GCC Media; Spanbauer, Katherine: Article: Milestones in Notes/Domino Security Architecture since Release 1, in: Iris Today, Lotus Software 2001.
GCC Media\Miscellaneous ...
Right from the start, security has been a integral part of Notes and Domino. Here's a quick history of the evolution of security features.
1989: Notes Release 1.0
From the first release, keeping data secure was a priority. The security features introduced in this release were made possible by the incorporation of public key technology, licensed from RSA Security. Notes uses ID files and certificates to manage the identities of certifiers, servers, and users. These ID files are protected with passwords. Based on a user's authenticated identity, access to data is then controlled at the server, database, view, document, and field level. Privileges, defined within a database ACL, allow you to further refine access based on roles. Use of public key technology enables the use of mail signing and encryption, as well as encryption of traffic over the network.
The security features of the first release of Notes included:
User IDs with passwords
Public and private keys
Mail signing and encryption
1991: Notes Release 2.0
For the second release of Notes, security enhancements focused on extending the encryption technology. The use of secret key (or symmetric) encryption enabled the use of encryption for documents stored in databases in addition to the use of public key encryption supported for mail encryption. Key features included:
Secret encryption keys
1993: Notes Release 3.0
As Notes developed into a scalable, cross-platform product, security features were added to support deployment across an organization. To improve manageability of the Notes public key infrastructure, hierarchical certificates were introduced. These certificates allow for the definition of distinguished names based on X.500. For workflow applications, the ability to design forms to support multiple user signatures was added. Access controls were extended to the document level and allowed for more granular control over reading and editing documents in a database.
Roles superseded privileges in the database ACL and allowed the definition of 75 roles per database (versus 5 for privileges).
Key features included:
Reader Names/Author Names fields
Read and Compose Access Lists
1996: Notes Release 4.0
Delivered in January 1996, Notes Release 4.0 was a quantum leap forward both in terms of a completely redesigned user interface and because of new Web technologies incorporated into the server. Security developments focused on securing copies of local databases and enhancing protection for ID files. The ability to access servers via Notes anonymously was added to allow public access to Notes databases over the Internet without the need for cross-certification between organizations. The ability to encrypt database designs was introduced to allow developers and partners to protect their intellectual capital.
New security features included:
Local database encryption
Database design encryption
Multiple passwords for IDs
Password guessing evasion for IDs
1996: Notes and Domino Release 4.5
By the end of 1996, the evolution of the Domino Web application server was complete, allowing for development of both Internet and intranet applications. New security features to support this functionality were added while existing security features were enhanced and fine-tuned. Support for SSL was added to both the client and server. The Notes authentication protocol was enhanced to allow for password checking, password expiration, and the locking out of user IDs. In addition to the option for using secret keys to encrypt documents, encryption using public keys was supported. This reduces the requirement for managing keys. Execution Control Lists (ECLs) were introduced to protect workstations against the execution of potentially malicious code. In order to enable this feature, all design elements are now digitally signed when saved. The ECL limits the actions of formulas and scripts when they run on a workstation, based on the rights assigned for that signature.
Key features included:
SSL (Secure Sockets Layer) 2.0 support for Notes client and Domino server
Execution Control Lists (ECLs)
Public key encryption in documents
Password checking and ID lockout
1997: Notes and Domino Release 4.6
Release 4.6 focused on enhancing Internet standards support. SSL support for the Notes client and Domino server was upgraded to SSLv3. The Domino Certificate Authority application gave administrators the option to issue standard X.509v3 client and server certificates.
Certificate authority application
1999: Notes and Domino Release 5.0
New security features in R5 included:
SSLv3 for all Internet protocols
ID and password recovery for Notes users
Session-based Web authentication
Web server authentication interface (DSAPI)
1999 to 2001: Notes and Domino R5 maintenance releases
Throughout the R5 maintenance releases and updates, particular security features have been fine-tuned in response to user's needs. For more information about any of these features, see the appropriate
1999 (Q3) Release 5.0.1 features included:
Importing of Internet X.509v3 certificates into the Notes ID file using PKCS#12
Dual key support of Internet certificates
1999 (Q4) Release 5.0.2 features included:
Exporting of Internet X.509v3 certificates from the Notes ID file using PKCS#12
More restrictive ECL permission defaults
2000 (Q2) Release 5.0.4 features included:
Notes and Domino consolidated to a global encryption as export regulations are relaxed by the U.S. Government
2000 (Q3) Release 5.0.5 features included:
Workstation ECL Refresh button added to User Preferences
Single sign-on across Domino Web servers
Single sign-on with WebSphere Application Server 3.5
2000 (Q4) Release 5.0.6 features included:
Option in the Sign a Database tool to sign databases with the server's ID file, using the Administration Process
Coming soon: Notes and Domino Rnext
The next major release of Notes and Domino is well under way. Here are some of the security-related features planned for Rnext:
User Security dialog box, which consolidates security preferences and options
Logout screen, which appears when a user locks their ID file
Notes client support for the PKCS#11 standard for smartcards
Support for S/MIMEv3 capabilities
Integrated Certificate Authority for registration of Notes and Internet users
Enhanced password management features for both Notes and Internet passwords
Synchronization of Notes ID and Internet passwords
Dynamic update of ECLs
ABOUT THE AUTHOR
Katherine Spanbauer is the Product Manager for Security, primarily focusing on Notes and Domino. Her current responsibilities include representing customer requirements to development, triaging critical issues, and communicating product features both within Lotus and to customers. Since joining Lotus in 1992, she has held various roles in the Technical Support, Professional Services and Product Management organizations. Katherine is a graduate of the University of Wisconsin, where she earned her Bachelor of Business Administration degree.