Ad-hoc networks are perceived as communities of autonomous devices that interconnect with each other. Typically, they have dynamic topologies and cannot rely on a continuous connection to the Internet. Users' devices often do not have a priori knowledge of each other and cannot rely upon pre-existing shared information. This introduces difficult security issues when attempting to provide authentication, membership management and access control. Designing a framework, which allows the secure establishment and management of ad-hoc communities, remains a significant challenge. In this paper, we propose a novel policy-based security framework to facilitate the establishment, evolution and management of mobile ad-hoc networks. We introduce a community specification, called doctrine, which defines the roles of the participants in the community, the characteristics that participants must exhibit in order to be eligible to play a role, as well as the policies governing their behaviour within the community. Based on the doctrine, we propose a set of security protocols to bootstrap the community, manage the membership, and govern the access to the services provided by the participants. We have investigated the impact of mobility on the proposed security protocols and observed that the protocol is robust to changes in the network topology.