The CORBA Security Service provides the tools you need to secure your distributed application. It provides the means to authenticate remote users of your object services, define access control for users to key objects and services in the system, audit functions, as well as the ability to establish secure communications channels between clients and object services and nonrepudiated events. Note that encryption functions (i.e., algorithms for encrypting data and generating digital signatures) aren’t included in the Security Service specification. The Security Service is a higher-level security framework, which needs to use cryptography in its implementation, but this use is not spelled out in the specification. Implementors are free to use whatever lower-level cryptographic APIs suit their needs, as long as their use supports the higher-level specifications of the Security Service specification.

The framework dictated by the Security Service for secure CORBA interactions, layers security measures on top of the basic ORB object-to-object model defined in the core CORBA architecture. Security measures are made on either end of a secure communication (provide identifying information within the inter-ORB messages, authenticate identities, check access, perform auditing, etc.). Access control is defined down to the level of individual methods on objects, and access rights can be delegated by one authenticated object to another.

The PrincipleAuthenticator is used to authenticate ...