"scott.stark(a)jboss.org" wrote : "anil.saldhana(a)jboss.com" wrote : I do not think all the constituents of a X509 certificate map to standard JDK classes. An example are the Attribute Certificates that can be issued by the CA as part of a x509 certificate. | Where is this used? I'm not keen on pushing too much to pki management layer. Issuing certs for roles seems like an unnecessary indirection. | No user requests have come in this area. Mainly used in smart cards(not sure of other uses). Like you said, unnecessary indirection. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980163#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...