What’s In A Name?
September 19 2005 06:00:00 PM
Add/Read Comments [4]
Since its initial release, security has
always been a fundamental component of Lotus Notes/Domino (ND). In
fact, security is often the reason companies choose ND over the competition.
While security is extremely important, it is often an area than users don't think about, and contains concepts that they don't understand. To try and help with this, I'm going to author a series of blog entries which will cover various fundamentals of ND security. I'll try and keep each topic short so that there is not too much information to digest at one time. I'll begin with an overview of how things are named, as this is a critical component for almost all other security features.
ND security begins with something called an Organization Certifier. Your Lotus Administrator uses this certifier to create all the people and servers in your company. The creation process is called Registration.
If your company is small (not many users and servers) you can use the Organization Certifier to register everything. But if your company is larger you can divide up your company into many smaller Organizational Units, helping ensure that each name is unique in your organization.
For example, at IBM our Organization is simply and appropriately named "IBM". To help make management of the 350,000+ servers and people around the world more granular, we have divided things into many smaller "Org Units". Users are registered based on the city they work in, and servers based on the function they provide such as mail or applications. The image below shows the relationship:
At the far right you see my name is "Alan Lepofsky", which was registered by the "Cambridge" Org Unit, which belongs to the "IBM Organization".
I access my mail on a server named CAMMAIL01, which was registered by the "Mail" Org Unit which is also in the "IBM Organization".
You could say my server and I come from the same grandparent.
The above information probably introduced you to a lot of new terms. While it is not important for you to really understand certifiers and registration, what I do hope is that this has made you think about your own Lotus Notes name. How does it relate to your co-workers around the world? How does it relate to the servers that you access? This information can help you understand more about how your company uses Lotus Notes/Domino.
Coming up next: "Can I see some ID please?" which will explain how your name is linked to an ID file.
Advanced Information
When users and servers are registered, they are given more that just a name. The certifier is almost like a parent, as it passes on some "DNA" to the people and servers that are created via registration. This "DNA" includes things like certificates and encryption keys, which I will discuss in a future blog entry.
Lotus Notes names are called "hierarchical", and are composed of various components.
Alan Lepofsky is my Common Name or CN, Cambridge is my Organization Unit or OU, IBM is my Organization or O.
Lotus Notes and Domino security features internally think of me as "CN=Alan Lepofsky/OU=Cambridge/O=IBM", which is called the Canonical format of my name.
While security is extremely important, it is often an area than users don't think about, and contains concepts that they don't understand. To try and help with this, I'm going to author a series of blog entries which will cover various fundamentals of ND security. I'll try and keep each topic short so that there is not too much information to digest at one time. I'll begin with an overview of how things are named, as this is a critical component for almost all other security features.
ND security begins with something called an Organization Certifier. Your Lotus Administrator uses this certifier to create all the people and servers in your company. The creation process is called Registration.
If your company is small (not many users and servers) you can use the Organization Certifier to register everything. But if your company is larger you can divide up your company into many smaller Organizational Units, helping ensure that each name is unique in your organization.
For example, at IBM our Organization is simply and appropriately named "IBM". To help make management of the 350,000+ servers and people around the world more granular, we have divided things into many smaller "Org Units". Users are registered based on the city they work in, and servers based on the function they provide such as mail or applications. The image below shows the relationship:
At the far right you see my name is "Alan Lepofsky", which was registered by the "Cambridge" Org Unit, which belongs to the "IBM Organization".
I access my mail on a server named CAMMAIL01, which was registered by the "Mail" Org Unit which is also in the "IBM Organization".
You could say my server and I come from the same grandparent.
The above information probably introduced you to a lot of new terms. While it is not important for you to really understand certifiers and registration, what I do hope is that this has made you think about your own Lotus Notes name. How does it relate to your co-workers around the world? How does it relate to the servers that you access? This information can help you understand more about how your company uses Lotus Notes/Domino.
Coming up next: "Can I see some ID please?" which will explain how your name is linked to an ID file.
Advanced Information
When users and servers are registered, they are given more that just a name. The certifier is almost like a parent, as it passes on some "DNA" to the people and servers that are created via registration. This "DNA" includes things like certificates and encryption keys, which I will discuss in a future blog entry.
Lotus Notes names are called "hierarchical", and are composed of various components.
Alan Lepofsky is my Common Name or CN, Cambridge is my Organization Unit or OU, IBM is my Organization or O.
Lotus Notes and Domino security features internally think of me as "CN=Alan Lepofsky/OU=Cambridge/O=IBM", which is called the Canonical format of my name.
