I removed the clause in "Required Attributes"

however, no will be granted with out either of these identity attributes

because it is miss leading. The intention is that no authenticated access will be possible without either ePPN or targetedId. This is simply a matter of practicality. There is little point in treating someone as authenticated unless they are known.

Also access will be allowed but by default, rights to modify content will be restricted by default. For example, there may be content that anonymous users of can modify. Forexample, anonymous users may modify a wiki or fill out a survey form if that's the privileges that a VO resource provider wants to grant.

Comment or Concerns on Operating Policies

If you happen to review these policies and have concerns or questions, please feel free to discuss them here.