clarifies security requirements wording for 3.1.1

versions/3.1.1.md

@@ -3986,10 +3986,13 @@ flows:
 Lists the required security schemes to execute this operation.
 The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object).
 
-Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized.
+A Security Requirement Object MAY refer to multiple security schemes in which case all schemes MUST be satisfied for a request to be authorized.
 This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.
 
-When a list of Security Requirement Objects is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request.
+When the `security` field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request.
+This enables support for scenarios where the API allows multiple, independent security schemes.
+
+An empty Security Requirement Object (`{}`) indicates anonymous access is supported.
 
 ##### Patterned Fields