- missing stuff
  - validity on keys and on principals
  - principal aliases separate from the primary principal name
  - no nametypes
  - flags to hide and/or disable principals (and keys ?)
  - keying policy (what keys for what principals)
  - mechanism to find the default policy for a principal and policy-type

- mandatory/optional
  - some items in the model are optional, others are mandatory: make that explicit
  - some items (policy ?) should be clearly marked as extensions to the base infomodel

- extension mechanism
  - ??

- extensions to flag for but not to describe in the this document
  - enterprise names (the nametype problem)

- operations
  - set/change key - align ldap pw exop with set/change key protocol
  - find default policy

- other implementation scenarios beyond ldap backend/frontend
  - SOAP (just how pc can we get ?)

- stuff for the krb-wg list:
  - are all names created equal (salt default)?
  
- misc stuff
  - suppported encryption types (a concept looking for a home in the info-model)