David J. Lutz

Federation Payments using SAML Tokens with Trusted Platform Modules

In this paper, a new federation payment scheme is introduced. Since most federations use offline payments by creating invoices at the end of a specified time span, the approach of Payment Tokens with Trusted Platform Modules guarantees reliable on-the-fly payments without having to contact a payment provider each time a payment is required.

Combining identity federation with Payment: The SAML-based Payment Protocol

The management of services offered within identity federations comprises not only the traditional service elements but also those management requirements derived from the federations specification. However, since a discrepancy between the management needs related to payment and the capabilities offered by the federations protocols can be observed, this paper aims to provide a solution to bridge this gap. SAML is currently used in many identity federations as a language and protocol for transmitting critical data about a participants authentication and his/her attributes. Authorization based upon attributes often fulfils the requirements within a non-commercial context. However, whenever payment is required, federation partners have to establish a solution to handle it. Whilst commercial service providers may often use their already established payment solutions, for semi-commercial providers as well as for micropayments and niche-providers, a new approach may be required. Therefore, this paper proposes to use the identity federation language SAML to build such a new solution. Using the novel designed SAML Payment Assertion, SAML is able to handle all the payment-related processes without compromising security. These benefits provided by the protocol and the language would raise the interests for new service providers to join federations that are built upon SAML.

A Survey of Payment Approaches for Identity Federations in Focus of the SAML Technology

Identity Federations are increasingly being used to establish convenient and secure attribute-based authentication and authorization systems. Whilst this process began mainly in the academic sector, it is assumed that over the next few years more and more commercial Service Providers will join Identity Federations in order to offer their services and products to federated customers. However, the introduction of commercial Service Providers demands a solution for payment, which has not been deployed during the early years of Identity Federations. Thus, Service Providers have to implement not only the federation application, but also additional payment solutions; a problem, by which the federation may appear unattractive for Service Providers, especially semi-commercial or those requiring micropayments. Even for large commercial providers entering a federation, the lack of payment support is a major disadvantage that may lead to either customer or profit loss. Thus, although a combination of electronic Payment solutions and Identity Federation approaches would provide several benefits to its participants, there has not been much investigation of such combinations. Therefore, this paper analyses electronic payment approaches as well as Identity Federation mechanisms and focuses on a solution to bridge these two aspects. Besides early stages of identity-based payments, final full integrated SAML-based payment approaches, which merge payments and Identity Federation into a powerful business solution, are also highlighted. However, since security is a major concern when focusing on payment solutions, several approaches have been investigated, including security and privacy evaluations, and, within this survey, only those solutions providing a sufficient level of security and privacy have been taken into consideration.

Secure AAA by Means of Identity Tokens in Next Generation Mobile Environments

In this paper, the concept of Identity Tokens is described and how this approach can help to build up a stable, reliable and secure AAA1 infrastructure without loosing sight of privacy. This approach can be used in (mobile) environments to guarantee that a user is not pushed to submit private information that, within his view, is in an untrusted domain, but that he can still be authenticated, authorized and billed.

Harmonizing service and network provisioning for federative access in a mobile environment

In this paper we propose an integrated platform to power the symbiosis between networks and services whilst supporting mobility of users. This platform is based on methods for authentication, authorization and payment of services in a roaming environment. Existing technologies are combined and enhanced to provide a blueprint for a platform to leverage the interaction of services with the underlying network. Traditionally, such functions as discovery, authentication and authorization exist in parallel for networks and for services, without any association between the systems. This rigid layered approach is abandoned in favour of one that is more integrated and allows these functions to be reused rather than duplicated. Payment is treated as an essential and inherent part of the architecture, in order to facilitate its commercialization and adoption.

Bridging between SAML-Based Payment and Other Identity Federation Payment Systems

Identity Federations are increasingly being used to establish convenient and secure attribute-based authentication and authorization systems. During the last few years, a third aspect has become important within these federations: i.e., payment. Thus, several payment approaches have been designed and used in Identity Federations. However, when more than one federation is being combined into an inter-federation association, federation bridges have to be established to translate messages between the participating federations. Whilst the problem of bridging identity information between federations has already been considered in many research activities, the problem of how to bridge payment data still remains unsolved. Therefore, this paper presents a solution to bridge between a SAML-based payment enabled Identity Federation and four other kinds of payment solutions used by Identity Federations.

A Framework for Dynamic and Reliable E-Procurement

Nowadays, eProcurement, i.e. purchasing goods and services online in a business-to-business or business-to-government transaction, is being seen as a growing opportunity for companies to sell their products. However, today, eProcurement is being carried out by static and inconvenient solutions. Current approaches do not support dynamic federation establishment, automatic payment or a reliable on-the-fly testing of the purchased goods. Since these restrictions avoid a powerful and automated usage of eProcurement implementation, this paper offers a framework in which those limitations do not exist anymore.

Token-Based Payment in Dynamic SAML-Based Federations

The newly developed approach on token-based payments introduces an integration of payments with current schemes for Identity Federations based on SAML. This new design utilizes an established federation infrastructure as well as its protocols. Only relevant mechanisms to support the payment on the federation infrastructure level are extended.

Web2.0 for Machines and Services: Human Oriented Service Identity Management

As more and more approaches focus on service oriented architecture, the idea presented in this paper looks much further. An approach for a new identity is introduced that describes a machine or a service neither by technical details nor addresses but by the needs they may satisfy. The new human oriented identity management, by focusing on the users view, leads to a convenient and easy service discovery system. A consumer no longer has to know specific details about the machine or the service, but can still find the machine that satisfies exactly his current needs.