Last step we must add a security consideration section as mentioned by Greg :

...

See www.ggf.org/documents/GFD.152.pdf for all information. 

I checked in the last SAGA-API document (because we are close to the behavior) and I propose the following update from the Andre's paragraph to be compliant to the GridRPC document.

As the GRPC API is to be implemented on different types of Grid (and Cloud) middleware, it does not specify a single security model, but rather provides hooks to interface to various security models.
A GRPC implementation is considered secure if and only if it fully supports (i.e. implements) the security models of the middleware layers it builds upon, and neither provides any (intentional or unintentional) means to by-pass these security models, nor weakens these security models’ policies in any way.
The implementations of advert services (the “backend” services to this API), need to take security concerns into account, because such a service might cause leaks of user (meta) data beyond the runtime of the applications using this API. This is the same risk as with storage and file systems, to which the GRPC Data Management core API provides an API. Unlike with established file systems, however, the risks associated with advert services might be less obvious to their implementors.