In Computer Supported Cooperative Work (CSCW), a group of users interact and collaborate using shared objects towards some common objectives. In CSCW literature, computer supported collaboration ranges from real-time synchrono us collaborations like online conferencing, interactive authoring of documents, to asynchronous workflow like collaboration in an office environment. Compared to traditional office automation workflow where activities are predefined and can be scripted, activities in real-time groupware systems are managed in an ad hoc manner.

   Key issues in CSCW so far have been group awareness, multi-user interfaces, concurrency control, and coordination policies wit hin the collaborating groups. However, we wish to address security policy specification models for collaborati on systems and policy enforcement in such systems.

   This project involves the design of a policy-driven middleware for building secure distributed collaboration systems from their high level specifications. Our specification model supports nested collaboration activities and uses role based security policies and event count based coordination specification. From the specifications of a collaboration environment, appropriate policy modules are derived for enforcing security and coordination requirements. A policy-driven distributed middleware provides services to the users to join roles in an activity, perform role specific operations, or create new activities.

   In our model, a policy-driven collaboration system is realized in three steps. Initialy, the coordination and security policy for a collaboration is specified based on a schema. From the specification, various policy modules are derived for different kinds of requirements, such as role based security, object level access control, and event notification for coordin ation. Finally, through these modules, the collaboration environment is realized by a generic middleware. We have developed a specification model using XML, in which a collaborative system is defined in terms of activities, roles and objects. The model allows dynamic assignments of roles, ''separation of duties'' constraints, multiple user participation in a role, active security policies, and hierarchical activity definitions.

   The constraints and challenges in designing such a middleware are as follows:

• All nodes within a distributed system cannot be trusted. Collaborating users work wi thin their own local environments, which can be tampered with, and therefore policy enforcement and verification cannot be carried out at the user's end. However, within the system, certain nodes may be anointed as "trusted". Management activities and storage of shared data may take place at such nodes.
• Each user in the system has a view of the policy, which is specific to his/her role. These views need to be securely distributed to the collaborating users. Due to the dynamic nature of the specification, these views may change at runtime and need to be appropriately updated.
• Policies are required for secure storage of shared objects in a collaboration enviro nment. Access control policies for an object can change based on context specific condition s for a collaboration. During the life cycle of an object, the trusted nodes for the object can change. Roles within different activities represent different entities and need to be managed in their own domain of trust. Role management policies have to be established.
• Operations performed by the users need to be securely communicated to other parties for coordination and security purposes. Enforcement of coordination conditions has to be delegated only to secure nodes.