Users of services and resources from enterprise and service providers often have multiple public and private identifiers. People may have identities associated with different roles, e.g., at work, at home, and associated with hobbies, sports, and community activities. Users may roam, and are increasingly mobile. With the current diversity of available communication options, an individual user may have multiple communication devices, desktop personal computers (“PC”), personal data assistance (“PDA”), mobile phone, or other devices for using different applications, voice telephony, instant messaging, email web applications, enterprise resource planning (“ERP”), video, collaboration/conferencing and the like.
Users therefore typically have needed to sign-on and be authenticated for different applications, and for different types of communication platforms. Single-sign-on (“SSO”) may be available for some groups of applications, but often users may need to sign on separately for different communications. When users change networks, they will usually be required to sign-on and re-authenticate, particularly when changing between public and private networks. Although network security in general has seen increased priority in view of Sarbanes Oxley (“SOX”) laws, Health Information Portability and Accountability Act (“HIPAA”), and other regulatory and business security compliance requirements for protection of confidential information, the protection of critical data on private networks remains a most vital concern.
The confidentially, integrity and privacy of critical data on private networks is subject to a variety of attacks including snooping, identity spoofing and data alteration. Many attackers attempt to gain access to a private network by attacking an employee's notebook computer, other computers on an employee's home network, the public internet, a wireless local area network (“WLAN”) or the like. Each and every time an employee remotely accesses a company's private network, the security of critical data on a private network is in peril, however, numerous new networking features are provided as part of Internet Protocol version 6 (“IPv6”), including the use of IPv6 unique local addressing, which is globally unique and locally routable for use within a private organization as defined by request for comments (“RFC”) 4193. Moreover, the IPv6 base standards also call for the use of multi-netting (the presence of multiple IPv6 network addresses) at the host level. The combination of these two features provide for a very dynamic concurrency in logical network presence. Although this combination offers an immense amount of flexibility there is great deal of concern regarding aspects of manageability and security. In particular, these features potentially provide numerous additional paths for an attacker to use in her attempts to access, intercept or destroy critical data on private networks.
What is desired is an arrangement under which the unique local addressing feature and the multi-netting feature can be managed to provide the ability to allocate addresses to the unique local addressing space in a secure manner.