12bde4061SEd Tanous<?xml version="1.0" encoding="UTF-8"?> 22bde4061SEd Tanous<!----> 32bde4061SEd Tanous<!--################################################################################ --> 49b46bc0bSMyung Bae<!--# Redfish Schema: SecurityPolicy v1.0.3 --> 52bde4061SEd Tanous<!--# --> 62bde4061SEd Tanous<!--# For a detailed change log, see the README file contained in the DSP8010 bundle, --> 72bde4061SEd Tanous<!--# available at http://www.dmtf.org/standards/redfish --> 8*d125652eSGunnar Mills<!--# Copyright 2014-2025 DMTF. --> 92bde4061SEd Tanous<!--# For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright --> 102bde4061SEd Tanous<!--################################################################################ --> 112bde4061SEd Tanous<!----> 122bde4061SEd Tanous<edmx:Edmx xmlns:edmx="http://docs.oasis-open.org/odata/ns/edmx" Version="4.0"> 132bde4061SEd Tanous 142bde4061SEd Tanous <edmx:Reference Uri="http://docs.oasis-open.org/odata/odata/v4.0/errata03/csd01/complete/vocabularies/Org.OData.Core.V1.xml"> 152bde4061SEd Tanous <edmx:Include Namespace="Org.OData.Core.V1" Alias="OData"/> 162bde4061SEd Tanous </edmx:Reference> 172bde4061SEd Tanous <edmx:Reference Uri="http://docs.oasis-open.org/odata/odata/v4.0/errata03/csd01/complete/vocabularies/Org.OData.Capabilities.V1.xml"> 182bde4061SEd Tanous <edmx:Include Namespace="Org.OData.Capabilities.V1" Alias="Capabilities"/> 192bde4061SEd Tanous </edmx:Reference> 202bde4061SEd Tanous <edmx:Reference Uri="http://redfish.dmtf.org/schemas/v1/RedfishExtensions_v1.xml"> 212bde4061SEd Tanous <edmx:Include Namespace="Validation.v1_0_0" Alias="Validation"/> 222bde4061SEd Tanous <edmx:Include Namespace="RedfishExtensions.v1_0_0" Alias="Redfish"/> 232bde4061SEd Tanous </edmx:Reference> 242bde4061SEd Tanous <edmx:Reference Uri="http://redfish.dmtf.org/schemas/v1/Resource_v1.xml"> 252bde4061SEd Tanous <edmx:Include Namespace="Resource"/> 262bde4061SEd Tanous <edmx:Include Namespace="Resource.v1_0_0"/> 272bde4061SEd Tanous </edmx:Reference> 282bde4061SEd Tanous <edmx:Reference Uri="http://redfish.dmtf.org/schemas/v1/CertificateCollection_v1.xml"> 292bde4061SEd Tanous <edmx:Include Namespace="CertificateCollection"/> 302bde4061SEd Tanous </edmx:Reference> 312bde4061SEd Tanous 322bde4061SEd Tanous <edmx:DataServices> 332bde4061SEd Tanous 342bde4061SEd Tanous <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="SecurityPolicy"> 352bde4061SEd Tanous <Annotation Term="Redfish.OwningEntity" String="DMTF"/> 36f2a8e57eSGunnar Mills <Annotation Term="Redfish.Language" String="en"/> 372bde4061SEd Tanous 382bde4061SEd Tanous <EntityType Name="SecurityPolicy" BaseType="Resource.v1_0_0.Resource" Abstract="true"> 39f2a8e57eSGunnar Mills <Annotation Term="OData.Description" String="The `SecurityPolicy` resource provides a central point to configure the security policy of a manager."/> 40f2a8e57eSGunnar Mills <Annotation Term="OData.LongDescription" String="This resource shall represent configurable security-related policies managed by a manager. All security parameters in other resources that are controlled by the manager shall follow the related settings in this security policy. For example, an outbound TLS connection established per an `EventDestination` resource will follow the values of the properties in the `TLS` property."/> 412bde4061SEd Tanous <Annotation Term="Capabilities.InsertRestrictions"> 422bde4061SEd Tanous <Record> 432bde4061SEd Tanous <PropertyValue Property="Insertable" Bool="false"/> 442bde4061SEd Tanous </Record> 452bde4061SEd Tanous </Annotation> 462bde4061SEd Tanous <Annotation Term="Capabilities.UpdateRestrictions"> 472bde4061SEd Tanous <Record> 482bde4061SEd Tanous <PropertyValue Property="Updatable" Bool="true"/> 492bde4061SEd Tanous </Record> 502bde4061SEd Tanous </Annotation> 512bde4061SEd Tanous <Annotation Term="Capabilities.DeleteRestrictions"> 522bde4061SEd Tanous <Record> 532bde4061SEd Tanous <PropertyValue Property="Deletable" Bool="false"/> 542bde4061SEd Tanous </Record> 552bde4061SEd Tanous </Annotation> 562bde4061SEd Tanous <Annotation Term="Redfish.Uris"> 572bde4061SEd Tanous <Collection> 582bde4061SEd Tanous <String>/redfish/v1/Managers/{ManagerId}/SecurityPolicy</String> 592bde4061SEd Tanous </Collection> 602bde4061SEd Tanous </Annotation> 612bde4061SEd Tanous </EntityType> 622bde4061SEd Tanous </Schema> 632bde4061SEd Tanous 642bde4061SEd Tanous <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="SecurityPolicy.v1_0_0"> 652bde4061SEd Tanous <Annotation Term="Redfish.OwningEntity" String="DMTF"/> 662bde4061SEd Tanous <Annotation Term="Redfish.Release" String="2022.2"/> 672bde4061SEd Tanous 682bde4061SEd Tanous <EntityType Name="SecurityPolicy" BaseType="SecurityPolicy.SecurityPolicy"> 692bde4061SEd Tanous <Property Name="Actions" Type="SecurityPolicy.v1_0_0.Actions" Nullable="false"> 702bde4061SEd Tanous <Annotation Term="OData.Description" String="The available actions for this resource."/> 712bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain the available actions for this resource."/> 722bde4061SEd Tanous </Property> 732bde4061SEd Tanous <Property Name="Status" Type="Resource.Status" Nullable="false"> 742bde4061SEd Tanous <Annotation Term="OData.Description" String="The status and health of the resource and its subordinate or dependent resources."/> 752bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain any status or health properties of the resource."/> 762bde4061SEd Tanous </Property> 772bde4061SEd Tanous <Property Name="OverrideParentManager" Type="Edm.Boolean" Nullable="false"> 782bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 792bde4061SEd Tanous <Annotation Term="OData.Description" String="Override the security policy of the parent manager."/> 80f2a8e57eSGunnar Mills <Annotation Term="OData.LongDescription" String="This property shall indicate whether this security policy overrides the security policy of the managers referenced by the `ManagedBy` property within the `Links` property of the `Manager` resource for this security policy. If this property is absent, the value shall be assumed to be `false`."/> 812bde4061SEd Tanous </Property> 822bde4061SEd Tanous <Property Name="SPDM" Type="SecurityPolicy.v1_0_0.SPDMPolicy" Nullable="false"> 832bde4061SEd Tanous <Annotation Term="OData.Description" String="The SPDM policy."/> 842bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain the policy requirements for SPDM communication and usage."/> 852bde4061SEd Tanous </Property> 862bde4061SEd Tanous <Property Name="TLS" Type="SecurityPolicy.v1_0_0.TLSCommunication" Nullable="false"> 872bde4061SEd Tanous <Annotation Term="OData.Description" String="The TLS policy."/> 882bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain the policy requirements for TLS communication and usage."/> 892bde4061SEd Tanous </Property> 902bde4061SEd Tanous </EntityType> 912bde4061SEd Tanous 922bde4061SEd Tanous <ComplexType Name="Actions"> 932bde4061SEd Tanous <Annotation Term="OData.AdditionalProperties" Bool="false"/> 942bde4061SEd Tanous <Annotation Term="OData.Description" String="The available actions for this resource."/> 952bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This type shall contain the available actions for this resource."/> 962bde4061SEd Tanous <Property Name="Oem" Type="SecurityPolicy.v1_0_0.OemActions" Nullable="false"> 972bde4061SEd Tanous <Annotation Term="OData.Description" String="The available OEM-specific actions for this resource."/> 982bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain the available OEM-specific actions for this resource."/> 992bde4061SEd Tanous </Property> 1002bde4061SEd Tanous </ComplexType> 1012bde4061SEd Tanous 1022bde4061SEd Tanous <ComplexType Name="OemActions"> 1032bde4061SEd Tanous <Annotation Term="OData.AdditionalProperties" Bool="true"/> 1042bde4061SEd Tanous <Annotation Term="OData.Description" String="The available OEM-specific actions for this resource."/> 1052bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This type shall contain the available OEM-specific actions for this resource."/> 1062bde4061SEd Tanous </ComplexType> 1072bde4061SEd Tanous 1082bde4061SEd Tanous <ComplexType Name="SPDMPolicy"> 1092bde4061SEd Tanous <Annotation Term="OData.AdditionalProperties" Bool="false"/> 1102bde4061SEd Tanous <Annotation Term="OData.Description" String="SPDM policy settings."/> 1112bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This object shall contain SPDM policy settings."/> 1122bde4061SEd Tanous <Property Name="Enabled" Type="Edm.Boolean"> 1132bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 1142bde4061SEd Tanous <Annotation Term="OData.Description" String="An indication of whether SPDM communication with devices is enabled."/> 1152bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall indicate whether SPDM communication with devices as defined in DSP0274 is enabled."/> 1162bde4061SEd Tanous </Property> 1172bde4061SEd Tanous <Property Name="SecureSessionEnabled" Type="Edm.Boolean"> 1182bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 1192bde4061SEd Tanous <Annotation Term="OData.Description" String="An indication of whether SPDM secure sessions with devices is enabled."/> 1202bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall indicate whether SPDM secure sessions with devices as defined in DSP0274 is enabled."/> 1212bde4061SEd Tanous </Property> 1222bde4061SEd Tanous <Property Name="AllowExtendedAlgorithms" Type="Edm.Boolean"> 1232bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 1242bde4061SEd Tanous <Annotation Term="OData.Description" String="An indication of whether SPDM extended algorithms are allowed."/> 1252bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall indicate whether SPDM extended algorithms as defined in DSP0274 are allowed."/> 1262bde4061SEd Tanous </Property> 1272bde4061SEd Tanous <Property Name="VerifyCertificate" Type="Edm.Boolean"> 1282bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 1292bde4061SEd Tanous <Annotation Term="OData.Description" String="An indication of whether the manager will verify the certificate of the SPDM endpoint."/> 1302bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall indicate whether the manager will verify the certificate of the SPDM endpoint. If `true`, the manager shall verify the device certificate with the certificates found in the collections referenced by the `RevokedCertificates` and `TrustedCertificates` properties. If `false`, the manager shall not perform verification of the endpoint certificate."/> 1312bde4061SEd Tanous </Property> 132f2a8e57eSGunnar Mills <NavigationProperty Name="TrustedCertificates" Type="CertificateCollection.CertificateCollection" Nullable="false"> 1332bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> 1342bde4061SEd Tanous <Annotation Term="OData.Description" String="The trusted SPDM device certificates."/> 135f2a8e57eSGunnar Mills <Annotation Term="OData.LongDescription" String="This property shall contain a link to a resource collection of type `CertificateCollection` that represents the set of trusted SPDM device certificates. Certificates in this collection may contain leaf certificates, partial certificate chains, or complete certificate chains, where a partial certificate chain is a chain containing only CA certificates. If `VerifyCertificate` contains the value `true` and if an SPDM endpoint verifies successfully against a partial chain or exactly matches a leaf certificate, that SPDM endpoint shall be considered verified and other authentications checks are performed."/> 1362bde4061SEd Tanous </NavigationProperty> 137f2a8e57eSGunnar Mills <NavigationProperty Name="RevokedCertificates" Type="CertificateCollection.CertificateCollection" Nullable="false"> 1382bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> 1392bde4061SEd Tanous <Annotation Term="OData.Description" String="The revoked SPDM device certificates."/> 140f2a8e57eSGunnar Mills <Annotation Term="OData.LongDescription" String="This property shall contain a link to a resource collection of type `CertificateCollection` that represents the set of revoked SPDM device certificates. Certificates in this collection may contain leaf certificates, partial certificate chains, or complete certificate chains, where a partial certificate chain is a chain containing only CA certificates. If `VerifyCertificate` contains the value `true` and if an SPDM endpoint verifies successfully against a partial chain or exactly matches a leaf certificate, that SPDM endpoint shall fail authentication."/> 1412bde4061SEd Tanous </NavigationProperty> 142f2a8e57eSGunnar Mills <Property Name="Allowed" Type="SecurityPolicy.v1_0_0.SPDMParameterSet" Nullable="false"> 1432bde4061SEd Tanous <Annotation Term="OData.Description" String="The SPDM policy settings that are allowed, such as the allowable SPDM versions and algorithms."/> 1442bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain the SPDM policy settings that are allowed, such as the allowable SPDM versions and algorithms."/> 1452bde4061SEd Tanous </Property> 146f2a8e57eSGunnar Mills <Property Name="Denied" Type="SecurityPolicy.v1_0_0.SPDMParameterSet" Nullable="false"> 1472bde4061SEd Tanous <Annotation Term="OData.Description" String="The SPDM policy settings that are prohibited, such as the prohibited SPDM versions and algorithms."/> 1482bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain the SPDM policy settings that are prohibited, such as the prohibited SPDM versions and algorithms."/> 1492bde4061SEd Tanous </Property> 1502bde4061SEd Tanous </ComplexType> 1512bde4061SEd Tanous 1522bde4061SEd Tanous <ComplexType Name="SPDMParameterSet"> 1532bde4061SEd Tanous <Annotation Term="OData.AdditionalProperties" Bool="false"/> 1542bde4061SEd Tanous <Annotation Term="OData.Description" String="The SPDM policy settings."/> 1552bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This object shall contain SPDM policy settings."/> 156f2a8e57eSGunnar Mills <Property Name="Algorithms" Type="SecurityPolicy.v1_0_0.SPDMAlgorithmSet" Nullable="false"> 1572bde4061SEd Tanous <Annotation Term="OData.Description" String="The SPDM algorithms."/> 1582bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain the SPDM algorithms."/> 1592bde4061SEd Tanous </Property> 1602bde4061SEd Tanous <Property Name="Versions" Type="Collection(Edm.String)"> 1612bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 1622bde4061SEd Tanous <Annotation Term="OData.Description" String="The SPDM versions."/> 1632bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain an array of SPDM versions. An array containing one element with the value of `ALL` or an empty array shall indicate all versions. An array containing one element with a value of `NONE` shall indicate no versions."/> 1642bde4061SEd Tanous <Annotation Term="Validation.Pattern" String="^\d+\.\d+$|^NONE$|^ALL$"/> 1652bde4061SEd Tanous </Property> 1662bde4061SEd Tanous </ComplexType> 1672bde4061SEd Tanous 1682bde4061SEd Tanous <ComplexType Name="SPDMAlgorithmSet"> 1692bde4061SEd Tanous <Annotation Term="OData.AdditionalProperties" Bool="false"/> 1702bde4061SEd Tanous <Annotation Term="OData.Description" String="The SPDM algorithm settings."/> 1712bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This object shall contain SPDM algorithm settings."/> 1722bde4061SEd Tanous <Property Name="AEAD" Type="Collection(Edm.String)"> 1732bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 1742bde4061SEd Tanous <Annotation Term="OData.Description" String="The AEAD algorithms."/> 1752bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain an array of AEAD algorithms. The allowable values for this property shall be the AEAD algorithm names found in the 'AlgSupported' field of the 'AEAD structure' table in DSP0274, `ALL`, and `NONE`. An array containing one element with the value of `ALL` or an empty array shall indicate all AEAD algorithms. An array containing one element with a value of `NONE` shall indicate no AEAD algorithms."/> 1762bde4061SEd Tanous </Property> 1772bde4061SEd Tanous <Property Name="BaseAsym" Type="Collection(Edm.String)"> 1782bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 1792bde4061SEd Tanous <Annotation Term="OData.Description" String="The asymmetric signature algorithms."/> 1802bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain an array of asymmetric signature algorithms. The allowable values for this property shall be the asymmetric key signature algorithm names found in the 'BaseAsymAlgo' field of the 'NEGOTIATE_ALGORITHMS' request message in DSP0274, `ALL`, and `NONE`. An array containing one element with the value of `ALL` or an empty array shall indicate all asymmetric signature algorithms. An array containing one element with a value of `NONE` shall indicate no asymmetric signature algorithms."/> 1812bde4061SEd Tanous </Property> 1822bde4061SEd Tanous <Property Name="BaseHash" Type="Collection(Edm.String)"> 1832bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 1842bde4061SEd Tanous <Annotation Term="OData.Description" String="The hash algorithms."/> 1852bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain an array of hash algorithms. The allowable values for this property shall be the hash algorithm names found in the 'BaseHashAlgo' field of the 'NEGOTIATE_ALGORITHMS' request message in DSP0274, `ALL`, and `NONE`. An array containing one element with the value of `ALL` or an empty array shall indicate all hash algorithms. An array containing one element with a value of `NONE` shall indicate no hash algorithms."/> 1862bde4061SEd Tanous </Property> 1872bde4061SEd Tanous </ComplexType> 1882bde4061SEd Tanous 1892bde4061SEd Tanous <ComplexType Name="TLSCommunication"> 1902bde4061SEd Tanous <Annotation Term="OData.Description" String="The TLS client and server policies."/> 1912bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain the policy requirements for TLS communication and usage for a TLS client and server."/> 1922bde4061SEd Tanous <Property Name="Client" Type="SecurityPolicy.v1_0_0.TLSPolicy" Nullable="false"> 1939b46bc0bSMyung Bae <Annotation Term="OData.Description" String="The TLS policy where the manager acts as a TLS client for communication with servers."/> 1942bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain the policy requirements and usage for TLS connections where the manager acts as a TLS client."/> 1952bde4061SEd Tanous </Property> 1962bde4061SEd Tanous <Property Name="Server" Type="SecurityPolicy.v1_0_0.TLSPolicy" Nullable="false"> 1979b46bc0bSMyung Bae <Annotation Term="OData.Description" String="The TLS policy where the manager acts as a TLS server for communication with clients."/> 1982bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain the policy requirements and usage for TLS connections where the manager acts as a TLS server."/> 1992bde4061SEd Tanous </Property> 2002bde4061SEd Tanous </ComplexType> 2019b46bc0bSMyung Bae 2022bde4061SEd Tanous <ComplexType Name="TLSPolicy"> 2032bde4061SEd Tanous <Annotation Term="OData.AdditionalProperties" Bool="false"/> 2042bde4061SEd Tanous <Annotation Term="OData.Description" String="TLS policy settings."/> 2052bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This object shall contain TLS policy settings."/> 2062bde4061SEd Tanous <Property Name="VerifyCertificate" Type="Edm.Boolean"> 2072bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 2082bde4061SEd Tanous <Annotation Term="OData.Description" String="An indication of whether the manager will verify the certificate of the remote TLS endpoint."/> 2092bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall indicate whether the manager will verify the certificate of the remote endpoint in a TLS connection. If `true`, the manager shall verify the remote endpoint certificate with the certificates found in the collections referenced by the `RevokedCertificates` and `TrustedCertificates` properties. If `false` or not present, the manager shall not perform verification of the endpoint certificate."/> 2102bde4061SEd Tanous </Property> 211f2a8e57eSGunnar Mills <NavigationProperty Name="TrustedCertificates" Type="CertificateCollection.CertificateCollection" Nullable="false"> 2122bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> 2132bde4061SEd Tanous <Annotation Term="OData.Description" String="The trusted TLS server certificates."/> 214f2a8e57eSGunnar Mills <Annotation Term="OData.LongDescription" String="This property shall contain a link to a resource collection of type `CertificateCollection` that represents the set of trusted TLS certificates. Certificates in this collection may contain leaf certificates, partial certificate chains, or complete certificate chains, where a partial certificate chain is a chain containing only CA certificates. If `VerifyCertificate` contains the value `true` and if a TLS endpoint verifies successfully against a partial chain or exactly matches a leaf certificate, that TLS endpoint shall be considered verified and other authentications checks are performed."/> 2152bde4061SEd Tanous </NavigationProperty> 216f2a8e57eSGunnar Mills <NavigationProperty Name="RevokedCertificates" Type="CertificateCollection.CertificateCollection" Nullable="false"> 2172bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> 2182bde4061SEd Tanous <Annotation Term="OData.Description" String="The revoked TLS server certificates."/> 219f2a8e57eSGunnar Mills <Annotation Term="OData.LongDescription" String="This property shall contain a link to a resource collection of type `CertificateCollection` that represents the set of revoked TLS certificates. Certificates in this collection may contain leaf certificates, partial certificate chains, or complete certificate chains, where a partial certificate chain is a chain containing only CA certificates. If `VerifyCertificate` contains the value `true` and if a TLS endpoint verifies successfully against a partial chain or exactly matches a leaf certificate, that TLS endpoint shall fail authentication."/> 2202bde4061SEd Tanous </NavigationProperty> 221f2a8e57eSGunnar Mills <Property Name="Allowed" Type="SecurityPolicy.v1_0_0.TLSParameterSet" Nullable="false"> 2222bde4061SEd Tanous <Annotation Term="OData.Description" String="The TLS policy settings that are allowed, such as the allowable TLS versions and algorithms."/> 223f2a8e57eSGunnar Mills <Annotation Term="OData.LongDescription" String="This property shall contain the TLS policy settings that are allowed, such as the allowable TLS versions and algorithms. If a value is missing for the same property in the `Allowed` and `Denied` object, the missing value shall behave as if the value is present in the same property under the `Denied` object. If a value conflicts for the same property between the `Allowed` and `Denied` object, the value of the same property in the `Denied` object shall take precedence. A Redfish service can resolve or prevent conflicts at time of request as well."/> 2242bde4061SEd Tanous </Property> 225f2a8e57eSGunnar Mills <Property Name="Denied" Type="SecurityPolicy.v1_0_0.TLSParameterSet" Nullable="false"> 2262bde4061SEd Tanous <Annotation Term="OData.Description" String="The TLS policy settings that are prohibited, such as the prohibited TLS versions and algorithms."/> 227f2a8e57eSGunnar Mills <Annotation Term="OData.LongDescription" String="This property shall contain the TLS policy settings that are prohibited, such as the prohibited TLS versions and algorithms. If a value is missing for the same property in the `Allowed` and `Denied` object, the missing value shall behave as if the value is present in the same property under the `Denied` object. If a value conflicts for the same property between the `Allowed` and `Denied` object, the value of the same property in the `Denied` object shall take precedence. A Redfish service can resolve or prevent conflicts at time of request as well."/> 2282bde4061SEd Tanous </Property> 2292bde4061SEd Tanous </ComplexType> 2302bde4061SEd Tanous 2312bde4061SEd Tanous <ComplexType Name="TLSParameterSet"> 2322bde4061SEd Tanous <Annotation Term="OData.AdditionalProperties" Bool="false"/> 2332bde4061SEd Tanous <Annotation Term="OData.Description" String="The TLS policy settings."/> 2342bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This object shall contain TLS policy settings."/> 235f2a8e57eSGunnar Mills <Property Name="Algorithms" Type="SecurityPolicy.v1_0_0.TLSAlgorithmSet" Nullable="false"> 2362bde4061SEd Tanous <Annotation Term="OData.Description" String="The TLS algorithms."/> 2372bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain the TLS algorithms."/> 2382bde4061SEd Tanous </Property> 2392bde4061SEd Tanous <Property Name="Versions" Type="Collection(Edm.String)"> 2402bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 2412bde4061SEd Tanous <Annotation Term="OData.Description" String="The TLS versions."/> 2422bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain an array of TLS versions. An array containing one element with the value of `ALL` or an empty array shall indicate all versions. An array containing one element with a value of `NONE` shall indicate no versions."/> 2432bde4061SEd Tanous <Annotation Term="Validation.Pattern" String="^\d+\.\d+$|^NONE$|^ALL$"/> 2442bde4061SEd Tanous </Property> 2452bde4061SEd Tanous </ComplexType> 2462bde4061SEd Tanous 2472bde4061SEd Tanous <ComplexType Name="TLSAlgorithmSet"> 2482bde4061SEd Tanous <Annotation Term="OData.AdditionalProperties" Bool="false"/> 2492bde4061SEd Tanous <Annotation Term="OData.Description" String="The TLS algorithm settings."/> 2502bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This object shall contain TLS algorithm settings."/> 2512bde4061SEd Tanous <Property Name="CipherSuites" Type="Collection(Edm.String)"> 2522bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 2532bde4061SEd Tanous <Annotation Term="OData.Description" String="The TLS cipher suites."/> 2542bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain an array of TLS cipher suites. The allowable values for this property shall be the TLS cipher suites listed in 'CipherSuites' defined in, but not limited to, RFC4346, RFC5246, or RFC8446, `ALL`, and `NONE`. An array containing one element with the value of `ALL` or an empty array shall indicate all TLS cipher suites. An array containing one element with a value of `NONE` shall indicate no TLS cipher suites."/> 2552bde4061SEd Tanous </Property> 2562bde4061SEd Tanous <Property Name="SignatureAlgorithms" Type="Collection(Edm.String)"> 2572bde4061SEd Tanous <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 2582bde4061SEd Tanous <Annotation Term="OData.Description" String="The TLS signature algorithms."/> 2592bde4061SEd Tanous <Annotation Term="OData.LongDescription" String="This property shall contain an array of TLS signature algorithms. The allowable values for this property shall be the TLS signature algorithms listed in 'SignatureScheme' or the concatenation of 'SignatureAlgorithm', '_', and 'HashAlgorithm' defined in, but not limited to, RFC4346, RFC5246, or RFC8446, `ALL`, and `NONE`. An array containing one element with the value of `ALL` or an empty array shall indicate all TLS signature algorithms. An array containing one element with a value of `NONE` shall indicate no TLS signature algorithms."/> 2602bde4061SEd Tanous </Property> 2612bde4061SEd Tanous </ComplexType> 2622bde4061SEd Tanous </Schema> 2632bde4061SEd Tanous 2642bde4061SEd Tanous <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="SecurityPolicy.v1_0_1"> 2652bde4061SEd Tanous <Annotation Term="Redfish.OwningEntity" String="DMTF"/> 2662bde4061SEd Tanous <Annotation Term="OData.Description" String="This version was created to correct various typographical errors."/> 2672bde4061SEd Tanous <EntityType Name="SecurityPolicy" BaseType="SecurityPolicy.v1_0_0.SecurityPolicy"/> 2682bde4061SEd Tanous </Schema> 2692bde4061SEd Tanous 270f2a8e57eSGunnar Mills <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="SecurityPolicy.v1_0_2"> 271f2a8e57eSGunnar Mills <Annotation Term="Redfish.OwningEntity" String="DMTF"/> 272f2a8e57eSGunnar Mills <Annotation Term="OData.Description" String="This version was created to force the regeneration of OpenAPI schemas to properly express nullable properties with external references. It was also created to correct various typographical errors."/> 273f2a8e57eSGunnar Mills <EntityType Name="SecurityPolicy" BaseType="SecurityPolicy.v1_0_1.SecurityPolicy"/> 274f2a8e57eSGunnar Mills </Schema> 275f2a8e57eSGunnar Mills 2769b46bc0bSMyung Bae <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="SecurityPolicy.v1_0_3"> 2779b46bc0bSMyung Bae <Annotation Term="Redfish.OwningEntity" String="DMTF"/> 2789b46bc0bSMyung Bae <Annotation Term="OData.Description" String="This version was created to clarify the usage of the `Client` and `Server` properties within the `TLS` property."/> 2799b46bc0bSMyung Bae <EntityType Name="SecurityPolicy" BaseType="SecurityPolicy.v1_0_2.SecurityPolicy"/> 2809b46bc0bSMyung Bae </Schema> 2819b46bc0bSMyung Bae 2822bde4061SEd Tanous </edmx:DataServices> 2832bde4061SEd Tanous</edmx:Edmx> 284