1) preserve any URI that's passed to an invitation service
2) pass the GW a filter specifying acceptable IDPs
3) should be a single discovery service per RP - shouldn't have to select "social gateway" from the local DS, then at the social gateway, select yet another social IDP
4) pass original payload from IDP in an unmolested way (I believe this
refers to the Assertion coming from the social IDP, in its native format)
5) the GW should map and then forward individual attributes ....
6) we need to define syntax, semantics for Assertions produced by GW
7) What is the SLA for the GW --
low assurance, use at your risk appl initially ....
define as a pilot, fail-fast, etc
8) each RP needs to decide whether to support the self-registration use case
9) what are the differences between the invitation and the
self-registration use cases ?
-- pre and post assignment of privileges
-- perhaps this Q is worth more discussion .....
separate out the account linking problem, out of scope