Section E.2.8 doesn't actually specify any protocols or credential requirements. Might as well say, "We don't currently have any requirements."
How difficult would it be, do you think, to provide a REST API for uploading files/bitstreams containing data in the required usage data format? That REST API (whatever it is) could then easily be authenticated via Globus Auth. I'll bet there are already some well-established off-the-shelf REST upload/download APIs that we could use that already have decent access control mechanisms. (E.g., "user identity X can upload new data to namespace Y.") Is WebDAV RESTful?
Reading on to Section F, it turns out there actually are protocol (scp) and credential (registered ssh key) requirements that ought to be mentioned in this section.
There are several good upload improvements possible. We chose scp initially to keep it simple. We could document phase 2 improvement ideas to include a REST API and RabbitMQ publishing.
WebDAV is RESTful.