Security extension example and namespaces #538
Conversation
|
Originally I had an assertion defining a standard namespace for security schemes but decided to drop it and update the example to use an "example.org" URL. We probably SHOULD define a standard namespace for security schemes but we can publish that separately and put it into a W3C NOTE (maybe the WoT Security Best Practices note). I realized it was redundant for schemes actually in the spec. So this PR really only includes an example. In the end I decided to say nothing about the overlap of |
|
Extended to also take care of Issue #470. |
|
Does this mean that some level of JSON-LD processing will be needed to understand security schemes? |
|
Also addressed Issue #350. |
|
Also fixed #345 |
|
OK to merge, but we will have to clean up the definition of extensions, perhaps in another document. We will merge, @vcharpenay will define some issues, @mmccool will work on them and define a PR to discuss in the main call next week, and we can aim to merge any updates by the next TD call. |
NOTE: this is based on top of PR #537, so includes those edits as well.
This PR addresses Issue #501. It provides an example of how to use an extension to implement a new security scheme, using OAuth2 as an example.
Also addresses #345, #350, and #470.
NOTE: OAuth2 is important but is also likely to be removed from the specification due to lack of implementation experience. So if we do remove it, this example can remain and still be valid (although we might have to remove the immediately preceding example).