Confidentiality is also known as destination security or secrecy of data. Eve the eavesdropper should not be able to infer any information about the content by reading data packets on the network. Only the person for which the data is destined is able to infer meaningful information from data packets.
More specifically, a multicast message that implements confidentiality must therefore only consist of encrypted information. All subscribed users share a common secret that allows them to decrypt the information.
[Mit97] addressed the issue that new group members should also not be able to decrypt previous information of the multicast group. The shared secret must therefore change each time a new member joins the group.
Similarly a subscriber that leaves the group should not be capable of decrypting subsequent messages. Especially when the member is expelled by the group. Clearly, the shared secret must also change in this case.