Hi We are working on authorisation API in European project PERMIS. We need to know a bit more about your software and its architecture. Currently the questions are: 1. How do you secure the communication to the Authentication Server 2. How do you secure the communication to the Point of Access. 3. How do you enforce that the links are requested through your PoA only? What stops the user from accessing the desired web-site directly? "The PAPI system: Point of Access to Providers of Information" does not say anything on whether the communication is trusted or not. Thanks Alexander Otenko Research Assistant Salford University