• Security & Identity
• Authentication
  • About AAI
  • Participants
  • Join AAI
  • Support & Downloads
    • FAQ
    • Helpdesk
    • Documents
    • Presentations
    • HOWTO
    • Identity Providers
    • Service Providers
    • Metadata
    • Tools
  • Demo
  • Contact
• Computer Emergencies
• Certificates
• Spam protection

SWITCHaai Resource Registry

The Resource Registry is a tool developed by SWITCH to manage information about Resources and Home Organizations participating in SWITCHaai, the so-called Federation Metadata.

Its intended audience are Resource and Home Organization Administrators.
It is accessible via https://rr.aai.switch.ch/ and requires a SWITCHaai enabled account.

Information about the use of the Resource Registry can be found in the AAI Resource Registry Guide. This guide is meant as a complementary source of information that extends the examples and instructions on the Resource Registry itself.

Purpose

The Resource Registry serves multiple purposes:

Federation Metadata can be generated

Based on the information collected, the crucial Federation Metadata files for the Identity Providers as well as Service Providers get generated.
Each Identity Provider needs to know all potential Service Providers with whom it should communicate and vice versa.
Each Identity Provider has to maintain the Attribute Release Policy (ARP) configuration. The Resource Registry provides them tailored templates for the ARP.

Resources declare their Attribute Requirements

Within his entry in the Resource Registry, a Resource Administrator specifies which attributes the Resource needs to get for a user in order to provide access. In addition, attributes desired to get can be listed. Desired attributes should provide additional benefit to justify their use.
The data protection principle counts: Process only data which is really necessary!

Resources declare the Intended Audience

A Resource administrator can also specify to which audience the resource is of interest, i.e. from which Home Organizations it will accept users.
For example, a Resource is only of interest to medical students. Then, there is no point in adding that Resource to the metadata of the universities of applied sciences.
However, it is still the duty of the Resource to configure its authorization rules properly!

Federation Members can control Resources in their Domain

Each Resource needs to get approved before its entry in the Resource Registry gets activated. Each Federation Member approves Resources from its domain and from Federation Partners it sponsers. It delegates this control to a number of people who act as 'Resource Registration Authority Administrators' for the Federation Member.
They get an alert by e-Mail, whenever approval is required for a new Resource or for changes to an existing Resource entry.

Identity Providers declare which Attributes they support

Not all of the attributes specified for SWITCHaai are mandatory to implement. The Identity Providers can document in their Resource Registry entry which ones are implemented and potentially available to Resources.

The Resource Registry is written in PHP using PEAR/QuickForm and MySQL. It is developed under a BSD license and if you would like the code, please write an email to aai@switch.ch.

Screencast of how to register a Resource

We created a screencast that demonstrates how to register a resource, which may be useful for first-time users of the Resource Registry.