Proving non-repudiation in e-Commerce App

[Joe <bitshield () gmail com>]

Dear List-Members

I'm currently dealing with a review of an e-Commerce Application. One
goal is to prove that this application properly implements a
non-repudiation mechanism throughout the whole process-flow. This flow
starts at the user authentication, communication over the web to the
server component, then processing of the client requests and finally
logging.

The non-repudiation has similarities with e-Banking which points me to
the following keywords: digital signature, signed logging and time
stamp protocols. Using Google I also found various sources discussing
most of those points individually. However I'm looking for a more
general, broad and complete approach.

Do you guys have interesting sources and experiences about verifying
non-repudiation? Are there standards, defined processes, work-flows,
and implementation- or audit guidelines?

Thanks for your feedback
Joe