I am progressively refining my understanding thanks to these bursts of dialog on the subject, my current understanding follows, but I would not walk on fire to prove that I am right and I urge anyone to jump in and help me reshape my interpretation into the correct one.
let's say we have 4 circles (A is the Anchor, A contains B and C, B contains D)
A Creates a Domain on B --> Members of B and D can impact it, Members of A and C cannot (unless: they request permission OR B creates a policy to allow them)
NOW: B may delegate that domain further down to any of its directly contained roles (including Circle D), when that happens the other members of B won’t be able to impact the domain without permission anymore. (nothing will be changed for members of A and C)
IF INSTEAD B created the same domain we are talking about on D (but the domain had not previously been delegated to B by A), C would be allowed not to care about it and would be able to act as if the domain didn't even exist.
at day 1 the organization has no domains at all. B creates a domain called "partner hiring process" on D, C can still hire partners in the way it prefers and does not need to care. If However A created the "partner hiring process" domain on B than C would be forced to care about what the domain implies.
Going back to Koen's rules:
rule 1: would only be valid if the domain was hierarchically delegated from the top as it is or at least if it was the result of consecutive domain subdivisions in the process of delegation starting from the top down to the circle where the domain lives.
rule 2: every policy is defined on a domain, if the domain is not mentioned the policy is considered to be applying to default domain of the circle, which is the "set of all activities and functions of the circle" itself.
and here is where I add my little doubt to the "domain hell" ;-) It is my understanding (but again please comment) that the default domain is by default "not delegated from above", If it was delegated by default no one would be allowed to enact any accountability of another circle without breaching a domain which contravenes the basic principle of : "go and do what you perceive to be good for the organization until someone complains about it".
I believe this interpretation to be correct because: art 2.1.1 seems to limit the way in which a default domain should be considered a domain (see the part in bold)
"Further, each Circle may control its own functions and activities, as if a Domain of the Circle, for the purpose of defining Policies that limit the Circle’s Roles."
My interpretation is that the default domain is not to be considered a full fledged domain.
What do you guys think?