- 1 Jun 2017
- Domain structure and management
- Namings Committee and Jisc Services Ltd
- Conditions of use
- Replacing a domain
- Naming principles and conventions
- Gaelic language
- No use prior to approval
- Applying for a domain name
- Application process
- Appealing against rejection of an application
- Subdomains and subfolders
- Use of third-level domains for campaigns (short-term use))
- Defensive registration
- Make changes to or cancel a domain
- Not conforming to best practice
- Becoming ineligible
- Email security
- Domain Name Security Extensions or (DNSSEC)
1. Approval of individual gov.scot domains rests on two broad principles:
- the relationship of the domain name to the respective public organisation or service is readily understood by members of the public and service users
- introduction of the domain, and any dependent subdomains, will contribute to a simplification of the Scottish public sector domain estate
Note: For the purposes of this document the terms 'name', 'domain', 'domain name' and 'third-level domain' can be considered equivalent. The term 'domain' and its equivalents are understood to apply equally to both web and email services.
Domain structure and management
2. The global system of internet domain names makes internet services more accessible for ordinary users. A 'dotScot' top-level domain (TLD) has been created for organisations and individuals wishing to publish material endowed with a Scottish identity.
Within this TLD a second-level domain (SLD), gov.scot, has been reserved for use by the public sector. This SLD is managed by The Scottish Government gov.scot Namings Committee.
Namings Committee and Jisc Services Ltd
3. Public sector organisations in Scotland are entitled to request registration of third-level domains on gov.scot. The gov.scot Namings Committee (NC) assesses domain name requests against the criteria set out in this document and is responsible for:
- approving or rejecting name requests
- approving or rejecting requests for change of ownership of domain names
- appeals against the above decisions
Jisc Services Ltd (JSL) - formerly JANET, the Joint Academic Network - administers the gov.scot SLD on behalf of the Scottish Government, providing third-level domain name request, modification, approval, appeal, registration and deletion systems.
Eligibility for a domain
4. Registration/ownership is limited to:
- Scottish Government agencies and non-ministerial departments
- executive agencies
- non-departmental public bodies (NDPBs) and national bodies
- Scottish local authorities
- Scottish Government commissions, enquiries and tribunals
- Current holders of a gov.uk domain, providing that the domain meets gov.scot naming principles and conventions
Those not eligible for a gov.scot domain include:
- individuals (including elected representatives)
- sole proprietors/traders and partnerships
- community interest companies and social enterprises
- companies and organisations registered by Companies House. i.e. private companies (limited by shares or guarantee), private unlimited companies and public limited companies
- standalone 'arm's length organisations' where staff are not public servants (e.g. employees of a private or public company)
- charitable, voluntary and privately owned organisations that are not also Scottish Government agencies, NDPBs or Scottish local authorities
- public, privately owned or charitable organisations undertaking work or programmes within, or targeting, the public sector that are not also Scottish Government agencies, NDPBs or Scottish local authorities
- associations representing public sector staff
- public sector pension funds
- internet management and network related companies, including Internet Service Providers (ISPs) and hosting companies
- international organisations
Conditions of use for a third-level domain
5. Web and email services using a gov.scot domain name must comply with current Scottish and UK legislation and support channels that provide accessibility for disabled people, members of ethnic minorities and those at risk of social/digital exclusion. Legislation includes Copyright, Data Protection Act, Disability Discrimination Act.
gov.scot web domains can be acquired to support both organisational and core service web presences. The primary web domain is that which leads directly to the homepage of an organisation. In exceptional cases secondary web domains may be approved to support core, yet distinct, services.
Continuing approval of a domain name is conditional on it being used specifically and exclusively for the organisation on whose behalf it is registered. Additionally, the domain must not resolve or redirect to the homepage of a hosting service, any other agent or any page on a non-public sector domain. Abuse of these requirements may result in withdrawal of name approval.
Acquisition of corresponding non-government domains (.co.uk, .org.uk, .org etc.) must only be for defensive purposes. If used, they must be permanently redirected to the gov.scot web domain.
Approval of a domain is subject to the status of an organisation. If the status changes, the organisation must inform JSL in case of impact on eligibility. In the event an organisation becomes ineligible they will be required to agree a timescale for deletion of the domain.
An organisation (the 'registrant') does not own an approved domain name outright; periodical renewals must be undertaken to retain the right of use. The right of use, however, is exclusive.
A registration fee is payable every two years for each domain name, paid to JSL by an organisation's domain registrar. The scale of the fee is published on the JSL website.
Replacing a domain
6. Where a gov.uk domain is superseded by moving to a .gov.scot the old gov.uk name may remain but all associated services including web and email must be set up to automatically redirect to the new domain. All automatic redirections should be completed within 36 months.
JSL will maintain the Domain Name System (DNS) record for the gov.uk domain should its retention be justified by persistent traffic flows or branding considerations.
Naming principles and conventions
7. Domain names must reflect the legal name, registered trading name of an organisation or primary business function and should be selected to:
- minimise risk of confusion with other registered names, organisations, trade names or trademarks
- ensure clarity in the geographic remit of the organisation, i.e. regional bodies must not imply a national reach
- avoid the risk of inadvertent masquerading
Domain names should be as short, simple and 'sayable' as possible and must:
- contain only standard ASCII alpha numeric characters A to Z and numerals 0 to 9
- not include hyphens or underscores
- not conflict with internet protocols such as www, ftp, dns, whois
- not include postal codes or pseudo-abbreviations such as ltd, plc, gov
- not contain more than 64 characters
- not be fewer than three letters long
There is now no requirement to include 'Scotland', 'Scottish' or similar forms within the domain name as the geographic remit is explicit in the .scot TLD.
For maximum readability and clarity, domain names should comprise real words, e.g. education.gov.scot, foodstandards.gov.scot, pensions.gov.scot. The use of abbreviations or acronyms is not acceptable unless it can be shown to be commonly recognised beyond a limited group of people.
Note: Acronyms may be exceptionally approved for email domains. Consideration will be on a case by case basis.
8. In accordance with the Gaelic Language (Scotland) Act 2005 public bodies, local authorities and agencies providing a service to the public in Scotland may, where there is a difference between their Gaelic and English names, consider registering both language variants.
Applications for Gaelic language domain names must include, for information purposes, the English language equivalent, e.g. gàidhealtachd.gov.scot and highland.gov.scot.
Note: The .scot TLD supports the character sets of the six native languages of Scotland: English, Scots, Gaelic, Orcadian, Shetlandic and Doric.
No use prior to approval
9. A gov.scot third-level domain may not be used in any context, online or offline, prior to formal approval by the NC. JSL and the NC are not responsible for any costs incurred by an organisation (including marketing and communication costs) as the result of a failure to follow the name request process.
Applying for a domain name
10. i. Choosing an approved domain registrar
JSL maintain support contracts with a wide variety of domain registrars, supporting a variety of TLDs. Only such supported registrars may make third-level gov.scot domain requests of JSL. If an organisation's current registrar is not supported, JSL will readily enter into a support arrangement to enable such requests. A domain registrar must contact JSL directly to initiate this.
ii. Supporting information
To be considered for a gov.scot third-level domain, an organisation must clearly describe its status (as domain owner) and the intended purpose of the domain. The online application form provided by JSL requires this information:
- status, e.g. executive agency, health body
- role and objective
- staffing, e.g. civil servants
- funding, e.g. central taxation
- accountability, e.g. Government Minister, Courts Service
- purpose of the domain name and proposed content, e.g. public service information, commercial transaction, marketing campaign
- primary audience, e.g. young people, professional/specialist
11. To obtain a third-level domain on gov.scot all organisations must follow this process:
- An organisation makes the internal case for entitlement to a domain name
- The organisation's domain registrar submits a name request to JSL via their standardised online form - for decision within 10 working days
- JSL passes the name request to the NC
- The NC may ask questions or comment on relevant issues, e.g. user need, cost and alternative hosting strategies
- The NC assesses the name request and responds to JSL
- JSL notifies the organisation's domain registrar of the decision
- If approved, and subject to payment, JSL registers the domain on behalf of the organisation
This process applies equally to name requests, modifications and deletions.
Appealing against rejection of an application
12. If the NC rejects an application they will explain the reasons. An organisation has the right to appeal the NC rejection. This must be carried out within 10 working days of receiving the rejection notification.
To appeal the decision the organisation's domain registrar must provide JSL with new information to rebut the reasons given for rejection.
The NC will assess the appeal in light of the new information provided and within five working days give a final decision on the application - either approval or rejection with accompanying reasons.
If the applicant remains dissatisfied, the issue will be passed to Scottish Government Director of Communications and Ministerial Support as final arbiter of all approval and rejection decisions of the NC.
- Failure to obtain domain name approval prior to, for example, printing stationery or publicity material, is not grounds for appeal
- An application rejected because of insufficient information requires resubmission, not an appeal
Subdomains and subfolders
13. The use of fourth and fifth-level domains (subdomains) is strongly discouraged and may not be used merely to host alternative content or to subdivide a site by content area.
Subdomains are only to be used:
- for corporate intranet sites carrying only internal traffic
- for corporate extranet sites under access control aimed at specific stakeholder audiences, typically used for an exchange of private data
- for development or test systems that are not publicly addressable
- where a web service or component requires pointing to a third party solution that cannot be locally integrated e.g. commercial agency/cloud hosted, software as a service (SAAS), or a media server or database solution
When used to point to a third party solution a subdomain must not be used for promotional or editorial purposes. A sub-folder of the primary domain must be used to redirect to the sub-domain.
e.g. example.gov.scot/database points to database.example.gov.scot
Use of third-level domains for campaigns (short-term use)
14. The use of third-level domains for marketing campaigns and short-term non-core service offerings is discouraged. The NC will however consider individual requests and will approval/refuse on a case-by-case basis.
15. Public organisations should consider acquiring commercial top-level and second-level domains e.g. .com, .info, .org.uk - comparable to their primary third-level gov.scot domain. This is to minimise the risk of online confusion from:
- Typo squatting (deliberate misspellings of a domain name)
- Cybersquatting (bad faith registration of comparable domain names)
- Cyber smearing (creation of web site creation to convey deceptive, false or disparaging information)
Defensive registration is not necessary for gov.scot domains. Only public organisations may acquire them and their use is wholly controlled by the NC.
Make changes to or cancel a domain
16. Communication with the NC and on all other aspects of domain name management is via the relevant forms on the JSL website.
A public organisation can only communicate with JSL via its domain registrar. JSL has contracts with the majority of UK domain registrars. If an organisation's registrar does not currently contract with JSL, JSL will facilitate the necessary contract.
Not conforming to best practice
17. Once approved and made live domains and sub-domains on gov.scot must conform to the foregoing requirements. In particular, they must resolve correctly and present valid public sector content.
In the event of departure from these requirements the NC will work with the domain owner to agree a remedy. Persistent failure to enact the remedy will be considered a breach, for which two penalties are open to the NC:
- Suspension If a breach is not remedied for 90 days, the DNS for the domain may be switched off. Only once the breach is remedied will the domain be reinstated.
- Withdrawal For a severe or persistent breach the approval for domain renewal may be refused; the DNS for the domain will be removed. For the DNS to be restored the registrant will be required to make a new full application to JSL and the NC in line with the current criteria.
18. If an organisation or service undergoes a change of status that renders it ineligible for a government domain name, it must contact the NC immediately. Prior to removal of the domain a grace period of 90 days will normally be allowed for transition to a new non-government domain.
Email security following transition
19. Email security should be unaffected when an organisation transitions from an existing gsi.gov.uk email address to a new gov.scot email address. This will be dependent on each organisation's email infrastructure and protocols remaining the same.
Email for public sector organisations is, in basic terms, either 'secure' or 'non-secure'. This condition should persist after transition. The new form of the email address is not relevant as the required degree of security is achieved through the persistent combination of infrastructure and protocols.
Note: The established designators of security in email addresses (e.g. @scotland.gsi.gov.uk or @eastlothian.gcsx.gov.uk) are no longer significant.
Domain Name Security Extensions or DNSSEC
20. DNSSEC is a set of extensions to the DNS to protect against website spoofing, i.e. to ensure users are served genuine content. DNSSEC validates - but does not secure – DNS data by means of digital signatures ('certificates') that guarantee DNS lookup validity for servers and clients.
DNSSEC has been enabled for the TLD and SLD 'zones', i.e. for every data transfer on gov.scot JSL and the TLD registrar exchange certificates to authenticate the traffic.
It is therefore available to organisations registering third-level domains on gov.scot to extend this 'chain of trust' by requiring of their registrar that they create and upload their own counterpart certificate for exchange with JSL.
|James Coltham (Chair)||Scottish Government||Head of Digital & Content|
|Lesley Allen||Scottish Government||Stakeholder Manager, Digital Public Services|
|Rowan Smith||Social Security Scotland||Content Delivery Manager|
|Emma Pollock||Education Scotland||Head of Technical Services|
|Ben Chapman||Jisc||Service Desk Senior Shift Leader|