SWITCHaai Resource Registry

The Resource Registry is a tool developed by SWITCH to manage information about Resources and Home Organizations participating in SWITCHaai, the so-called Federation Metadata.

Resource Registry Diagram

Its intended audience are Resource and Home Organization Administrators.
It is accessible via https://rr.aai.switch.ch/ and requires a SWITCHaai enabled account.

Information about the use of the Resource Registry can be found in the AAI Resource Registry Guide. This guide is meant as a complementary source of information that extends the examples and instructions on the Resource Registry itself.

Purpose

The Resource Registry serves multiple purposes:

Federation Metadata can be generated

Based on the information collected, the crucial Federation Metadata files for the Identity Providers as well as Service Providers get generated.
Each Identity Provider needs to know all potential Service Providers with whom it should communicate and vice versa.
Each Identity Provider has to maintain an Attribute Release Policy (ARP) configuration. The Resource Registry provides them tailored templates for the attribute-release.

Resources declare their Attribute Requirements

Within his entry in the Resource Registry, a Resource Administrator specifies which attributes the Resource needs to get for a user in order to provide access. In addition, attributes desired to get can be listed. Desired attributes should provide additional benefit to justify their use.
The data protection principle counts: Process only data which is really necessary!

Resources declare the Intended Audience

A Resource administrator can also specify to which audience the resource is of interest, i.e. from which Home Organizations it will accept users.
For example, a Resource is only of interest to medical students. Then, there is no point in adding that Resource to the metadata of the universities of applied sciences.
However, it is still the duty of the Resource to configure its authorization rules properly!

Federation Members can control Resources in their Domain

Each Resource needs to get approved before its entry in the Resource Registry gets activated. Each Home Organization approves Resources from its domain and from Federation Partners it sponsers. It delegates this control to a number of people who act as 'Resource Registration Authority Administrators' for the Home Organization.
They get an alert by e-Mail, whenever approval is required for a new Resource or for changes to an existing Resource entry.

Identity Providers declare which Attributes they support

Not all of the attributes specified for SWITCHaai are mandatory to implement. The Identity Providers can document in their Resource Registry entry which ones are implemented and potentially available to Resources.

Screencast of how to register a Resource

We created a screencast that demonstrates how to register a resource, which may be useful for first-time users of the Resource Registry.

Alternatives

SWITCH used to make the code of the Resource Registry available to interested parties on request. However, nowadays there are newer and better alternatives, which are more generic and better suited for use in different federations. This in contrast to the Resource Registry, which has never been a public open source project, which never has been intended to be a generic federation registry and which was specifically custom-tailored for SWITCHaai.
We therefore recommend instead to have a look at the Jagger, a federation registry developed by our Irish colleagues of HEANET, or the AAF Federation Registry 2, developed by our Australian colleagues from AAF. Both these tools initially used very similar concepts like the Resource Registry but have evolved over the years in independent open source projects.
Further alternatives, which use quite a different approaches and concepts, are the SimpleSAMLPHP-based Janus registry or the UK federation Metadata Toolchain, which is a comprehensive set of script to administrate and generate metadata.