I need some help in architecting this process. Two goals are of the utmost importance: 1) Speed 2) Security.

Here's the scenario:

Domain A, Domain B, ... Domain Z sell a service to their customers on my behalf (keeping a commission). Once the transaction is processed (money collected from the consumer by the Domain), the Domain passes to me a transaction # (which I will use for billing purposes) along with some sensitive customer information (i.e. consumers SSN and DOB).

I create a database entry on my server storing the consumers data and issuing a 10-character unique ID # that contains letters and numbers. The unique ID is returned to the originating Domain where the consumer is given this unique ID # for their records and so that they may then use this ID in the future with other partners (Domain A, Domain B, ... Domain Z).

The Domain (could be A, B, ... Z) will request information from me using that unique ID # and upon receipt of that request I have to pass back a whole series of data (9 unique strings).

I figure the best way to set this up is to pass the data back and forth in XML packets but I have no clue how to really set that up as a token/id/etc transaction. Also, I don't want just anyone to be able to request data using the unique ID, it must be a KNOWN business partner that has an established account with us.

Any thoughts on the best way to set this up?

Thanks,

Pete