The DynFire project designs and implements a novel system for the role-based, dynamic control of network firewalls. DynFire allows an individually controlled, secure access to the IT resources of a large organization, with particular focus on mobile users and users with restricted rights, such as subcontractors. The basic assumption behind DynFire is that, within a secured network domain separated from the Internet, we can establish a temporary binding between an IP address and a single user ID. Whenever a user connects to or disconnects from this secure network domain, firewalls are configured accordingly, using a centralized "Firewall Manager" and standardized signaling protocols.

More Information at http://www.dynfire.org/