Shibboleth background and reference
Probably the best place to start is with A brief introduction to Shibboleth in Cambridge. There is also an annotated slide-set from a presentation to Techlinks in May 2007 as HTML, as PDF.
"Federated Security: The Shibboleth Approach" by R. L. "Bob" Morgan, Scott Cantor, Steven Carmody, Walter Hoehn, and Ken Klingenstein (as html; as pdf) covers the issues from an external perspective. Part 3 of "Web Services Security" by Bilal Siddiqui, talks about SAML (the Security Assertions Markup Language) which is what underpins Shibboleth. Part 1 Part 2 Part 3 Part 4
Within the UK, Shibboleth deployment is facilitated by The UK Access Management Federation for Education and Research.
There are a set of Terms and conditions under which the Raven/Shibboleth service operates and to which all its users have to agree the first time they use it. There is also a formal Attribute policy (and a summary of what this means in practice) governing what information the Raven/Shibboleth service may release about people.
...and why 'Shibboleth'? Well, here's an explanation.