SERVICE PROVIDER

Securing the service provider environment
The service provider environment uses all of the standard IBM® Lotus® Domino™ security features to ensure complete security for the service provider and the hosted organizations that subscribe to the service provider services. An xSP environment that has multiple hosted organizations has potentially thousands of users whose access must be restricted to their own data only.

In addition, the service provider configuration uses extended ACLs in the Domino Directory to protect the data of each hosted organization from access by users in other hosted organizations. The extended ACLs required to support the xSP security model are automatically established when new hosted organizations are created. Plan and test carefully if you want to modify ACLs and extended ACLs in an xSP environment -- security is extremely important.

The authentication controls in Site documents control only who can authenticate and use the Internet protocols. After authentication, ACLs and extended ACLs control the data that can be read from and written to the Domino Directory.

For more information on extended ACLs, see the topic Elements of an extended ACL and for more information on ACLs, see the topics The database access control list and Configuring a database ACL.

A user in a hosted organization cannot directly access databases in any subdirectories other than the hosted organization's directory. Exceptions are the "help" and "common" subdirectories of the Domino data directory which contains databases accessible to users in all hosted organizations.

To provide users with access to databases outside that of the hosted organization's subdirectory, create a directory link within the hosted organization's directory.

For more information on how directory links work and how to create them, see the topic Creating directory and database links.

See also