Monday, February 4, 2013

ConnectOSphere 2013 report

What's coming next

Now let's turn our attention to what's coming next. This is, after all, DominoPower magazine, not ConnectPower, so I'm going to concentrate on Notes and Domino.

Mostly that's because it's where I'm specifically interested, and I guess you are too, but also because, as ever at ConnectOSphere, it's just not possible to be in the several places at once that would be required to cover everything, and there is after all, just one of me.

The major news in Notes and Domino is Release 9, formally known as Notes 8.5.4. ND9 is now fully blue-washed. It's now IBM Notes and IBM Domino, going with the IBM XWork server that debuted in 2011. On-screen, the yellow and orange icons and splash screens are gone, replace by new icons in blue.

I'm hopeful that many of you are aware, too, that IBM Notes and Domino are already available as a public beta, and that quite a few of you will have installed it and been trying it out. On the face of it, you might think that there's not really much too it, but, depending on your specific interests, you'd almost certainly be wrong. There's a lot of new stuff.


Start with the Domino server. Most of the new stuff here is to support things that are required for the various client platforms and the changes that have been made there, but there are a few things of specific interest to Domino Admins supporting and maintaining Domino infrastructures,

First up is Security Assertion Markup Language (SAML) support. SAML provides for federated identity. Quote, from the ND9 release notes: "Federated identity is a means of achieving single sign-on, providing user convenience and helping to reduce administrative cost. Notes/Domino federated identity for user authentication uses the Security Assertion Markup Language (SAML) standard from OASIS."

It works by having the user provide log in details to an Identity Provider (IdP), which then offers credential details to any and all applications that need it, with no extra logins required. Both Domino and Notes can obtain credentials this way, to authenticate http access and to unlock Notes ID files from a Vault.

As you might imagine, configuring all this isn't a trivial task, and it will require the use of a third-party IdP (Windows Active Directory or Tivoli Federated Identity Manager are examples), but all of this gets a good step closer to genuine single signon across multiple and diverse software environments.

Next, and also in the security and access arena, you can install -- it's part of the installation kit -- an IBM HTTP server as a front-end reverse proxy to Domino, and use that server to support TLS. Again, there's a bit of configuration work required, but this is a welcome addition.

Then there's some changes in return-receipt handling, managed by Policies, that can be used to prevent inbound email requesting return receipts, and also to suppress RR requests on outbound emails. As well as reducing mail volumes, RRs have been used in the past as ways to probe whether people are at work or away -- a type of hacking by social engineering -- so its nice to see this update.