Authorization decisions in LionShare are made using XACML. We have tentatively decided to use Sun's open-source SunXACML engine[7]. XACML engines work by comparing several attributes against a policy document (the ACL). In LionShare, we are using SAML signed attribute assertions to provide attributes to our XACML engine. In order to remain portable, we needed to limit the number of possible attributes that users could use to build an ACL. For the initial release of LionShare, we are only going to support the eduPersonPrincipalName (EPPN) and eduPersonScopedAffiliation attributes, as these are the only attributes in wide deployment across institutions. Additionally, we may allow users to use Department (OU), but this attribute would only work within an institution.

Further, we need to extend the Shibboleth Attribute Authority to sign attributes using the holder-of-key method. This is a technique by which a signed attribute assertion is bound to the holder of an X.509 certificate. This will prevent attribute assertions from being spoofed by other peers on a LionShare network. The attributes will be bound to a LionShare peer's client certificate.