jspetrak
commented
1 month ago What does it help to require a header but allow empty value? During last week hackathon, people put there random values. If we enforce a format in the future, we will have to enforce some dummy placeholder so we can distinguius between value should be ignored and somebody put invalid value in. My estimate is that many clients/providers will identify the requester by JWT and will not need that so we will open that discussion every time somebody not using Requestor will start using OSDM. I think this should be enforce billaterally only, not by the openapi.
schlpbch
Sorry I don't agree with this change. The string can be empty but the attribute must be mandatory.