A key management service could be provided in a similar way. Suppose that the subjects from above need to set up a secure link between each other. We assume that symmetric keys are used and these keys are distributed using symmetric techniques [ISO96b, p.9]. The key management service in domain ``Fish'' establishes a shared secret key with the subject from domain ``Chips'' or with its key management service. According to the policy in domain ``Fish'', only public and confidential information may be exchanged with domain ``Chips''. The security management service orders the key management service to also share the secret key it provided to the subject from ``Fish'' with a monitor object in its domain. When the monitor detects that information that is labeled ``secret'' is trying to pass, it informs the central security management service of this event and action is taken to stop the communication.
Within the same domain a key management service can be used to set up ``dynamic'' workgroups based on shared secret keys. All traffic can flow freely on the network, but only members of the same workgroup know the relevant key for reading and/or writing. Workgroup members are no longer tied to their desk and subnetwork, because the moment they log on to the network, their location is detected and they are provided with their workgroup's key. Members can be added to and removed from the workgroup dynamically from the security management console. If a member logs on to his workgroup over the Internet, the security management service can tell a firewall to check that all traffic is encrypted. When the same person appears to log on locally, this would be spotted by a monitor. The security management service may find it weird to have a member of one of its engine's security domains to log on both locally and remotely and decide to have the firewall cut off the connection with the outside.