Support concurrent http and https

I talked with Anthony on IRC. This is a "would be nice to have done by end of 2010 (since we can't have it done already via time machine)".

I suspect that this would be a small-to-medium-sized effort, and that we could fit it in along with other goals. I'll run it by Leonard and Benji for implementation ideas soon.

The lazr.restful portion of this is pretty minimal--mostly having to do with URL construction. The real problem is in Launchpad/Zope/Apache, where the HTTP requests are processed, and I don't know how much work it would be to set that up.

In Leonard's previous comment, I believe by "Launchpad/Zope/Apache" he meant "the rest of the application," whether it is Launchpad + Zope + Apache or Django + nginx.

Anthony, am I right that the URL construction bits are exactly what you are talking about from lazr.restful? The rest (security of enforcing HTTPS-only for given content, in particular) would be the responsibility of your application.

Hm, I don't really know what all the LAZR_RESTFUL_USE_HTTPS setting affects. Putting together the urls served for sure, but it would be great if it refused to serve over http some object or method that is configured to be served over https (and possibly vice-versa). I imagine Apache could take care of bouncing you over to https if you try to access https-only resources, but ideally lazr.restful would check too.

At the moment if you try to just access a top level collection within a service root configured for http using an https URL (or vice-versa) it fails with
NotImplementedError: Can't look up definition in another url (http(s)://foo.bar.baz/...)

I didn't realize that we already supported something similar. It sounds doable for lazr.restful to be responsible for something like that, then, yes.