Currently, any application acting on behalf of the End-user (social agent) would be able to discover social agent registrations created for them by other agents (starting from WebID of those agents). Should we restrict it to only AA of that social agent?