Change constraint to OPTIONAL of authtype for Auth Context extension.

[JU-2094]

For the recently added extension Auth Context /extensions/authcontext.md the attribute of authtype is the only one marked as REQUIRED in the constraints.

The key principle here is that authtype classification results should be predictable and should not change. However, for some cases the type is preferred to be unknown when we can't determine reliable. The main concern we have is how authtype classifications might change when we are able to classify the request in the future. As a result if we change from unknown to app_user it is a "breaking" change for API consumers. Since their code may build business logic based on authtype results.

This is the reason we are suggesting making authtype OPTIONAL to avoid having customers build business logic around it. If we have to return an authtype in a situation where we don't know for certain, I would prefer to add the enum value unknown. We think is better to avoid this altogether until we can consistently and predictably classify "authtype" to avoid future "breaking change' scenario.

[JU-2094]

Discussed on 11/16 meeting.

This was changed to add a new enum value unknown.

Reasons:

• The CNCF public docs https://github.com/cloudevents/spec/blob/main/cloudevents/documented-extensions.md states that:

The attributes defined in this document have no official standing and might be changed, or removed, at any time. As such, inclusion of an attribute in this document does not need to meet the same level of maturity, or popularity, as attributes defined in the CloudEvents specification.

• All extensions must have at least one REQUIRED attribute. When the extension is enabled it needs one attribute to determine that is present.