diff --git a/index.bs b/index.bs
index b38aefdca..0952be55e 100644
--- a/index.bs
+++ b/index.bs
@@ -4551,6 +4551,14 @@ the wrong [=credential ID=], or if an attacker intercepts and manipulates the [=
 [=credential public key=] with which to verify the returned signed [=authenticator data=]
 (a.k.a., [=assertion=]), and thus the interaction would end in an error.
 
+
+## Browser Permissions Framework and Extensions ## {#browser-permissions-framework-extensions}
+
+Web Authentication API implementations should leverage the browser permissions framework as much as possible when obtaining user
+permissions for certain extensions. An example is the location extension (see [[#sctn-location-extension]]), implementations of
+which should make use of the existing browser permissions framework for the Geolocation API.
+
+
 # Privacy Considerations # {#sctn-privacy-considerations}
 
 The privacy principles in [[!FIDO-Privacy-Principles]] also apply to this specification.