HL7 over HTTP: First try at a specification

This post is a first call for comments on a specification for HL7 over HTTP.

The draft is here: http://hl7api.sourceforge.net/hapi-hl7overhttp/specification.html

HL7 over HTTP is an idea I first floated on the HAPI mailing list last week, and since there was a fair bit of interest I thought I would try to cobble together a spec. The spec as it stands incorporates most of the feedback I received on Blogspot and on the HAPI mailing list, so it's probably time to start getting feedback on how that all looks on paper.

Some areas I'm particularly interested on opinions on:

• For the internet protocol crowd: Is it really wise to specify that only the parts of RFC 2616 which are explicitly referenced in HoH are required to be supported? My hope is that this leads to an easier to implement spec (since features like redirect, multipart content, cache-control, etc. are not relevant to transactional system-to-system messaging). My fear is that we'll miss something critical (my first attempt skipped the "Host" header, which I then learned is an absolute must according to HTTP/1.1)
• For the security crowd: Is SHA512 with RSA a good signature algorithm for message non-repudiation? At a glance it seems like it might be too java-centric. (Would a CMS signature be better? A CMS signed message?) 

I've also got a reference implementation started, with the hope that it will be usable in a wide variety of circumstances (e.g. servlet, standalone application, drop-in LLP implementation) and even in applications that don't otherwise use HAPI in order to encourage adoption. More to come on that, but please get in touch if you would like to get involved.