Had kind of an interesting question that someone just asked me so I thought I would share the results here with everyone. The question was whether you could take a custom claim that is provided by augmentation via a custom claims provider, and use it as part of a web application policy that you create in central admin. Well, I just did a quick test and found that it worked fine. I created a Full Read policy on one of my web applications to anyone who had DKV Jovenut as their favorite basketball team. It created the policy without problems in central admin. I then went to a site collection in that web app where I hadn’t granted anyone rights outside of the site collection admin. I tried logging in as a random user that had the DKV Jovenut claim for favorite basketball team and they were able to log into the site. I also went into a document library and confirmed that they could see documents but not upload new ones. So, good question, and it appears we work in this scenario just fine.