A network security domain is a network for which every authorized user satisfies a certain level of trust (i.e., a security clearance) and all of the data is at least nominally considered to be of a certain level of sensitivity (i.e., a security classification). Different network security domains may be used to handle tasks of different security levels for a given organization. In some cases, network security domains might belong to a coalition of partners that are conducting joint operations.
In many situations, network security domains are connected to one another, but the different domains are extremely cautious about what information is allowed to pass between them. As a result, most cross-domain information flows require some human intervention to ensure that the requirements for releasability are met. In many cases the data traffic between network security domains is transferred by individual, authorized administrators after reliable human review. Such intervention is expensive and slow, and can form a bottleneck in operations. Unfortunately, fully automated sharing of information across security domain boundaries is also fraught with difficulties. This is particularly so when the data to be shared is arbitrary, or sufficiently free-form to encode a wide range of sensitive information.