These pages provide resources for people interested in using the Raven Web Authentication service http://raven.cam.ac.uk/. They concentrate on resources representing the 'officially supported' aspects of the service. Other information that was previously here, and lots of new stuff, is in the Raven Wiki.
The 'officially supported' service consists (roughly) of the central Raven authentication server (and associated user registration infrastructure and keys), three application agents (Apache and IIS authentication modules and a Java toolkit), the Raven mailing lists, and support and development resources (including the 'Test and Demonstration' server). Don't let this put you off investigating the many other Raven-related resources listed in the Wiki.
To use Raven authentication on a web server it needs some sort of 'Application Agent' to impliment the Raven functionality. This could be built-in to a web application (such as a CGI script or a Java program - for so-called "application managed" security), or it could be an 'Authentication handler' for the web server that you are using ("container managed" security).
The Computing Service maintains and supports:
Various other Application agents are listed on the Wiki's Application agents page.
Application Agents need access to the current Raven public keys in order to verify authentication responses. They are available in the keys directory.
There are two mailing lists for people interested in Raven:
Follow the links above, or send a message to firstname.lastname@example.org or email@example.com with the word `help' in the subject or body for more information.
Anyone administering a Raven-using server or developing Raven-related software is welcome to contact the Computing Service Raven administrators at firstname.lastname@example.org with queries or comments. However, consider sending Raven-related messages to the cs-raven-discuss mailing list instead. Sending messages to the list allows others to benefit from any discussion and may spark additional ideas. The Raven administrators are members of this list.
Users with Raven-related problems should normally contact the administrators of the relevant Raven-protected service in the first instance. Failing that they should contact the Computing Service Help Desk.
The Raven service is an instance of the 'University of Cambridge Web Authentication System' (Ucam-webauth). An introduction to how it works is included in the main Raven service documentation. The protocol used for communication between web servers and the Raven server is documented in The Cambridge Web Authentication System: WAA->WLS communication protocol (currently version 3 -- copies of older versions are available: 2.0, 1.6, 1.4, 1.3, 1.1).
There is a Pseudo-code Application Agent available which provides an example of how an application agent could be coded.
As well as the production server, a second test and demonstration Raven server, populated with 500 test accounts with fixed, well-known passwords is provided to assist in developing, testing or demonstrating Raven-enabled services.
The Raven server currently includes a test page which simulates various requests to the authentication server and displays decoded versions of the resulting response. Note that this page exercises some features of the protocol (in particular multiple authentication types) that are not currently used.
Some third-party Raven software is distributed from here for convinience but is described in the Wiki. This includes:
Various graphs showing analysed usage information are available:
Summaries of the Summaries of the Raven/Wbauth and Raven/Shibboleth usage logs are also available.
A translation of this page to Serbo-Croatian has been contributed by Anja Skrba.