ePetitions update and call for comments
By Carrie Bishop • Nov 11th, 2009 • Category: FeaturesUpdate 15 Nov 09: In response to a comment below, you can now download the document directly: epetitions_draft_original_2a
Closing date for comments: 29th November
Last month, Andy Gibson posted about a project FutureGov is doing with Particitech to come up with a simple set of data standards for local government ePetitions in England and Wales. Since then Andy’s been consulting with a small-ish group of people on the standards - establishing what the standards should help to achieve and how they should look.
A first draft has been written, but there are still lots of unanswered questions and we’d love a wider group to now get involved and give us their views on the direction and content of the paper. Do take a look and let us know your thoughts in the comments here or on Scribd, or if you prefer you can email us at admin [at] futuregovconsultancy [dot] com.
The group we have consulted with so far has a number of questions that need to be answered in the next draft and your views would be very welcome on any of the following (there are also issues for consideration within the document itself):
General
- It is important that these data standards are not cumbersome and do not limit creative thinking - is there any way they can be simplified and are they workable enough that innovation can still flourish?
- Should the creator of the petition be able to email the people who signed their petition at least once?
- Should we recommend that each petition site publish a full XML feed containing all the petitions it has ever hosted, with each petition council also publishing a smaller list, as well as there being a centrally maintained list on the internet?
- Should we suggest that all local epetition sites must also have an API that allows for correctly formatted petitions to be submitted by third party sites and services (for example in Facebook or from a mobile App) for the council to then moderate?
What should be mandatory?
- Should it be essential to specify who is being petitioned?
- Should submission, start, end and close/rejection dates be compulsory as a minimum? Would trying to include full records management into the schema be an over complication?
- Should the IP address of a signatory be mandatory?
Transport between organisations
- We need to be very clear as to what the scope of this project is. For example, if one organisation sends a petition to another organisation incorrectly how does the first organisation delete the file they send over? They would need unique IDs etc etc. Should we start off with a simple approach at the moment without complex Web Services until the actual business processes for exchange become fully established?
- While we could look at security for individual parts of the message it would be simpler to specify that the entire transport mechanism to be used should be secured. From a process perspective an organisation would only accept an XML petition from another organisation it trusts and not for example from a member of the public as all electronic signatures could have been fake even if they are then encrypted after they have been generated.
- In the case where one organisation is “redirecting” a petition to another organisation – should we record the name of the first “sending” organisation or would that be better off within a web service wrapper?
Language
- If the petition exists in English and Welsh then should the two same language versions of the petition should be linked together? Would we expect different totals for English and welsh?
- If one party has already translated the petition then will they want to send over the translations? This would mean that either the textual information (title etc) needs to be in some tag that can be replicated per language or that the whole petition is replicated which is fine as long as the GUID or some other attribute allows systems to tie the two together.
- If a signatory adds a comment to the petition, would we optionally want to record the language in which the comment is provided?
Text formatting
- What kind of formatting should the petition statement (i.e. ‘We, the undersigned…’) and any comments added by signatories contain? Is there a need for multiple paragraphs, bullet points, numbered lists etc? Should we include of XHTML to accomplish this?
- Some petitions systems allow the upload if images as background information. In this case (where the image is part of the petition) and the peitition is passed from one organisation to another, should the image be passed to it (not pointing to the original organisations system that no longer hosts the petition). In this case should the image should be encoded and bundled within the XML or attached to the Web Service message and referenced from here?
Geo location
- If multiple geo locatons are stated then should we add a “geoInfo” parent element in which all the other elements live?
- Is it worth supporting multiple mark-ups for the same information?
- If we are using geoRSS and lat/longs will this cause problems for local authorities where the default co-ordinate space is Eastings and Northings? Adoption of Eastings and Northings however means that we would have to use specialist map providers to display data.
- To what should the GIS relate? – is it the geographical area (where appropriate) that is connected to the petition (e.g. proposed location of new cyclepath or opposition to lcoation of new cyclepath). Is recording the position without recording what it relates to any use?
Existing formats/standards
- Should the date be in the XML scheme dateTime format?
- The Govt Data Standards Catalog already has models for PersonName, Organisation, contact etc and, unless the scope of this goes outside the UK, should we therefore use EGIF standards where appropriate, rather than V Cards?
Signatories
- Should it be possible for a member of the public other than the petitioner to electronically extract the V Card information of other signatories?
- Do we expect to see any other electronic data for the paper signatures? E.g. would admin users have to manually add the users? Or would we expect an attachment of the scanned pages? Or just go on trust?
- Should it be possible to submit a signature for a petition using an API, by posting to over HTTPS an XML message linking to the petition?
We’re keen to get as many and varied views as possible to get these standards right for everyone - whether you’re really into your XML or whether you’re more interested in the principles of epetitions we’d love to hear from you.
Carrie Bishop is
Email this author | All posts by Carrie Bishop
Can you publish it in an open standard format on a site that doesn’t require registration to download, please?
I feel you should suggest that all local epetition sites must also have an API that allows for open-standards-based access, to prevent the all-too-common local site problems disenfranchising people.
It should be essential to specify who is being petitioned because that seems necessary for informed consent and appropriate hosting.
Submission and start dates should be compulsory as a minimum. I’m not sure if all petitionees require particular end dates.
I don’t see why the IP address of a signatory should be mandatory, especially if they were authenticated by other means.
You should start off with a simple approach at the moment but try to leave doors open as much as possible.
While it would be simpler to specify that the entire transport mechanism to be used should be secured, will that allow an originator to sign their contribution to the petition cryptographically in a manner that can be verified without relying on every organisation that has transported the petition?
You should record the name of all sending organisations in the petition itself.
If the petition exists in English, Welsh or other languages, then the two same language versions of the petition should be linked together with the same totals but a note of which language the signer read.
If one party has already translated the petition then I think they may want to send over the translations.
If a signatory adds a comment to the petition, we would want to record the language in which the comment is provided.
The petition statement (i.e. ‘We, the undersigned…’) and any comments added by signatories should contain as little formatting as possible.
Images as background information should be attached to the Web Service message and referenced. It is up to the receiving system(s) whether they choose to download and store the images independently of the sending system.
The date be in either the XML scheme dateTime format or ISO format.
We should use EGIF standards where appropriate only where they
are open standards, not where they are vendor-specific. V Cards
probably should be used in addition, due to the wide availability
of tools.
It need not be possible for a member of the public other than the petitioner to electronically extract the V Card information of other signatories.
I do not expect to see any other electronic data for the paper signatures.
It should it be possible to submit a signature for a petition using an API, such as by posting to over HTTPS an XML message linking to the petition.
Hello - thanks for your comment and feedback - great stuff.
Good point about having to register for Scribd - as you will see we’ve now made it available for download from the post itself.
Cheers
Carrie
[...] can we begin? Well, a good place is this: part two of the consultation being run by Future Gov on data standards for e-petitions in England [...]
Carrie, I would be wary of over-cooking this before it has any real-world momentum. It is surely better to have simple, widely supported interfaces, than everything and the kitchen sink. Think RSS, not Ada. Certainly, an absolute minimum of data should be mandatory.
It is unclear if there is a real commercial model for those outfits supplying e-Petitions systems, so don’t make the cost of entry into the marketplace too high, it will ultimately stifle innovation.
I am not an expert in data protection law, but I suspect most responsible organisations will be very wary of any public-facing mechanism for downloading address information, even if only once and to the instigator of the petition. Acting as the middle man for exchanging personal data is something you can get a lot of grief about.
The idea of an automated interface for signing petitions is, of course a security nightmare. I suspect in the short term, most organisations will not consider it worth the risk to the integrity of the results. So do you do nothing, and let non-standardization take a grip, or wait or what? I’d say stick some simple draft APIs in the spec, but don’t make it mandatory or over specify. Then come back in V2 and refine.
I am pretty much in agreement with Herc (though slightly more optimistic about being able to securly move to remote lodging of signatures and petitions)
My thoughts on the standard making processes are that:
(1) The purpose of this requirement is for a *simple* set of data standards,
(2) So at this point, we should be focussing on a standard for the base functionality: read only access to publicly available data
(3) Once that’s in place, we can talk about API keys, RESTful CRUD actions etc, and also secure transfer of sensitive data between servers - maybe learning from how different people solve the problems
(4) The process should allow for evolution of the standard to work in other countries: this will give UK companies a competitive advantage
(5) Regular review dates should be built into the process.
More generally, I’m happy to see that that multi-lingual aspects are being dealt with from the beginning. Tracking status changes will be key to generating feeds that will allow external sites to keep their readers up to date and allow comparison of how different authorities are managing the process.
I’m look forward to the next stage!
So what is the next stage with this project?