diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
index e7f0a2a6c..0948736b4 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
@@ -63,8 +63,10 @@ import org.apache.guacamole.auth.jdbc.connection.ConnectionParameterMapper;
 import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper;
 import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionService;
 import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionSet;
+import org.apache.guacamole.auth.jdbc.sharing.HashSharedConnectionMap;
 import org.apache.guacamole.auth.jdbc.sharing.SecureRandomShareKeyGenerator;
 import org.apache.guacamole.auth.jdbc.sharing.ShareKeyGenerator;
+import org.apache.guacamole.auth.jdbc.sharing.SharedConnectionMap;
 import org.apache.guacamole.auth.jdbc.sharingprofile.ModeledSharingProfile;
 import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileDirectory;
 import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper;
@@ -170,6 +172,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         bind(GuacamoleTunnelService.class).to(RestrictedGuacamoleTunnelService.class);
         bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
         bind(SaltService.class).to(SecureRandomSaltService.class);
+        bind(SharedConnectionMap.class).to(HashSharedConnectionMap.class).in(Scopes.SINGLETON);
         bind(ShareKeyGenerator.class).to(SecureRandomShareKeyGenerator.class).in(Scopes.SINGLETON);
         bind(SharingProfilePermissionService.class);
         bind(SharingProfileService.class);
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/HashSharedConnectionMap.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/HashSharedConnectionMap.java
new file mode 100644
index 000000000..e3dff02a7
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/HashSharedConnectionMap.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.sharing;
+
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+
+/**
+ * A HashMap-based implementation of the SharedConnectionMap.
+ *
+ * @author Michael Jumper
+ */
+public class HashSharedConnectionMap implements SharedConnectionMap {
+
+    /**
+     * Keeps track of the share key to SharedConnectionDefinition mapping.
+     */
+    private final ConcurrentMap<String, SharedConnectionDefinition> connectionMap =
+            new ConcurrentHashMap<String, SharedConnectionDefinition>();
+
+    @Override
+    public SharedConnectionDefinition get(String key) {
+        
+        // There are no null share keys
+        if (key == null)
+            return null;
+
+        // Update the last access time and return the SharedConnectionDefinition
+        return connectionMap.get(key);
+
+    }
+
+    @Override
+    public void put(String key, SharedConnectionDefinition definition) {
+        connectionMap.put(key, definition);
+    }
+
+    @Override
+    public SharedConnectionDefinition remove(String key) {
+
+        // There are no null share keys
+        if (key == null)
+            return null;
+
+        // Attempt to retrieve only if non-null
+        return connectionMap.remove(key);
+
+    }
+
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SharedConnectionDefinition.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SharedConnectionDefinition.java
new file mode 100644
index 000000000..78ed62cdd
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SharedConnectionDefinition.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.sharing;
+
+import org.apache.guacamole.auth.jdbc.activeconnection.TrackedActiveConnection;
+import org.apache.guacamole.auth.jdbc.sharingprofile.ModeledSharingProfile;
+
+/**
+ * Defines the semantics/restrictions of a shared connection by associating an
+ * active connection with a sharing profile. The sharing profile defines the
+ * access provided to users of the shared active connection through its
+ * connection parameters.
+ *
+ * @author Michael Jumper
+ */
+public class SharedConnectionDefinition {
+
+    /**
+     * The active connection being shared.
+     */
+    private final TrackedActiveConnection activeConnection;
+
+    /**
+     * The sharing profile which dictates the level of access provided to a user
+     * of the shared connection.
+     */
+    private final ModeledSharingProfile sharingProfile;
+
+    /**
+     * Creates a new SharedConnectionDefinition which describes an active
+     * connection that can be joined, including the restrictions dictated by a
+     * given sharing profile.
+     *
+     * @param activeConnection
+     *     The active connection being shared.
+     *
+     * @param sharingProfile
+     *     A sharing profile whose associated parameters dictate the level of
+     *     access provided to the shared connection.
+     */
+    public SharedConnectionDefinition(TrackedActiveConnection activeConnection,
+            ModeledSharingProfile sharingProfile) {
+        this.activeConnection = activeConnection;
+        this.sharingProfile = sharingProfile;
+    }
+
+    /**
+     * Returns the TrackedActiveConnection of the actual in-progress connection
+     * being shared.
+     *
+     * @return
+     *     The TrackedActiveConnection being shared.
+     */
+    public TrackedActiveConnection getActiveConnection() {
+        return activeConnection;
+    }
+
+    /**
+     * Returns the ModeledSharingProfile whose associated parameters dictate the
+     * level of access granted to users of the shared connection.
+     *
+     * @return
+     *     A ModeledSharingProfile whose associated parameters dictate the
+     *     level of access granted to users of the shared connection.
+     */
+    public ModeledSharingProfile getSharingProfile() {
+        return sharingProfile;
+    }
+
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SharedConnectionMap.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SharedConnectionMap.java
new file mode 100644
index 000000000..2df4b2d76
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SharedConnectionMap.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.sharing;
+
+/**
+ * Represents a mapping between share keys and the Guacamole connection being
+ * shared.
+ * 
+ * @author Michael Jumper
+ */
+public interface SharedConnectionMap {
+
+    /**
+     * Associates the given share key with a SharedConnectionDefinition,
+     * allowing the connection it describes to be accessed by users having the
+     * share key.
+     *
+     * @param key
+     *     The share key to use to share the connection described by the given
+     *     SharedConnectionDefinition.
+     *
+     * @param definition
+     *     The SharedConnectionDefinition describing the connection being
+     *     shared via the given share key.
+     */
+    public void put(String key, SharedConnectionDefinition definition);
+
+    /**
+     * Retrieves the connection definition associated with the given share key.
+     * If no such share key exists, null is returned.
+     *
+     * @param key
+     *     The share key associated with the connection definition to be
+     *     returned.
+     *
+     * @return
+     *     The connection definition associated with the given share key, or
+     *     null if no such share key exists.
+     */
+    public SharedConnectionDefinition get(String key);
+
+    /**
+     * Invalidates given share key, if it exists, returning the connection
+     * definition previously associated with that key. If no such share key
+     * exists, this function has no effect, and null is returned.
+     *
+     * @param key
+     *     The share key associated with the connection definition to be
+     *     removed.
+     *
+     * @return
+     *     The connection definition previously associated with the given
+     *     share key, or null if no such share key exists and no connection was
+     *     removed.
+     */
+    public SharedConnectionDefinition remove(String key);
+
+}