from pan.salford.ac.uk (pan.salford.ac.uk [184.108.40.206]) by
chico.rediris.es (8.12.1/8.9.1) with SMTP id g8GI8rVP002576 for
<[log in para visualizar]>; Mon, 16 Sep 2002 20:08:57 +0200 (CEST)
(qmail 2465 invoked by alias); 16 Sep 2002 18:08:53 -0000
(qmail 2459 invoked from network); 16 Sep 2002 18:08:52 -0000
from unknown (HELO pgt.salford.ac.uk) (220.127.116.11) by
pan.salford.ac.uk with SMTP; 16 Sep 2002 18:08:52 -0000
We are working on authorisation API in European project PERMIS. We need
to know a bit more about your software and its architecture.
Currently the questions are:
1. How do you secure the communication to the Authentication Server
2. How do you secure the communication to the Point of Access.
3. How do you enforce that the links are requested through your PoA
only? What stops the user from accessing the desired web-site directly?
"The PAPI system: Point of Access to Providers of Information" does not
say anything on whether the communication is trusted or not.