From eb3c83399b1583bc96339e0a32d47056386a8d90 Mon Sep 17 00:00:00 2001
From: Vincent Biret <vibiret@microsoft.com>
Date: Thu, 3 Oct 2024 13:59:22 -0400
Subject: [PATCH 1/2] fix: clarifies wording for security requirements

---
 versions/3.0.4.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/versions/3.0.4.md b/versions/3.0.4.md
index 82a7963e0f..18af555b0b 100644
--- a/versions/3.0.4.md
+++ b/versions/3.0.4.md
@@ -3726,10 +3726,11 @@ flows:
 Lists the required security schemes to execute this operation.
 The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object).
 
-Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized.
+A Security Requirement Object MAY refer to multiple security schemes in which case all schemes MUST be satisfied for a request to be authorized.
 This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.
 
-When a list of Security Requirement Objects is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request.
+When the security field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request.
+This enables support for scenarios where the API supports alternative security schemes, or when they are optional.
 
 ##### Patterned Fields
 

From 133352b1028bf3acb841dc2957ba31a8a233379e Mon Sep 17 00:00:00 2001
From: Vincent Biret <vibiret@microsoft.com>
Date: Mon, 7 Oct 2024 07:58:21 -0400
Subject: [PATCH 2/2] Apply suggestions from code review

Co-authored-by: Ralf Handl <ralf.handl@sap.com>
Co-authored-by: Kevin Swiber <kswiber@gmail.com>
---
 versions/3.0.4.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/versions/3.0.4.md b/versions/3.0.4.md
index 18af555b0b..85c0830e1e 100644
--- a/versions/3.0.4.md
+++ b/versions/3.0.4.md
@@ -3729,8 +3729,10 @@ The name used for each property MUST correspond to a security scheme declared in
 A Security Requirement Object MAY refer to multiple security schemes in which case all schemes MUST be satisfied for a request to be authorized.
 This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.
 
-When the security field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request.
-This enables support for scenarios where the API supports alternative security schemes, or when they are optional.
+When the `security` field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request.
+This enables support for scenarios where the API allows multiple, independent security schemes.
+
+An empty Security Requirement Object (`{}`) indicates anonymous access is supported.
 
 ##### Patterned Fields