Bi-directional shared tree is an efficient routing scheme for interactive multicast applications with multiple sources. Given the open-group IP multicast service model, it is important to perform sender access control so as to prevent group members from receiving irrelevant data, and also protect the multicast tree from various Denial-of-Service (DoS) attacks. Compared with source specific trees and uni-directional shared trees where information sources can be authorized or authenticated at the single root or Rendezvous Point (RP), in bi-directional trees this problem becomes challengeable since hosts can send data to the shared tree from any network point. In this paper we propose a scalable sender access policy mechanism for bi-directional shared trees so that irrelevant data is policed and discarded once it hits any on-tree router. We consider the scenario of both intra-domain and inter-domain routing in the deployment of the policy, so that the mechanism can adapt to situations in ...