2.9.7 External Security
Transaction processing services apply the following security measures to ensure the security of other entities with which they interact:
Support the mutual authentication feature of the protocol as specified in [MS-CMPO] when communicating over that protocol.
Establish all communication over HTTPS connections when using WS-AT.
Correctly execute the two-phase commit protocol so that all transaction participants experience well-regulated progress towards a common transaction outcome.
Do not allow transactions to stay in an in-doubt state for a longer period than the higher-layer business logic allows.
The other entities that interact with this system have to apply the following security measures to ensure their own security during interactions with this system:
If the other entity is a resource manager or a transaction manager, it takes security measures similar to those as described in Transaction Information Security (section 2.9.1), System Configuration Security (section 2.9.2), Message Security (section 2.9.3), and Event Security (section 2.9.4).
Support the mutual authentication feature of the protocol as specified in [MS-CMPO] where applicable, when communicating with transaction processing services.
Establish all communication over HTTPS connections when using WS-AT.
Correctly execute the two-phase commit protocol so that other transaction participants experience well-regulated progress towards a common transaction outcome.
Do not allow transactions to stay in an in-doubt state for a longer period than the higher-layer business logic allows.