When two (or more) entities (or members) enter into a coalition, they agree to share information, resources and other assets according to some set of negotiated rules. This paper addresses the issue of controlled and secure information sharing. Each member may have a large number of agents (people) who run programs that access information from the large number of servers run by the other member. The problem arises in managing the authentication and the access control at these service points. The issues are technical, as well as administrative. Compounding the problem is the large number of autonomous information servers that contain the information published by a single member. Administering and securing these is in reality intractable. We present a solution to the secure information-sharing problem, by separating the authentication function from the data access function. Then, by having only one authenticator per member and the use of digital certificates we show how a multiplicity of information sources can be managed and secured.