9.5 Swordfish Schema Types
9.5.9 DataSecurityLineOfService 1.1.1
9.5.9.1 Description This structure shall be used to describe data security service level requirements.
9.5.9.2 URIs /redfish/v1/StorageServices/{StorageServiceId}/ClassesOfService/{ClassOfServiceId}/DataSecurityLinesOfService/{DataSecurityLineOfServiceId}
/redfish/v1/StorageServices/{StorageServiceId}/LinesOfService/DataSecurityLinesOfService/{DataSecurityLineOfServiceId}
Property Type Attributes Notes
Actions(v1.1+){} object The Actions
property shall contain the available actions for this resource.
AntivirusE ngineProvider
string re ad-write(null) The value shall specify an
AntiVirus provider.
Antiviru
sScanPolicies[ ]
array
(string(enum))
• read-write(null)*
The enumeration literal shall specify the policy for triggering an AntiVirus scan. For the possible
string(enum) •
read-write(null)*
The enumeration literal shall specify a key size in a symmetric encryption algorithm for transport channel encryption. For the possible property values, see ChannelEnc ryptionStrength in Property details.
Property Type Attributes Notes DataSanit
izationPolicy
string(enum) •
read-write(null)*
The enumeration literal shall specify the data
sanitization policy.
For the possible property values, see DataSan itizationPolicy in Property details.
Description string r ead-only(null) This object represents the description of this resource. The resource values shall comply with the Redfish
string(enum) •
read-write(null)*
The enumeration literal shall specify the authentication type for hosts (servers) or
initiator endpoints.
For the possible property values, see HostAut henticationType in Property details.
Property Type Attributes Notes
Id string read-only required This property
represents an identifier for the resource. The resource values shall comply with the Redfish Specific
ation-described requirements.
MediaEncry ptionStrength
string(enum) •
read-write(null)*
The enumeration literal shall specify a key size in a symmetric encryption algorithm for media encryption.
For the possible property values, see MediaEnc ryptionStrength in Property details.
Property Type Attributes Notes
Name string read-only required This object
represents the name of this resource or array member. The resource values shall comply with the Redfish Specific
ation-described requirements. This string value shall be of the ‘Name’
reserved word format.
Oem{} object This property shall
contain the OEM extensions. All values for
properties that this object contains shall conform to the Redfish Specific
ation-described requirements. For property details, see Oem.
Property Type Attributes Notes SecureCh
annelProtocol
string(enum) •
read-write(null)*
The enumeration literal shall specify the protocol that provide encrypted communication.
For the possible property values,
string(enum) •
read-write(null)*
The enumeration literal shall specify the authentication type for users (or programs). For the possible property values, see UserAut henticationType in Property details.
9.5.9.4 Property details
9.5.9.4.1 AntivirusScanPolicies: The enumeration literal shall specify the policy for triggering an AntiVirus scan.
string Description
None This enumeration literal specifies No
trigger.
OnFirstRead This enumeration literal specifies to
trigger on first read.
OnPatternUpdate This enumeration literal specifies to trigger on antivirus pattern file update.
string Description
OnRename This enumeration literal specifies to
trigger on object rename.
OnUpdate This enumeration literal specifies to
trigger on object update.
9.5.9.4.2 ChannelEncryptionStrength: The enumeration literal shall specify a key size in a symmetric encryption algorithm for transport channel encryption.
string Description
Bits_0 This enumeration literal specifies that there is no key.
Bits_112 This enumeration literal specifies a 3DES 112 bit key.
Bits_128 This enumeration literal specifies an AES 128 bit key.
Bits_192 This enumeration literal specifies an AES 192 bit key.
Bits_256 This enumeration literal specifies an AES 256 bit key.
9.5.9.4.3 DataSanitizationPolicy: The enumeration literal shall specify the data sanitization policy.
string Description
Clear This enumeration literal specifies to
sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques.
string Description
CryptographicErase This enumeration literal specifies to leverages the encryption of target data by enabling sanitization of the target data’s encryption key. This leaves only the ciphertext remaining on the media, effectively sanitizing the data by preventing read-access. For more information, see NIST800-88 and ISO/IEC 27040.
None This enumeration literal specifies no
sanitization.
9.5.9.4.4 HostAuthenticationType: The enumeration literal shall specify the au-thentication type for hosts (servers) or initiator endpoints.
string Description
None This enumeration literal specifies No
authentication.
Password This enumeration literal specifies
Password/shared-secret: Absent an distributed authentication infrastructure, this is what is typically done.
PKI This enumeration literal specifies a
Public Key Infrastructure. Customers with the highest assurance requirements roll PKI out to hosts and users (it is more common for hosts than users. User PKI-based authentication has significant operational complications and
administrative overheads, e.g., smart cards may be involved.
string Description
Ticket This enumeration literal specifies
Ticket-based (e.g., Kerberos): This is the most common class of authentication infrastructure used in enterprises.
Kerberos is the best known example, and Windows usage of that via Active
Directory is so widely deployed as to be a de facto standard. In other areas (e.g., academia) there are comparable ticket-based systems.
9.5.9.4.5 MediaEncryptionStrength: The enumeration literal shall specify a key size in a symmetric encryption algorithm for media encryption.
string Description
Bits_0 This enumeration literal specifies that there is no key.
Bits_112 This enumeration literal specifies a 3DES 112 bit key.
Bits_128 This enumeration literal specifies an AES 128 bit key.
Bits_192 This enumeration literal specifies an AES 192 bit key.
Bits_256 This enumeration literal specifies an AES 256 bit key.
9.5.9.4.6 SecureChannelProtocol: The enumeration literal shall specify the proto-col that provide encrypted communication.
string Description
IPsec This enumeration literal specifies
Internet Protocol Security (IPsec), as defined by IETF RFC 2401.
None This enumeration literal specifies no
encryption.
string Description
RPCSEC_GSS This enumeration literal specifies RPC
access to the Generic Security Services Application Programming Interface (GSS-API), as defined by IETF RPC 2203.
TLS This enumeration literal specifies
Transport Layer Security (TLS), as defined by IETF RFC 5246.
9.5.9.4.7 UserAuthenticationType: The enumeration literal shall specify the au-thentication type for users (or programs).
string Description
None This enumeration literal specifies No
authentication.
Password This enumeration literal specifies
Password/shared-secret: Absent an distributed authentication infrastructure, this is what is typically done.
PKI This enumeration literal specifies a
Public Key Infrastructure. Customers with the highest assurance requirements roll PKI out to hosts and users (it is more common for hosts than users. User PKI-based authentication has significant operational complications and
administrative overheads, e.g., smart cards may be involved.
string Description
Ticket This enumeration literal specifies
Ticket-based (e.g., Kerberos): This is the most common class of authentication infrastructure used in enterprises.
Kerberos is the best known example, and Windows usage of that via Active
Directory is so widely deployed as to be a de facto standard. In other areas (e.g., academia) there are comparable ticket-based systems.