Comment 1 for bug 843088

We'll probably have to revisit this. One use case is, for example, having an identity (user) with EC2 or API-only credentials. The could be examples where credentials are email address/api key, or just certificate. In those situations one or the other may be optional.