Domino security quilt

Once upon a time there was this platform renowned for its security features.
But as the platform became of age, the security features was woven into a large
quilt with considerable number of patches. And then chaos arise.

Domino has a lot of nice security features. It has its own public key
infrastructure, encryption, access control, etc. However, there are a lot of
features that need to work together. Lots of security settings generates
complexity. And complexity is the greatest foe of security.

Take, for example, agent security. In R6, agent restrictions may be set on
each agent instead on each server. This generates more complexity as each and
every agent would have to be administered security-wise. An agent has three
runtime security levels:

  • Do not allow restricted operations
  • Allow restricted operations
  • Allow restricted operations with full administrative rights

One particular agent of mine needed to access the file system on the server,
which is a restricted operation. So, I set the runtime security to level 2.
But, what the documentation fails to tell me, is that there is a setting on the
server document that overrides this. In order for user to be able to run an
agent performing restricted operations, not only has the agent security level
to be set correctly, the user also needs to be listed in the “run restricted
methods and operations” field in the server document. I guess Lotus added this
feature for flexibility. But flexibility is often perpendicular to simplicity.
And when it comes to security, simplicity is king…