Shel Sutton Assertion: Dynamic Communities of Interest (COIs) are a mechanism that can provide for protection of sensitive or private information in real-time without compromising the free flow of information within a formal or informal community (or information domain) that is fundamental to the successful use of distributed objects, mobile code, and other information sharing technologies. Discussion: It can be asserted that the ultimate success of the World Wide Web (WWW), the Object Management Architecture (OMA), and virtually any other information sharing technology depends on two seemingly diametrically opposed concepts -- the assurance that information can be freely shared and the assurance that access to information can be controlled. We all want access to the information that, for varying reasons, we perceive to be required or, at least, to be of interest. At the same time, we do not want someone prying into our proprietary information, whether this information is in a corporate database, on a home computer, or anywhere else. In other words, we must be able to choose what information we want to make available to others and what we do not. This sounds like it is a simple public/private decision -- one makes some information publicly available and holds the rest privately. The problem is not as simple as that though. One may want to make some information available for access by one group, other information to another group, and so forth. Additionally, some of the information that is desired to be shared can be common to more than one group. Many potential solutions to this problem exist where the individuals of the groups being granted access to information can be individually identified prior to such access. However, when the makeup of the groups may not be known at any given time, when the makeup of the groups varies dynamically in real-time. When the information being made available varies in real-time, and in many other cases, there are additional problems introduced that require that security control be exercised in terms of groups of individuals rather than just individuals themselves. The mechanism of dynamic COIs may be one way of dealing with these problems. Conceptually, a dynamic COI could be created, and dissolved, by an individual or organization, as needed, with permissions granted for access, etc. to one or more bodies of information based upon membership in one or COIs (The default, of course, is a universal COI, which is what we have had historically on the Internet.). Thus, the information made available to any community could vary dynamically, but be under the control of the owner of the information. The problem, then, is how does one control a COI. It would seem that there would need to be at least two, and maybe more, types of COI -- for want of better terms, let us call them Formal COI (FCOI) and Informal (ICOI). An FCOI would require some kind of application and/or registration with an identification and authenticating authority in order to grant membership to that COI. That authority could be the originator of the COI or some other more formal authority. Membership in an ICOI, could be granted by another member of that ICOI, leaving the identification and authentication authority with the originator of the COI. The key is to be able to grant or deny membership in a COI in real-time. Key to the concept of DCOIs is that they, their informational content, and their membership may vary in real-time and exist for any measurable length of time. In all cases, the final authority must rest with the originator of the COI. Sheldon C. Sutton Co-chairman, OMG Internet SIG Principal Information Technology Engineer, MITRE Corporation E-mail: shel@mitre.org