WHAT'S NEW IN IBM LOTUS DOMINO 8.5?
Security - new features
This topic describes new security features.
Windows® single sign-on for Web clients
-- You can set up an IBM® Lotus® Domino® Web server to honor Windows users' Active Directory logon credentials. Users who are logged on to the Active Directory domain can open applications on the server from a browser without being prompted for a Domino HTTP password.
ID vault integration with programs that store ID files in databases
-- You can enable Lotus® Notes® API programs that can store Lotus Notes IDs in databases to use an ID vault. Doing this allows the users of such programs, for example, Lotus iNotes® users or Lotus Notes Traveler users, to take advantage of the ID management features that an ID vault provides.
Ability to push trusted certificates to clients
-- You can create cross-certificates in the Domino Directory for Internet certifiers and Lotus Notes certifiers and then push the cross-certificates to the Contacts application on Lotus Notes clients. The cross-certificates are used to establish client trust of a certifier when accessing servers, reading encrypted S/MIME mail, or installing signed Lotus Notes client plugins. When you push cross certificates, users are not required to create the cross-certificates or retrieve them from the Domino Directory. You can also push Internet certifiers to clients and enable users to create cross-certificates themselves. There are two ways to push certificates to clients' Contacts: through customization of the Lotus Notes client installation media or through security policy settings.
Time stamping plug-in jar signatures -- You can now time-stamp plug-in jar signatures using the jarsigner tool provided by the Java™ SDK to ensure the long term validity of plug-in signatures. The Notes client uses a time stamp included with a plug-in jar signature to determine if the plug-in signing certificate was valid at the time of signing. If a plug-in signing certificate has expired but was valid at the time of signing, Notes accepts it so that users are not confronted with security prompts during plug-in installation or provisioning. You can use
security policy settings
control whether to also ignore expiration of the time stamping certificates themselves. By default, time stamping certificate expiration is ignored.
Support for a
stronger Internet password format
in Person documents if all servers run Domino 8.0.1 or later.
Workstation security options in the execution control list
(ECL) can now control execution of Java™ code in XPages applications.
Notes® shared login
-- Notes shared login allows users to start IBM® Lotus® Notes® and use their Notes IDs without having to provide Notes passwords. Instead, they only need to log in to Microsoft Windows using their Windows passwords. Unlike the Notes Single Login feature in earlier releases, Notes shared login does not use the Windows password for the Notes ID file. Instead, it stores a secret used to unlock the Notes ID file in a secure way using a mechanism provided by Windows, so the secret will only be accessible by users who have logged into Windows.
ID Vault
-- The ID Vault is a Domino® database that holds protected copies of Notes user IDs. The use of the ID vault allows administrators to more easily manage Notes user IDs.
XPages security
-- Control the execution of XPages on a server the same way in which you control execution of agents.
Related topics
What's new in IBM Lotus Domino 8.5?
Glossary
Feedback on
Help
or
Product Usability
?
Help on Help
All Help Contents
Glossary