Domino Web Server - Authentication Options

Lotus Notes/Domino is a widely used group collaboration and messaging platform originally designed to work in a client-server architecture using proprietary protocols. The client is known as Notes, and the server is known as Domino.
Later releases of Domino incorporated the use of Internet standard protocols and provided for access to Domino servers using web browsers as well as the Notes client. This helped Domino shops meet the demand for Internet access to email
and databases using a browser.

The original and still current architecture incorporates the use of key pairs based on RSA technology. The public key is stored in the Domino Directory; the private key is stored in a password protected ID file on the Notes client. This model
provides robust authentication and encryption and is tightly integrated into the architecture requiring little effort on the part of the administrator to implement.

However, this model is not relevant to the browser user accessing a web enabled Domino server. The purpose of this paper is to provide Domino administrators who are familiar with the client-server architecture with an understanding of authentication options and associated security characteristics for the web enabled Domino server. Specific implementation guidance for various options will be presented. This paper is based on Domino version 6.x. However, essential
security-related differences between Domino 6.x and earlier versions will be explained. A brief explanation of Domino web server basics will be provided to enhance the reader's understanding of authentication options and requirements in
a Domino web server model. Basic understanding of the traditional client-server model of Domino is assumed.