I am not sure why, originally, the "security" and "ssl" elements are underneath "target."
The security information is used in connecting to the naming service and/or a guarded server-side resource (such as an EJB), both of which use the ORB.
The purpose of multiple targets is to specify multiple ORB endpoints [i]in the same cluster[/i] to which the client-side ORB could connect as it "bootstraps." This bootstrapping process requires only one of the target server ORBs to be running at bootstrap time. Once the client-side ORB connects to one server-side ORB it learns about all the other server-side ORBs in the same cluster that are currently active and also learns about servers entering or leaving the cluster while the client-side ORB continues to run. The purpose of multiple targets is to give the client-side ORB several ways to contact the server-side cluster ORBs. Only one of the hosts specified in the sun-acc.xml target-server elements needs to be running for the client to contact.
Given that a cluster is intended to be a group of servers that are virtually identical to each other, it would probably not make much sense to specify different security credentials for different target servers but maybe there are some reasons for doing so I don't know.
Given that this structure of sun-acc.xml has been in place for years, it will probably not change to bring the security information "out from under" the target server elements...at least not any time soon.
Maybe members of the security team can comment further on this topic.
- Tim
[Message sent by forum member 'tjquinn']
http://forums.java.net/jive/thread.jspa?messageID=472282