diff --git a/README.md b/README.md
index 4e183e3..1193520 100644
--- a/README.md
+++ b/README.md
@@ -91,10 +91,11 @@ The Gobbler supports three levels of permissions - adminstrators, project owners
 
 The permissions for a project are stored in the `{project}/..permissions` file.
 This is a JSON-formatted file that contains a JSON object with the following properties:
-- `owners`: An array of strings containing the GitHub user names or organizations that own this project.
-- `uploaders`: An array of objects specifying GitHub users or organizations that are authorized to be uploaders.
+- `owners`: An array of strings containing the identities of users who own this project.
+- `uploaders`: An array of objects specifying the users who are authorized to be uploaders.
   Each object has the following properties:
-  - `id`: String containing the identity of the user/organization.
+  - `id`: String containing the identity of the uploading user.
+    This can also be `*` to allow uploads from any user.    
   - `asset` (optional): String containing the name of the asset that the uploader is allowed to upload to.
     If not specified, no restrictions are placed on the asset name.
   - `version` (optional): String containing the name of the version that the uploader is allowed to upload to.
diff --git a/permissions.go b/permissions.go
index 43a6ba7..e71b8e6 100644
--- a/permissions.go
+++ b/permissions.go
@@ -93,7 +93,8 @@ func isAuthorizedToUpload(username string, administrators []string, permissions
 
     if permissions.Uploaders != nil {
         for _, u := range permissions.Uploaders {
-            if u.Id != username {
+            // Allow the special '*' username to match to any uploader.
+            if u.Id != username && u.Id != "*" {
                 continue
             }
 
diff --git a/permissions_test.go b/permissions_test.go
index 30f217c..628b5c3 100644
--- a/permissions_test.go
+++ b/permissions_test.go
@@ -175,6 +175,12 @@ func TestIsAuthorizedToUpload(t *testing.T) {
     if !ok || !trusted {
         t.Fatalf("unexpected lack of non-probational authorization for an uploader")
     }
+
+    perms.Uploaders = []uploaderEntry{ uploaderEntry{ Id: "*", Trusted: &is_trusted } }
+    ok, trusted = isAuthorizedToUpload("cynthia", nil, &perms, nil, nil)
+    if !ok || !trusted {
+        t.Fatalf("unexpected lack of upload authorization for *")
+    }
 }
 
 func TestSanitizeUploaders(t *testing.T) {
@@ -192,6 +198,13 @@ func TestSanitizeUploaders(t *testing.T) {
         t.Fatalf("validation of uploaders failed for correct uploaders; %v", err)
     }
 
+    id2 = "*"
+    uploaders[1].Id = &id2
+    san, err = sanitizeUploaders(uploaders)
+    if err != nil || len(san) != 2 || san[0].Id != id1 || san[1].Id != id2 {
+        t.Fatalf("validation of uploaders failed for correct uploaders with a wildcard; %v", err)
+    }
+
     mock := "YAAY"
     uploaders[1].Until = &mock
     _, err = sanitizeUploaders(uploaders)