docs: adding document for servers' security #2231
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TRohit20
requested review from
quetzalliwrites and
asyncapi-bot-eve
as code owners
✅ Deploy Preview for shimmering-choux-eb0798 ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
derberg
requested changes
Oct 24, 2023
derberg
reviewed
Oct 25, 2023
There was a problem hiding this comment.
- if you know if someone is working on document for security on operation level, please make sure folks you cross link these documents
- for the examples of schemes, please make sure code with yaml has proper indentation, like you have in lines 72-74 so later when docs are rendered, the code snippet looks like a part of a bullet
- please talk with other writers, especially with @mhmohona so you align on the approach with diagrams, to assure consistency as looks like you folks do it different per PR
I think you missed this comment diagrams are still not consistent, in this PR you start diagram with did you have a discussion I asked for in docs group, to agree on one way of doing these diagrams for AsyncAPI Document structur? they need to be consistent across all docs |
derberg
previously approved these changes
Nov 15, 2023
There was a problem hiding this comment.
Made changes directly with 4265bba
- update diagram to match others like from tags PR
- and some indentations as without them it renders bad in preview, examples not part of bullet points
@alequetzalli ready for your final review and approval to merge
| @@ -0,0 +1,115 @@ | |||
| --- | |||
| title: Server Security | |||
There was a problem hiding this comment.
Suggested change
| title: Server Security | |
| title: Server security |
|
|
||
| In the context of AsyncAPI, securing servers ensures secure exchange of messages between clients and servers. While also protecting sensitive data, preventing unauthorized access, and maintaining the overall security of the API or server. | ||
|
|
||
| You can describe how is your server secured with `security` property where you define which security schemes can be used with the server in context. Each `server` in the AsyncAPI document can have one or more security schemes declared. A security scheme defines a security requirement that must be satisfied to authorize an operation, such as a API key or username and password. |
There was a problem hiding this comment.
Suggested change
| You can describe how is your server secured with `security` property where you define which security schemes can be used with the server in context. Each `server` in the AsyncAPI document can have one or more security schemes declared. A security scheme defines a security requirement that must be satisfied to authorize an operation, such as a API key or username and password. | |
| You can describe how your server is secured with the `security` property where you define which security schemes can be used with the server in context. Each `server` in the AsyncAPI document can have one or more security schemes declared. A security scheme defines a security requirement that must be satisfied to authorize an operation, such as an API key or a username and password. |
|
|
||
| You can describe how is your server secured with `security` property where you define which security schemes can be used with the server in context. Each `server` in the AsyncAPI document can have one or more security schemes declared. A security scheme defines a security requirement that must be satisfied to authorize an operation, such as a API key or username and password. | ||
|
|
||
| Here is a example of adding security to your server that shows that different server can have different security mechanisms: |
There was a problem hiding this comment.
Suggested change
| Here is a example of adding security to your server that shows that different server can have different security mechanisms: | |
| Here is an example of adding security to your server, demonstrating that different servers can employ various security mechanisms: |
| description: Download the certificate files from service provider | ||
| ``` | ||
|
|
||
| Here is a illustration of securing servers: |
There was a problem hiding this comment.
Suggested change
| Here is a illustration of securing servers: | |
| Here is an illustration of securing servers: |
| type: scramSha512 | ||
| ``` | ||
|
|
||
| Although, the `security` property is not mandatory to be implemented, it is a good practise to always secure your server(s) in production. Similarly, having multiple security schemes declared does not necessarily mean that the server is more secure, it really depends on other factors such as the protocol used, use case, business perspective and more. Additionally, you can also [add security on the `operation` level](securing-operations) |
There was a problem hiding this comment.
Suggested change
| Although, the `security` property is not mandatory to be implemented, it is a good practise to always secure your server(s) in production. Similarly, having multiple security schemes declared does not necessarily mean that the server is more secure, it really depends on other factors such as the protocol used, use case, business perspective and more. Additionally, you can also [add security on the `operation` level](securing-operations) | |
| Although the `security` property is not mandatory, it is a good practice to always secure your server(s) in production. Similarly, having multiple security schemes declared does not necessarily mean that the server is more secure; it depends on other factors such as the protocol used, use case, business perspective, and more. Additionally, you can also [add security at the `operation` level](securing-operations). |
quetzalliwrites
approved these changes
Nov 16, 2023
|
/rtm |
quetzalliwrites
added a commit
that referenced
this pull request
Nov 16, 2023
This reverts commit 8f5b024.
This was referenced Nov 16, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
As part of Google Season of Docs 2023 at AsyncAPI, we're going to write in-depth explanations of the different sections of an AsyncAPI document to avoid difficulties in implementing EDAs.
For this document issue, we'll be adding document about adding the
securityto servers or securing servers in a AsyncAPI document.Related issue
This task is part of the GSoD Docs EPIC: #1507.
Resolves #1715