Standardization - OGF


Firewall Virtualization for Grid Applications Working Group


Grid Computing expounds the vision of applications having on-demand, ubiquitous access to distributed services running on diverse, managed resources like computation, storage, instruments, and networks among others, that are owned by multiple administrators. As grids move towards forming dynamic, seamless Virtual Organizations (VOs) using distributed resources, they require application driven transport privileges from the network. Pre-existing security policies within the network such as in firewalls, network address translators, application level gateways, VPN style gateways etc. tend to interfere with these new applications and the VO formation, and usually require an administrator/manual intervention to work.

The Firewall Issues research group (fi-rg) has documented the use cases and classified the issues that Grid applications experience when trying to traverse and/or control data transport policy enforcement devices (GFD.83). The group has published a document that analyzes and categorizes new firewall protocols, architectures and on-demand frameworks.

This working group will leverage the application requirements from the FI-RG to standardize a set of service definitions for a virtualized control interface into firewalls and other mid boxes allowing the grid applications to securely and dynamically request application/workflow-specific services from those devices, for the duration of the service.


List of partners active in this research group:

Ralph Niederberger Forschungszentrum Jülich GmbH Co-chair

Link to group's page at OGF website is available here.

State of the work

Work in progress with continuous updates. Latest release is as of March 2009. One document (protocol proposal) is in preparation: Firewall Traversal protocol