Remove and/or Whitelist Security For Merged APIs

[tmack8001]

It would be helpful to be able to throw away security definitions in each individual source and add new ones for all APIs (whitelist likely, similar to paths.include model). This way if you have a microservice architecture with a common gateway where authN is implemented within that Gateway the merged swagger file which is the union of everything exposed by the Gateway could own the security definitions of all the routes exposed. This would be opposed to exposing or keeping the security definitions which would typically define the protocol between "serviceA", "serviceB" and the "gateway".

[tmack8001]

Looking at an approach for this. Have something that is quite dirty in approach right now. Want to clean it up a bit will post some details on how I'm envisioning the json to look trying to keep consistency with other features where it makes sense.

[maximeblaisjive]

I was looking at this also, we can rename a security def, but I would be interested in removing it all-together from the spec

i.e: "apis": [ { "url": "http://localhost:8080/calls/v2/specs.yaml", "securityDefinitions": { "delete": { "oauth2" } },