An exemplary scenario - which this paper is based on - is a car manufacturer (customer) which enables all its traders (more than 1000) to use special applications within the corporate network (CN) of the manufacturer (e.g. Online Ordering of cars). The traders build a so called extranet (EN). Besides the specific applications the EN enables connections to the Internet. The provider side is represented by DeTeSystem, a network and system provider and outsourcing partner for the biggest customers of Deutsche Telekom AG. The provider implements the EN infrastructure with all the demanded services on the customers behalf. It is also responsible for the management of the extranet with all services which are offered by itself. This means that the provider is not responsible for applications offered by the customer.
The corresponding infrastructure is represented in figure 1.
Traders are connected with a Point of Presence (PoP) of the provider
over leased lines or ISDN dial-up lines. They form a virtual private network (VPN) on top of
the infrastructure of the provider, which is also used by other
customers. In
the Service Area (SA) of the provider reside servers for the
services rendered by the provider (e.g. Mail, DNS,
Authentication Service, 
) and a well defined access
point to the Internet. If a trader wants to use a service of the
manufacturer it will be routed into the SA of the car
manufacturer. In this configuration traders use services in the SA of the provider
as well as in the SA of the customer.
![\begin{figure*}
\begin{center}
\centering
\includegraphics [width=0.8\textwidth]{scenario.eps}
\end{center}\end{figure*}](img1.gif)