diff --git a/person-identifiers.adoc b/person-identifiers.adoc
index eee68db..d742f2a 100644
--- a/person-identifiers.adoc
+++ b/person-identifiers.adoc
@@ -9,17 +9,41 @@ COm, Grpr, mP, LDAP, AD
 identifier characteristics: Definitive statement for HE and Research: https://wiki.shibboleth.net/confluence/display/CONCEPT/NameIdentifiers
 
 . unique across the IdPs population Y/N
+
+G does have its own internal-only identifier
+  identifier is a tuple, sourceID + personID from that source
+  enter ePPN, or link in email for new ppl being added
+  id to label person in system, but also identifiers for looking them up: email, name,....LoginID
+  id and identifier (anything that can uniquely identify a person
+  Grouper external users is where the ePPN for a new member
+  
+mp: OID is permanent, not shared name is a name-based identifier (other could be added), can change if needed, could be a campus id that users tend to know
 - globally unique by inclusion of a scope element or domain identifier
+- mP can generate any other unique id and share with external systems
+
 . name-based or otherwise recognizable? Y/N
+internal id: No
 . opaque (not name-based or otherwise recognizable) Y/N
+
 - permanent (changes are rare or non-existent)
+can be merged if necessary.
+
 - re-assignable (once assigned, a given identifier value will never be reused and assigned to another person)
+
+
 - pairwise (formerly called targeted): A person has a different identifier for each service or resource provider with which they interact
 
 
 . What is the primary, wholly internal person identifier in your package?
-. What identifier(s) do you expose to other packages?
+
+KeithL: If you make a REST call: here's user, get the OID, use that in the actual REST call
+
+. What identifier(s) do you expose to other packages? Internal ID plus tuple source/identifier
+generate anything you want, configurable; DO NOT USE OID; mP API is a case where you could use OID, 
+
 - Do you maintain a crosswalk between each external system identifier and your internal identifier?
+ correlation rule: connector says how the id in system maps to id in mP; midPoint maintains link over subsequent change
+
 . How do you handle changes to name-based identifiers
 -