JHS 166 Terms and Conditions of Public IT Procurement

Annex 10. Supporting material: Open interfaces in information system or service procurement

  • Version: 2.1
  • Published: 25 June 2018
  • Valid until: until further notice

One objective of the JHS 166 recommendation is to pay attention to different viewpoints of openness in procurement terms and conditions. Three viewpoints have been identified:

  1. the utilisation of open source code and its release for the use of others in conjunction with public procurements
  2. the prevention of vendor lock-ins (transferability of data when changing the system, using separate human-assisted exports, etc.)
  3. supporting open machine interfaces (see Section 2 where data is transferred in a human-assisted manner and typically much more rarely, e.g. once a year or when changing the system)

This document discusses option 3, i.e. supporting open interfaces in JIT terms and conditions.

The special terms and conditions on application procurement of the JHS 166 recommendation includes a provision, according to which opening of the interfaces must be possible as agreed in more detail in the agreement.  This applies to special terms and conditions on applications implemented using open source code, applications implemented using closed source code and agile methods. The purpose of this supporting material is to make it easier to describe requirements in more detail in the invitation to tender and in the agreement.

A. Definition of an open interface in public procurements

Open interfaces in procurements of information system

In the procurements of information systems, the client, as a main rule, shall require open interfaces from the information system or information system service subject to the delivery, pursuant to a more detailed specification, in order to fulfil the specific obligation. The requirement may also be related to consulting services if they serve to produce or modify an information system.

Utilisation of documents in public procurements

The requirement of an open interface described herein is intended to be applied to procurement of an information system and thereto related hosting procurement, as well as procurement of information system service. As the requirement for an open interface in procurement of an information system often causes additional costs, the content of the requirement should be considered with regard to the procurement and it can also be excluded.

With regard to public procurement, the procurement unit sets forth the requirements, on the basis of which the procurement of an information system or service is carried out. In order to make this easier, the requirement for an open interface is described in this document. This document does not describe case-specific requirements for an interface, but the general requirements that are caused due to the express requirement of an open interface.

If the client prefers to require an open interface, it may include the requirement described herein in the requirements set forth for its procurement. This requirement does not work independently, but requires the presentation of case-specific requirements for an interface. The requirements concerning openness must be fitted into each procurement on a case-specific basis.

Interface

An Application Programming Interface (API) defines how software offers information or services to applications or other information systems.

The interface may be a mere data interface, through which the data contained in a service can be read into other systems, or it may be a functional interface which also offers computing algorithms or a possibility to modify data in the system via the interface. If a system contains several different interfaces, it should be specified which of them are open interfaces. Unless otherwise presented in the client's requirements, requirements refer to the data interface and read rights.

An example of a data interface is the kansalaisaloite.fi interface which offers information about initiatives made by citizens. Examples of functional interfaces include the interfaces of the route guide of the Helsinki Region Transport which offers a routing algorithm or the international Open311 interface standard. Systems supporting the Open311 standard enable the submission of fault reports.

The client decides on whether or not to open an interface

When the client requires the supplier to provide an interface which can be opened, the result is an interface controlled by the client. This refers to an interface which the client, who has ordered the system, has the right to use and distribute as it deems necessary. In this case, the client may if it prefers open the interface regardless of the system supplier but, if it does not, the interface is not open. If the client does not open the interface, the interface will not be open to external parties, in which case the interface is not open in a general meaning.

The purpose of this document is to help the client when it prefers to require an open interface from the supplier. After a requirement or a following successful delivery, the client is able to open the interface in full or in part if it prefers, or decide not to open the interface.

Open interface vs. open data

Data received via an open interface does not need to be open. The interface may be open even if the production system is wholly disconnected from the Internet and it is only accessible by a very limited group. If the interface is open but access to the data content is limited, the supplier shall deliver a testing environment openly available in the network.

If an open interface is available for a system, it does not mean that the production system or the data it contains would be accessible by anyone. For example, a patient information system may involve an open interface but the patient information itself is not open. Information about a specific person may only be offered via an open interface with the person's own consent (my data). For testing the open interface offered for the patient information system, the supplier shall deliver testing material which is open and the content of which corresponds with the authentic data considering the testing purpose.

B. Requirement for an open interface

General requirements

The interface to the information system/service delivered by the supplier shall be open as specified herein. These requirements do not concern service levels or service availability which are governed by what has been agreed upon elsewhere.

  • At the procurement stage, the client shall require that an open interface can be used freely without any charges based on exclusive rights related to its use.
  • Documentation of how the interface is used shall be delivered to the client, and the client will test the interface during the acceptance testing.
  • The documentation will be published upon the client's request. The documentation shall include a sufficient description of the data contained by the system and, if required, example queries so that the rollout and utilisation of the interface is effortless. It must be possible to make the documentation publically available without being limited by the intellectual property rights of the supplier or third party and without any charges payable by the publisher of the documentation or by its user to the holder of the rights.
  • At the procurement stage, the client shall present requirements according to which the completed interface must be available for testing by its users. The client shall consider, separately in each case, which testing method and test material are possible, and present requirements for these.
  • Testing may be implemented for instance in the following ways:
  • testing data is available, together with a system, against which usage can be tested or
  • there is open access to the testing system which contains realistic or authentic data or
  • the testing system and testing data can freely be downloaded for installation for own use or
  • if the data received via the interface is not open, the supplier shall deliver a testing environment usable openly in the network, including open testing material.
  • Unless otherwise presented by the client in its requirements, access to the interface must be possible by anyone, i.e. no access management is required. The interface may also be taken into use without any actions from the system administrator or supplier, also outside regular office hours. Eventual registrations are automatic.
  • The system/service does not need to support chargeability, unless otherwise presented by the client in its requirements.
  • Use rights to the data available via the interface are specified on the basis of use rights to the data, and by using the interface the supplier or other companies within its group companies shall have no right to prohibitions with regard to the data transmitted via the interface or the reuse of such data in any way.
  • Holders of the rights shall not have any right to prohibit the use of the interface by the client or third parties, regardless of how the interface is being used. Correspondingly, the holders of the rights shall not have any right to collect charges, e.g. royalties, for using the interface from the client or third parties, regardless of how the interface is being used.