ID vault security

An ID vault provides several layers of security.

An ID vault provides protection against:

  • Use of an unauthorized vault -- A user ID can be uploaded to a vault only if a parent certifier of the user ID has issued a Vault Trust Certificate to the vault. This prevents a rogue administrator from creating an unauthorized vault and uploading ID files into it.
  • Unauthorized downloads of IDs -- ID downloads from a vault are password-protected. If ten incorrect consecutive passwords are specified during one day in an attempt to download an ID file from a vault to a client, downloads are disabled for that ID for the day. To download the ID that day, the password must be reset on it. For additional protection, administrators can require authorization for all ID downloads.
  • Unauthorized password resets -- A person requires a Password Reset Certificate issued by a parent certifier of a user ID to reset the password on the ID through the Domino® Administrator. A custom password reset application, for example, one that enables users to reset their own passwords, requires a Password Reset Certificate issued to the identity under which the application runs and to each server on which it is deployed.
  • Unauthorized access to the vault contents -- The Notes® ID vault server's ID file is integral to the protection of the vault's contents. It is extremely important to protect the vault server's ID file from unauthorized access.
  • Unauthorized access to data transmitted over the network -- All ID vault transactions between clients and servers are encrypted.