Abstract: This invention relates to a system and method for establishing a secure group of entities in a computer network, such as those originating from different trust domains, for the purpose of protecting the activity being executed. The invention allows for the on-demand automated creation of a virtual security perimeter around an arbitrary group of services originating from different trust domains. The security perimeter allows the activity being executed within the group to be protected, and for inter-group messages and communication to be kept confidential. A shared security context is also provided by which the group can be regulated, and new entities can be invited to join the group. The preferred embodiment of the invention has application to service orientated architectures and preferably makes use of existing technologies, such as W3C web services and security protocols, and OASIS service co-ordination protocols.