The first contact that a user has with the security system is usually a user authority object, which determines who the user is. At its most basic, the user authority object simply provides a persona object for a user with a particular name.

Oracle ATG Web Commerce’s central user authority object is in Nucleus at /atg/dynamo/security/UserAuthority and is an instance of the UserDirectoryUserAuthority class. This class takes the account information from one or more user directories and exposes it through the UserAuthority interface. In the standard configuration, both the ATG Control Center and Profile account information are exposed.

The user authority object also can be responsible for authenticating a user. How it does so depends on the implementation. Typically, a user authority authenticates users through name/password verification, but any sort of identification system is possible, including smart cards, certificates, biometrics, or even profiling—for example, a user can be granted or denied access based on responses to a questionnaire.

There are three user authorities that use the name/password verification approach:

All other security objects refer to the user authority to provide namespace separation between different authentication schemes. Two users with the same name (such as peterk) have two different identities to an Oracle ATG Web Commerce application if they are authenticated by two different user authorities. A single user authority often is shared by multiple security objects to obtain single-log-on functionality.

For more information about configuring the ATG User Directory, see the ATG Personalization Programming Guide.