1<?xml version="1.0" encoding="UTF-8"?> 2<!----> 3<!--################################################################################ --> 4<!--# Redfish Schema: KeyPolicy v1.0.1 --> 5<!--# --> 6<!--# For a detailed change log, see the README file contained in the DSP8010 bundle, --> 7<!--# available at http://www.dmtf.org/standards/redfish --> 8<!--# Copyright 2014-2024 DMTF. --> 9<!--# For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright --> 10<!--################################################################################ --> 11<!----> 12<edmx:Edmx xmlns:edmx="http://docs.oasis-open.org/odata/ns/edmx" Version="4.0"> 13 14 <edmx:Reference Uri="http://docs.oasis-open.org/odata/odata/v4.0/errata03/csd01/complete/vocabularies/Org.OData.Core.V1.xml"> 15 <edmx:Include Namespace="Org.OData.Core.V1" Alias="OData"/> 16 </edmx:Reference> 17 <edmx:Reference Uri="http://docs.oasis-open.org/odata/odata/v4.0/errata03/csd01/complete/vocabularies/Org.OData.Capabilities.V1.xml"> 18 <edmx:Include Namespace="Org.OData.Capabilities.V1" Alias="Capabilities"/> 19 </edmx:Reference> 20 <edmx:Reference Uri="http://redfish.dmtf.org/schemas/v1/Resource_v1.xml"> 21 <edmx:Include Namespace="Resource.v1_0_0"/> 22 </edmx:Reference> 23 <edmx:Reference Uri="http://redfish.dmtf.org/schemas/v1/RedfishExtensions_v1.xml"> 24 <edmx:Include Namespace="RedfishExtensions.v1_0_0" Alias="Redfish"/> 25 <edmx:Include Namespace="Validation.v1_0_0" Alias="Validation"/> 26 </edmx:Reference> 27 28 <edmx:DataServices> 29 30 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="KeyPolicy"> 31 <Annotation Term="Redfish.OwningEntity" String="DMTF"/> 32 <Annotation Term="Redfish.Language" String="en"/> 33 34 <EntityType Name="KeyPolicy" BaseType="Resource.v1_0_0.Resource" Abstract="true"> 35 <Annotation Term="OData.Description" String="The `KeyPolicy` schema describes settings for how keys are allowed to be used for accessing devices or services."/> 36 <Annotation Term="OData.LongDescription" String="This resource shall represent a key policy for a Redfish implementation."/> 37 <Annotation Term="Capabilities.InsertRestrictions"> 38 <Record> 39 <PropertyValue Property="Insertable" Bool="false"/> 40 </Record> 41 </Annotation> 42 <Annotation Term="Capabilities.UpdateRestrictions"> 43 <Record> 44 <PropertyValue Property="Updatable" Bool="true"/> 45 </Record> 46 </Annotation> 47 <Annotation Term="Capabilities.DeleteRestrictions"> 48 <Record> 49 <PropertyValue Property="Deletable" Bool="true"/> 50 </Record> 51 </Annotation> 52 <Annotation Term="Redfish.Uris"> 53 <Collection> 54 <String>/redfish/v1/KeyService/NVMeoFKeyPolicies/{KeyPolicyId}</String> 55 </Collection> 56 </Annotation> 57 </EntityType> 58 </Schema> 59 60 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="KeyPolicy.v1_0_0"> 61 <Annotation Term="Redfish.OwningEntity" String="DMTF"/> 62 <Annotation Term="Redfish.Release" String="2021.2"/> 63 64 <EntityType Name="KeyPolicy" BaseType="KeyPolicy.KeyPolicy"> 65 <Property Name="KeyPolicyType" Type="KeyPolicy.v1_0_0.KeyPolicyType"> 66 <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/> 67 <Annotation Term="OData.Description" String="The type of key policy."/> 68 <Annotation Term="OData.LongDescription" String="This property shall contain the type of key policy."/> 69 <Annotation Term="Redfish.RequiredOnCreate"/> 70 </Property> 71 <Property Name="IsDefault" Type="Edm.Boolean"> 72 <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 73 <Annotation Term="OData.Description" String="Indicates if this is the default key policy."/> 74 <Annotation Term="OData.LongDescription" String="This property shall indicate if this key policy is the policy applied when no other policies are specified."/> 75 </Property> 76 <Property Name="NVMeoF" Type="KeyPolicy.v1_0_0.NVMeoF" Nullable="false"> 77 <Annotation Term="OData.Description" String="NVMe-oF specific properties."/> 78 <Annotation Term="OData.LongDescription" String="This property shall contain NVMe-oF specific properties for this key policy. This property shall be present if `KeyPolicyType` contains the value `NVMeoF`."/> 79 </Property> 80 <Property Name="Actions" Type="KeyPolicy.v1_0_0.Actions" Nullable="false"> 81 <Annotation Term="OData.Description" String="The available actions for this resource."/> 82 <Annotation Term="OData.LongDescription" String="This property shall contain the available actions for this resource."/> 83 </Property> 84 </EntityType> 85 86 <EnumType Name="KeyPolicyType"> 87 <Member Name="NVMeoF"> 88 <Annotation Term="OData.Description" String="An NVMe-oF key policy."/> 89 <Annotation Term="OData.LongDescription" String="This value shall indicate the key policy is for an NVMe-oF key."/> 90 </Member> 91 </EnumType> 92 93 <ComplexType Name="NVMeoF"> 94 <Annotation Term="OData.AdditionalProperties" Bool="false"/> 95 <Annotation Term="OData.Description" String="NVMe-oF specific properties."/> 96 <Annotation Term="OData.LongDescription" String="This type shall contain NVMe-oF specific properties for a key policy."/> 97 <Property Name="SecurityProtocolAllowList" Type="Collection(KeyPolicy.v1_0_0.NVMeoFSecurityProtocolType)"> 98 <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 99 <Annotation Term="OData.Description" String="The security protocols that this key policy allows."/> 100 <Annotation Term="OData.LongDescription" String="This property shall contain the security protocols that this key policy allows. NVMe-oF channels are restricted to security protocols in this list. The absence of the property shall indicate any security protocol is allowed. An empty list shall indicate no security protocols are allowed."/> 101 </Property> 102 <Property Name="OEMSecurityProtocolAllowList" Type="Collection(Edm.String)"> 103 <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 104 <Annotation Term="OData.Description" String="The OEM security protocols that this key policy allows."/> 105 <Annotation Term="OData.LongDescription" String="This property shall contain the OEM-defined security protocols that this key policy allows. NVMe-oF channels are restricted to OEM-defined security protocols in this list. An empty list shall indicate no security protocols are allowed. This property shall be present if `SecurityProtocolAllowList` contains `OEM`."/> 106 </Property> 107 <Property Name="SecureHashAllowList" Type="Collection(KeyPolicy.v1_0_0.NVMeoFSecureHashType)"> 108 <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 109 <Annotation Term="OData.Description" String="The secure hash algorithms that this key policy allows."/> 110 <Annotation Term="OData.LongDescription" String="This property shall contain the secure hash algorithms that this key policy allows. The absence of the property shall indicate any secure hash algorithm is allowed. An empty list shall indicate no secure hash algorithms are allowed."/> 111 </Property> 112 <Property Name="SecurityTransportAllowList" Type="Collection(KeyPolicy.v1_0_0.NVMeoFSecurityTransportType)"> 113 <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 114 <Annotation Term="OData.Description" String="The security transports that this key policy allows."/> 115 <Annotation Term="OData.LongDescription" String="This property shall contain the security transports that this key policy allows. The absence of the property shall indicate any security transport is allowed. An empty list shall indicate no security transports are allowed."/> 116 </Property> 117 <Property Name="CipherSuiteAllowList" Type="Collection(KeyPolicy.v1_0_0.NVMeoFCipherSuiteType)"> 118 <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 119 <Annotation Term="OData.Description" String="The cipher suites that this key policy allows."/> 120 <Annotation Term="OData.LongDescription" String="This property shall contain the cipher suites that this key policy allows. The absence of the property shall indicate any cipher suite is allowed. An empty list shall indicate no cipher suites are allowed."/> 121 </Property> 122 <Property Name="DHGroupAllowList" Type="Collection(KeyPolicy.v1_0_0.NVMeoFDHGroupType)"> 123 <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/> 124 <Annotation Term="OData.Description" String="The Diffie-Hellman (DH) groups that this key policy allows."/> 125 <Annotation Term="OData.LongDescription" String="This property shall contain the Diffie-Hellman (DH) groups that this key policy allows. The absence of the property shall indicate any DH group is allowed. An empty list shall indicate no DH groups are allowed."/> 126 </Property> 127 </ComplexType> 128 129 <EnumType Name="NVMeoFSecurityProtocolType"> 130 <Annotation Term="OData.Description" String="The NVMe security protocols that a key is allowed to use."/> 131 <Annotation Term="OData.LongDescription" String="This enumeration shall list the NVMe security protocols that a key is allowed to use."/> 132 <Member Name="DHHC"> 133 <Annotation Term="OData.Description" String="Diffie-Hellman Hashed Message Authentication Code Challenge Handshake Authentication Protocol (DH-HMAC-CHAP)."/> 134 <Annotation Term="OData.LongDescription" String="This value shall indicate the Diffie-Hellman Hashed Message Authentication Code Challenge Handshake Authentication Protocol (DH-HMAC-CHAP) as defined by the NVMe Base Specification."/> 135 </Member> 136 <Member Name="TLS_PSK"> 137 <Annotation Term="OData.Description" String="Transport Layer Security Pre-Shared Key (TLS PSK)."/> 138 <Annotation Term="OData.LongDescription" String="This value shall indicate Transport Layer Security Pre-Shared Key (TLS PSK) as defined by the NVMe TCP Transport Specification."/> 139 </Member> 140 <Member Name="OEM"> 141 <Annotation Term="OData.Description" String="OEM."/> 142 <Annotation Term="OData.LongDescription" String="This value shall indicate an OEM-defined security protocol. The `OEMSecurityProtocolAllowList` property shall contain the specific OEM protocol."/> 143 </Member> 144 </EnumType> 145 146 <EnumType Name="NVMeoFSecureHashType"> 147 <Annotation Term="OData.Description" String="The NVMe secure hash algorithms that a key is allowed to use."/> 148 <Annotation Term="OData.LongDescription" String="This enumeration shall list the NVMe secure hash algorithms that a key is allowed to use."/> 149 <Member Name="SHA256"> 150 <Annotation Term="OData.Description" String="SHA-256."/> 151 <Annotation Term="OData.LongDescription" String="This value shall indicate the SHA-256 hash function as defined by the 'DH-HMAC-CHAP hash function identifiers' figure in the NVMe Base Specification."/> 152 </Member> 153 <Member Name="SHA384"> 154 <Annotation Term="OData.Description" String="SHA-384."/> 155 <Annotation Term="OData.LongDescription" String="This value shall indicate the SHA-384 hash function as defined by the 'DH-HMAC-CHAP hash function identifiers' figure in the NVMe Base Specification."/> 156 </Member> 157 <Member Name="SHA512"> 158 <Annotation Term="OData.Description" String="SHA-512."/> 159 <Annotation Term="OData.LongDescription" String="This value shall indicate the SHA-512 hash function as defined by the 'DH-HMAC-CHAP hash function identifiers' figure in the NVMe Base Specification."/> 160 </Member> 161 </EnumType> 162 163 <EnumType Name="NVMeoFSecurityTransportType"> 164 <Annotation Term="OData.Description" String="The NVMe security transports that a key is allowed to use."/> 165 <Annotation Term="OData.LongDescription" String="This enumeration shall list the NVMe security transports that a key is allowed to use."/> 166 <Member Name="TLSv2"> 167 <Annotation Term="OData.Description" String="Transport Layer Security (TLS) v2."/> 168 <Annotation Term="OData.LongDescription" String="This value shall indicate Transport Layer Security (TLS) v2 as defined by the 'Transport Specific Address Subtype `Definition` for NVMe/TCP Transport' figure in the NVMe TCP Transport Specification."/> 169 </Member> 170 <Member Name="TLSv3"> 171 <Annotation Term="OData.Description" String="Transport Layer Security (TLS) v3."/> 172 <Annotation Term="OData.LongDescription" String="This value shall indicate Transport Layer Security (TLS) v3 as defined by the 'Transport Specific Address Subtype `Definition` for NVMe/TCP Transport' figure in the NVMe TCP Transport Specification."/> 173 </Member> 174 </EnumType> 175 176 <EnumType Name="NVMeoFCipherSuiteType"> 177 <Annotation Term="OData.Description" String="The NVMe cipher suites that a key is allowed to use."/> 178 <Annotation Term="OData.LongDescription" String="This enumeration shall list the NVMe cipher suites that a key is allowed to use."/> 179 <Member Name="TLS_AES_128_GCM_SHA256"> 180 <Annotation Term="OData.Description" String="TLS_AES_128_GCM_SHA256."/> 181 <Annotation Term="OData.LongDescription" String="This value shall indicate TLS_AES_128_GCM_SHA256 as defined by the 'Mandatory and Recommended Cipher Suites' clause in the NVMe TCP Transport Specification."/> 182 </Member> 183 <Member Name="TLS_AES_256_GCM_SHA384"> 184 <Annotation Term="OData.Description" String="TLS_AES_256_GCM_SHA384."/> 185 <Annotation Term="OData.LongDescription" String="This value shall indicate TLS_AES_256_GCM_SHA384 as defined by the 'Mandatory and Recommended Cipher Suites' clause in the NVMe TCP Transport Specification."/> 186 </Member> 187 </EnumType> 188 189 <EnumType Name="NVMeoFDHGroupType"> 190 <Annotation Term="OData.Description" String="The NVMe Diffie-Hellman (DH) groups that a key is allowed to use."/> 191 <Annotation Term="OData.LongDescription" String="This enumeration shall list the Diffie-Hellman (DH) groups that a key is allowed to use."/> 192 <Member Name="FFDHE2048"> 193 <Annotation Term="OData.Description" String="2048-bit Diffie-Hellman (DH) group."/> 194 <Annotation Term="OData.LongDescription" String="This value shall indicate the 2048-bit Diffie-Hellman (DH) group as defined by the 'DH-HMAC-CHAP Diffie-Hellman group identifiers' figure in the NVMe Base Specification."/> 195 </Member> 196 <Member Name="FFDHE3072"> 197 <Annotation Term="OData.Description" String="3072-bit Diffie-Hellman (DH) group."/> 198 <Annotation Term="OData.LongDescription" String="This value shall indicate the 3072-bit Diffie-Hellman (DH) group as defined by the 'DH-HMAC-CHAP Diffie-Hellman group identifiers' figure in the NVMe Base Specification."/> 199 </Member> 200 <Member Name="FFDHE4096"> 201 <Annotation Term="OData.Description" String="4096-bit Diffie-Hellman (DH) group."/> 202 <Annotation Term="OData.LongDescription" String="This value shall indicate the 4096-bit Diffie-Hellman (DH) group as defined by the 'DH-HMAC-CHAP Diffie-Hellman group identifiers' figure in the NVMe Base Specification."/> 203 </Member> 204 <Member Name="FFDHE6144"> 205 <Annotation Term="OData.Description" String="6144-bit Diffie-Hellman (DH) group."/> 206 <Annotation Term="OData.LongDescription" String="This value shall indicate the 2048-bit Diffie-Hellman (DH) group as defined by the 'DH-HMAC-CHAP Diffie-Hellman group identifiers' figure in the NVMe Base Specification."/> 207 </Member> 208 <Member Name="FFDHE8192"> 209 <Annotation Term="OData.Description" String="8192-bit Diffie-Hellman (DH) group."/> 210 <Annotation Term="OData.LongDescription" String="This value shall indicate the 8192-bit Diffie-Hellman (DH) group as defined by the 'DH-HMAC-CHAP Diffie-Hellman group identifiers' figure in the NVMe Base Specification."/> 211 </Member> 212 </EnumType> 213 214 <ComplexType Name="Actions"> 215 <Annotation Term="OData.AdditionalProperties" Bool="false"/> 216 <Annotation Term="OData.Description" String="The available actions for this resource."/> 217 <Annotation Term="OData.LongDescription" String="This type shall contain the available actions for this resource."/> 218 <Property Name="Oem" Type="KeyPolicy.v1_0_0.OemActions" Nullable="false"> 219 <Annotation Term="OData.Description" String="The available OEM-specific actions for this resource."/> 220 <Annotation Term="OData.LongDescription" String="This property shall contain the available OEM-specific actions for this resource."/> 221 </Property> 222 </ComplexType> 223 224 <ComplexType Name="OemActions"> 225 <Annotation Term="OData.AdditionalProperties" Bool="true"/> 226 <Annotation Term="OData.Description" String="The available OEM-specific actions for this resource."/> 227 <Annotation Term="OData.LongDescription" String="This type shall contain the available OEM-specific actions for this resource."/> 228 </ComplexType> 229 </Schema> 230 231 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="KeyPolicy.v1_0_1"> 232 <Annotation Term="Redfish.OwningEntity" String="DMTF"/> 233 <Annotation Term="OData.Description" String="This version was created to force the regeneration of OpenAPI schemas to properly express nullable properties with external references. It was also created to correct various typographical errors."/> 234 <EntityType Name="KeyPolicy" BaseType="KeyPolicy.v1_0_0.KeyPolicy"/> 235 </Schema> 236 237 </edmx:DataServices> 238</edmx:Edmx> 239