Thoughts on droplets v. Notes
Tue, 2 Nov 1999 10:55:33 -0500

> While the
> specific encodings are different, the Lotus
> Domino server uses an
> essentially similar mechanism for naming Notes
> objects in web-based
> presentation -- even the format of the URL is
> highly similar.

I've put in a query to someone at Lotus to double check my understanding,
and if the following is incorrect I will send out a followup.

My understanding is that Notes assigns cryptographically protected object
identifiers.  I do not know if this is accomplished by sparse allocation or
by conventional allocation followed by signing of some form.  I submit that
for our purposes the difference may not matter.

These id's can name records or views on those records.  The first may be
thought of as the full object interface and the second as a particular
thinning of the interface.

In Notes, holding such an ID is a necessary but insufficient condition for
using the view.  The user must in addition have authenticated to the notes
server.  That is, Notes implements a hybrid protection model through this
interface incorporating both capabilities and ACLs.

I concur that the model is hybrid, and I have my own reservations about the
Notes ACL model.  That doesn't make the capability portion of the
protection mechanism any less a capability.

However, as I said in previous posting, I'm not aware of any
session-specific capabilities.

> Session identifiers are also more guessable than
> Swiss numbers, so this ACL system might be insecure.

I'm not aware of any inherent reason why session identifiers should be more
guessable than Swiss numbers.  Indeed, session identifiers can be
implemented using Swiss numbers.  This is essentially what is done in IPv6
for example.  Given their security history, I would be surprised if Lotus
has bothered to use Swiss numbers for session identifiers, but that, at
least, is a flaw in the implementation rather than in the basic design.

Jonathan S. Shapiro, Ph. D.
Research Staff Member
IBM T.J. Watson Research Center
Phone: +1 914 784 7085  (Tieline: 863)
Fax: +1 914 784 7595