OpenAPI 3.x now supports Mutual TLS authentication!

The new Interoperability Framework ModI2018 is going to mandate OpenAPI 3.x (aka OAS) as a specification format for new REST APIs.

Thus, together with other countries like Netherland and United Kingdom, we’re starting participating to the OpenAPI community and pushing forward changes to make standards more suitable for government.

Discussions happens during weekly TSC Technical Steering Committee
online meetings.

Latest TSC, after a long discussion about how many details should be provided, integrated mutualTLS in the OAS 3.1 specs with a minimal change. Details for mutualTLS could be provided as link references and documentation (eg. where to get the certs, …)

Another approved field is info.summary which is very useful for catalog purposes.

We’re currently discussing whether:

  • providing further details for mutualTLS
  • reference a cryptoDefinitions proposal

For the future, an interesting work is ongoing on alternativeSchemas and XSD representation. As of now, OAS has its own schema model. Supporting eg. xsd to help legacy system to switch to OAS would be very useful. Tooling implementors are a bit oncerned on the impacts such a change could have on their work (eg. supporting XSD means to mandatory support this complex model?)

If you want to contribute to OAS or you think there are useful changes to propose, feel free to join and/or contact us!