Sectet: an extensible framework for the realization of secure inter‐organizational workflows

This contribution aims to present the core components of a framework and illustrate the main concepts of a methodology for the systematic design and realization of security‐critical inter‐organizational workflows with a portion of a workflow‐scenario drawn from e‐government. It is additionally shown how the framework can be adapted to incorporate advanced security patterns like the Qualified Signature, which extends the concept of digital signature by requiring a natural person to sign.

The framework is based on a methodology that focuses on the correct implementation of security‐requirements and consists of a suite of tools that facilitates the cost‐efficient realization and management of decentralized, security‐critical workflows.

The framework has been prototypically validated through case studies from the healthcare and e‐government sector. Positive results in pilot applications with industrial partners encourage further steps: the set of supported security requirements is continuously extended (e.g. rights delegation, four eyes principle), a testing environment for industrial settings is being implemented, and the requirements for the efficient management of inter‐organizational workflows are being analysed systematically.

The framework caters to the needs of an industrial audience, in need of a cost‐efficient support for the systematic and correct realization of secure, inter‐organizational workflows.

The contribution provides a description of the Sectet framework. It is shown how it can be adapted to incorporate advanced security patterns like the Qualified Signature, which implement a legal requirement specific to e‐government.