CorvID is a rather hacky attempt at gluing Raven, the University of Cambridge's Web authentication service, to OpenID, a popular distributed authentication system. CorvID is emphatically not a service of the University of Cambridge Computing Service, supported or otherwise. I run it because it's useful to me. If anyone else finds it useful, that's a bonus.

How to use CorvID

CorvID doesn't provide any real OpenIDs itself. Thus, to use it you have to use OpenID's delegation mechanism. Pick a Web page you control whose URL you want to use as an OpenID (I use, and add something like this to the HEAD element:

<link rel="openid.server" href="">
<link rel="openid.delegate" href=",2007:corvid:fjc55">

Replace fjc55 with your own CRSid.

Security properties

CorvID is run by me on an unofficial basis. It runs on a non-University computer managed by a third party. It's thus substantially less secure than it would be if run by the University, in addition to being substantially less reliable. Still, it's probably better than using your cat's name for a password on every Web site.

Privacy policy

If you use this service, the fact that you have done so, and what you used it for, will be recorded in a public log file. If you don't like that, don't use it.

The code

... is lying around here somewhere.


CorvID is about 100 lines of Perl, gluing together Brad Fitzpatrick's Net::OpenID::Server and Jon Warbrick's Ucam::Webauth::CGIAA. Their code does all the hard work – mine just arranges for things to go wrong occasionally.