ID Vault Security

An ID vault provides several layers of security.
  • Protection against the use of an unauthorized vault  A user ID can be uploaded to a vault only if a parent certifier of the user ID has issued a Vault Trust Certificate to the vault. This prevents a rogue administrator from creating an unauthorized vault and uploading ID files into it.
  • Protection against unauthorized downloads of IDs  ID downloads from a vault are password-protected. If ten incorrect consecutive passwords are specified during one day in an attempt to download an ID file from a vault to a client, downloads are disabled for that ID for the day. To download the ID that day, the password must be reset on it. For additional protection, administrators can require authorization for all ID downloads.
  • Protection against unauthorized password resets A person requires a Password Reset Certicate issued by a parent certifier of a user ID to reset the password on the ID through the Domino Administratator. A custom password reset application, for example, one that enables users to reset their own passwords, requires a Password Reset Certificate issued to the identity under which the application runs and to each server on which it is deployed.
  • Protection against unauthorized access to the vault contents The Notes ID vault server's ID file is integral to the protection of the vault's contents. It is extremely important to protect the vault server's ID file from unauthorized access.
  • Protection against unauthorized access to data transmitted over the network All ID vault transactions between clients and servers are encrypted.