid on the contract.
they were told in no uncertain terms that they were not entitled to see the “standards” documentation – documentation that was available to the existing cartel of suppliers.
you absolutely _have_ to stop this kind of thing from happening. ways in which that can be achieved are to make this section much more prominent.
on first reading, even i missed the first words.
so you need to make the following ABUNDANTLY clear:
* the mandatory development and publication of appropriate open standards prior to contractual bidding;
the specification, publication and evaluation of compliance with open standards ….
something like that. perhaps a section (d) which makes it separately clear that the development of closed “cartel” standards is “off limits”.
also, the standards need to be given PROMINENT weight on the “Forge” sites, as it is well-documented standards (such as DCE/RPC – see opengroup.org web site) that provide the biggest opportunity for code re-use and cross-project interoperability.
so you need people – yourselves, and suppliers – to be able to _find_ these standards, and to help you be able to specify them.
ok – that’s another important one: you need to “break up” the contract bidding process into separate stages for the evaluation and development of the “open standards” to be used in and by the project, BEFORE going in to the actual bidding process for the main contract itself.
so suppliers will help you to “thrash out” the project prior to actually going into the “real bidding” so to speak.
honest opinion: sounds like a lot of waffle, here, to me! but i think it will basically be covered – automatically – by holding, creating and sponsoring free software conferences, and also by an OGC “Summer of Code” initiative (for job seekers, school and university students – see other comments esp. “Action 10″ comments).
you don’t just need to “keep and share records between Departments – they’ll make a few emails and put a few bits of paper in a filing cabinet somewhere.
stuff that!
make a “Forge” web site, and go round badgering every department to start using it!
and get them to do talks at the conferences and point each other at the “Forge” web site on which copies of their slideshows – which of course will be in in ODF and PDF format, not PowerPoint.
looks like you’re going to be leading the way on this one. great!
be under absolutely no illusions that the OOXML quotes standard quotes is a steaming pile of rancid dog shit.
the BSI was bullied into approving this dog-turd by microsoft’s failure to release the document, failure to address the 1,000 comments and queries, such that, in the horrendously limited amount of time afforded by the fast-track ISO standards process, which the document should NEVER have been allowed to go through, the committee members had to go “do we approve en-masse the block of comments 601 through 700, yes or no?” “do we approve 701 through 800, yes or no?”.
the members of the committee who approved the standard in the UK are entirely owned and/or funded by microsoft.
the one abstaining member was tricked into abstaining.
not only that, but microsoft itself admits that it cannot comply with the standard!
the standard is nothing more than “memory dumps” of internal data structures from specific versions of specific microsoft products. consequently, there is no way that even microsoft can get interoperability between products as they are upgraded!
the bottom line: you need to REMOVE ooxml from this document. URGENTLY. otherwise you are in danger of allowing UK Government Departments to be hood-winked. “Yes! We Are Standards Compliant! Look – The ISO Says We Are! Use Our Proprietary Product! Anyone Can Follow The Standard! No – Really!”
bxxxxxks they can.
the purpose of OOXML’s forced-and-bought approval through ISO is to make a mockery of _true_ open standards.
don’t be fooled.
and that statement should also include “exit strategy” costs as well, for conversion from proprietary software and proprietary standards to open ones.
“TCO” has specific meaning, now, in the public sector, thanks to microsoft it is actually a four letter word, not a three letter anagram.
“TCO” in most people’s minds certainly does NOT include the revolutionary commitment made by this policy document to include the “cost of conversion to open software and open standards”!
i absolutely _love_ that bit, it will prove to be key to the success of this policy initiative, and you should hammer it home forcefully.
good one.
you need to get some _really_ good people onto this to give you the best advice. consider contacting the FSF and also Eben Moglen for their advice on who best to speak to.
your words alone cannot be authoritative: they need to come from the authoritative voices with legal background in the free software community, and then you will need to consult legal counsel on what _they_ say, before releasing anything as “authoritative advice”.
Action 8 should be updated to refer to the ISO 32000-1:2008 standard for full PDF 1.7 that was put onto the ISO website on July 2, 2008. (http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=51502) The reference to ISO 19005-1:2005 is for the PDF/A subset (archiving) which is also a good reference but ISO 32000-1:2008 encompasses all of PDF not just the subset for archiving. There are two other subset ISO standards; PDF/E (ISO 24517) for engineering, and PDF/X (ISO 15930) for print publishing.
ISO now “owns” all of PDF!
This is an excellent policy approach. Well done!
What license are you releasing this work under, so others can build on what you have done to date?
Bruce Bannerman
Australia
Bruce, help yourself. It is already being copied by others
I would really likto hear from the community on how they do this quickly and simply. In the App store world, and I have announced we will be foing this for Government, how do say Facebook or Apple cope with the legal side?
Not sure I agree. Latest feedback we have on one issue for instance is that our commercial colleagues do not know how to evaluate an open source product. If they SI community hasn’t been pitching it (for all sorts of reasons) then they may well need to educate themselves in how they can include open source in their bids.
We agree. We will create an app store, which will include all our software assets over time.
Just because it is in a “forge” or “store” doesn’t mean it is going to be bid by suppliers.
We are giving some thought to this clause to see if it needs strengthening. i.e. if there is no/little evidence that suppliers have considered open source in their bid it will be seen as non compliant and rejected.
Thanks John.
Have you released this work under a Creative Commons license?
Bruce
I agree an App store would be a good idea.
What though of Web apps in regard to G-Cloud?
IaaS computing using the likes of Google, Amazon and Azure would potentially remove procuremet control. Is Nimbus being considered as the IaaS software?
How does ISO fit with G-Cloud. Will be have ISO xxxxxxxx (‘Cloud’) ?
This is a fantastic piece of policy, but still needs some more specific wording (IMHO) to make it clear that these publicly funded bodies should be contributing developments in the code back to the wider global community for the benefit of all.