Using claims in security for SharePoint 2010

Been thinking about this, and as usual, Steve is out in front. Turns out you can use extended claims in web application policies. These are a bit too coarse for most use, but would be a great way to allow people with certain claims such as “Security Admin” global read access to a web app, or someone with the claim “Contractor” to have global deny. Check out details at https://blogs.technet.com/b/speschka/archive/2010/08/23/using-custom-claims-in-web-application-policies-in-sharepoint-2010.aspx