diff --git a/doc/reference/trd-storage.md b/doc/reference/trd-storage.md
index 3a3b528bc6..688fd75ae0 100644
--- a/doc/reference/trd-storage.md
+++ b/doc/reference/trd-storage.md
@@ -14,8 +14,7 @@ Application Persistent Data Storage and Permissions
 Abstract
 -------------------------------
 
-This document is in full compliance with
-[TRD1][TRD1].
+This document is in full compliance with [TRD1][TRD1].
 
 1 Introduction
 -------------------------------
@@ -60,11 +59,32 @@ There are three types of permissions:
 
 
 
-3 Requirements
+4 Requirements
 -------------------------------
 
 
 1. Applications are given separate write, read, and modify permissions.
+2. The label stored with the persistent data is the application's short AppID.
+3. Applications without a `ShortId::Unique` cannot access (i.e.,
+   read/write/modify) any persistent storage.
+4. How permissions are mapped to applications must be customizable for different
+   Tock kernels.
+
+
+5 Kernel Enforcement
+-------------------------------
+
+It is not feasible to implement all persistent storage APIs through the core
+kernel (i.e., in trusted code). Instead, the kernel provides an API to retrieve
+the storage permissions for a specific process. Capsules then use these
+permissions to enforce restrictions on storage access.
+
+6 Specifying Permissions
+-------------------------------
+
+Different users and different kernels will use different methods for determining
+the persistent storage access permissions for different applications (and by
+extensions the running process for that application).