diff --git a/OFEP-ofo-flagd-service.md b/OFEP-ofo-flagd-service.md
index 21b6be4..fee5c8f 100644
--- a/OFEP-ofo-flagd-service.md
+++ b/OFEP-ofo-flagd-service.md
@@ -11,4 +11,23 @@ The driving force behind this is to simplify the deployment of flagd for use by
 ## Proposal
 
 Introduce a FlagdService custom resource definition (CRD) and controller.
-The controller uses the configuration defined within the custom resource (CR) to create a Service and a Deployment of flagd (backed by the Service). This is a common deployment pattern permitting access by any component that routes to the created Service (e.g. Ingress/Load Balancer).
+The controller uses the configuration defined within the custom resource (CR) to create a Service and a Deployment of flagd (backed by the Service) in the configured namespace. This is a common deployment pattern permitting access by any component that routes to the created Service (e.g. Ingress/Load Balancer). OFO already manages the [sidecar deployment pattern](https://learn.microsoft.com/en-us/azure/architecture/patterns/sidecar) to achieve the goal of internally routable flagd. In contrast, the described FlagdService pattern permits externally routable flagd.
+
+### RBAC
+
+OFO already has RBAC to Deployments but not Services so the following is required.
+
+```
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+```