(potential) Code of Practice for "systems" using Raven
Experience shows that it is easy for users to become confused when the Raven protection for a web site doesn't behave the way that they expect. It would be very useful for all concerned if administrators of any system that uses Raven for authentication follow a simple code of practice that means they voluntarily:
1) Include on the Raven-enabled services page a note the system and of the email/phone/webpage-URL/location of a relavent support contact point. This will allow users and Help Desks elsewhere in the university to contact the correct people if problems arrise.
2) Provide a customised webpage that gives the above appropriate local system-support contact details to users who have sucessfully RAVEN authenicated but can't access the back-end system (e.g. no account, access not allowed, etc.).
3) Have a clear "System Unavailable until XXX due to maintenance" message if authentication suceeds but access to the system is not possible, perhaps because a back-end system is not available.