Enterprise Customization and Internal Isolation While the global, authoritative RoR is intended to be operated by a neutral standards organization (such as OpenSemantics.org), the architecture supports private deployment. Enterprises can operate their own internal RoR to manage discovery across various internal project, divisional, or proprietary registries. Additionally, the architecture enforces that internal proprietary registries—those holding confidential enterprise agents—are categorically excluded from the public RoR; they do not register with the public RoR, have no URN in its namespace, and do not participate in external inter-registry authentication.
The Registry of Registries (RoR) prevents becoming a single point of failure and performance bottleneck through a design principle of strict architectural isolation, which limits its "blast radius". It achieves this through several key mechanisms:
- Out of the Runtime Data Path: The RoR acts strictly as a discovery-time component and identity bridge. While it issues authentication tokens and holds registry manifests, it is never a runtime participant in replication or query forwarding data flows.
- Direct Peer-to-Peer Communication: Once two registries authenticate with each other using a short-lived token issued by the RoR, all subsequent data exchanges happen directly between those two registries. The receiving registry validates the token locally without needing to contact the RoR at runtime.
- No Centralized Private Keys: To prevent a single point of compromise, the RoR only stores the hash and signature of the registry manifests; it never holds the private keys of the registry operators.
- Distributed High Availability: The Directory of Authorized Registries can be geographically distributed across multiple cloud providers and jurisdictions following standard auto-scaling and high-availability practices. Additionally, local registries can be configured with primary, secondary, and tertiary directory endpoints to ensure resilience if one endpoint goes offline.