-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security extension example and namespaces #538
Conversation
Originally I had an assertion defining a standard namespace for security schemes but decided to drop it and update the example to use an "example.org" URL. We probably SHOULD define a standard namespace for security schemes but we can publish that separately and put it into a W3C NOTE (maybe the WoT Security Best Practices note). I realized it was redundant for schemes actually in the spec. So this PR really only includes an example. In the end I decided to say nothing about the overlap of |
Extended to also take care of Issue #470. |
Does this mean that some level of JSON-LD processing will be needed to understand security schemes? |
Also addressed Issue #350. |
Also fixed #345 |
OK to merge, but we will have to clean up the definition of extensions, perhaps in another document. We will merge, @vcharpenay will define some issues, @mmccool will work on them and define a PR to discuss in the main call next week, and we can aim to merge any updates by the next TD call. |
NOTE: this is based on top of PR #537, so includes those edits as well.
This PR addresses Issue #501. It provides an example of how to use an extension to implement a new security scheme, using OAuth2 as an example.
Also addresses #345, #350, and #470.
NOTE: OAuth2 is important but is also likely to be removed from the specification due to lack of implementation experience. So if we do remove it, this example can remain and still be valid (although we might have to remove the immediately preceding example).