We never talked about TLS for the user portal. Add a bit of language
related to that.
Fixes #90
To discuss:
Should this be a MUST? Existing solutions often don't use https, but that may not be a good reason to loosen the requirement.
Have I properly mentioned the URI scheme as being https? Do we even need to do that? I'm trying to put a requirement on the API that it provide a URI that lends itself to tls-based communication, which is why I took that approach.
We never talked about TLS for the user portal. Add a bit of language related to that.
Fixes #90
To discuss: