The convergence of service and telecommunications technology is enabling new and more dynamic forms of virtual collaborations, where networked entities, be them (human) agents, applications, or service instances, share information and resources in order to achieve a common objective. Such collaborations are usually dynamic, often short in duration, and enacted by potentially large groups of collaborating peers which may join or leave the group as needed. They cut across organizational boundaries, therefore taking place on open networks (such as the Internet) and they may involve complex policies constraining possible interactions. This paper introduces a novel architecture that supports the dynamic formation and self-management of virtual collaboration networks understood as coordinated groups of peers which reside in different organisational domains. Our main goal is to allow the enforcement and management of dynamic security perimeters that contain and protect such virtual collaboration networks. This is achieved with the use of certificates to assist the policy distribution, and the multilayered mechanism for the distributed policy enforcement, residing at the each participating entity. The dynamic re-sizing of the security perimeters, and the communication within, is facilitated with the group management protocol that is both scalable and secure.