What is wrong with persistent NameID?
What is useful about them? 
NameIDs vs. Attributes. Impact on/crossover with Logout.
If we toss "persistent NameID" out, then we would require transient IDs for logout (which addresses the issue of encryption on logout).
Should the profile be addressing current practice or desired practice or both?
If the latter, what is that?
What are the implications of case sensitivity on current and desired practice?
What do we do about the fact that everybody else uses email addresses?
Should we promote scoped identifiers (ePPN, ePUId)?
How do we address reassignability expectations? (Eric suggests we explicitly ignore it).
Non-domain-scoped identifiers (SAML2 Persistent NameID, OIDC 'sub' claim) are scoped to the IdP entityID. Is that better or worse than scoped identifiers (which do not depend on the IdP entityID)?