OpenAPI-Specification icon indicating copy to clipboard operation
OpenAPI-Specification copied to clipboard

Published 20 hours ago verified publisher icon OAI

Open Community (TDC) Meeting, Thursday 22 February 2024

Open github-actions[bot] opened this issue 1 year ago • 2 comments

NOTE: weekly meetings happen on Thursdays at 9am - 10am Pacific.

This agenda gives visibility into discussion topics for the weekly Technical Developer Community (TDC) meetings. Sharing agenda items in advance allows people to plan to attend meetings where they have an interest in specific topics.

Whether attending or not, anyone can comment on this issue prior to the meeting to suggest topics or to add comments on planned topics or proposals.

Zoom: https://zoom.us/j/975841675, dial-in passcode: 763054

Participants must abide by our Code-of-Conduct.

F10B5460-B4B3-4463-9CDE-C7F782202EA9

Topic Owner Decision/NextStep
Intros and governance meta-topics (5 mins) TDC
Reports from Special Interest Groups (5 mins) SIG members
Any other business (add comments below to suggest topics) TDC
Approved spec PRs TDC
New issues needing attention @OAI/triage

/cc @OAI/tsc please suggest items for inclusion.

github-actions[bot] avatar Feb 15 '24 16:02 github-actions[bot]

PRs:

  • ALL THE SECURITY!!!! 🔒🤣
    • #3488 (from @darrelmiller 's comment below)
    • #3584 (can't be merged as is, seems to be open as to whether we want to do this in a patch or whether it belongs on learn? or in the security considerations doc?)
    • #3286 (an old security PR for 3.2.0, since we seem to have a security theme at the moment 🧐 )
    • #2582 (a proposal with a discussion ending in a "so... what now?" comment)
  • Is this "guidelines" directory still relevant, and if so is it living in the right place?
    • #3579

Policy issue:

  • #3598 (from @miqui 's comment below)

handrews avatar Feb 16 '24 17:02 handrews

Security considerations PR https://github.com/OAI/OpenAPI-Specification/pull/3488

darrelmiller avatar Feb 18 '24 20:02 darrelmiller

~~Whitespace fixes PRs are rebased and ready~~ already merged

lornajane avatar Feb 20 '24 09:02 lornajane

adding: https://github.com/OAI/OpenAPI-Specification/issues/3598. (OAS extensions)

miqui avatar Feb 20 '24 22:02 miqui

If possible, I'd like to follow up on https://github.com/OAI/OpenAPI-Specification/issues/3572, but unfortunately I can only join at the bottom of the hour.

hudlow avatar Feb 22 '24 15:02 hudlow

Could we talk about https://github.com/OAI/OpenAPI-Specification/issues/3595 in this meeting?

Some things we discussed today could be simplified if we had oauth2 metadata in openapi not only openIdConnectConfigurationUrl

AxelNennker avatar Feb 22 '24 17:02 AxelNennker

Recap from my notes (we have AI transcript but you might not want to read all of it)

  • Very good turnout this week with 17+ people.
  • Updates from SIGs: Moonwalk has good meetings and talked about deployments, both Overlays and Workflows are seeing some activity.
  • TSC membership updates are expected next week.
  • #3488 needs some formatting/editing but got good feedback and is needed for openapi to become a media type.
  • #3584 concerns the modern, secure use of OAuth2. We concluded that OpenAPI is here to enable users to describe their APIs, not to judge if they are doing it right. We'll update our examples to use updated practices (@AxelNennker can you help me identify which examples those are? Ideally by opening an issue that someone can work on) and create learning resources on how it should be done. Edit: #3603 is the followup issue
  • #3286 proposes adding an audience field; group feedback was to add it as an x-audience extension first and show adoption/usage before proposing (should we have closed this?)
  • #2582 is an old issue about sorting out the security schemes. This needs major work so has been moved to the Moonwalk repository. Once we settle how the security schemes will look in the 4.0 version, we'll try to adopt as much as we can for the 3.x branches but it makes no sense to invent something now and something completely different in a year.
  • #3580 PR to remove the old extensions stuff relating to OpenAPI 2.0 was merged.
  • #3598 is about fleshing out our registries for extensions and we also discussed the use of vendor namespaces. The tl;dr is that we should encourage extensions that can be used with multiple tools, but that specific things can still use a prefix. @miqui is going to work on adding some common extensions to the list.
  • #3572 proposes adding more array format styles, and we'd appreciate comments and thoughts on that one if anyone has any.

lornajane avatar Feb 22 '24 18:02 lornajane