diff --git a/api/python/cellxgene_census/pyproject.toml b/api/python/cellxgene_census/pyproject.toml
index 7d674f859..5b79bd952 100644
--- a/api/python/cellxgene_census/pyproject.toml
+++ b/api/python/cellxgene_census/pyproject.toml
@@ -31,7 +31,7 @@ dependencies= [
     # NOTE: the tiledbsoma version must be >= to the version used in the Census builder, to
     # ensure that the assets are readable (tiledbsoma supports backward compatible reading).
     # Make sure this version does not fall behind the builder's tiledbsoma version.
-    "tiledbsoma==1.2.2",
+    "tiledbsoma==1.2.3",
     "anndata",
     "numpy>=1.21,<1.24",  # numpy is constrained by numba and the old pip solver
     "requests",
@@ -41,7 +41,7 @@ dependencies= [
     # Temporary fix for Mac OSX, to be removed by https://github.com/chanzuckerberg/cellxgene-census/issues/415
     "certifi",
     # Temporary fix for https://github.com/single-cell-data/TileDB-SOMA/issues/1322, remove when we update to tiledbsoma>1.2.2
-    "tiledb>=0.21.3",
+    "tiledb",
 ]
 
 [project.urls]
diff --git a/api/python/cellxgene_census/src/cellxgene_census/_open.py b/api/python/cellxgene_census/src/cellxgene_census/_open.py
index 80858aeff..96902227c 100644
--- a/api/python/cellxgene_census/src/cellxgene_census/_open.py
+++ b/api/python/cellxgene_census/src/cellxgene_census/_open.py
@@ -41,6 +41,8 @@ def _open_soma(locator: CensusLocator, context: Optional[soma.options.SOMATileDB
         tiledb_config = {**DEFAULT_TILEDB_CONFIGURATION}
         if s3_region is not None:
             tiledb_config["vfs.s3.region"] = s3_region
+        # S3 requests should not be signed, since we want to allow anonymous access
+        tiledb_config["vfs.s3.no_sign_request"] = "true"
         context = context.replace(tiledb_config=tiledb_config)
     else:
         # if specified, the user context takes precedence _except_ for AWS Region in locator
diff --git a/api/python/cellxgene_census/tests/test_open.py b/api/python/cellxgene_census/tests/test_open.py
index c97df9bfc..87cf1626b 100644
--- a/api/python/cellxgene_census/tests/test_open.py
+++ b/api/python/cellxgene_census/tests/test_open.py
@@ -1,3 +1,4 @@
+import os
 import pathlib
 import re
 import time
@@ -188,3 +189,23 @@ def test_download_source_h5ad_errors(tmp_path: pathlib.Path, small_dataset_id: s
 
     with pytest.raises(ValueError):
         cellxgene_census.download_source_h5ad(small_dataset_id, "/tmp/dirname/", census_version="latest")
+
+
+@pytest.mark.live_corpus
+def test_opening_census_without_anon_access_fails_with_bogus_creds() -> None:
+    os.environ["AWS_ACCESS_KEY_ID"] = "fake_id"
+    os.environ["AWS_SECRET_ACCESS_KEY"] = "fake_key"
+    # Passing an empty context
+    with pytest.raises(Exception):
+        cellxgene_census.open_soma(census_version="latest", context=soma.SOMATileDBContext())
+
+
+def test_can_open_with_anonymous_access() -> None:
+    """
+    With anonymous access, `open_soma` must be able to access the census even with bogus credentials
+    """
+    os.environ["AWS_ACCESS_KEY_ID"] = "fake_id"
+    os.environ["AWS_SECRET_ACCESS_KEY"] = "fake_key"
+    with cellxgene_census.open_soma(census_version="latest") as census:
+        assert census is not None
+        assert isinstance(census, soma.Collection)