PCI Compliance and Commerce Server

A question that has arisen several times in recent weeks is what is required from Commerce Server from a PCI/CISP compliance perspective. The short answer is that Commerce Server falls above the stack required for PCI/CISP compliance.

The certification is required for infrastructure level components. Because Commerce Server is software, it would fall into Payment Application Best Practices but is not actually mandated for compliance.

Content Management and Commerce Server 2006

Several questions have come up from various sources regarding Content Management in Commerce Server 2006 (and as a sub-topic, SharePoint integration). I figured now would be a good time to answer these – but be forewarned that it is a long post…

Back several years ago we had MSIB – which provided better documentation for CS2000 and CS2002 with Content Management Server (CMS), code to integrate CS and CMS since you really could not use the two together, MOM2000 management packs for both, and a production ready starter site encompassing both CS and CMS.

Better documentation is now part of our core products. The same goes for MOM2005 management packs. These are, in fact, requirements as part of the Windows Server System Common Engineering Criteria (WSS CEC). Hence, the need for these parts of MSIB goes away with the 2006+ generation of products which all fall under the WSS CEC.

As has been reported in a number of forums elsewhere, CMS functionality is being folded into the next generation of SharePoint products. Commerce Server is, of course, continuing with the forthcoming CS2006 release.

So, in effect, this all brings us to how CS2006 and SharePoint will work together going forward. Both technologies are heavily based on ASP.NET 2.0 and rely upon common authentication, common page design/authoring frameworks, etc. Given this and the fact that there is now a comprehensive set of APIs and Web services for getting access to CS data, integrating the two products and deploying them together will not be challenging.

Some specifics:

  • Next-generation SharePoint is heavily based on ASP.NET 2.0 Web Parts going forward
  • The CS2006 Starter Site includes an ASP.NET 2.0 User Control gallery. These controls implement the necessary interfaces to also be used as Web Parts.
  • Hence, the Starter Site’s runtime controls can be easily repurposed to be deployed in a next-generation SharePoint portal site.
  • Alternatively, the CS APIs and Web Services can be called or databound directly from SharePoint.
  • Next-generation SharePoint Search can databind to our Catalog.

Given all of this, the need for specific integration code to make the products deploy together is really not needed. When next-generation SharePoint releases, we will include guidance on deploying this in one of our regular documentation refreshes for CS2006.

The production ready e-commerce site requirement will be fulfilled through the new CS2006 Starter Site.

With all of this, the need for MSIB goes away and hence the reason why it will not be updated. Likewise, the existing Content Connector bits in the existing MSIB will not be revised for CS2006 given that CMS functionality will be folded into SharePoint in the not too distant future.

Additionally, given the other API additions/improvements – making CS2006 work with other content management systems like InterWoven also won’t be a difficult task.

Hopefully this clarifies the world of content management and CS2006.

Commerce Server 2006 in the News (quite a bit, actually)

Last week we had the official press release regarding the CS2006 Beta and announced our public release date (July 2006). It is at http://www.microsoft.com/presspass/press/2006/feb06/02-20CS06BetaPR.mspx.

We have gotten quite a few good follow-up articles, including:

Going Global: Globalization Moves Up Microsoft Feature List
CXO Today: Microsoft’s Nex-Gen Commerce Server Technology
BetaNews: MS Issues Commerce Server 2006 Beta
VNunet: Microsoft unveils next-gen Commerce Server
Microsoft Watch: Commerce Server 2006 Due in July
IT News Online: Microsoft Releases Commerce Server 2006 Beta
Internet News: Microsoft Commerce Server in Beta
IDG News Service: Microsoft tests new Commerce Server
CRN: Microsoft Highlights Commerce Server 2006 Beta