Member subsystem
The Member subsystem is a component of the WebSphere Commerce Server that includes data for participants of the WebSphere Commerce system. A member can be a user, a group of users (also known as a member group), or an organizational entity (which can be an organization, such as "IBM" or an organizational unit within an organization, such as "Electronic Commerce Division"). Business logic in the Member subsystem provides member registration and profile management services. Other services which are closely related to the Member subsystem include access control, authentication, and session management.
The Member subsystem allows its users and organizational entity members to be assigned roles depending on the activities in which they choose to participate. Role assignment is the responsibility of an administrator, such as a Site Administrator. Once a member is assigned a role, access control component authorizes the member to participate in activities associated with the role. For example, an organization can be a buyer or a seller, or both. A user can also be assigned multiple roles.
The Member subsystem also allows you to create member groups, which are groups of users categorized for various business reasons. The groupings can be used for access control purposes, for approval purposes, as well as for marketing purposes, such as calculating discounts, prices, and displaying products.
The following features are associated with the Member subsystem:
- Registration information. Registration data for users and organizational entities can be configured to be stored in the WebSphere Commerce database or the directory server. Member groups data can be stored only in the WebSphere Commerce database. For authentication purposes, a registered user has a unique identifier and a password. If the WebSphere Commerce database is used as registry, the unique identifier is the logon ID. If the directory server is used, the unique identifier can be a DN or a relative distinguished name. Depending on the site, an administrator (such as the Site Administrator or Buyer Administrator) may or may not have to approve user self-registration. If an administrator registers a user, the administrator either asks the user to select a logon ID and password, or the administrator assigns one to the user. In this case, no approval is required to create the registration profile. For an organizational entity, only an administrator can create a new registration profile and approval is not required.
- Profile management. A Site Administrator manages user and organizational entity profiles and data, including the organizations or organizational units, roles, users, and member groups within a site. In addition, a Buyer Administrator and Seller Administrator can manage users and organizational entities.
- Access control or authorization. Access control determines what tasks users can perform on specific resources. An access group is a group of members defined specifically for access control purposes. A Site Administrator creates, maintains, and deletes access groups for a site. A Buyer Administrator or a Seller Administrator can also manage access groups for access control policies. Access groups typically group users based on their roles, organizations, and registration status.
- Security, authentication, and session management. A user can be authenticated against a WebSphere Commerce database or a directory server. WebSphere Commerce supports two challenge types: logon ID and password, and X.509 client certificate. When logon ID and password is used, a user is authenticated against the WebSphere Commerce database or a directory server. When X.509 client certificate is used, the Web server performs the authentication.