Highly Dynamic Coalitions

Introducing the next big thing in service and component integration

According to Wikipedia, “a Virtual Organization (VO) comprises a set of independent organizations that share resources and skills to achieve its mission / goal, but that is not limited to an alliance of for profit enterprises. The interaction among members of the virtual organization is mainly done through computer networks”. Likewise, a Virtual Enterprise (VE) is a temporary alliance of enterprises that come together to share skills or core competencies and resources in order to better respond to business opportunities, and whose cooperation is supported by computer networks. It is therefore a particular case of Virtual Organization. The main differences among these definitions is that VOs are not necessarily dynamic and can rely on some non computer-based means of operation, while VE are only focused on for-profit organizations.


On the other hand a Dynamic Coalition (DC) is defined in [1] as “the means through which a group of entities with common interest collaborate to achieve significant mission objectives. The coalition participants are often distributed across geographic areas, have different levels of technological capability, and have language and cultural barriers to effective communication”.

The former concepts have been known for some time, but it is only recently that the advances in computing and communication technologies and the popularization of distributed computing paradigms is creating the necessary infrastructure for these concepts to be realized in practice. However, in order for those concepts to be accepted and realized in real world applications, security and dependability issues need to be appropriately solved. Unfortunately, we have currently no satisfactory solution for these issues.

We are interested in a subtype of these organizations that we have named Highly Dynamic Coalitions (HDCs) [2]. The main characteristic of HDCs is that they must be formed on-the-fly by means of computer and communication systems in order to respond to some request.

We have defined a novel model of HDCs that solves the main interoperability problems associated with the collaboration between independent and heterogeneous entities, using an architecture that facilitates the interoperability while maintaining the appropriate level of independence and control for each individual entity participating in a coalition [3]. To support our theoretical model of HDCs, we have developed an experimental but fully functional platform that allows us to build HDCs easily and to experiment with the concept.


The S2Labs Highly Dynamic Coalition Platform (HDCP) provides an environment to address cost-effective and competitive business aggregation preserving security assurance. HDCP is designed to facilitate the process of defining/creating Highly Dynamic Coalitions, registering partners (service suppliers) and making possible to final users to use HDCs as simple web services.

Organizations (e.g. SMEs) can register to the HDCP and select which HDC models they wish to participate in, which services they are wiling to provide, and what business roles to play. Unlike typical service orchestrations, partners registered to an HDC model are automatically selected, from a service providers set, when an HDC instance is generated, based on some business, quality, and security criteria, and become active participants from the moment the coalition is formed.

In a typical service provisioning model the service composition owner has no longer full control over the provided services. This lack of control (especially in critical domains such as financial, defense and healthcare) raises concerns about the security of these services. Given such a dynamic collaborative environment, guaranteeing security assurance of a coalition workflow model becomes of utmost importance since partners participating in a coalition will likely have heterogeneous security models for service provisioning.

The notion of security-by-design certified coalition enables coalition designers/owners to request a certification authority (CA) to certify whether the coalition workflow design supports certain security properties. The CA stipulates the security properties that provided services have to conform to.

The inner workings of the HDCP ensure that:

  • With each user request a new HDC is set up selecting providers trying to create the most efficient combination possible.

  • Selected service providers will always meet the functional and non-functional requirements (with emphasis on security requirements to preserve the security-by-design assurance) expressed during coalition definition phase [4].

  • In case of unavailability of one service supplier at runtime, a dynamic service replacement process is triggered to continue providing the HDC service.


[1] Gregory T. Byrd, Fengmin Gong, Chandramouli Sargor, Timothy J. Smith. Yalta: A Secure Collaborative Space for Dynamic Coalitions. In Proceedings of the 2001 IEEE Workshop on Information Assurance and Security . June 2001.

[2] A. Maña Gómez, H. Koshutanski. Highly Dynamic Coalitions – Drive forward eBusiness. eStrategies magazine, British Publishers, February, 2009

[3] H. Koshutanski, A. Maña Gómez. Interoperable Semantic Access Control for Highly Dynamic Coalitions. Security and Communication Networks, Vol. 3, No. 6, December, 2010

[4] J. Espinar Fernández, A. Maña Gómez, H. Koshutanski. Workflow Operational Assurance for Security-by-design Certified Service-based Coalitions. IEEE International Workshop on Security and Privacy Engineering, Assurance, and Certification (SPEAC 2013), June, 2013