Technical Level: Beginner
My tip last month described Notes ID files. In that article, I promised to write more about how Notes uses the ID file to validate a user to a Domino server. So here we go…
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Notes ID files use a hierarchical trust model. This model is best illustrated by the "trusted friend" analogy. Suppose you attend a party to meet new people and you have a rule that you will not become friends with any total strangers. You want someone to vouch for any new acquaintance. You were brought to the party by Yolanda Yodalaky, whom you have known for years. You will trust anyone she personally points out to you. She introduces you to Emma and Henry, so you now know that they are trustworthy. Emma then takes you over to meet Hao-Lin, and you now trust Hao-Lin. It is important to note that Yolanda, your original friend, did not introduce you to Hao-Lin. Instead, Emma did, but you trust Emma's judgment, since Yolanda vouched for her. This is a hierarchical trust model. There is one person, Yolanda, whom you originally trusted. That trust flows to people Yolanda introduces you to. You will then accept introductions from those new friends also.
Now suppose someone walks up to you and say, "Hi. My name is Mary. I am pleased to meet you. You can trust me because I am good buddies with Yolanda." Should you trust her? No, you should not. You don't know that her name is really Mary, or that she actually knows Yolanda. This stranger may have heard that you trust Yolanda and is trying to trick you with this knowledge. What to do? Lead Mary over to Yolanda and say, "Yolanda, take a look at this person. Is her name Mary? Can I trust her?" If Yolanda says, "yes," you are all set. If Yolanda says "no," you have avoided being tricked by an imposter.
Notes ID files work in exactly this way. Within each ID are the names and (digital) signatures of some trusted certificates. Typically, the name of a certificate is /CompanyName. It may also be /Dept/CompanyName, which means a department-level certificate that is vouched for by /CompanyName. When you use Notes to access a Domino server, Notes sends information to the server about the certificates in your Notes ID file. The server determines if one of the certificates that you trust is the same as a certificate that the server trusts. The server does this by performing a mathematical test on each certificate. If the server determines that it trusts a certificate in your ID, you are granted access to the server. The mathematical test is analogous to taking Mary to Yolanda and saying, "Is this Mary?"
There is an important corollary to this model, which may not be immediately obvious. Suppose the certificate in your ID file is named /AcmeCorp, and suppose the certificate that the server trusts is also named /AcmeCorp. This does not automatically mean that the server will trust your ID file. You might be trying to trick the server with a fake /AcmeCorp certificate (just as Mary may have been trying to trick you at the party). The purpose of the mathematical test from the server is to force your ID file to prove that it is the same /AcmeCorp that the server trusts.
This problem can arise in actual practice with Notes, if you accidentally create a second top-level certifier for your organization. I have seen this happen when companies install a second (or subsequent) Domino server. The installation script can be confusing and sometimes leads you to create another certifier, with the same name, when you already have one. Notes ID that you create with the second certifier (and server IDs created with it) will not work with existing servers. It can be hard to figure out what the problem is, because the bad IDs appear, on casual inspection, to have a valid certificate.
For more information see:
Overview of Notes/Domino Security, Iris Today, September 2001.
Links Page on DominoSecurity.org. This is a Web site that I maintain with lots of information about Domino/Notes security.
Chuck Connell is president of CHC-3 Consulting, which helps organizations with all aspects of Domino and Notes.
Do you have comments on this tip? Let us know.
Please let others know how useful it is via the rating scale below. Do you have a useful Notes/Domino tip or code to share? Submit it to our monthly tip contest and you could win a prize and a spot in our Hall of Fame.