konklone
commented
9 years ago One more note, especially as it relates to government-produced works -- the Government Digital Services team requires HTTPS as part of their government service manual that all UK government services must comply with. The team I'm a part of in the US government, 18F, only builds HTTPS services.
shevski
I wasn't able to see any part of the open data certificate process that evaluated whether or not data was provided over a secure connection (
https://).Open data deserves a secure connection too, and I'd argue it's particularly important for the kind of reliability and integration of open data the ODI is hoping to catalyze. As a simple but concrete example - when the Sunlight Foundation built an open data IFTTT channel, IFTTT required that communication between our data and their systems occur over an HTTPS connection.
The World Wide Web Consortium's Technical Architecture Group (chaired by TBL, in his non-ODI capacity) has issued Securing The Web, which recommends moving the web over to HTTPS generally. While that's not in the ODI's scope of work, the ODI can do its part to push open data and the web in the right direction by factoring HTTPS into the certificate process.