Is overriding POSIX required behaviour?

[paulmillar]

Towards the end of page 12, the document states:

This authorization scheme is not equivalent to POSIX semantics. When mapping this
authorization scheme to a POSIX-like filesystem, some considerations must be made for user
and group ownership. For example, if a token is issued with authorization
storage​.​read:/home​, an implementation MUST override normal POSIX access control and
give the bearer access to all users’ home directories.

This statement is problematic, as there is only a very weak statement "some considerations must be made". What kind of consideration is being made? Which agent is making this consideration? (the client?, the server?, people within the VO?)

The description then provides an example, stating that:

For example, if a token is issued with authorization storage​.​read:/home​, an implementation MUST override normal POSIX access control and give the bearer access to all users’ home directories.

This description is problematic for several reasons:

• it seems to assume that /home is equivalent to "all users’ home directories", which might not be the case for all storage services.
• In "give the bearer access to [...] directories", what does "access" mean? Is this access to see the contents of the directory, or does it mean allow the client to read files within those directories?
• it is unclear if this "MUST" applies only to the storage.read or does it also apply to other storage scopes; for example, are storage services expected to provide a similar POSIX override for storage.create scopes?
• The provided context is only an example. This suggests that other behaviour or situations are valid. This is difficult to reconcile with the use of MUST.

I think this paragraph should be rephrased to make the intended behaviour clearer.