Domino the Identity Server

Feb 11, 2014, 9:10 AM

Tags: domino

As seems to happen a lot lately, my fancy was struck earlier by a Twitter conversation, this time about the use of Domino as a personal mail server. Not only do I think there's potential there, but it should go further and be a drop-in replacement for personal mail, calendar, and contacts storage.

I think there's tremendous value in controlling your own domain and the services on it, without being permanently attached to someone else's name for an email address (your school, your company, your ISP, Google). This is good not only for personal freedom, since it lets you pack up and move at will, but also for security, since a large third-party mail service is a particularly juicy target.

Unlike Domino's inherited-but-abandoned place as the preeminent NoSQL server and replicating app-dev platform, Domino is just barely shy of being this server. You could already hit the three main services reasonably well by using the Notes client or iNotes, but actual humans shouldn't have to do that. It's already (more or less) there for mail with IMAP, while support for CardDAV for contacts and CalDAV+public iCalendar feeds would round it out for the other two pillars. Technically, the only things standing in between the existing open-source WebDAV plugin for Domino and this imagined future are the complexities of plugin development and the RFC.

The other main aspects that could make this great are further refinements to Domino's existing capabilities: a bundled spam filter (say, one of the open-source tools that can do the job already) and a strong configuration focus on creating an SSL-secured public-facing server. Non-SSL variants of IMAP, POP (if you must - that could be removed entirely), and HTTP should be off by default and the configuration should encourage you to acquire SSL certificates with your own private keys (the Server Certificate Admin would need a revamp for proper key size and ciphers), as well as S/MIME certificates to tie with each user for signed/encrypted mail outside the Notes client. Though Domino's history with the NSA is... checkered, it's still remarkably well-positioned to provide a secure foundation to deter snooping eyes. Certainly, running a Domino server own your own or a rented/virtual server is leagues better than a fully-managed service in this respect.

Having those features in place and smoothly integrated with a nice setup assistant would make for a very compelling product: an all-in-one, easy-to-install server that runs on several modern OSes and handles secure replication across physical locations at already-actually-affordable prices. Admittedly, I don't know how compelling that product would be for IBM's accountants, but it's certainly compelling for me, and the world could use more decentralization like this.

Commenter Photo

Steve - Feb 11, 2014, 12:09 PM

I think it would be great if IBM did something like this.  I use SmartCloud Notes and maintain a collaboration express license for my home server. I run fetchmail on my home server to bring my gmail and yahoo into my notes mail.  The only thing I'm missing is a way to choose my from address when I'm sending an email...

Commenter Photo

Darren Duke - Feb 11, 2014, 12:41 PM

Sounds a lot like the (very. very) short lived Lotus Foundation Server.....except with some other neat stuff like the DAVs. I would think some enterprising developer could create OSGI tasklets to perform much of this. But don't expect IBM to do it.

Commenter Photo

Nathan T. Freeman - Feb 11, 2014, 1:20 PM

Jesse, regarding the NSA key thing, I confirmed with Dave Kern at IBM Connect that the differential workfactor stuff has not been in use since Notes R5. The DOD removed the requirement for IBM quite some time ago.

Commenter Photo

Jesse Gallagher - Feb 11, 2014, 1:47 PM

Darren - I may end up having to be that enterprising developer, if my desire crosses the threshold to defeat the imposing mountains that are the specs for CalDAV and CardDAV... and I have the non-client-work time to dedicate to it. The lack is the remaining thing keeping my company email on Google's servers.

Nathan - excellent. I had figured it was gone, but it's always better to have more confirmation, particularly since it's closed-source.

New Comment