An approach for establishing secure multicast communication among multiple
multicast proxy service nodes is disclosed. The multicast proxy service
nodes, which can be distributed throughout an enterprise domain, are
organized in a logical tree that mimics the logical tree arrangement of
domains in a directory server system. The attributes of the multicast
proxy service nodes include the group session keys that are members of
the secure multicast or broadcast groups. Because keys as well as key
version information are housed in the directory, multicast security can
be achieved over any number of network domains across the entire
enterprise. Key information is stored in, and the logical tree is
supported by, a directory service. Replication of the directory
accomplishes distribution of keys. Multicast proxy service nodes may
obtain current key information from a local copy of the replicated
directory.