v3.1.1(schema): update empty security array constraint #4070
Conversation
This follows up from a discussion on the OAI slack that decided: * redefining "document" to sometimes mean multiple documents is confusing * "description" has more support than "definition"
…re also valid for style=simple
This is a more natural grouping of similar types, making the data much easier to read.
…e-style the chart in section 4.8.12.4 shows that primitive and object types are also valid for style=simple
…v3.1.1 switch the order of these styles in the tables
…ct-extra-params extra keywords in the reference object are permitted (v3.1.1)
Co-authored-by: Ralf Handl <ralf.handl@sap.com>
Remove "redact" from wording, leaving only "obscure". Co-authored-by: Rob Ede <robjtede@icloud.com>
Co-authored-by: Ralf Handl <ralf.handl@sap.com>
Co-authored-by: Ralf Handl <ralf.handl@sap.com>
merging per today's TDC call
…d-composition merging after discussion on the TDC call today
* Sync validate-markdown workflow with main (3.1.1) * Match latest environment from main
Generalize description of password data type
…ples-v3.1.1 whitespace and quoting fixes in json and yaml examples (v3.1.1)
Co-authored-by: Adam Altman <adam@rebilly.com>
Co-authored-by: Mike Kistler <mikekistler@microsoft.com>
…ts-3.1.1 small typo fix
3.1.1 discriminator improvements
"Object" definition, etc. (3.1.1 port of OAI#3050)
…-as-message-body 3.1.1: example for "raw JSON" as message body
3.1.1: tables cleanup
…urity 3.1.1: absent, empty, or incomplete security list
jeremyfiel
force-pushed
the
feat/update-empty-security-array-constraint-3.1.x
branch
from
b445f55
to
43e0026
Compare
based on discussions * OAI#3938 (comment) * OAI#4007
jeremyfiel
force-pushed
the
feat/update-empty-security-array-constraint-3.1.x
branch
from
43e0026
to
c7d6fc9
Compare
|
@jeremyfiel as with the other one this needs to go to main, but also I'm not sure why you have added this as |
|
Doesn't your comment infer from the spec language that at minimum for an undefined security requirement, the empty object SHALL be defined? |
|
I also commented in a slack discussion today that I believe the security requirement spec text is the only reference to an actual JSON structure where is recommends [{}] rather than only descriptive text. |
|
@jeremyfiel all of that was about defining what |
|
I suppose the wording |
No. The top-level declaration in the OpenAPI Object is the default applying to all operations, and this may state "no authentication required" by including An operation can opt out of this default in two ways:
Should we need to elaborate this in the specification text? |
|
There are some problems with this pull request, but having discussed the proposed change (the newest commit), this isn't a useful change to make to our existing validation schemas since it is valid to have an empty security array. Please keep an eye on the project for more discussion about linting schemas in addition to our validation schemas. |
based on discussions
Clarification about the meaning of an empty security array #3938 (comment)
Clarify
security; state what[]means #4007