...
- The gateway can operate in either of two modes -- we need to specify which mode is needed first:
- a gateway (local or in the cloud) serving an entire campus (campus-level admins configure SPs to use the gateway, and there is some model for delegated administration)
- a gateway serving a single SP (SP admins at your campus configure their apps to use the gateway directly)
- The The gateway would include a Gateway Administer functionality Manager function that would allow the admin to specify, on a per SP basis:
- which social providers can be used on a per-SP basis (ie (i.e., the gateway would export endpoints which the SP could use to connect through to those social providers)
- which algorithm is used to compute eduPersonTargetedID (ePTID) and eduPersonPrincipalName (ePPN) attributes (see https://spaces.at.internet2.edu/display/socialid/Google+OpenID+Gateway+Attributes next section)
- for the enterprise model, manage individual SPs
...