From fc4ec9e8c573929f809c5d3040fd2fc56ddee1f8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 22 May 2026 15:29:14 +0000 Subject: [PATCH] chore(deps): update vendored OpenAPI specs --- specs/authorization/authorization.openapi.yaml | 13 +++++++++++++ specs/authorization/v2/authorization.openapi.yaml | 6 ++++++ specs/kas/kas.openapi.yaml | 6 +++--- specs/policy/actions/actions.openapi.yaml | 6 ++++++ specs/policy/attributes/attributes.openapi.yaml | 6 ++++++ .../key_access_server_registry.openapi.yaml | 12 +++++++++--- specs/policy/namespaces/namespaces.openapi.yaml | 6 ++++++ specs/policy/objects.openapi.yaml | 7 +++++++ specs/policy/obligations/obligations.openapi.yaml | 6 ++++++ .../registered_resources.openapi.yaml | 6 ++++++ .../resourcemapping/resource_mapping.openapi.yaml | 6 ++++++ .../subjectmapping/subject_mapping.openapi.yaml | 7 +++++++ specs/policy/unsafe/unsafe.openapi.yaml | 6 ++++++ 13 files changed, 87 insertions(+), 6 deletions(-) diff --git a/specs/authorization/authorization.openapi.yaml b/specs/authorization/authorization.openapi.yaml index dd0cb366..5a112b61 100644 --- a/specs/authorization/authorization.openapi.yaml +++ b/specs/authorization/authorization.openapi.yaml @@ -140,6 +140,9 @@ components: - ALGORITHM_EC_P256 - ALGORITHM_EC_P384 - ALGORITHM_EC_P521 + - ALGORITHM_HPQT_XWING + - ALGORITHM_HPQT_SECP256R1_MLKEM768 + - ALGORITHM_HPQT_SECP384R1_MLKEM1024 description: Supported key algorithms. policy.KasPublicKeyAlgEnum: type: string @@ -151,6 +154,9 @@ components: - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 policy.SourceType: type: string title: SourceType @@ -186,6 +192,7 @@ components: Example Request Get Decisions to answer the question - Do Bob (represented by entity chain ec1) and Alice (represented by entity chain ec2) have TRANSMIT authorization for 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ? + { "actions": [ { @@ -257,11 +264,13 @@ components: Example response for a Decision Request - Do Bob (represented by entity chain ec1) and Alice (represented by entity chain ec2) have TRANSMIT authorization for 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ? + Results: - bob has permitted authorization to transmit for a resource defined by attr-set-1 attributes and has a watermark obligation - bob has denied authorization to transmit a for a resource defined by attr-set-2 attributes - alice has permitted authorization to transmit for a resource defined by attr-set-1 attributes - alice has denied authorization to transmit a for a resource defined by attr-set-2 attributes + { "entityChainId": "ec1", "resourceAttributesId": "attr-set-1", @@ -449,7 +458,9 @@ components: additionalProperties: false description: |- Request to get entitlements for one or more entities for an optional attribute scope + Example: Get entitlements for bob and alice (both represented using an email address + { "entities": [ { @@ -480,6 +491,7 @@ components: additionalProperties: false description: |- Example Response for a request of : Get entitlements for bob and alice (both represented using an email address + { "entitlements": [ { @@ -551,6 +563,7 @@ components: Example Request Get Decisions by Token to answer the question - Do Bob and client1 (represented by token tok1) and Alice and client2 (represented by token tok2) have TRANSMIT authorization for 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ? + { "actions": [ { diff --git a/specs/authorization/v2/authorization.openapi.yaml b/specs/authorization/v2/authorization.openapi.yaml index 0f4f92d5..7e9d8372 100644 --- a/specs/authorization/v2/authorization.openapi.yaml +++ b/specs/authorization/v2/authorization.openapi.yaml @@ -175,6 +175,9 @@ components: - ALGORITHM_EC_P256 - ALGORITHM_EC_P384 - ALGORITHM_EC_P521 + - ALGORITHM_HPQT_XWING + - ALGORITHM_HPQT_SECP256R1_MLKEM768 + - ALGORITHM_HPQT_SECP384R1_MLKEM1024 description: Supported key algorithms. policy.KasPublicKeyAlgEnum: type: string @@ -186,6 +189,9 @@ components: - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 policy.SourceType: type: string title: SourceType diff --git a/specs/kas/kas.openapi.yaml b/specs/kas/kas.openapi.yaml index 2ba076ac..a3570281 100644 --- a/specs/kas/kas.openapi.yaml +++ b/specs/kas/kas.openapi.yaml @@ -235,7 +235,7 @@ components: description: |- Type of key wrapping used for the data encryption key Required: Always - Values: 'wrapped' (RSA-wrapped for ZTDF), 'ec-wrapped' (experimental ECDH-wrapped) + Values: 'wrapped' (RSA-wrapped for ZTDF), 'ec-wrapped' (experimental ECDH-wrapped), 'hybrid-wrapped' (experimental X-Wing-wrapped) url: type: string title: kas_url @@ -282,7 +282,7 @@ components: description: |- Ephemeral public key for ECDH key derivation (ec-wrapped type only) Required: When key_type="ec-wrapped" (experimental ECDH-based ZTDF) - Omitted: When key_type="wrapped" (RSA-based ZTDF) + Omitted: When key_type="wrapped" or key_type="hybrid-wrapped" Should be a PEM-encoded PKCS#8 (ASN.1) formatted public key Used to derive the symmetric key for unwrapping the DEK title: KeyAccess @@ -472,7 +472,7 @@ components: description: |- KAS's ephemeral session public key in PEM format Required: For EC-based operations (key_type="ec-wrapped") - Optional: Empty for RSA-based ZTDF (key_type="wrapped") + Optional: Empty for RSA-based or X-Wing-based ZTDF (key_type="wrapped" or key_type="hybrid-wrapped") Used by client to perform ECDH key agreement and decrypt the kas_wrapped_key values schemaVersion: type: string diff --git a/specs/policy/actions/actions.openapi.yaml b/specs/policy/actions/actions.openapi.yaml index 4f4681fc..db1d5d2a 100644 --- a/specs/policy/actions/actions.openapi.yaml +++ b/specs/policy/actions/actions.openapi.yaml @@ -203,6 +203,9 @@ components: - ALGORITHM_EC_P256 - ALGORITHM_EC_P384 - ALGORITHM_EC_P521 + - ALGORITHM_HPQT_XWING + - ALGORITHM_HPQT_SECP256R1_MLKEM768 + - ALGORITHM_HPQT_SECP384R1_MLKEM1024 description: Supported key algorithms. policy.AttributeRuleTypeEnum: type: string @@ -229,6 +232,9 @@ components: - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 policy.SourceType: type: string title: SourceType diff --git a/specs/policy/attributes/attributes.openapi.yaml b/specs/policy/attributes/attributes.openapi.yaml index 5e208ad6..1eb291ec 100644 --- a/specs/policy/attributes/attributes.openapi.yaml +++ b/specs/policy/attributes/attributes.openapi.yaml @@ -722,6 +722,9 @@ components: - ALGORITHM_EC_P256 - ALGORITHM_EC_P384 - ALGORITHM_EC_P521 + - ALGORITHM_HPQT_XWING + - ALGORITHM_HPQT_SECP256R1_MLKEM768 + - ALGORITHM_HPQT_SECP384R1_MLKEM1024 description: Supported key algorithms. policy.AttributeRuleTypeEnum: type: string @@ -748,6 +751,9 @@ components: - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 policy.SortDirection: type: string title: SortDirection diff --git a/specs/policy/kasregistry/key_access_server_registry.openapi.yaml b/specs/policy/kasregistry/key_access_server_registry.openapi.yaml index e5ea9f45..a3eb12f0 100644 --- a/specs/policy/kasregistry/key_access_server_registry.openapi.yaml +++ b/specs/policy/kasregistry/key_access_server_registry.openapi.yaml @@ -523,6 +523,9 @@ components: - ALGORITHM_EC_P256 - ALGORITHM_EC_P384 - ALGORITHM_EC_P521 + - ALGORITHM_HPQT_XWING + - ALGORITHM_HPQT_SECP256R1_MLKEM768 + - ALGORITHM_HPQT_SECP384R1_MLKEM1024 description: Supported key algorithms. policy.KasPublicKeyAlgEnum: type: string @@ -534,6 +537,9 @@ components: - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 policy.KeyMode: type: string title: KeyMode @@ -1165,7 +1171,7 @@ components: Required The algorithm to be used for the key The key_algorithm must be one of the defined values.: ``` - this in [1, 2, 3, 4, 5] + this in [1, 2, 3, 4, 5, 6, 7, 8] ``` $ref: '#/components/schemas/policy.Algorithm' @@ -1722,7 +1728,7 @@ components: Filter keys by algorithm The key_algorithm must be one of the defined values.: ``` - this in [0, 1, 2, 3, 4, 5] + this in [0, 1, 2, 3, 4, 5, 6, 7, 8] ``` $ref: '#/components/schemas/policy.Algorithm' @@ -1996,7 +2002,7 @@ components: Required The key_algorithm must be one of the defined values.: ``` - this in [1, 2, 3, 4, 5] + this in [1, 2, 3, 4, 5, 6, 7, 8] ``` $ref: '#/components/schemas/policy.Algorithm' diff --git a/specs/policy/namespaces/namespaces.openapi.yaml b/specs/policy/namespaces/namespaces.openapi.yaml index 25f2b14f..191af3ea 100644 --- a/specs/policy/namespaces/namespaces.openapi.yaml +++ b/specs/policy/namespaces/namespaces.openapi.yaml @@ -353,6 +353,9 @@ components: - ALGORITHM_EC_P256 - ALGORITHM_EC_P384 - ALGORITHM_EC_P521 + - ALGORITHM_HPQT_XWING + - ALGORITHM_HPQT_SECP256R1_MLKEM768 + - ALGORITHM_HPQT_SECP384R1_MLKEM1024 description: Supported key algorithms. policy.KasPublicKeyAlgEnum: type: string @@ -364,6 +367,9 @@ components: - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 policy.SortDirection: type: string title: SortDirection diff --git a/specs/policy/objects.openapi.yaml b/specs/policy/objects.openapi.yaml index ba1c5e3f..9c72e91e 100644 --- a/specs/policy/objects.openapi.yaml +++ b/specs/policy/objects.openapi.yaml @@ -21,6 +21,9 @@ components: - ALGORITHM_EC_P256 - ALGORITHM_EC_P384 - ALGORITHM_EC_P521 + - ALGORITHM_HPQT_XWING + - ALGORITHM_HPQT_SECP256R1_MLKEM768 + - ALGORITHM_HPQT_SECP384R1_MLKEM1024 description: Supported key algorithms. policy.AttributeRuleTypeEnum: type: string @@ -47,6 +50,9 @@ components: - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 policy.KeyMode: type: string title: KeyMode @@ -987,6 +993,7 @@ components: authoritative source such as an IDP (Identity Provider) or User Store. Examples include such ADFS/LDAP, OKTA, etc. For now, a valid property must contain both a selector expression & a resulting value. + The external_selector_value is a specifier to select a value from a flattened external representation of an Entity (such as from idP/LDAP), and the external_value is the value selected by the external_selector_value on that diff --git a/specs/policy/obligations/obligations.openapi.yaml b/specs/policy/obligations/obligations.openapi.yaml index 17802012..154701d9 100644 --- a/specs/policy/obligations/obligations.openapi.yaml +++ b/specs/policy/obligations/obligations.openapi.yaml @@ -553,6 +553,9 @@ components: - ALGORITHM_EC_P256 - ALGORITHM_EC_P384 - ALGORITHM_EC_P521 + - ALGORITHM_HPQT_XWING + - ALGORITHM_HPQT_SECP256R1_MLKEM768 + - ALGORITHM_HPQT_SECP384R1_MLKEM1024 description: Supported key algorithms. policy.AttributeRuleTypeEnum: type: string @@ -579,6 +582,9 @@ components: - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 policy.SortDirection: type: string title: SortDirection diff --git a/specs/policy/registeredresources/registered_resources.openapi.yaml b/specs/policy/registeredresources/registered_resources.openapi.yaml index 1a7db3d3..9c761fa7 100644 --- a/specs/policy/registeredresources/registered_resources.openapi.yaml +++ b/specs/policy/registeredresources/registered_resources.openapi.yaml @@ -413,6 +413,9 @@ components: - ALGORITHM_EC_P256 - ALGORITHM_EC_P384 - ALGORITHM_EC_P521 + - ALGORITHM_HPQT_XWING + - ALGORITHM_HPQT_SECP256R1_MLKEM768 + - ALGORITHM_HPQT_SECP384R1_MLKEM1024 description: Supported key algorithms. policy.AttributeRuleTypeEnum: type: string @@ -439,6 +442,9 @@ components: - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 policy.SortDirection: type: string title: SortDirection diff --git a/specs/policy/resourcemapping/resource_mapping.openapi.yaml b/specs/policy/resourcemapping/resource_mapping.openapi.yaml index 8fb2f4e5..c4976574 100644 --- a/specs/policy/resourcemapping/resource_mapping.openapi.yaml +++ b/specs/policy/resourcemapping/resource_mapping.openapi.yaml @@ -413,6 +413,9 @@ components: - ALGORITHM_EC_P256 - ALGORITHM_EC_P384 - ALGORITHM_EC_P521 + - ALGORITHM_HPQT_XWING + - ALGORITHM_HPQT_SECP256R1_MLKEM768 + - ALGORITHM_HPQT_SECP384R1_MLKEM1024 description: Supported key algorithms. policy.AttributeRuleTypeEnum: type: string @@ -439,6 +442,9 @@ components: - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 policy.SourceType: type: string title: SourceType diff --git a/specs/policy/subjectmapping/subject_mapping.openapi.yaml b/specs/policy/subjectmapping/subject_mapping.openapi.yaml index bf25db57..1608ae79 100644 --- a/specs/policy/subjectmapping/subject_mapping.openapi.yaml +++ b/specs/policy/subjectmapping/subject_mapping.openapi.yaml @@ -449,6 +449,9 @@ components: - ALGORITHM_EC_P256 - ALGORITHM_EC_P384 - ALGORITHM_EC_P521 + - ALGORITHM_HPQT_XWING + - ALGORITHM_HPQT_SECP256R1_MLKEM768 + - ALGORITHM_HPQT_SECP384R1_MLKEM1024 description: Supported key algorithms. policy.AttributeRuleTypeEnum: type: string @@ -475,6 +478,9 @@ components: - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 policy.SortDirection: type: string title: SortDirection @@ -1291,6 +1297,7 @@ components: authoritative source such as an IDP (Identity Provider) or User Store. Examples include such ADFS/LDAP, OKTA, etc. For now, a valid property must contain both a selector expression & a resulting value. + The external_selector_value is a specifier to select a value from a flattened external representation of an Entity (such as from idP/LDAP), and the external_value is the value selected by the external_selector_value on that diff --git a/specs/policy/unsafe/unsafe.openapi.yaml b/specs/policy/unsafe/unsafe.openapi.yaml index 17c9652a..279b0154 100644 --- a/specs/policy/unsafe/unsafe.openapi.yaml +++ b/specs/policy/unsafe/unsafe.openapi.yaml @@ -387,6 +387,9 @@ components: - ALGORITHM_EC_P256 - ALGORITHM_EC_P384 - ALGORITHM_EC_P521 + - ALGORITHM_HPQT_XWING + - ALGORITHM_HPQT_SECP256R1_MLKEM768 + - ALGORITHM_HPQT_SECP384R1_MLKEM1024 description: Supported key algorithms. policy.AttributeRuleTypeEnum: type: string @@ -413,6 +416,9 @@ components: - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 policy.KeyMode: type: string title: KeyMode