fix: clarifies wording for security requirements

baywet · baywet · commit d49203acbb28 · 2024-10-03T13:56:25.000-04:00
Signed-off-by: Vincent Biret &lt;vibiret@microsoft.com&gt;
diff --git a/versions/3.1.1.md b/versions/3.1.1.md
@@ -3986,10 +3986,9 @@ flows:
 Lists the required security schemes to execute this operation.
 The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object).
 
-Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized.
-This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.
+A Security Requirement Object MAY refer to multiple security schemes in which case all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.
 
-When a list of Security Requirement Objects is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request.
+When the security field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request. This enables support for scenarios where the API supports alternative security schemes, or when they are optional.
 
 ##### Patterned Fields
 
