The REQ document makes a categorial statement that the protocol
should be able to operate across a firewall. I note that proxy
servers are currently regarded as the only reasonable way to enforce
security for various operations.
If this is the case, then you will have to allow a 'proxy' server
to be put into the system, or drop all the discussion of firewalls.
If you put in a 'proxy server', then you have effectively invented
a queue/spool server.
I do not think that folks will buy the requirement that the IPP
implementation must punch through a firewall...
This would make a lovely tool for security violations.