Good security isn't a one-trick pony, but a combination of factors. Here are what we implemented:
- We use Open Standards wherever appropriate. Standards enjoy more scrutiny from more eyeballs.
- We support public/private keys for identity provider setup.
- Databases aren't automatically exposed on REST when you run Domino REST API. Only the ones configured by the administrators.
- No anonymous access is granted for REST data.
- Access to sensitive information can be limited to servers that present additional credentials.
- Read/Write access is controlled on a per form, field and user basis. See The Barbican for details.
Here's a flowchart to show how Domino REST API handles security.
Last update: November 25, 2023