From ef6f397a0080d8ff95f9a78fab5a63159f3edb8e Mon Sep 17 00:00:00 2001
From: Mike Ralphson <mike.ralphson@gmail.com>
Date: Wed, 6 Feb 2019 09:54:32 +0000
Subject: [PATCH] security; widen use of scopes array to other securityScheme
 types

---
 versions/3.1.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/versions/3.1.0.md b/versions/3.1.0.md
index f0c7f54abe..6e1b8a6215 100644
--- a/versions/3.1.0.md
+++ b/versions/3.1.0.md
@@ -3340,7 +3340,7 @@ When a list of Security Requirement Objects is defined on the [OpenAPI Object](#
 
 Field Pattern | Type | Description
 ---|:---:|---
-<a name="securityRequirementsName"></a>{name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#componentsObject). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution. For other security scheme types, the array MUST be empty.
+<a name="securityRequirementsName"></a>{name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#componentsObject). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution. For other security scheme types, the array MAY contain a list of role names which are required for the execution, but are not otherwise defined or exchanged in-band.
 
 ##### Security Requirement Object Examples