diff --git a/spec/index.bs b/spec/index.bs
index 0730fe997..2abfd98f4 100644
--- a/spec/index.bs
+++ b/spec/index.bs
@@ -971,7 +971,11 @@ Every {{IdentityProviderToken}} is expected to have members with the following s
 
 The content of the [=token=] is opaque to the user agent and can contain
 anything that the [=Identity Provider=] would like to pass to the
-[=Relying Party=] to facilitate the login.
+[=Relying Party=] to facilitate the login. For this reason the [=Relying Party=]
+is expected to be the party responsible for validating the [=token=] passed 
+along from the [=Identity Provider=] using the appropriate token validation 
+algorithms defined. One example of how this might be done is defined 
+in [[OIDC-Connect-Core#IDTokenValidation]].
 
 NOTE: For [=Identity Providers=], it is worth considering how
 [portable](https://github.com/fedidcg/FedCM/issues/314) accounts are.