solid · jeswr · Apr 26, 2026 · Apr 26, 2026 · Apr 26, 2026
diff --git a/index.html b/index.html
@@ -781,6 +781,20 @@ <h2>Table of Contents</h2>
                     <span>Other predicates</span></a
                   >
                 </li>
+                <li class="tocline">
+                  <a class="tocxref" href="#privacy-and-security-considerations"
+                    ><bdi class="secno">8.</bdi>
+                    <span>Privacy and Security Considerations</span></a
+                  >
+                  <ol>
+                    <li class="tocline">
+                      <a class="tocxref" href="#impact-of-not-enforcing-protected-properties"
+                        ><bdi class="secno">8.1</bdi>
+                        <span>Impact of not enforcing Protected Properties</span></a
+                      >
+                    </li>
+                  </ol>
+                </li>
                 <li class="tocline">
                   <a class="tocxref" href="#changelog"><bdi class="secno">A.</bdi> <span>Changelog</span></a>
                 </li>
@@ -1295,6 +1309,24 @@ <h2><bdi class="secno">7.</bdi> <span property="schema:name">Other predicates</s
             </div>
           </section>
 
+          <section id="privacy-and-security-considerations" inlist="" rel="schema:hasPart" resource="#privacy-and-security-considerations"><a class="self-link" href="#privacy-and-security-considerations"></a>
+            <h2><bdi class="secno">8.</bdi> <span property="schema:name">Privacy and Security Considerations</span></h2>
+            <div datatype="rdf:HTML" property="schema:description">
+              <p><em>This section is non-normative.</em></p>
+
+              <section id="impact-of-not-enforcing-protected-properties" inlist="" rel="schema:hasPart" resource="#impact-of-not-enforcing-protected-properties"><a class="self-link" href="#impact-of-not-enforcing-protected-properties"></a>
+                <h3><bdi class="secno">8.1</bdi> <span property="schema:name">Impact of not enforcing Protected Properties</span></h3>
+                <div datatype="rdf:HTML" property="schema:description">
+                  <p>The <a href="#protected-properties">Protected Properties</a> requirement is intended to prevent agents other than the WebID owner from modifying specific properties, notably <code>solid:oidcIssuer</code>. When a Solid server does not enforce these protections, the WebID Profile is open to attack:</p>
+                  <ul>
+                    <li>An agent with write access to the WebID Document can rewrite <code>solid:oidcIssuer</code>, redirecting Solid-OIDC authentication to an attacker-controlled OpenID Provider and impersonating the WebID owner.</li>
+                    <li>Other Protected Properties may be similarly tampered with by an agent granted write access, depending on which properties a particular server fails to protect.</li>
+                  </ul>
+                </div>
+              </section>
+            </div>
+          </section>
+
           <section class="appendix" id="changelog" inlist="" rel="schema:hasPart" resource="#changelog" typeof="spec:Changelog"><a class="self-link" href="#changelog"></a>
             <h2><bdi class="secno">A.</bdi> <span property="schema:name">Changelog</span></h2>
             <div datatype="rdf:HTML" property="schema:description">