There has been some excellent activity by some heavy-weights in the Commerce Server world. Sadly, I haven’t been contributing very much on my blog, as I am desperately trying to complete my book.

It started with Søren Spelling Lund’s two-part series (and maybe more?) on what it’s like developing with Commerce Server 2007.

In this post, Søren highlights the high-level of security that has gone into Commerce Server 2007, calling it “both a blessing and a curse.” He attributes this to the flexibility and granularity of the security system, in addition to the complexity that comes with it. Commerce Server 2007 makes use of the Windows Authorization Manager for security. See the following links for more information: Developing Applications Using Windows Authorization Manager, and Managing Authorization Policies.

Søren also highlights the Distributed Transaction Manager and use of MSDTC and System.Transaction in the .NET Framework 2.0.

Søren discusses three different data access systems for Commerce Server 2007, based on the subsystem with which you’re working (i.e. the Profile system, the Catalog system, and the Order system). Take a look at his post for the specifics. I would also suggest you take a look at MSDN for some additional information on developing with Commerce Server 2007.

Not to be out-done by Søren, Max Akbar took some time out of his busy schedule to post a great article on caching and Commerce Server 2007.

Max highlights a number of important topics, including: the Catalog cache, Web.Config settings, refreshing the cache, the cache size, the cache location, how to use your own caching.

As always, Max’s post is a great blend of information and code snippets.

Last, but certainly not least, Tom Schultz contributed to the discussion of caching by highlighting a mixed-authentication solution for the SiteCacheRefresh HTTP handler.

Tom shows how the SiteCacheRefresh HTTP handler provides Commerce Server with caching capabilities. He goes beyond this, however, when he points out that by default the ASP.NET site uses forms authentication. Since the web site can support either forms or windows authentication, a mixed authentication model is required. Tom shows you how to construct this by taking aspects of the Starter Site

All in all, great stuff!