The focus of this paper is on a specification model for defining security and coordination policies for distributed collaboration and workflow systems. This work is motivated by the objective to build distributed collaboration systems from their high level specifications. We identify here unique requirements for secure collaboration, specifically role admission and activation constraints, separation of duties, dynamic access control, and a model for multiuser participation in a role. We present a role-based model for specifying coordination and dynamic security requirements in collaboration systems. It also supports hierarchical structuring of a large collaboration environment using the concept of activities, which define a naming scope and a protection domain to specify security and coordination policies. We have implemented this specification model in XML and used it to construct the runtime environments for distributed collaboration systems using a policy based middleware.