This design covers the important details for the change to CILogon itself, documenting a new feature available via CILogon. It's another step forward in expanding the security features available to service/application providers.
As far as I can tell, this--by itself--won't result in any benefit to XSEDE service providers or to XSEDE users. (Unless there are XSEDE users who are using CILogon to access non-XSEDE services, of which I'm not aware.)
Specifically, this design doesn't propose making any changes to the configuration of SSH or GridFTP services to use this feature. Nor does it explain the circumstances under which those changes would be useful/desirable. If XSEDE needs this feature for enhancing the security restrictions of (some or all of) its SSH or GridFTP services, we'll need a follow-on activity to do that.