[omniORB] Kerberos authenticated transport...

[Jiva DeVoe]

I have the following requirements for a project I am working on with  
CORBA and omniORB:

1. my calls to my servants must be encrypted end to end
2. my callers must be authenticated (preferably using kerberos, but  
willing to evaluate other options if they are provide signifigant  
benefits).

I see that omniORB supports using openssl as a transport mechanism.   
I think that this would solve my first requirement, but I don't think  
it would solve my second requirement.  In other words, though it  
provides an encrypted connection that is secure between a given set  
of peers, it would *not* enable me to authenticate a given user or  
process on one of those peers.

So my questions then are these:

A. is my understanding of the above correct?
B. are there any design patterns using corba that I can use to solve  
these requirements, keeping in mind, I don't even want the calls  
themselves to be unencrypted (so at the least, some transport level  
encryption is required.)
C. Are there any projects that plan to add kerberos authentication  
and encryption at a transport level to omniORB?
D. is there any documentation available on adding transports to  
omniORB, if I decide to go that route and do it myself?
E. is there any reason I wouldn't want to do this?

Thanks!