A secure public sector workflow management system

In this paper we analyze secure access control and rights management concerns in a typical public sector Workflow Management System which orchestrates the control flow of an inter-European judicial process. We have classified a set of topics, that have not been adequately addressed so far, in our opinion, in three different categories: i) deriving consistent access control policies for workflow tasks, ii) the temporal (short-term) provisioning of access rights with certificates, and iii) enforcing access control on workflow tasks, with a focus on inter-organizational workflows. We will analyze these different concerns in this paper, and propose specific solutions where appropriate. We have validated our work in a case study, closely related to the scenarios developed within the eJustice project, concerning an inter-organizational workflow regarding the issuing of rogatory letters and arrest warrants for the improvement of inter-European investigations and prosecutions