在Domino服务器9.0.1中创建/配置服务帐户

Question

I am trying to access the IBM Domino Access Services 9.0.1, which is REST based service for accessing all calendar items. Lets say for getting calendar items for a user , i have to pass credentials of that particular user. I don't think it is feasible to store the user credentials in the client side and pass the same while accessing those service instead will create one service account in domino server and access the service using the same service account. Any idea how to configure in the domino side or how can i achieve accessing the calendar service without passing the credentials of the user. Looking for similar to what we have are having like Exchange impersonation.

Thanks Anil

Answer 1

It depends on what kind of application you are building. If each Notes calendar owner logs in to your application directly, it is possible to store the user credentials on the client side. Of course, your application would be responsible for securely managing the credentials. On the other hand, your application might require access to each calendar without directly involving the calendar owner. This can be the case for server-side applications.

Your question doesn't specify, so I'll assume yours is the second situation. In that case, you could create a user identity for your application and then add that identity to the Access Control List (ACL) for each mail file. There are two ways to modify the ACL: 1) You can change the design of the master template and let the design propagate to individual mail files, or 2) You can ask each user to delegate access to your application's identity.

The bottom line is the Domino calendar service acts on behalf of the authenticated web user. If that's the calendar owner, the calendar service will have full access to the calendar. If the web user is some other identity, access will be limited to the rights granted in the ACL. For more information about the ACL see this tutorial .