The CORBA Security Service specification is one of the more complicated and detailed of the CORBA services. This is in large part due to the inherent complexity of security, and also to the fact that the Security Services specification includes security models and interfaces for application development, security administration, and the implementation of security services themselves.
In this section we’ll only provide a brief overview of the security model and interfaces provided within the CORBA Security Services for application development. Later, we’ll contrast the Security Services with the Java Security API.
The CORBA Security Services provide interfaces for the following:
Authenticating and generating credentials for principals, including the delegation of credentials to intermediary principals
Performing secure transactions (e.g., method invocations, data transfers, etc.) between objects
Auditing secure transactions for later review
Non-repudiation facilities that generate evidence of transactions, to prevent principals involved in a secure transaction from denying that the action ever took place (e.g., the sender of a message denies ever sending it, or the receiver denies receipt)
All of these services and their interfaces are specified in an implementation-neutral manner. So the authentication service interface does not depend on the use of symmetric or asymmetric keys, and the interface to a principal’s credentials is not dependent on the use ...