Re: [Pki-devel] The Why's of PKI

These are all very excellent design/architectural level questions. We may need to dig through the old archives and figure this out if need be.. On 09/13/2011 06:41 AM, Adam Young wrote: looks like your discussion is centering mostly around the Java side atleast for now. We should ask the same questions for the non Java side I would think as well like TPS and RA which are currently apps on top of Apache/mod_nss and are using different instances and ports etc.. You see it as a "separate instance" only if you deploy it on the same machine which is almost always not how a customer would do. If you are deploying it on a customer site, you would almost always deploy CA,DRM etc on separate physical hosts mainly due to performance and scalability and security considerations. So even if we need to consolidate these instances onto the same "tomcat instance", or the same apache instance, we would still have the use cases where this application would need to behave as a CA or a DRM individually on different hosts. Guess that could still be achieved by tweaking configuration. Nothing comes to mind at this time. At a future major release of the project/product, these things would be good candidates to consider revamping. Same things as cited above for instances. Different ports is mainly an artifact due to creating separate instances. no I don't think so. Infact we have long been critiqued that we have been mis-using LDAP this way and the way we use VLV/indexes. We had in our blue sky ideas page to convert this and use a relational db like mysql but the usual suspects come into play - time/resources. These databases are to be restricted from public access. There's a reason why it is called "Internal Database". Not that I can see. I have been pouring over these archives. Didn't find any that specifically answers these questions.