[Pki-devel] The Why's of PKI

Chandrasekar Kannan ckannan at redhat.com
Tue Sep 13 22:06:53 UTC 2011 

These are all very excellent design/architectural level questions.
We may need to dig through the old archives and figure this out if need be..

On 09/13/2011 06:41 AM, Adam Young wrote:
> The Layout of the PKI project is very unusual for a Java Server 
> application.  I'm trying to understand the rationale for some of the 
> things that were done.

looks like your discussion is centering mostly around the Java side 
atleast for now. We should ask the same questions for the non Java side 
I would think as well like TPS and RA which are currently apps on top of 
Apache/mod_nss and are using different instances and ports etc..

>
> Why do we create a separate server instance for each subsystem? 


You see it as a "separate instance" only if you
deploy it on the same machine which is almost always not how a customer
would do. If you are deploying it on a customer site, you would almost 
always
deploy CA,DRM etc on separate physical hosts mainly due to performance and
scalability and security considerations.

So even if we need to consolidate these instances onto the same "tomcat 
instance",
or the same apache instance, we would still have the use cases where 
this application
would need to behave as a CA or a DRM individually on different hosts. 
Guess that
could still be achieved by tweaking configuration.


> Is a  reason to continue doing so?
Nothing comes to mind at this time. At a future major release
of the project/product, these things would be good candidates to 
consider revamping.

>
> Is using different ports for CA and DRM (an so forth)  merely an 
> artifact of using multiple servers, or is there an additional  reason 
> to do so?

Same things as cited above for instances. Different ports is mainly an 
artifact due to creating separate instances.

>
> Do we expect the same user to have and user different certificates for 
> different servers, such that the certificate then becomes a union of 
> authentication and authorization?
no
>
> Is there a  reason to separate the CA and DRM Directory servers?  Is 
> it a "best practice" to do so?  What would be the implications of 
> using a single instance for both?

I don't think so. Infact we have long been critiqued that we have been 
mis-using LDAP this way and the way we use VLV/indexes. We had in our 
blue sky ideas page to convert this and use a relational db like mysql 
but the usual suspects come into play - time/resources.

>
> Is there any reason why the CA uses an LDAP server instead of a 
> Relational Database?  Do we expect people to make queries dircetyl 
> against the  CA  DirSrv, or is the Database best hidden from public view?

These databases are to be restricted from public access. There's a 
reason why it is called "Internal Database".

>
> Why do we split the build process up into multiple Source RPMS?  Is 
> there a reason to maintain this split?

Not that I can see.

>
> Are there design documents or discussions for these decisions?

I have been pouring over these archives. Didn't find any that 
specifically answers these questions.


>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list