Virtual organizations are dynamic, interorganizationalcollaborations that involve systems and servicesbelonging to different security domains. Several solutions havebeen proposed to guarantee the enforcement of the accesscontrol policies protecting the information exchanged in adistributed system, but none of them addresses the dynamicitycharacterizing virtual organizations. In this paper we proposea dynamic hierarchical attribute-based encryption (D-HABE)scheme that allows the institutions in a virtual organizationto encrypt information according to a policy in such a waythat only users with appropriate attributes can decrypt it. In addition, we introduce a key management scheme thatdetermines which user is entitled to receive which attributekey from which domain authority.