It is similar to Ucam-Web Auth, but extended to allow users from multiple organisations to authenticate using multiple 'Identity Providers' and to access resources provided by other independent organisations.
From October 2007, Raven has supported authenticating University users via Shibboleth.
Otherwise it is necessary to look up the CRSid in a list of authorised users, which could be a flat file, a database, an LDAP directory, lookup, etc.This is typically done using the native facilities of a web server in the case of container managed security, for example the 'require' directive in Apache, or with custom code in an application.Servers or applications are responsible for using this to make authorisation decisions.This could simply be by assuming that anyone with a Raven identity is 'part of the University' which might be satisfactory for some applications.It may be possible to use Raven but to avoid recording information identifying users.
For example, an Apache web server will record a user's CRSid in the third field of its 'Access Log' by default.
To use the jargon of web authentication, these 'plug-in's implement 'container managed security'.
This approach is particularly well suited to protecting static documents such as HTML files.
Libraries implementing Raven authentication for some common web application frameworks (e.g. Details of the Ucam-Web Auth protocol are available, as is an example implementation of a Ucam-Web Auth agent.
Ucam-Web Auth only provides an authenticated CRSid (and, from 2013, optionally an indication if that CRSid corresponds to a current member of the University).
Unlike Ucam-Web Auth, Shibboleth can also supply information about authenticated users to simplify making authorisation decisions.