You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
+1 to adding /api/security or similar in an extension, in case the OpenAPI security scheme declarations are not sufficient for common use cases.
Maybe this should then also be raised at https://github.com/OAI/OpenAPI-Specification/issues since this does not sound like a geo-specific requirement and would best be addressed by ICT standards, not by OGC standards?
Already done. See OAI/OpenAPI-Specification#1004 for part of the discussion. A number of other issues touch on updates to the security declarations as well. I have been working on a set of requirements based on the U.S. NIST taxonomy of security controls. Next step is to try to pull all of these issues together into a viable proposal. Frank Terpstra is playing as well so we can tag-team.
It appears that all of the security schemes commonly used by OGC implementations are supported by OpenAPI. Recommend closing this issue. Specific deficiencies in the OpenAPI Security Schemes should be tracked through their own issues.
From teleconference 12-FEB-2018:
The text was updated successfully, but these errors were encountered: