Last week we announced the latest release of Domino’s data science platform, Domino 4.3, which represents a big step forward for enterprise data scientists and the IT teams that support them. New features include a new Domino authentication service that will help IT teams scale while maintaining security and control.
Domino authentication service
Our customers use Domino as the system of record for data science, and as such, have strict requirements for user management. They would like to grant or limit access to data science systems, such as data sources or external services, based on the data scientist’s status within the Domino system, similar to what you would see with a SSO (Single Sign-On) system.
Domino is expanding its enterprise-grade authentication capabilities to include options for establishing trust with Domino APIs and third-party services through a short-lived Domino Token (OpenID) identity. These identity tokens can be used by any external service for authentication that accepts JSON Web Tokens (JWT) tokens and Domino’s JSON Web Key Set (JWKS). This capability effectively extends an identity from Domino to a third-party service.
Some of the services that could potentially utilize this identity service include:
- Okera, for data governance
- AWS AssumeRoleWithWebIdentity, for security credentials that work with OpenID Connect-compatible identity providers
- Vault, for secure access control to tokens, passwords, certificates, encryption keys and other sensitive data
- Custom APIs
When combined with Domino’s robust SSO capabilities, these enhancements make it easier for Domino administrators to grant or revoke user access while limiting where users are able to connect from. Domino is giving its customers the groundwork for creating an API to extend Domino’s identity, so IT has more security and control over its enterprise data science workflows.
Focus on Security
Domino is obsessed with providing enterprise-grade security, control, and reliability in all aspects of our platform. One of my areas of focus since joining Domino in May has been on setting up a proactive information security scanning process. Today, I’m pleased to report that Domino is meeting and exceeding stringent reviews by some of the most security-conscious organizations in the world.
As part of this process, we’ve made significant enhancements to our internal processes and tooling to comply with enterprise application monitoring and security reporting requirements, for example:
- Domino logs can be exposed to Fluentd-compatible aggregation tools
- Application health metrics can be integrated into Prometheus monitoring systems
- Container and dependencies support vulnerability scanning and remediation
Domino’s customers include over 20 percent of the Fortune 100. Working closely with the IT departments of these companies has helped us align our development roadmap to address their unique needs for supporting enterprise data science at scale. Domino 4.3 is the latest result of this relentless commitment to making sure that the most demanding security and control requirements are met, and often exceeded.
- Read about Domino’s SOC 2 Type II Certification.