Fyi ... (01)
---------- Forwarded message ----------
From: Ray Fergerson <ray.fergerson@xxxxxxxxxxxx>
Date: Tue, Jan 24, 2012 at 2:35 PM
Subject: Re: [bioontology-support] HTTPS support for REST web services?
To: Matt Hughes <hughe419@xxxxxxx>, bioontology-support@xxxxxxxxxxxxxxxxxxxx (02)
Matt, (03)
What is the scenario in which you are getting this warning? Are you using
our widgets on your https page? Are you using your own widgets to call the
NCBO REST services from the browser directly? (04)
Depending on your scenario it isn't clear that making the REST services
available by https will solve your problem. For example, our widgets go
through the front-end and do not make direct REST calls. Even if they did
call REST directly, as we currently distribute them, they make http calls
and would still not work. If it is your own widgets then it seems like you
can solve your problem by sending their calls through a proxy server that
calls us in the backend (hiding the insecure communication from IE). (05)
We have discussed https support and decided not to do it, at least in the
near term. We aren't really a secure site and don't really have much call
to be. The overhead of setting up and maintaining this sort of security is
not huge but it is not negligible either and there would be no gain for
the vast majority of our users. Of course if a lot of people start
complaining about it then we may reconsider... (06)
Ray (07)
> -----Original Message-----
> From: bioontology-support-bounces@xxxxxxxxxxxxxxxxxx
> [mailto:bioontology-support-bounces@xxxxxxxxxxxxxxxxxx] On Behalf Of
> Matt Hughes
> Sent: Tuesday, January 24, 2012 8:28 AM
> To: bioontology-support@xxxxxxxxxxxxxxxxxx
> Subject: [bioontology-support] HTTPS support for REST web services?
>
> Is there any plan to support the REST services over https? It seems
> when we have web applications that communicate over https, and then as
> a result of some action hit other web services, if they aren't https,
> then IE puts up a pop-up asking if it's ok to include Mixed Content,
> which creates a bit of a headache for training, or IT configuration. Is
> seems based on my reading that the standard is really to just make sure
> all other services also be available over https, but I'm happy to be
> corrected if anybody disagrees with this assessment.
>
> Thank you,
>
> Matt Hughes
> _______________________________________________
> bioontology-support mailing list
> bioontology-support@xxxxxxxxxxxxxxxxxx
> https://mailman.stanford.edu/mailman/listinfo/bioontology-support (08)
_________________________________________________________________
Message Archives: http://ontolog.cim3.net/forum/oor-dev/
Config/Unsubscribe: http://ontolog.cim3.net/mailman/listinfo/oor-dev/
Shared Files: http://ontolog.cim3.net/file/work/OOR/dev/
Wiki: http://ontolog.cim3.net/cgi-bin/wiki.pl?OpenOntologyRepository (09)
|