wissel.net

wissel.net

Usability - Productivity - Business - The web - Singapore & Twins

This article is part of a mini series. Read them all:

Domino Design Pattern

  1. Notes pattern : Inversion of logging
  2. Domino Design Pattern: Secret documents

Domino Design Pattern: Secret documents

Domino's stronghold is security. However security is only as good as you design it. A frequent requirement in applications is to store a data set that is partially confidential and partially available for a wider audience. When you store these 2 data sets in one document, it isn't too hard to have the confidential information slip out:
  • using the document properties in a Notes client
  • using the document rest service
  • the property control from openNTF
In a nutshell: if you have 2 sets of data with different levels of read access requirements, don't store them in one document. A well working pattern in Domino is the "Secret Document". The following picture illustrates the concept:
Use 2 documents to store 2 sets of information security requirements
The user is presented with one form, but saving the entered data is done in two documents. The documents are cross referenced using the UNID. This can happen two way (as shown in the picture): the public document's UNID is saved in the secret document and vice versa - or - one way, with only the secret ID in the public document. A few pointers:
  • Based on the application's need some of the public data get repeated inside the secret document if that needs to be displayed on its own (e.g. a salary list in an HR application)
  • To avoid data drifting apart the respective data would only get updated in the public document ever and then copied to the secret document. In classic Notes that is done using a on-change agent, while in XPages a session-as-signer code snippet will suffice.
  • For very sensitive data (like even the normal user shall not see), these data sets could be stored in their own encrypted NSF. Then the UNID might not be enough, but the full notes:// url would make more sense
  • In classic Notes the embedded form editor makes the user experience with 2 documents seamless
  • In XPages two (or more) data sources sitting on one page will do the trick
As usual YMMV

Posted by on 17 April 2014 | Comments (2) | categories: IBM Notes XPages

Comments

  1. posted by Patrick Kwinten on Wednesday 23 April 2014 AD:
    doesnt field encryption hide sensitive data from outsiders?
  2. posted by Stephan H. Wissel on Wednesday 23 April 2014 AD:
    Patrick: there is no field encryption on the web. Also this pattern helps when you have people who update the visible part. Try that if you don't have an encryption key. Furthermore for encryption to work you need to distribute a keys - a much cruder task than specifying reader fields.
    Each capability has its use. This pattern is for: one set of information that can only be partially visible and updatable by a varying set of users.