New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify whether security is mandatory #230
Comments
I recommend they should all be optional. |
We discussed this at length a while ago and decided the simplest solution was to make them mandatory only at the top level, which avoids a lot of complicated checking, and at worst adds only one line to the TD. To go along with this there is a new "nosec" security scheme, which is needed in the case there is no security. Somehow my previous edits to make this change did not "stick" so I just created another PR: #265 |
since a long time, security is a mandatory requirement in the TD. This should increase awareness for IoT applications. |
Currently all "security" fields are "optional" which is confusing since in fact the rule is that security is necessary at "at least one level". Matthias suggested a way around this would be to make the top-level security mandatory and the rest at lower levels (eg in forms) optional. In effect the top level would define the "default" value of the security field, then it is overridden only for exceptions.
The text was updated successfully, but these errors were encountered: