...
[09:53:15 CST(-0600)] <dmccallum54> if GPS needs to access other, existing SSP API URLs which have already been locked down and dont allow anonymous access then we probably need to double check with russ on whether we can just throw those APIs open or if we need to concoct a GPS-only flavor of those APIs that only expose the "non-sensitive bits"
[09:55:19 CST(-0600)] <dmccallum54> another approach would be to actually grant permissions to the anonymous user. that way we dont have any "special cases" in our security annotations and you can manage access for the anonymous user just like you would for any other user