[Pki-devel] The Why's of PKI
Adam Young
ayoung at redhat.com
Tue Sep 13 13:41:05 UTC 2011
The Layout of the PKI project is very unusual for a Java Server
application. I'm trying to understand the rationale for some of the
things that were done.
Why do we create a separate server instance for each subsystem? Is a
reason to continue doing so?
Is using different ports for CA and DRM (an so forth) merely an
artifact of using multiple servers, or is there an additional reason to
do so?
Do we expect the same user to have and user different certificates for
different servers, such that the certificate then becomes a union of
authentication and authorization?
Is there a reason to separate the CA and DRM Directory servers? Is it
a "best practice" to do so? What would be the implications of using a
single instance for both?
Is there any reason why the CA uses an LDAP server instead of a
Relational Database? Do we expect people to make queries dircetyl
against the CA DirSrv, or is the Database best hidden from public view?
Why do we split the build process up into multiple Source RPMS? Is
there a reason to maintain this split?
Are there design documents or discussions for these decisions?
More information about the Pki-devel
mailing list