Updates to Security Metadata Proposal #88
Conversation
mmccool
commented
Apr 9, 2018
mmccool
commented
- Allow name:value pairs for security configurations, enabled by JSON-LD 1.1 frames
- Convert as -> authorizationUrl, ts -> tokenUrl, and rs -> refreshUrl. The shorter names are nicer but "rs" has a conflict with "Resource Server" that it is best to avoid, and these names are consistent with OpenAPI.
mmccool
changed the title
|
|
Still need to fix certain things in the examples; waiting for updates to main TD examples. |
Add references to RFC's 7235 (HTTP/1.1 authentication), 7615 (Authentication-Info and Proxy-Authentication-Info headers), and 7616 (Digest authentication)
Add (incomplete) description of digest scheme. Add list of omitted schemes: oauth, mutual, hoba.
also some formatting fixes
Remove securityDefinitions block in second example; fix formatting issues; add a bit clearer explanation of definitions.
|
Ready for another round of reviews, and I'd like to do a merge. There are some significant changes from the first version; I just added a separate "securityDefinitions" block and made other changes that make this version of the proposal consistent with and backward compatible with the current TD spec. |
|
I just started to include the security terms in the TD code model. I wonder if the term "scheme" is somehow redundant, if we also have the name of the scheme (e.g., 'apikey', 'basic') as part of the key name as in apikeyConfig, basicConfig etc? |
|
Under the revised proposal a configuration can be given without any key (tag). Also, in general there could be more than one config using the same scheme. So yes, I think we need “scheme”. I agree it DOES seem a little redundant but under the revised proposal keys (named configurations) are only used in securityDefinitions which can be considered an optional “convenience” feature (and only important in very complex configurations). |
