In a nutshell, “zones” are a way to categorize the source locations from where client requests emit. These locations are not based on an IP address, URL or domain name. Instead, these sources are defined more broadly, such as intranet, extranet, internet. Don't equate zones with authentication providers, though you can make a direct association. And don't equate zones with permission policies, though you can make direct associations between denied or allowed permissions for a user based on a zone. Just keep in mind that zones are the way we categorize source locations from where client requests emit.
Just post back if you have any questions.
Thanks.
Bill English
Mindsharp