Work Product Descriptor (Artifact): Business Domain
A Business (Security) Domain is an environment or context that is defined by security policies, security models, and security architecture, not to be confused with a area of control or a sphere of knowledge.
Relationships
Container Artifact
Main Description

A Business (Security) Domain is an environment or context that is defined by security policies, security models, and security architecture, including a set of resources and set of system entities that are authorized to access the resources. A Business Domain is managed by a single authority, and may contain one or more sub-domains. Different sub-domains are created when security models or policies (and possibly architecture) are significantly different from one domain to the other, or are conflicting. Separate logical domains provide clearer separation of concerns and ease policy enforcement and system management. Synonyms: security domain or policy domain.

Do not confuse this with an area of control or a sphere of knowledge, for example the HR domain.

Properties
Optional
Planned
Key Considerations
Normally an architecture deals with a single Business Domain and therefore it may be left off (but documented in the preamble to the architecture description), however if it is required in a viewpoint then a simple rectangular background geometric shape (of an appropriate color if desired to illustrate the fundamental nature of the Domain) may be used to depict the Security Domain, with the name applied to one corner or on the boundary (e.g. “COMPANY-CONFIDENTIAL” or “SECRET”).
Tailoring
Representation Options

A Business (Security) Domain is an environment or context that is defined by security policies, security models, and security architecture, including a set of resources and set of system entities that are authorized to access the resources.

UML Representation: «stereotype» BPL_Domain

Extends: «metaclass» Node and «metaclass» Classifier and «metaclass» Package

It has the following properties:

  • id: string - This attribute is used to uniquely identify elements.
  • name: string - A descriptive name for the Domain.
  • authority: string - The authority for the Domain, normally defined as a specific organizational position within the enterprise or business line (e.g. COO).
Constraints
  • Contains (classifies) one or more Zones;
  • Cannot contain other domains.
More Information
Concepts
Guidelines
Supporting Materials
© David W. Enstrom, 2025. All rights reserved.