The behavior you have described is what I have accomplished so far.
For the first phase of our project, we will be creating an internal
site that does not allow anonymous access. This site will be
extended as a public (internet zone) site that does allow anonymous
access. For the first phase of our project, we will not be providing
any content that requires authentication to the public. Having said
this, I would like to make it so that the "Sign In" link does not
even appear when the user is not authenticated (when accessing the
site via the public route).
Any suggestions?