Professional Documents
Culture Documents
and Guidelines -
Malaysian Government
Interoperability
Framework
(MyGIF)
Version 1.0
August 2003
Standards, Policies and Guidelines - Malaysian Government
Interoperability Framework (MyGIF)
TABLE OF CONTENTS
1. INTRODUCTION................................................................................................................... 5
1.1 Definition......................................................................................................................... 5
1.2 Objectives........................................................................................................................ 6
1.3 Key Drivers ..................................................................................................................... 6
1.3.1 Electronic Government Information Technology Policy & Standards
(EGIT) version 1.0, published on 1 July 1997. .................................................................7
1.3.2 The Malaysian Public Sector ICT Management Security Handbook
(MyMIS) published in January 2002. ...............................................................................7
1.3.3 Digital Signature Act 1997 and Digital Signature Regulations 1998. ..................7
1.4 Scope ................................................................................................................................ 8
2. RECOMMENDATIONS FOR INTERCONNECTION ..................................................... 9
2.1 Overview......................................................................................................................... 9
2.2 Recommended Standards / Specifications .................................................................10
2.2.1 Hypertext Transfer........................................................................................... 10
2.2.2 File Transfer...................................................................................................... 11
2.2.3 Email Transport ................................................................................................ 12
2.2.4 Mailbox Access .................................................................................................. 14
2.2.5 Directory Access ................................................................................................ 16
2.2.6 Domain Name Services..................................................................................... 18
2.2.7 Newsgroup Services .......................................................................................... 20
2.2.8 Network Transport ........................................................................................... 21
2.2.9 LAN / WAN Internetworking .......................................................................... 24
2.2.10 Wireless LAN..................................................................................................... 25
2.2.11 Mobile Device Internet Access......................................................................... 27
2.2.12 Intra-Government Remote Services Delivery Protocol................................. 28
2.2.13 Intra-Government Remote Services Description Language......................... 30
2.2.14 Intra-Government Remote Services Request Registry ................................. 32
3. RECOMMENDATIONS FOR DATA INTEGRATION..................................................35
3.1 Overview.......................................................................................................................35
3.2 Recommended Standards / Specifications .................................................................35
3.2.1 Default Document / Message Formatting Language ..................................... 35
3.2.2 Default Schema Definition............................................................................... 37
3.2.3 Data Transformation........................................................................................ 38
3.2.4 Data Modelling .................................................................................................. 39
3.2.5 Data Resource Description............................................................................... 40
3.2.6 Minimum Interoperable Character Set.......................................................... 42
1. INTRODUCTION
This report documents the detail recommendations resulting from the research and
analysis conducted in the development of the Malaysian Government
Interoperability Framework (MyGIF). It contains information of ICT standards and
technical specifications recommended for adoption in the MyGIF.
1.1 Definition
MyGIF defines the minimum set of collection of ICT standards and technical
specifications governing the communication of systems, flow of information, as
well as the exchange of data and business processes that relates to Government
Ministries, agencies and departments.
1.2 Objectives
The key drivers guiding the recommendations of ICT standards and technical
specifications for MyGIF are:
• Interoperability
− Standards and specifications recommended must be relevant to the five
interoperability areas specified above, i.e. Interconnection, Data
Integration, Information Access, Security, and Metadata.
• Maturity and Popularity
− Standards and specifications recommended should be internationally
recognized or de facto standards that are matured and widely used in the IT
industry.
• Market Support
− Standards and specifications recommended should be widely supported by
the dominant technology platforms, software packages and business
applications in the market.
• Open Standard
− Standards and specifications recommended should be open standards as far
as possible. Standards that are vendor and product neutral should be
considered in favour of their proprietary alternatives.
• Internet
− Standards and specifications recommended should be well aligned with the
Internet standards (e.g. W3C and IETF) since the Internet is a major
delivery channel for the Government information resources and services.
• Existing Government Policies and Standards
− Standards and specifications recommended must be complied with the
existing Government policies and standards wherever relevant.
− Existing published Government policies and standards that are relevant to
be observed and complied are:
1.3.1 Electronic Government Information Technology Policy & Standards
(EGIT) version 1.0, published on 1 July 1997.
1.3.2 The Malaysian Public Sector ICT Management Security Handbook
(MyMIS) published in January 2002.
1.3.3 Digital Signature Act 1997 and Digital Signature Regulations 1998.
1.4 Scope
2.1 Overview
HTTP v1.1
HTTP v1.1
File transfer protocols are required to enable the transfer of files over the network
and the Internet. These protocols enable both users within the Government
agencies and departments as well as third parties such as the citizens, businesses
and suppliers to download content or file from the Government’s central server.
FTP
Email transport protocols are required to enable the sending of email messages
between servers and from email clients to mail serve rs. These protocols are also
required to enable the exchange of messages in languages with different character
sets as well as emails with attachments.
SMTP / MIME
SMTP / MIME
Mailbox access protocols are required to enable remote access to email boxes at
mail servers. These protocols enable users of Government agencies and
departments access and download their emails at their office workplace or at home
from the central mail servers.
POP3
Rationale for § POP3 is the de facto protocol for retrieving mail from a mail
Selection server, due to its easy implementation, and simplicity of use.
§ Widely supported by common email packages such as
Netscape Messenger, Microsoft Outlook and Outlook
Express, and Lotus Notes.
§ POP3 will remain a dominant standard for remote mailbox
access.
POP3
IMAP4rev1
IMAP4rev1
Directory access protocol is required in order to define how to locate and access
information stored in standard directories, i.e. directories that provide a centralised
or distributed repository of organisation, organisational units (e.g. divisions and
departments), people, IT resources (e.g. printers), together with associated
attributes such as user name, printer name, email address, etc.
LDAP v3
DNS
Description DNS is the way that Internet domain names are located and
translated into IP addresses. A domain name is a meaningful and
easy-to-remember “handle” for an Internet address. DNS is a
name resolution software that lets users locate computers
(assigned with IP addresses) on the Internet by domain name. The
DNS server maintains a database of domain names (host names)
and their corresponding IP addresses.
DNS
Newsgroup services are required to enable client access to newsgroups and manage
notes posted to newsgroups. Newsgroups provide a forum for discussion about
particular subjects. Notes are written and posted to a server and then distributed
through a network of discussion groups. Newsgroups are organised into
hierarchies, with major categories (e.g. Agency News), and sub-categories (e.g.
MAMPU). The use of Newsgroup services may be subject to security constraints,
for instance, allowing newsgroup traffic across government firewalls.
NNTP
TCP
Description TCP is a protocol used along with the IP to send data in the
form of message units between computers over the network.
While IP takes care of handling the actual delivery of the data,
TCP takes care of keeping track of the individual units of data
(called packets) that a message is divided into for efficient
routing through the network.
Rationale for § TCP is a global, matured and widely adopted standard that
Selection was introduced in 1991.
§ Widely adopted by relevant products.
UDP
While network transport protocol such as TCP handles packet flow between
systems, LAN/WAN Internetworking protocol handles the routing of packets
(data) from one computer to another.
IPv4
Rationale for § IP is a global, matured and widely adopted standard since the
Selection transition to IPv4 took place in 1983.
§ Version 4 is the current and most widely used version of IP.
IPv4
IEEE 802.11b
IEEE 802.11b
WAP v2.0
Description WAP is the de facto world standard for presentation and delivery
of wireless information to mobile devices. The WAP protocol is
based on Internet technology like IP and XML and is published
by the WAP Forum. Today, all major mobile equipment
manufactures like Nokia and Ericsson support the WAP protocol.
Rationale for § WAP is the de facto standard for mobile devices internet
Selection access.
WAP v2.0
The intra-government remote service delivery protocol, which defines the protocol
for remotely requesting application functionality exposed through an interface, will
be used by an application to request execution of a service provided by another
application. The participating applications are autonomous – the implementation of
the service is independent of the exposed interface.
SOAP v1.2
SOAP v1.2
WSDL v1.1
Rationale for § WSDL is the basis of the work of the Web Services
Selection Description Working Group of the W3C’s Web Services
Activity.
§ WSDL is one of the core technologies which underpins web
services and has significant industry support from a broad
range of infrastructure and application providers.
§ Version 1.1 is the basis of the Web Services Description
Working Group work.
§ WSDL has broad industry support from
− Applic ation server vendors, including IBM, BEA,
Microsoft and Sun Microsystems;
− Enterprise application integration vendors, including
IBM, TIBCO and WebMethods;
− Application development tool vendors, including IBM,
Borland, BEA and Microsoft;
− Application vendors, including SAP and Oracle;
− Content management vendors, including Documentum
and Vignette;
− Enterprise portal vendors, including IBM Websphere,
WSDL v1.1
UDDI v3
UDDI can also be deployed ‘behind the firewall’ e.g. for testing,
cataloguing of internal web services and discovery of web
services, behind the firewall.
Rationale for § UDDI is one of the core technologies which underpins web
UDDI v3
3.1 Overview
XSL v1.0
XSL v1.0
Data Modelling standard is required to define the convention to be used for the
interchange of system and data models among all the related parties, e.g. agencies,
departments and third parties. This convention presents the conceptual design
mainly for human interpretation.
UML v1.5
UML v1.5
Some governments have started to use this approach to manage their web content
e.g. the UK Government has taken the lead to define an e-Government Metadata
Standard (e-GMS) and Category List to help manage their information resources.
Australia and New Zealand have implemented their Government Locator Services
which are based on well described content.
RDF
RDF
UTF-8
UTF-8
4.1 Overview
Hypertext Web Content standards are required to specify the development and
formatting of hypertext documents for presentation on browsers via a range of
delivery channels including Internet and Intranet.
HTML v4.01
HTML v4.01
XHTML v1.0
XHTML v1.0
4.2.2 Document
Standards on Document are required to define the format and file types of
documents for interchange between agencies and departments as well as third
parties.
Reference N/A.
Description The Rich Text Format (RTF) specification provides a format for
text and graphics interchange that can be used with different
Rationale for § RTF is a de facto standard for text and graphics interchange,
Selection available in the public domain.
§ RTF is matured and well supported by all of the market
leading word processing packages.
§ RTF version 1.6 is the latest version of the specification. It
provides support for all new control words introduced by
Microsoft Word for Windows 95 version 7.0, Word 97 for
Windows, Word 98 for the Macintosh and Word 2000 for
Windows and thus ensures maximum compatibility with the
dominant word processing package.
4.2.3 Spreadsheet
Standards on Spreadsheet are required to define the format and file types of
spreadsheets for interchange between agencies and departments as well as third
parties.
Description .csv is the de facto standard for delimited files for use in
interdepartmental information interchange.
Reference N/A.
Rationale for § .csv is a matured and widely adopted file format for
Selection spreadsheet.
§ It is extensively supported by dominant spreadsheet
applications such as Microsoft Excel, Lotus 123, and
OpenOffice Calc.
Limitation The Excel 2000 file format is backwardly compatible with Excel
97. This means you do not have to do anything special to open or
save workbooks from either of these versions.
4.2.4 Presentation
Standards on Presentation are required to define the format and file types of
presentations for interchange between agencies and departments as well as third
parties.
Standards on Graphical Image are required to define the format and files types of
graphics and still images for interchange between agencies and departments as well
as third parties.
Description Tag Image File Format (TIFF) was developed by Aldus and
Microsoft Corp, and the specification was owned by Aldus,
which in turn merged with Adobe Systems, Incorporated.
Consequently, Adobe Systems now holds the Copyright for the
TIFF specification.
Standards on Moving Image and Audio/Visual contents are required to define the
compressed format and file types of audio/visual content such as movies, for
interchange between agencies and departments as well as third parties.
MPEG-1
Description The MPEG standards are an evolving set of standards for video
and audio compression and for multimedia delivery developed by
the
Moving Picture Experts Group (MPEG).
MPEG-1
Standards on Audio/Video Streaming are required to define the formats and file
types streaming audio/video content such as web casts and web seminars, for
interchange between agencies and departments as well as third parties.
Rationale for § Real Audio / Video is one of the most commonly used
Selection formats for continuous streaming of audio and video with
browser plug-ins and players freely available.
§ No specific version need to be specified, on the basis that
members of the public have access to free software for
processing these types of files.
4.2.8 Animation
Animation standards are required to define the applications and formats to be used
for the interchange of animated content between agencies and departments as well
as third parties.
Description The Macromedia Flash file format (.swf) delivers vector graphics
and animation over the Internet to the Macromedia Flash Player.
Description The Shockwave Player displays Web content that has been created
by Macromedia Director Shockwave Studio.
Rationale for § It is a very commonly used format for animation on the Web,
Selection with freely available players and browser plug-ins. Players are
freely available for Apple and Microsoft operating systems.
§ No specific version needs to be specified, on the basis that
members of the public have access to free software for
processing these types of files.
Rationale for § It is a very commonly used format for animation on the Web,
Selection with freely available players and browser plug-ins. Players are
freely available for Apple and Microsoft operating systems.
§ No specific version needs to be specified, on the basis that
members of the public have access to free software for
processing these types of files.
Standard on Mobile Device Content is required to define the format of content for
presentation on mobile devices such as mobile phone and PDAs.
WML v2.0
Description WML is a language that allows the text portions of Web pages to
be presented on mobile telephones and PDAs via wireless access.
WML is part of the Wireless Application Protocol (WAP).
WML v2.0
Character Sets and Encoding standards define the character sets to be used for
content to be interchanged in English or Malay, as well as how those characters are
to be encoded.
ASCII
Rationale for § ASCII is the dominant standard for coding textual content in
Selection English.
§ ASCII is an extremely matured standard. It was first
published as ANSI X3.4 in 1968.
ASCII
ISO/IEC 10646-1:2000
Rationale for § ISO 10646 is a global and matured standard. First published
Selection in 1993. Latest 2 revisions are ISO 10646-1:2000 (generally
referred as extension A) and ISO 10646-2:2001 (generally
referred as extension B).
§ It is widely supported by a broad range of products, including
databases, fonts and printing tools, internationalisation
libraries and office productivity tools.
§ Version ISO 10646-1:2000 is to be adopted because product
support for ISO 10646-2:2001 is immature.
UTF-16
Rationale for UTF-16 is a global, matured and widely adopted standard for
Selection character set.
UNICODE v3.0
UNICODE v3.0
Rationale for Unicode v3.0 is a global, matured and widely adopted standard
Selection for character set.
4.2.11 Compression
Zip (.zip)
Description Files in a zip file are compressed so that they take up less space in
storage or take less time to send to someone.
Zip (.zip)
Reference GZIP is an IETF standard defined by RFC 1952 “GZIP file format
specification version 4.3”.
implementations.
Limitation Not all browsers support client-side scripting even though the
dominant browsers such as IE and Netscape support it.
5.1 Overview
S/MIME v3
SSL v3.0
SSL v3.0
TLS v1.0
Description TLS has been proposed as the successor to SSL. The differences
between TLS v1.0 and SSL v3.0 are not dramatic, but they are
significant enough that TLS v1.0 and SSL v3.0 do not
communicate directly. Instead, if a TLS v1.0 client encounters an
SSL v3.0 server or vice versa it reverts to SSL v3.0, allow ing the
two to coexist.
The IETF has published two RFCs describing the use of the
upgrade mechanism in HTTP/1.1 to initiate TLS (RFC 2817) and
how to use HTTP over TLS (RFC 2246).
Reference TLS is a proposed IETF standard defined in RFC 2246 “The TLS
Protocol Version 1.0”.
Rationale for § TLS is a proposed IETF standard, RFC 2246, and is thus
Selection deemed to be generally stable, has resolved known design
choices, is believed to be well-understood, has received
TLS v1.0
IPsec
Rationale for § IPsec is the only viable standard for IP network-level security.
Selection Over the last couple of years, IPsec has grown to be the
preferred choice for providing secure VPN communications
over the public Internet, and with the integration of IPsec
support within Windows 2000, it is likely to become a
dominant standard.
§ IPsec is widely adopted by all IP VPN products, for example,
those provided by market leaders such as IBM, Cisco Systems
IOS and Checkpoint Software.
IPsec
IP ESP
IP ESP
used. For each given message, the key is chosen at random from
among this enormous number of keys. Both the sender and the
receiver must know and use the same private key.
Reference DES was originated at IBM in 1977 and was adopted by the
U.S. Department of Defense. It is specified in the
§ ANSI X3.92 and X3.106 standards; and
§ Federal FIPS 46-3 and 81 standards.
Rationale for § DES is very widely used and highly matured – it was
Selection developed based on Lucifer standard from IBM Research in
1977.
§ It is currently the basis of SSL encryption.
§ DES (and 3DES) are the most widely used encryption
standards supported by the majority of products which
require encryption.
Digital Signature Algorithms standards are required for the generation of public
and private keys for use with public key infrastructure (PKI) and to provide
authentication through digital signatures.
Rationale for § Together with RSA, DSA is a widely accepted standard for
Selection digital signature algorithms.
§ It is a matured standard – issued in 1994.
SHA-1
SHA-1
Rationale for § NIST has approved hash algorithm SHA-1 for digital
Selection signatures.
§ SHA-1 is a matured standard - original specification of the
algorithm (SHA-0) was published in 1993 and the revised
version (SHA-1) was published in 1995.
§ SHA-1 has been very closely examined by the public
cryptographic community and no cryptographic insecurities
have yet been found. It is therefore considered to be quite
secured.
Key transport algorithms are the encryption algorithms specified for encrypting
and decrypting keys. There algorithms are key establishment methods by which a
secret key is generated by one entity in a communication association and securely
sent to another entity in the association. For example, a message originator can
generate a random session key and then use the key transport algorithm to encrypt
that key with the public key of the intended recipient.
Description XML Signature is a standard for digital signing of XML and its
applications. The standard defines a schema for capturing the
result of a digital signature operation applied to arbitrary (but
often XML) data. Like non-XML-aware digital signatures (e.g.,
PKCS), XML signatures add authentication, data integrity, and
support for non-repudiation to the data that they sign. However,
unlike non-XML digital signature standards, XML signature has
been designed to both account for and take advantage of the
Internet and XML.
An XML signature can sign more than one type of resource. For
example, a single XML signature might cover character-
encoded data (HTML), binary-encoded data (a JPG), XML-
encoded data, and a specific section of an XML file.
http://www.w3.org/TR/xmldsig-core/ .
Rationale for § XML Signature is a joint W3C/IETF standard, and the only
Selection one available for XML message signing.
§ Currently, only one version of XML Signature exists.
§ Publicly available toolkits and software development kits are
provided by market leading security vendors, including IBM,
HP, Microsoft, RSA and Verisign.
Privacy policies allow users to understand the privacy practices of a site, including
information concerning the data that is collected about them. Users are required to
read the individual privacy policies of each site they visit in order to determine
whether or not the policy is consistent with their preferences. Furthermore, sites
present their policies in different ways. Privacy policy standards will define a
standard format for the expression of privacy policies and automate the processes
of comparing the privacy policy with user preferences and highlighting any
discrepancies.
Rationale for § P3P is a W3C recommended standard, and the only viable one
Selection available.
§ P3P v1.0 was issued as a W3C recommendation and is thus
deemed to be stable and suitable for widespread adoption.
§ P3P is supported by the latest version of some dominant
browsers such as Microsoft IE v6.0 and Mozilla (see
http://www.mozilla.org/projects/p3p/). Browser plug-ins, such
as AT&T’s privacy bird, and policy generators such as IBM’s
P3P policy editor, and tools to validate P3P implementations,
such as the W3C’s P3P validator, are available.
6.1 Overview
Metadata covers a core set of elements that contain data needed for the effective
retrieval and management of official information in order to meet the
Government’s information management and retrieval needs.
Description DDSA lists the elements and refinements that will be used by the
Malaysian Public Sector to create metadata for information
resources. It enables users, seekers and owners of information
resources to find and manage them. It also gives guidance on the
purpose and use of each element.
standard is available at
http://www.mampu.gov.my/DDSA/Intro.htm.
Rationale for § This is the de facto standard for Malaysian Government agencies
Selection and departments to specify the metadata for their information
resources.
7. ACKNOWLEDGEMENT OF REFERENCES