- One API (AS only) or two (also RS)?

- (Each) API protection model?

- Topological and trust assumptions or lack thereof? What can be co-located? How many of each thing can there be?

- Any rules needed for policy (“policy condition”) priority between RM and AS (the “cascading” scenario)

- A clean way to model or illustrate the scenario when the RS is hosting claims (the “turtles” scenario)

What else?