Open

The open access control rule always successfully matches with any incoming request.

It is used if you are want to normally allow access to an endpoint, but want to use options such as elevate or secure.

For example…

{
   "paths" {
       "/api/": "sslonly"
   },
   "groups": {
      "sslonly": {
	    "type": "open",
            "secure": 1
	  }
   }
}

This restricts access to any of the api endpoints to only requests that are SSL/TLS secure.