• Philosophy: Microsoft approaches security from a resource perspective rather than an information perspective. Their application security model revolves around restricting access to "webs", a collection of files - or pages - that constitute an application, and to the specific directories and files within that web. This page-based approach does not distinguish between the information in an application and its logic. Specific information within a page cannot be secured unless developers write complicated code each time granular security is required.

• Multiple Security Models: Security in Microsoft applications is provided by several distinct systems: at the very least, Windows NT, IIS, and Front Page Server Extensions all provide a piece of application security. Often, the security model of a backend system provides a piece as well. Since ASP applications lack integrated core services, such as database storage or messaging, they often require additional systems be used to provide these services. Because each system has its own security model, access is defined and managed in multiple places through multiple administration interfaces, usually with inconsistent functionality across products.

Domino provides the flexible security model needed for protecting information in today's Web applications. It is centered around information, not around resources such as files and directories. It provides granular access to information through a sophisticated access control model, and extends this model to allow application developers to define "user roles" which specify actions specific users can perform based on their role in the application. This document explains Microsoft's security model from an application perspective ( i.e. how information is protected once a user has been authenticated), highlights its limitations, and contrasts it to the Domino application security model.

By Comparison

Resource Based Access: Security within a Microsoft Internet application is based on securing files and directories that compose the application. This resource-based security model is rigid and limited. To provide any level of granular security requires custom script to be written on each page, and modified as the application's access requirements change.

By comparison, Domino approaches security from an information perspective because Web applications mean sharing information amongst many people, some having more privileges to that information than others. An information centered security model allows the information to be secured, not only the finite elements (e.g. pages or directories) within an application. This means access control is defined once through a single, intuitive interface, and enforced regardless of how an application uses that information. It also means the application's security definitions are consistent even when it is distributed to multiple servers: Domino's security model is maintained through replication so application security definitions can be managed centrally, and a user's access level is consistent, regardless of where the application is physically located.

Multiple Security Models: Microsoft Internet applications rely on security defined in many different systems: Windows NT for file permissions, IIS and NT for authentication mechanisms, Front Page Sever Extensions for web permissions, and the different security models of systems providing core infrastructure services to the application.

By comparison, Domino maintains a consistent security model across all applications, including email. Accessing backend systems to incorporate existing data into Domino Web applications still requires access from the source system. Because Domino's integrated object store provides a default storage mechanism, it eliminates the need to define and access storage mechanisms for each application. Domino's integrated messaging service eliminate the need to access backend messaging services to incorporate workflow into applications. When the need to integrate a transactional or relational system arises, many connectivity options are available. Using the MQ Enterprise Integrator, which is part of the Domino.Connect enterprise integration toolbox, developers can maintain a single logon to a Web application. The MQEI Security database maps Domino users to backend system authentication credentials and protects that database with Domino's rigid security. However, backend system access is only needed when blending structured information from existing systems into the unstructured world of web applications, not for providing core services to the application.

Limited Access Level Granularity: Microsoft permissions can be set at the file or directory level but cannot secure information inside that file. Because of Microsoft's resource-centered approach to security - rather than an information-centered approach -, there is no concept of secured sections, information editors, information authors, information depositors, or user roles that restrict access to actions as well as information. To achieve this level of sophisticated security, complicated and inflexible scripts must be written for each page in an application that requires this level of specificity.

By comparison, Domino provides 7 levels of access control, including several permutations, within an application, defined from a point-and-click dialogue interface. Domino not only extends security to a document, but also within a document by allowing sections and fields of information to be secured, developer defined roles to restrict access to certain information and actions, or access control to parts of a document through value-based conditional expressions evaluated at run-time

Multiple Points of Administration: Security for a single application can require settings to be configured from many different tools: permissions are set from Windows Explorer, authentication methods are chosen from the Internet Service Manager, global application settings are set from the development tool - Front Page or Visual InterDev-, and backend system access is administered through the source system itself.

By comparison, access to information and actions for a particular Domino application are managed within the application itself, using access control lists, role definitions, reader/author name fields, value-based conditional expressions etc.

Single Logon EXCEPT: Microsoft claims that using IE and IIS provides a single logon to a company's intranet environment. While this is true for accessing HTML or basic ASP files on IIS, it is not true when accessing an ASP that incorporates information from another system. Since Microsoft's Internet applications do not have an integrated storage mechanism, this issue applies to virtually all dynamic or personalized applications.

By comparison, with Domino's support for SSLv3 and X.509 certificates, access to Domino applications can be gained without manually supplying a username or password. Although access to backend systems is controlled by the system itself, using Domino.Connect's MQ Enterprise Integrator allows system authentication credentials to map to Domino users and maintain a single logon to a Domino Web application. Additionally, Domino's integrated object store eliminates the need to define or access these systems as the application's primary storage mechanism.