Security overview

Good security isn't a one-trick pony, but a combination of factors. Here are what we implemented:

• We use Open Standards wherever appropriate. Standards enjoy more scrutiny from more eyeballs.

• Domino REST API uses the Eclipse Vert.x Framework, which supports many different versions of SSL certificates such as:

  • PEM

  • PKS

  • JKS

• All Domino REST API access is authorized using a signed JWT claim. Access control settings are completely observed and honored.

• We support public/private keys for identity provider setup.

• Databases aren't automatically exposed on REST when you run Domino REST API. Only the ones configured by the administrators.
• No anonymous access is granted for REST data.

• Access to sensitive information can be limited to servers that present additional credentials.

• Read/Write access is controlled on a per form, field and user basis. See The Barbican for details.

Here's a flowchart to show how Domino REST API handles security.