Each network device (servers, routers, workstations, VoIP telephones, smartphones etc. posseses its own trusted identity for authentication. Each component then knows if it can trust the calling component and/or the component that it must in turn call to perform a task (and so on). Key benefits are:

• Access is only granted to devices which carry an identity approved by a set policy. These devices are therefore considered safe for a network. All other devices are isolated and their access limited to public data and applications.
• Within a network, the identity of each device allows it to access a defined set of resources. For instance, one PC may be set to access servers & applications from a given department while another, with a different identity is only authorized to access the Internet or a printer.
• Trusted domains also called "Security Bubbles" can be easily created within each network. Rights to connect to certain parts of the network can easily be granted or revoked.
  
• Each device becomes a policy enforcement point. Even if a malicious package manages to penetrate the network it will be quarantined when it reaches a router or switch as it will be identified as having been sent by a device that does not conform with the corporate security policy.
• Large enterprises are able to integrate several networks into one without compromising selective accesses. This can lead to significant savings.

The traditional physically segregated network (with little room for evolution and costly to maintain) is therefore replaced by a logical network based on the different roles and privileges of trusted devices.