Shibboleth background and reference
We're working on improving Raven resources for developers and site operators.
Try out the new Raven documentation for size.
Probably the best place to start is with A brief introduction to Shibboleth in Cambridge. There is also an annotated slide-set from a presentation to Techlinks in May 2007 as HTML, as PDF.
"Federated Security: The Shibboleth Approach" by R. L. "Bob" Morgan, Scott Cantor, Steven Carmody, Walter Hoehn, and Ken Klingenstein (as html; as pdf) covers the issues from an external perspective. Part 3 of "Web Services Security" by Bilal Siddiqui, talks about SAML (the Security Assertions Markup Language) which is what underpins Shibboleth. Part 1 Part 2 Part 3 Part 4
Within the UK, Shibboleth deployment is facilitated by The UK Access Management Federation for Education and Research.
There are a set of Terms and conditions under which the Raven/Shibboleth service operates and to which all its users have to agree the first time they use it. There is also a formal Attribute policy (and a summary of what this means in practice) governing what information the Raven/Shibboleth service may release about people.
...and why 'Shibboleth'? Well, here's an explanation.