CMS Audience for storage

• rely just on https://wlcg.cern.ch/jwt/v1/any to allow fallback between storage

Andy: too specific tokens can really cause troubles debugging transfer failures - difficult infrastructure operation with fine grained tokens (we should not go for fine granularity just because it is available)

CMS TFC behavior explained

• not required on sites with namespace that is well organized according CMS requirements
• can be avoided also by using dCache symlinks
• works fine (secure) with tokens