A Domain is a logical partition that can be conceptually mapped to a container. In a YubiHSM 2 there are
16 independent Domains; an Object can belong to one or more Domains.
Authentication Keys are Objects and thus can belong to multiple Domains.
Domains serve as a means to secure Objects so that they cannot be addressed by independent applications running on the same device. This is achieved by specifying the Object’s Domain. Only users or applications that belong to the same Domain as an Object can access it or use it.
The details involved in accessing an Object are explained in the Concept: Effective Capabilities page.
Domains are encoded as 16-bit values, where each Domain is represented by a bit
|Domain Number||Hex Mask|