Techniques are provided for dynamically managing security for document collaboration. A document is associated with a list of collaborators, which can access the document. One collaborator is an identity service. The identity service is capable of dynamically encrypting versions of an access key needed by a collaborator to access the document and capable of dynamically adding or removing collaborators from the list of collaborators.