SECTET: an extensible framework for the realization of secure inter-organizational workflows

Purpose - This contribution aims to present the core components of a framework and illustrate the main concepts of a methodology for the systematic design and realization of security-critical inter-organizational workflows with a portion of a workflow-scenario drawn from e-government. It is additionally shown how the framework can be adapted to incorporate advanced security patterns like the Qualified Signature, which extends the concept of digital signature by requiring a natural person to sign. Design/methodology/approach - The framework is based on a methodology that focuses on the correct implementation of security-requirements and consists of a suite of tools that facilitates the cost-efficient realization and management of decentralized, security-critical workflows. Findings - The framework has been prototypically validated through case studies from the healthcare and e-government sector. Positive results in pilot applications with industrial partners encourage further steps: the set of supported security requirements is continuously extended (e.g. rights delegation, four eyes principle), a testing environment for industrial settings is being implemented, and the requirements for the efficient management of inter-organizational workflows are being analysed systematically. Practical implications - The framework caters to the needs of an industrial audience, in need of a cost-efficient support for the systematic and correct realization of secure, inter-organizational workflows. Originality/value - The contribution provides a description of the SECTET framework. It is shown how it can be adapted to incorporate advanced security patterns like the Qualified Signature, which implement a legal requirement specific to e-government.