OK. Stupid error message. It's changed multiple times over the years. At one point I believe it was something like "Sharing violation: If you want to access a database from more than one computer you must put it on a Domino server". That makes it pretty easy to see what the problem is. I'm guessing that some programmer changed it to make it more descriptive for a specific situation without realizing that the same message was being used in a lot of other circumstances. Worth reporting to IBM, maybe, depending on what version of the client was being used.

Items 1 and 2.... Problem: No backups, no shared address book. Solution: replicate the address book to the Domino server. Whenever you configure another computer, replicate it back down from the server and replace the empty one that the Notes install puts on the new machine for you. Other important data: your bookmarks, desktop configuration db, id file, etc can also be backed up to your file server via a login script. And in Notes 6.5x and above, you can use the "Roaming User" configuration feature to automate the process of maintining the replica of the address book and all other locally stored Notes data on your Domino server.

Item 3: What other email system does that? How about what other system in general? The answer is: any system that wants to be truly secure. Since you mentioned that this is a CEO, you've raised the perfect case. The type of security I'm talking about is the type that is capable of keeping a CEO's data secure, even from the eyes of a sysadmin with full admin privileges on the server.

So, what other systems besides Notes are designed around the idea of a local id file and password? Let's start with your browser if you use SSL3 certificates for authentication. Not too many people do that, but the support is there and it's far more secure than the cookie-based schemes that most sites use for authentication. Also, any other email program that supports S/MIME encryption is going to have to have something equivalent to the Notes DI. In both cases, your X.509 certificate is stored in a keyring file locally, and if you bother to password protect it (which you should, unless of course you don't actually care that your secure data isn't secure after all) the password is going to be applied locally. Any certificate-based security system that doesn't do this is making a compromise of some sort.

In the interest of balance, however, the majority of people don't need the level of security that the Notes ID and password scheme provides, and many companies don't want all their users to have this level of security since it creates a lot of potential administrative problems. Also, the rise of compliance regulations that require archiving of email messages creates a whole new set of problems if you enable security that locks out admins -- because archived messages can't be decrypted if admins can't get to the users' private keys. Still, ask a CEO if s/he'd like to have a system that gives iron-clad assurance that entry-level sysadmins aren't reading senior executive emails, and I think I know what the answer will be.

People have been asking Lotus for years to make the ID/password system optional so people who need encryption get it, and other people don't. It's not an easy thing for them to do because their entire identity management system is tied in with the crypto keys, but I know it's been considered many times and someday might happen. It's also worth noting that Domino Web Access uses regular name and password authentication, and it's a doggone good web-based mail interface that was built on AJAX technology years before GMail, and years before the term "AJAX" had even been coined.

Final note: What Lotus has been doing for fifteeen years is two-factor authentication. This is, in fact, becoming much more common these days for network authentication. As an example, I have RSA SecureID tokens from several of my clients, which I have to use in combination with a name and password. It's a similar principle, a little less clunky than the Notes ID file though because of the use of the pseudo-random number generator instead of a password to unlock the token. There are, btw, smartcard options for Notes authentication that can be used as an alternative to just using the Notes ID file, making the process pretty similar to using a SecureID token.

-rhs