|
|
|
|
|
|
|
|
|
|
|
|
|
|
Introduction to Internet security standards (continued)
Certificates can be revoked or they may expire. Key escrow entrusts certificates to the third party so that an organization can retrieve information that may have been encrypted maliciously.
Secure sockets layer
On the web, the most popular type of encryption is the Secure Sockets Layer (SSL) which encrypts data within the TCP/IP protocol. Published by Netscape Communications, SSL provides secure web client and server communications including encryption, authentication, integrity checking for a TCP/IP connection.
Conventional intranet and extranet applications typically use a combination of security mechanisms that include:
- Encryption
- Authentication
- Access Control
Authentication means there is a mechanism in place to verify that an entity accessing information is permitted to do so. The best example is a login ID and password but there are other types of authentication. One example is verifying the network address of a connecting host. Authentication is like a gate. Once a user passes through the gate there are secondary controls (Domino Access Control Lists or ACLs) that determine what information may be accessed or manipulated.
In summary, encryption applies to the connection or transport (such as SSL) or to other data (S/MIME for email). A document or application may be digitally signed to prove the identity of the originator. X.509 certificates provide Public Key encryption and digital signatures just as the Notes ID does within the proprietary Notes and Domino security model. Authentication provides a gate through which only authorized users may pass and access controls determine what information may be accessed or manipulated by a given user.
Playing a key role in the proliferation of PKIs is the Lightweight Directory Access Protocol (LDAP). LDAP directories are used to provide a facility for access to the Public Keys of users and to store access control information. The Domino Name and Address Book (NAB) is accessible through LDAP. In coming version we can expect to see tighter integration of the Domino NAB with LDAP and integration of X.509 certificates with existing Domino PKI. Since Domino provides a complete PKI management solution extending this technology to fully embrace Internet security standards is a natural step.
Ron Herardian is CEO and Chief Technical Consultant at Global System Services (GSS). You can reach him via E-mail at rherardi@gssnet.com. Visit his web page at http://www.gssnet.com.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- Advertisement --
Learn Notes and Domino 8 at your place and pace!
Learn Notes and Domino in your office and/or home! TLCC's highly acclaimed distance learning courses for users, developers, and admins will enhance your career and your resume.
The many included activities and demos will make you a pro! Expert instructor help is a click away.
Click here to try a FREE demo course!! |
-- Advertisement --
Struggling with exporting Notes data to spreadsheets? No More!
Try IntelliPRINT, The world's leading Reporting, Dashboards, and Analysis solution for Notes & Domino
- Don't spend unproductive time maintaining different versions of the same spreadsheet
- Preserve data integrity and security in multi-user environments
- Create reports in minutes INSIDE Notes
- Get freedom from iterative report requests, deliver self-serve capabilities
Experience Reporting, Dashboards, and Analysis INSIDE Notes.
Try IntelliPRINT NOW! |
|
|
|
|
|
|
|
|
|
|
