This paper focuses on the provision of a nonrepudiation service for CORBA. The current OMG specification of a CORBA non-repudiation service forces the programmer to augment the application with calls to functions for generating or validating evidence. Furthermore, the application itself has to manage the exchange of this evidence between parties and its storage. The paper describes our design for a generic CORBA non-repudiation service implementation. Our approach provides a separation between the application business logic and the generation of evidence allowing nonrepudiation support to be incorporated into applications with the minimum of programmer effort. Our design is described in this paper using the example of ordering goods over the Internet. The non-repudiation service provides the parties with evidence proving that the transaction has taken place. This proof is a XML document based on the proposed IETF Internet standard Digital Signatures for XML.
Michael Wichert, David B. Ingham, Steve J. Caughey