Welcome to your Lancashire

e-GIF supplier compliance questionnaire

e-GIF supplier compliance questionnaire

The questionnaire is split into four parts, all of which can be found on this web page. For a printable version of this questionnaire, please use the 'Print' button.

Please place the letter C, N or D in the right-hand column with regard to the proposed solution. Add numbered notes to explain response as necessary.

1. Interconnection

Table 1 - Specifications for interconnectivity:

C = Compliant
N = Not applicable to CMS - please explain why
D = Don't know

Component Specification Status
Hypertext transfer protocols RFC 2616, Upgrade mechanism in HTTP/1.1 to initiate Transport Layer Security (TLS) over an existing TCP connection  
E-mail transport (see 4.1) E-mail products that support interfaces that conform to the SMTP/MIME for message transfer. This includes RFC 2821, RFC 2822, RFC 2045, RFC 2046, RFC 2646, RFC 2047, RFC 2231, RFC 2048, RFC 3023, RFC 2049
Note: e-mail attachments may conform to the file types for browsers and viewers as defined for the specific delivery channel, see Section 7 e-Services access and Channels
 
E-mail transport security Unless security requirements dictate otherwise, e-mail products that provide secure mail transport facilities shall as a minimum conform to RFC 3207  
E-mail content security Unless security requirements dictate otherwise, and only when appropriate, S/MIME v3 will be used for pan-government messaging security when end-to-end security is required. This includes RFC 3369, RFC 2631, RFC 2632, RFC 2633  
Mailbox access (see 4.1) Unless security requirements dictate otherwise, e-mail products that provide mail access facilities shall as a minimum conform to POP3 for remote mailbox access. This includes RFC 1939, RFC 1957 and RFC 2449.
Where additional mail facilities are required, unless security requirements dictate otherwise, e-mail products that provide advanced mail access facilities shall conform to IMAP for remote mailbox access. This includes RFC 3501, RFC 2342, RFC 2971, RFC 3502, RFC 3503, and RFC 3510.
Interfaces for e-mail systems are to conform to POP3 for mailbox retrieval
 
Secure mailbox access Mailbox access over insecure networks shall use HTTPS, conforming to the Transport security standards listed below. This includes RFC 2595 when using TLS with IMAP, POP3 and ACAP to access mailbox  
Directory GSI Notice 1/2003 Information GSI Directory Schema. LDAP v3 is to be used for general purpose directory user access  
Domain name services DNS (RFC 1035)
GSI domain-naming follows these guidelines as far as possible. GSI e-mail addressing specifications are defined in GNC Technical Notice 2/2001 (Domain Names, DNS and E-mail Addressing)
 
File transfer protocols FTP (RFC 959) (with restart and recovery) and HTTP (RFC 2616) for file transfer  
Newsgroup services NNTP (RFC 977) where required, subject to security constraints  
LAN/WAN interworking IP v4 (RFC 791)
Departments are to interconnect using IP v4 and plan for migration to IP v6 in due course
 
Security Central government departments should refer to the Manual of Protective Security.
Other parts of the public sector should refer to the e-Government strategy framework and guidelines on security
 
The following specifications are to be used to meet the requirements of the e-Government Security Framework where appropriate:
IP security (Authenticated header) IP-SEC (RFC 2402/2404)  
IP encapsulation security (for VPN requirements) ESP (RFC 2406)  
Transport security SSL v3/TLS (RFC 2246)  
Encapsulation security CMS (RFC3369)  
Timestamp token TSP (RFC 3161)  
Certain e-government information is ‘sensitive’ in that it might contain personal or commercially confidential information, but it does not fall within the definitions of government classified information. For the protection of such information, e.g. data and private keys, the following specifications are advised:
Encryption algorithms 3DES, AES, Blowfish  
For signing RSA, DSA  
For key transport RSA, DSA  
For hashing SHA-1, MD5  
The above is not exhaustive and is intended as a guide. For advice on specific implementations or specific algorithms please contact CSIA@cabinet-office.x.gsi.gov.uk
Transport TCP (RFC 793)
UDP (RFC 768) where required, subject to security constraints
 

Top of Page

2. Specifications for web services

Table 2 - The following standards apply where systems use a web services architecture:

C = Compliant
N = Not applicable to CMS - please explain why
D = Don't know

Component Specification Status
Web service request delivery SOAP v1.2, as defined by the W3C
www.w3.org/TR/soap12-part1/
www.w3.org/TR/soap12-part2/
Guidance on the use of SOAP can be found at www.w3.org/TR/soap12-part0/ and www.w3.org/TR/xmlp-scenarios/. See the W3C web site www.w3.org for the latest drafts of the SOAP specifications and transport bindings.

Web services may use SOAP version 1.1 as an interim solution provided there is a migration strategy for conformance to SOAP version 1.2

 
Web service request registry UDDI v3.0 specification (Universal Description, Discovery and Integration) defined by OASIS www.uddi.org/specification.html

Applicable for dynamic Web services requiring web service discovery using WSDL

 
Web service description language WSDL 1.1, Web Service Description Language as defined by the W3C, the specifications can be found at www.w3.org/TR/wsdl  

Top of Page

3. Data integration

Table 3 - Specifications for data integration:

C = Compliant
N = Not applicable to CMS - please explain why
D = Don't know

Component Specification Status
Data integration metadata/meta language XML (Extensible Markup Language) as defined by W3C www.w3.org/XML  
Data integration metadata definition XML schema as defined by W3C, the specifications can be found at:
XML Schema Part 1: Structures www.w3.org/TR/2004/REC-xmlschema-1-20041028
Schema Part 2: Datatypes www.w3.org/TR/xmlschema-2/datatypes
 
Data transformation XSL (Extensible Stylesheet Language) as defined by W3C www.w3.org/TR/xsl
XSLTransformation (XSLT) as defined by W3C www.w3.org/TR/xslt
 
Data description language RDF (Resource Description Framework) as defined by W3C www.w3.org/TR/REC-rdf-syntax/  
Data modelling language UML (Unified Modelling Language) at www.omg.org/gettingstarted/specsandprods.htm  
Data definition and schema standardisation process As per GovTalk processes in Part 1 Government Data Standards,  
Minimum interoperable character set Transformation Format - 8 bit UTF-8 (RFC 2279), which supports the exchange of the full character set. Individual items in the XML schema may be further restricted in character set on a case-by-case basis  
XML signature and encryption Decryption Transform for XML Signature as defined by W3C www.w3.org/TR/xmlenc-decrypt  
XML key management where a PKI environment is used XML-Key Management Specification (XKMS 2.0) as defined by W3C www.w3.org/TR/xkms2/  
XML security markup SAML (Security Assertion Markup Language) as defined by OASIS

Top of Page

4. Content management metadata

Table 4 - Specifications for content management metadata:

C = Compliant
N = Not applicable to CMS - please explain why
D = Don't know

Component Specification Status
Content management metadata definition XML Schema
Government XML metadata schema
 
Content management metadata elements and refinements e-GMS which incorporates Dublin Core  
Subject element, category refinement IPSV (Integrated Public Sector Vocabulary) and GCL (Government Category List)  
Data definition Government Data Standards Catalogue  
Metadata harvesting Open Archives Initiative Protocol for Metadata Harvesting 2.0 (OAI-PMH) for metadata collection
Protocol Version 2.0 of 2002-06-14
Document Version 2004/10/12T15:31:00Z
www.openarchives.org/OAI/openarchivesprotocol.html
 
Content syndication RSS (Really Simple Syndication) Version 1
The RSS is a standard format for syndicating news content over the web using Dublin Core and RDFPublished by the RSS-DEV Working Group web.resource.org/rss/1.0/
 
Context-sensitive linking OpenURL 0.1 (migrating to 1.0) for context-sensitive linking www.exlibrisgroup.com/sfx_openurl.htm
The OpenURL is designed to enable the transfer of the metadata from the information service to a service component that can provide context-sensitive services for the transferred metadata
 
Distributed searching

ISO 23950:1998 Information and documentation -- Information retrieval (Z39.50) -- Application Service Definition and Protocol Specification http://www.loc.gov/z3950/agency/

Note: The two documents are technically the same with only slight editorial differences

 

Top of Page

© 2014, Lancashire County CouncilPhone: 0300 123 6701 email: enquiries@lancashire.gov.uk