Dear Satish,
first of all, as you are talking about V5, TMF630 is not the correct version of the guidelines; unfortunately, the V5 guidelines are still work in progress; as far as I know they are managed under the ID TMF763, and part 1 is on the way to be reviewed and published, the date depends on the processes progress. Reach out to Pierre Gauthier for the status/plans.
Your structure and in particular the use of the @-attributes looks OK when talking about a V4 API; only if the example is from a POST, it must not contain the id of the to be created resource, the id is meant to be created by the service implementing the API and will only be returned in the response.
Open APIs V5 are based on Open API Specification (OAS) 3.0, and they make heavily use of allOf/anyOf features, so your extension of PermissionSpecification in extension of the additional attributes and use of the @-attributes should use "allOf PermissionSpecification" to include all attributes of the base class.
Also, the V5 APIs use the @type as discriminator, and thus must be required for all resources.
Remark: Permission probably should not be a specialization/subclass of PermissionSpecification; a type of Permission is specified/described by a PermissionSpecification, but it is no PermissionSpecification ...
And finally: V5 APIs are not "crafted by hand", but they are compiled by the V5 tooling from a so-called rules-file that amongst others refers to schemas (json schema files) of the contained resources. So creating a new V5 API or upgrading an existing API to V5 should be done by creating/modifying the rules file and the referred schema files.
The structure of the schema files is described in Part 7 of the guidelines, with - sorry - the V5 version still work in progress.
------------------------------
Lutz Bettge
Deutsche Telekom AG
------------------------------