5.1 Encryption
SData relies on HTTPS for encryption. For example:
https://www.example.com/sdata/myApp/myContract/-/customers
Most business applications contain sensitive data. To protect this data from potential spies on the network, it should be encrypted. SData does not introduce any specific encryption mechanism but relies on HTTPS, the well-known secure variant of HTTP, to encrypt communications.
HTTPS needs a certificate installed on the provider side. If the SData site is meant for public viewing on the Internet, the certificate must be purchased from a reputable vendor such as Verisign or Thawte and renewed regularly. This is costly and complex to administer for small businesses.
On the other hand, if the SData site is for private or semi-private use, HTTPS can be used with free certificates.
SData providers SHOULD use HTTPS to secure sensitive data over the Internet.