WLCG JWT profile - group OR scope authorization
- brief discussion related to the long email thread "Tokens with groups and explicit AuthZ statements" in project-lcg-authz mailing list
- the whole email thread covers an edge case that most VOs should never face - combining scopes with wlcg.groups in one token
- people seems not to be very concerned that e.g. dCache doesn't implement what's required by WLCG JWT profile
- LHC experiments plans to avoid tokens that combine scopes and wlcg.groups
- we could easily survive even if current "OR" is replaced with "implementation specific behavior"