IV. Programming
A. SBA's System Development Methodology
VII. Home Page Checklist, Templates, and Requirements
A. Content
VIII. Frequently Asked Questions (FAQs) -- Coming Soon
IX. WWW Security
A. General:
(S)= Standard: compliance required
(P)= Agency policy or procedure: compliance required
(G)= Guideline: compliance recommended
Note: The requirement of particular projects may
take precedence over one or more of the standards below. SBA project
leaders must ensure the compliance of their services with the
following in the absence of a contradictory requirement.
The SBA has established policy on employee use of the internet/intranet at their work sites using SBA equipment, facilities, or connection services.
A. Agency Controlled Content
1. Location
Originally, our site began as www.sbaonline.sba.gov - which then
transitioned to www.sba.gov - both addresses will bring one to our site, but the official URL for SBA is www.sba.gov.
Full addresses for SBA Web services are:
These are the official SBA addresses. If anyone sees our data or files on sites using other than an "sba.gov" address, (with exceptions above) it isn't ours and could be a copy of our data that may be out of date.
We see some sites copying or caching our information yet being lax in keeping it current. If one wants the latest informatin, they should come to one of the sites listed above.
2. Statement of Purpose
WEB STANDARDS, POLICIES, PROCEDURES AND GUIDELINES
(See All 4/03/02 Revisions)
Download Acrobat Reader
I. Introduction
A. Display
B. Navigation
C. Style/Markup
D. HTML Structural Code
E. Frames
B. Perl
C. Imagemap
D. CGI
E. Java
F. Plugins
G. Cookies
H. Other
B. Program Office Home Pages
1. Templates
C. Field Office Home Pages
2. Ingredients
1. Templates
D. Special Pages
2. Ingredients
1. Frames Look-a-Likes
E. Hotlinks to Outside Resources
2. Use of U.S. Maps
F. Optional Material
G. Large Document Templates
H. Clearance Criteria and Test Checklist
I. Introduction: SBA WWW Standards,
Policies, Procedures and Guidelines
B. Employee Use:
3. Approvals:
4. Coordination:
5. Clearance of Electronic Information:
The OCIO uses an extensive list of clearance criteria and a test checklist found in these
[Excel] or [PDF]
files.
6. Government Information Locator Service (GILS):
7. Responsible Party/Contact:
8. Accuracy and Quality Control:
9. Timeliness/Currency:
Effective customer service and the credibility of SBA's public access Internet sites depend on providing information that is up-to-date.
10. Organizational Home Pages:
11. Personal Pages:
Personal home pages can be useful for those who deal directly with the public or hold high profile positions.
A separate procedures document will provide details on the specific steps to be taken to use the SBA WWW server for publishing electronic information.
13. Copyrights and Multimedia Documents:
A copyright is the 'rights' of an author or publisher to the 'copy' (text of an article) which that author or publisher produced. This has come to mean the right of intellectual property, whereby authors obtain, for a limited time, certain exclusive rights to their work.
In the United States, copyright protections are exclusively granted under federal law, which derive from Article 1, Section 8, Clause 8 of the Constitution. This law provides Congress with the power "to promote science and the useful arts, by securing for a limited times to authors ...the exclusive right to their writings".
In the United States, and most other countries, a work is copyrighted automatically upon creation. No notice is required nor is registration required with a government agency.
14. Incorporating Works into Multimedia (Internet) Documents:
B. Linked Content
-- (P) Pagemasters must coordinate with the Webmaster
to explicitly exclude restricted access documents from site-wide
full-text indexes.
2. External Links:
-- An external link is a link to a document that is
not on a SBA server, with a URL different than SBA's.
-- An important goal for SBA's collective World Wide
Web services is to offer each user full access to the entire expanse
of the distributed collection, regardless of the point at which
the user enters the system. Reaching the goal of providing the
convenience of "one-stop shopping" in a widely distributed
system may require that each home page sponsored by the Agency,
in addition to serving its own particular constituency and purpose,
include links to other Agency pages.
C. Disclaimers
(S, P) SBA Servers and most Agency multimedia documents
must carry a Disclaimer of Endorsement and a Disclaimer of Liability
for all non-SBA information or links. These disclaimers address
references to commercial products and services, as well as merchantability
and fitness for purpose.
The following standard disclaimers will be used by
the Agency:
(P) SBA attempts to ensure that files are free of
viruses before they are placed here. However, viruses can escape
detection. Users must be advised that use of these files and programs
be solely at their own risk. SBA disclaims all liability for damage
or loss caused in any manner whatsoever by files downloaded from
SBA's web site and by its decision to include or exclude particular
software from SBA's web site."
A. Display: Presenting a Unified Picture
SBA home pages should be designed to:
B. Navigation
1. Titles
2. Headers
3. Body
4. Large Documents
Stds.zip (30Kb) contains the entire SBA WWW Standards,
Guidelines, Policies and Procedures in zipped format for downloading.
5. Standard Footers
6. Standard Icons and Logos
7. Graphics and Multimedia
D. HTML Structural Code
The following information provides solutions that
can communicate to the broadest possible constituency.
WWW pages should be usable by all major clients to
ensure equitable access to the information. Browser-specific HTML
should be avoided. If they have adverse affects in other browsers.
(Example: <FONT SIZE = +1> is ignored under non-implementing
browsers.
Tables, like images, can be an extremely effective
way to present information. However, also like images, they can
hamper access to information by visually impaired individuals
or those with character-only browsers.
(S) <TABLE> markup should be used when it significantly
enhances the effectiveness of information presentation. It should
be accompanied by an alternative presentation for those whose
browsers or disabilities prevent them from using table markup
if the text is unreadable in browsers that do not provide table
functionality.
(S) The standard icon for the SBA Home Page uses
the following URL to display it with the appropriate link.
<a href="/sba"><img alt="SBA
Home Page border=0>"
6. Icons
7. Images
8. Metaphors
9. Titles
10. Headers
11. Other HTML Markups
HTML documents on the SBA WWW server will take full
advantage of all available features in the HTML standard in order
to make each document as readable and usable as possible.
12. Real Information vs. Technical Advice
13. Large Files
14. Proprietary File Types
15. URL Styles
16. Images
17. Image Maps
18. Standard Mail Form Program
19. URL Names
20. URL Case
21. Client Instructions
22. Feature Variations
24. Content vs. Format
E. Frames:(S) Frames are not used on any SBA public access web page.
After extensive testing on the most common browsers
utilized by SBA customers, we have found navigational
problems, slow load times and non-printing frame pages. Frame look-a-likes
may be used in select locations. For an example of a frame look-a-like page,
go to Headline News.
A. (P) Perl
B. Imagemap
C. CGI
(G) The problem with CGI scripts is that each one presents
yet another opportunity for exploitable bugs. CGI scripts should
be written with the same care and attention given to Internet
servers themselves, because, in fact, they are miniature servers.
Unfortunately, for many Web authors, CGI scripts are their first
encounter with network programming.
(G) CGI scripts can present security holes in two ways:
(G) CGI scripts are potential security holes even though
you run your server as "nobody". A subverted CGI script
running as "nobody" still has enough privileges to mail
out the system password file, examine the network information
maps, or launch a log-in session on a high numbered port (it just
needs to execute a few commands in Perl to accomplish this). Even
if your server runs in a chroot directory, a buggy CGI script
can leak sufficient system information to compromise the host.
(P) CGI files physically located on SBA Web servers
are developed only by Agency Webmasters. CGI scripts developed
by outside resources will not be accepted.
F. (S) Cookies:
Permanent cookies or session variables that write to users hard drives are not allowed
-- any exception would require approval by the SBA Administrator
The use of Cookies requires a standards waiver. Requests for a waiver must provide the following detail:
A. Reinventing the Wheel
B. Developmental Testing
C. Training.
D. Usage Reports.
E. The Changing WWW environment
F. Continuous Improvement
G. Security
Operation of a WWW server opens up numerous potential
security issues that must be addressed. The Webmaster has primary
responsibility for the server's security. But project Pagemasters
must be aware of security considerations, particularly in areas
such as Java and CGI script development where potential risks
abound. See the security references cited below for additional
information.
H. Usage Monitoring
VI. Emerging Standards.
The nature and character of the Web is constantly
changing. This page is dedicated to standards that are widely
accepted, but limited in availability. Soon, many of these will
be available to the masses. Even now, some may be appropriate
to utilize for specialized groups. All merit consideration and
investigation as the future is just around the corner.
A. Java
(G) Java is a new computer programming language developed
by Sun Microsystems. It is Object Oriented, fully threaded, and
patterned after C++. Java is interesting to those who work on
the Internet because it can open and access objects across the
net via URLs and is architecturally neutral. It purports to runs
in a safe (secure) environment, however many security problems
have arisen over its use.
(S) It is not an SBA standard at this time and
may not be used in programming for the SBA WWW.
HotJava is a Web browser written by Sun Microsystems
in the JAVA programming language. Today, HotJava is the only browser
that will run Java applications (call applets). Netscape has licensed
Java for incorporation into their browser. A decision has not
been made as to whether Java support will be included in the Windows
Mosaic browser.
To find out more about Java and HotJava try:
Java (TM) Programming for the Internet
http://www.javasoft.com
Java FAQ
http://www.nymug.org/javafaq.html
B. Java Script
Java Script is an interpreted text language that
is also executed ion the browser. It's currently more useful than
Java, because it has direct links in HTML that are ignored if
the browser doesn't support Java Script. Java Script is useful
for data validation, but because the user can turn off Java Script
or may use non supportive browser it does not eliminate the need
for server-side data validation.
C. VRML
Virtual Reality Modeling Language is an evolving
markup language that promotes a graphical page format. VRML utilizes
intuitive navigation and interaction rather than text, and icon
based interaction. For example, a VRML page may display a picture
of a room. Querying objects in the room such as clicking on a
television, or a book, may start a movie, or display text. Moving
from link to link could be accomplished by opening the door to
another room. Current estimates are this technology will become
mature enough to use and a hot technology over the next year or
so.
To find out more about VRML try: On the Net: VRML Resources
at
http://www.hitl.washington.edu/projects/knowledge_base/vrm.html
or
NCSA VRML Home Page at
http://www.ncsa.uiuc.edu/General/VRML/VRMLHome.html
VII. Home Page Checklist, Templates, and Requirements.
A. Content
B. Program Office Home Page Templates and Ingredients
C. Field Office Home Page Templates and Ingredients:
D. Special Pages
Samples of this type of page are shown at http://www.sba.gov/news, and http://www.sba.gov/services
E. Hotlinks to Outside Resources:
This will take the visitor to a transition page stating that they are leaving SBA's web site.
F. Optional material for all SBA pages:
G. Sample Large Document Templates:
Exporting is crucial to America's economic health.
Increased exports mean business growth, and business growth means
more jobs. Yet, only a small percentage of potential exporters
take advantage of these opportunities. It is critical for U.S.
businesses to think globally. Your decision to read this book
indicates an interest in exporting. However, you may have discovered
your company is already competing internationally -- foreign-owned
companies are competing with you in your "domestic"
markets. The division between domestic and international markets
is becoming increasingly blurred.
2. Sample Alphabetized Subjects
A mapped alphabetic locator at the top of the page
takes you to each letter...each letter returns to the mapped locator...off
page navigational buttons are built into the locator...Example...
IX. WWW Security
A. Background Information:
B. SBA Security Implementation:
SBA will use several mechanisms to ensure that SBA
staff have easy but controlled access to the SBA public server:
X. SBA's Privacy Policy.
SBA's Privacy statement is available on the main home page and defines what information
the site collects from customers and how that information is used. The policy
statement applies to all SBA Internet, Intranet and Extranet services.
1. Internal Links:
-- (P) Documents and collections that are not public
(i.e., not yet published, not fully marked
up or tested, internal working group notes, etc.) may not be linked
to publicly accessible documents or placed in publicly available
directories without information on the restrictions and an explicit
"under construction" warning.
III. Display and Functional Design
C. (S) Style/Markup
The SBA logo at the top of almost all pages will bring you directly back to SBA's Home Page.
The black square or circle is a paragraph or item marker and is not hot for clicking.
The ball is usually a paragraph or menu item marker - it is seldom hot for clicking.
The square is usually a sub-paragraph or menu item marker - it is seldom hot for clicking.
The up arrow is usually hot and if clicked, will take you to the top of what is typically a large document.
The down arrow is usually not hot but suggests that you scroll, arrow down or browse below.
The left and right arrows are usually hot for clicking and move you back or to the next page of a sectioned publication.
Will take you to a menu or document.
Will take you to a menu or document.
Will take you to a menu or index of publications.
Will take you to a text document.
Will take you to an Html document.
Will take you to a pdf (Adobe Acrobat) image of a document - for downloading only.
Will take you to a Post Script (Printer) document for downloading only.
Will take you to a Zipped or Self-extracting Zip File for downloading only.
Will take you to a telnet site.
Will take you to our FTP site.
(G) An appropriate use of <TABLE> markup would be to present
a statistical table, accompanied by a version of the same information
as formatted text(<PRE>) that is eighty (80) or fewer characters
in width.
src="/pics/image border=0 alt="[Picture of...]"height = ?? width =??></A>
23. Font Colors
IV. Programming
(G) Recent exposure of security holes in several widely
used CGI packages indicates that the existing documents on CGI
security have not taken hold in the public consciousness. These
scripts are being redistributed to people that have no programming
experience and no way to determine whether they are opening up
their servers for attack. This causes considerable frustration
for all involved.
D. Java
E. (S) Plugins: Applications should not require the user to download a proprietary plugin or other software.
The Government, in general, discourages the use of Cookies. However,
some applications may require cookies associated with session management.
G. Other: Coming
V. Additional Points.
Frames are not used on any SBA public access web page. After extensive testing on the most common browsers utilized by SBA customers, we have found navigational problems, slow load times and non-printing frame pages. In certain cases,
a frames look-a-like page will be used at the discretion of the Internet Office.
Further, any files we have that exceed 300k will be broken into smaller viewing pieces whenever possible or offered for download only.
SBA utilizes a particular "mapping" program to hotlink each state to its own special area.
Sample
1. Table of Contents: a table of contents
structure with links to each chapter
VIII. Frequently Asked Questions
(FAQs) -- Coming Soon