HTTPS a requirement?

[mheadd]

HTTPS is quickly becoming a requirement for government websites & services. Should we make this a requirement in the API? Or is that a detail best left for specific implementations?

[mmartin78]

I believe that is an implementation detail. Normally, the read-only public data APIs will not need HTTPS, but you could host them under HTTPS. The transaction APIs if/where supported must be done under HTTPS. I do not believe these decisions belong in the standard though.