IBM SG24-6320-00 manual Member security services

4.Using WebSphere Commerce Loader Package (MassLoad)

WebSphere Commerce Loader Package is used for mass database updates. The MassLoad tool can be used for mass registration of users. This method is especially useful in the migration from previous versions, in database management, and in member registration exchange across WebSphere Commerce systems.

The registered users will manage their user profile by updating the registration information, adding, modifying or deleting address entries in the address book. Also, a customer service representative can update the user profiles.

Member security services

The following security services are closely related to the Member subsystem:

Roles

The Member subsystem allows its users and organizational entity members to be assigned roles. The roles define the activities that members are allowed to perform. Role assignment is the responsibility of the site administrator.

Authentication

WebSphere Commerce supports two modes of authentication:

–Basic authentication (using user ID and password)

This mode of authentication is the default and can be used with the WebSphere Commerce store database or an LDAP directory.

–Certificate-based authentication (using x.509 certificates)

The authentication mode is configured via the WebSphere Commerce Configuration Manager within the Web server tab of the instance properties.

Access control

To facilitate database management and ensure security, access to WebSphere Commerce must be restricted to specific individuals and organizations. The process of restricting access is referred to as access control. Access control can be defined as security guidelines that:

–Allow or deny a user of a system access to the resources managed by a system.

–Specify what actions the user can perform on each resource.

Access control is managed through the implementation of access control policies and policy groups.

– Access control policies

Chapter 2. WebSphere Commerce V5.6 Overview 17