Folks,

I'd like to gradually start discussion on several points that seems to
be needing specific attention. Let's start with the anonymous or guest
user.

1. Let's decide on the exact username: "anonymous" or "guest". I have
slight preference for the first one, because "guest" somehow implies
more restricted access -- however, that user is supposed to access ALL
public data, not, for instance, only some "demo" excerpts.

2. What about the password? Should it be just "blank" one? Or
something like "opentox". Or even user's e-mail address, FTP-style
(however, this one might be difficult to implement, as it is unlikely
to be supported by OpenSSO/Plone)?

3. Once the exact username and password are decided, it might make
sense to finally enter the user into Plone's database, so that we can
start testing.

4. Let's not forget that at some point of time we should create
policies for ALL existing public resources that grant "read" (GET, but
sometimes also POST) access for that user.

5. If any type of quotas are implemented, even if with the intention
to just protect a service from being overloaded, obviously the
"anonymous" or "guest" user would need special treatment.

Cheers,
Luchesar