- AAI Attribute Viewer
- Resource Registry
- SWITCH edu-ID
- Discovery Service Options for SWITCHaai (WAYF/DS)
- SWITCH Embedded WAYF
- Virtual Home Organization Service (VHO)
AAI Attribute Viewer
The AAI Attribute Viewer is a service operated by SWITCH that simply displays all the attributes that are available for a user. The service will request all attributes for a user, however, which attributes an organisation releases for a user depends on the organisation's attribute release policy.
The AAI Attribute Viewer also shows (group) attributes aggregated from the SWITCHtoolbox. In addition, descriptive organisation attributes part of the SAML metadata are shown as well.
Resource Registry - A Federation Manager, a web application
The Resource Registry is a central repository containing data about the identity providers (IdP) and service providers (SP) available within SWITCHaai. It collects general information about IdPs and SPs, such as the organization it belongs to and contact information. Additional data, e.g. description and purpose, is gathered for SPs. For data protection reasons, the owners of SPs have to declare the minimal set of attributes their SP requires. The Resource Registry implements a process for gathering and approving such declarations. The data is then used to generate the metadata files and attribute release policy files used by a majority of IdPs in the federation. These attribute filter files are important to comply with data protection and privacy requirements. While these files could also be managed locally (by each server administrator in the federation), the Resource Registry greatly simplifies that process and improves reliability.
- is the personal digital identity of all university members and other users
- can be used universally at all universities and beyond, for example at swisscovery
- remains valid indefinitely and supports lifelong learning
- data remain in Switzerland and are subject to Swiss data protection
- was developed in collaboration with the Swiss universities and the support of swissuniversities
Discovery Service Options for SWITCHaai
The comparison between the different discovery services may help you to find the suitable solution for your SP.
To guide the users from a service provider to her/his identity provider, SWITCHaai provides an official Central "Where Are You From" (WAYF) service. See it in action with the Attribute Viewer.
The implementation developed by SWITCH (BSD license) has several additional features compared to the official Shibboleth WAYF from Internet2. It's a lightweight PHP implementation that supports multiple languages and several ways of preselecting an identity provider.
SWITCH Embedded WAYF
Virtual Home Organization Service
In some cases there are users that don't have an AAI or SWITCH edu-ID account but need access to an AAI-enabled resource. In that case the Virtual Home Organization (VHO) Service may be used.
The VHO lets administrators create and maintain AAI accounts via a web interface. The attributes of VHO users mark them as special and in general they just have access to a particular resource.
Processing/extracting metadata information with XSLT
<idps> <idp domain="bfh.ch">https://aai-logon.bfh.ch/idp/shibboleth</idp> <idp domain="campus-kreuzlingen.ch">https://aai-logon.phtg.ch/idp/shibboleth</idp> <idp domain="chuv.ch">https://idp.chuv.ch/idp/shibboleth</idp> <idp domain="cscs.ch">https://aai-logon.ethz.ch/idp/shibboleth</idp> ... </idps>XSL transformations can be applied in many environments or applications. For testing purposes, the xsltproc command-line tool can be used to apply an XSL transformation:
xsltproc domain_to_idp_entityid.xsl metadata.switchaai.xmlNote that the output of an XSL transformation doesn't necessarily have to be another XML document, it is also possible to generate plain-text output.