System ArchitectureChapter 1 Overview 59Within the CMS component, a set of common modules (all can be extended withcustomized JAVA plug-ins) are provided for all subsystems (although some maynot be utilized by default setting, they are all available for further customization):• Authentication where authentication managers can be extended.• Authorization where authorization managers can be extended—the default isaccess control list from the Internal LDAP database.• ACL evaluators where expression evaluators can be extended for AccessControl List evaluation—the default user/group evaluators.• Certificate Profiles where certificate extensions and constraints can beextended.• Job scheduler where cronical scheduled events can be extended.• Email notification where email notification can be extended.• Event listeners where event listeners can be extended.• Publishing where publisher and its mapper can be extended.• Logging includes signed audit logs; where logging mechanism can beextended.• Self-test where CMS start-up/on-demand self-tests can be extended.• Servlets depending on subsystem installation selection; where servlets can beextended.• Password quality checker where password strength/quality checker can beextended.HTTP EngineCMS employs the Netscape Enterprise Server as its HTTP engine. It provides theentry point for users/applications of all types to access CMS's functions. Asdiscussed in the System Overview, CMS provides three types of entry points, eachserving one or more interfaces:• End-Entity Entry Point— provides entry point for end-entity and servercertificate enrollments of all types. A set of customizable HTML forms areprovided at this port for CA and RA end-entity users for different types ofenrollment, renewal, revocation, or certificate pick-up activities. OCSP
