As distinct from an intranet that allows connectivity only between computers of an enterprise, and the Internet that, conceptually, allows universal connectivity, an extranet allows connectivity among a predefined set of computers belonging to different organizations. The interconnection may use physical facilities, virtual private networks, or a combination thereof, but security tends to be even more critical than connectivity.
From the security standpoint, it is best that the computers of the extranet do not have connectivity either to intranets or the Internet, with the limited exception that encrypted tunnels may pass through an untrusted network acting as a backbone. When it is absolutely necessary for a computer to connect to more than one extranet, the Principle of Least Privilege should be enforced: no user is allowed more than the absolute minimum of privileges necessary to carry out the required functions. It is wise to require that changing privileges be done from a separate, secure computer.
The participants in an extranet can vary in the closeness of their relationship. For example, general-purpose U.S. military networks that carry classified information, such as SIPRNET or JWICS, have a reasonable amount of mutual trust in the network proper: as long as an Army computer has proper cryptographic keying provided by the National Security Agency, it should be able to access a Navy computer. Accessing that computer, however, does not mean a soldier in a tank can get into every application on an aircraft carrier. The applications themselves add an additional security level(s), so that soldier might be able to reach an application that sends out helicopters for medical evacuation, but not the carrier's navigation system.
Credit authorization networks such as VISA are extranets, but with complex interactions. VISA proper is owned by its member banks, who actually issue the cards and approve charges. The credit authorization terminal in a store may belong to the store itself, and be approved for access to the bank that holds its merchant account with VISA. The merchant's bank may own the terminal. The merchant bank goes through the central VISA network to reach the charge authorization function at the cardholder's bank, but neither the VISA computers nor the merchant bank's computer can access the mortgage loan application at the other bank. While VISA is owned by its member banks, it is, effectively, an Application Service Provider for credit card transactions.