THe Armoury holds the public and private keys for the `CCPKI` project. In addition to the keys, it maps the keys to users and meta-users. ( meta-users are really acting as groups here, but since they play the role of Principal in the PKI architecture, I still want to call them users ). The users and meta-users have passwords, and are further grouped by business units, and possibly by application ( maybe thats the real role of meta-user, though ) Schema:
 businessUnit( #id, name )

 user( #login, pass, name, ^primary_bu_id )

 principal( #name, certificate, private_key, public_key )

 bu_user( #^login, #^bu_id )

 user_principal( #^login, #^principal )