[Pki-devel] The Why's of PKI

The Layout of the PKI project is very unusual for a Java Server application. I'm trying to understand the rationale for some of the things that were done. Why do we create a separate server instance for each subsystem? Is a reason to continue doing so? Is using different ports for CA and DRM (an so forth) merely an artifact of using multiple servers, or is there an additional reason to do so? Do we expect the same user to have and user different certificates for different servers, such that the certificate then becomes a union of authentication and authorization? Is there a reason to separate the CA and DRM Directory servers? Is it a "best practice" to do so? What would be the implications of using a single instance for both? Is there any reason why the CA uses an LDAP server instead of a Relational Database? Do we expect people to make queries dircetyl against the CA DirSrv, or is the Database best hidden from public view? Why do we split the build process up into multiple Source RPMS? Is there a reason to maintain this split? Are there design documents or discussions for these decisions?