A system and method for providing security for newly spawned spaces in a distributed
computing environment. A client may access a first space service. The creation
of a second space may be requested, such as by the client sending an appropriate
request to an interface of the first space. In one embodiment, the first space
and second space may share a common storage model, storage facility, and/or XML
schema. The second space may initially be configured to permit access only to the
requesting client. In one embodiment, a root authentication token is created for
the second space. An authentication service associated with the second space may
be initialized, whereby the second space is configured to permit access only to
a client holding the root authentication token. The root authentication token may
be sent to the requesting client or service. The requesting client may send the
root authentication token to a second client. The second client may then access
the second space by sending to the second space at least one of the messages specified
in the second schema along with the root authentication token. The requesting client
may also modify the initially configured security policy of the second space such
that the second space is configured to permit access to other clients.