Need for fine-grained per-channel authn/authz

[jstoiko]

The current authn/authz mechanism described with securitySchemes in AsyncAPI 2.0 works at a global level, i.e. it is definable inside the server node. oAuth2 “scopes” allows to provide some authz metadata related to specific channels however 1) it only applies to oAuth2 and 2) it applied to the entire API.

Sometimes, an API may have different channels supporting a different set of permissions. Those permissions are usually reflected in the security scheme being used. Therefor, it would be nice to have the ability to set securitySchemes at the channel level.

[derberg]

@jstoiko have you seen https://github.com/asyncapi/spec/pull/584 ?