Sectet follows a multi-layered transformation approach. The layers introduce a mapping from the abstract security requirements to a set of gradually refined architectural alternatives guiding the security engineer through the engineering process (e.g., from the abstract requirement of authentication to the pattern brokered authentication to the pattern SAML-based authentication with trusted-third party). After completing the process, services needed are indicated and deployed, configuration policies distributed.

The following figure illustrates the concept of multi-layered transformation: