Payment processes for identity federations

This work focuses on the integration of a payment mechanism into the current Identity Federations. A detailed analysis of the currently established Identity Federations is followed by the investigation of several possible electronic payment systems. Then, a new federation architecture is designed that is able to support payment. Whilst many of the current deployed elements are kept unchanged, thus allowing interoperability between the payment-enabled and the traditional Identity Federations, a new component has to be introduced: the Payment Provider, which issues payment statements and hosts payment accounts similar to the Identity Provider, which issues authentication and attribute statements and hosts identity accounts. Furthermore, this work not only proposes an architecture for a payment-enabled Identity Federation, but provides a detailed evaluation of this architecture and the message flow as designed. Whilst this evaluation will prove the correctness of the architecture and the required information that has to be transmitted, an approach is also carried out on how this abstract designed information may be transmitted within the federations. Since most of the current Identity Federations rely on SAML, this language has been analyzed and chosen to support the payment processes. Thus, an enhancement to SAML is developed to enable the transmission of payment related information. Finally, ademonstrator is depicted and real-life measurements support the declaration that a payment-enabled Identity Federation is reasonable as weIl as feasible.