LionShare's security model revolves around the issues of authentication and authorization. Authentication is the process of identifying an individual and ensuring that the individual is who he/she claims to be. Once authenticated, authorization determines the level of resources and network services that the user is permitted to access. Traditional P2P applications do not contain such features.

To use the LionShare network, users must authenticate with their home institution to establish their identity. As LionShare is an inter-institutional network, it is important that users authenticated at one institution be able to assert their identity to users at other institutions. These remote users can then decide to release files based on trusted attributes from the requesting user's institution. This model is called federated authentication. LionShare supports federated authentication by leveraging components of Shibboleth, an open-source middleware package developed by the Internet2 Middleware Group.
 
A LionShare network will likely involve users from many different institutions, each of which may use different technologies to authenticate users. Given this reality, LionShare needed a common identification mechanism which could work across institutional boundaries. Public key infrastructure (PKI) was selected as the most flexible solution. The LionShare PKI can use existing educational federations, such as Internet2's InQueue and InCommon federations.

LionShare places a strong emphasis on the user's privacy and will only reveal the user's identity or attributes when required (and when the user has authorized such a release). To facilitate this privacy protection, each LionShare Peer is provided two distinct certificates: a client certificate and a server certificate. The contents of the certificates are different in order to withhold or share the user's identity when in the different roles of either searching for or sharing files.

Both the client and server certificates contain information about the authenticating institution. Further, the certificates act as a digitally signed assertion from the user's institution that the user has authenticated and is allowed to both share and search for files. The server certificate allows the user to share files on a network and contains the user's identity. The client certificate allows the user to request files from other Peers on a network, but does not contain identifying information.