Closed lu-zero closed 1 year ago
@benfrancis I hope I addressed your feedback.
I'm afraid I don't agree with this change. Please see https://github.com/w3c/wot-profile/issues/6#issuecomment-1428472260
I don't think any of the assertions in Common Constraints can be assumed to be applicable to all future profiles, only the current set of HTTP profiles. The current Common Constraints section is an HTTP Common Constraints section.
I also don't see why some of the constraints you've moved to the separate HTTP Common Constraints section (e.g. Links) could not apply to other protocols in the future like CoAP.
Splitting assertions into Common Constraints and HTTP Common Constraints implies that the former apply to profiles using multiple protocols, which I don't think we can assert at this point.
I suggest leaving this as it is and re-assessing at such a point as we add non-HTTP Profiles. Only then will a separate section be necessary.
60ef6cc7b4dbe4139cc90c827191694f95a5e2a7 can be omitted from the patchset without additional changes, is the rest fine for you?
Let's discuss this further in the Security call next week. I would like to clean up this PR by next week's Profile call. @benfrancis thanks for your review, please look for an update next week that I hope will address your concerns (may be a new PR, we'll see if this one can be repaired first).
It is not here anymore but I think that each profile should explain the security scheme on its own. Is OAuth2 usable in Webhook?
Hopefully now it is more acceptable.
@egekorkan wrote:
Is OAuth2 usable in Webhook?
That's a good question, I don't know.
Initial wording for #6.
Preview | Diff