Ron

For those of you who didn't notice, @PavelStefanov has submitted #3803 as a potential solution for this feature. Everyone's input on this one has been great and much appreciated. Looks...

Need more that. What are some use cases where you don't want to document them, you do want them in the spec, but don't want them in the UI (which...

That's ACL on the Swagger definition which if we choose to add should be handled in a much different way than just adding a private/hidden property to an operation (there...

I'd probably go with a different name, and possibly with a different kind of granularity, but yeah. At least now it can be solved with vendor extensions. We'll need to...

Visibility is a result, but it's not necessarily the only issue. You may want to do something further like explicitly disallow execution based on specific credentials and not just hide...

The `security` refers to the requirements to _execute_ the API, but it doesn't mean it should be hidden from the user. It just means the user needs to be aware...

And again the quote "There are only two hard things in Computer Science: cache invalidation and naming things." (Phil Karlton) comes to mind. I get what you're saying regarding the...

I'm not sure I see the difference between 1 and 3, so would appreciate further explanation. For 4. - `security` is meant to cover it. For 2. - this is...

It's not the only way. Nothing prohibits you from adding your own vendor extensions to perform it. In swagger-core we allow definition filtering based on information available from the code....

To make things easier (not really), I'm not really sure it belongs in the spec. It's my (personal) belief that we should encourage API definitions to be public and not...