diff --git a/notes/token_exchange_in_iroh_auth.org b/notes/token_exchange_in_iroh_auth.org
index 912e9dc4..5d4868fd 100644
--- a/notes/token_exchange_in_iroh_auth.org
+++ b/notes/token_exchange_in_iroh_auth.org
@@ -90,8 +90,14 @@ meaning for each word restricted to this document:
 *** Using SXSO tokens vs SXSO User Identity
 
 SXSO support both OpenID Connect and SAML v2.0.
-If we were to support direct
+If we were to support direct tokens from SXSO, it would still mean the product
+need to provide its own client credentials.
+Also it would need IROH-Auth to integrate a complex system to verify and trust
+these external tokens.
 
+Instead this proposal only need to use IROH-Auth signed tokens.
+The only work to be done by the product would be to extract the SXSO ~User Identity Id~
+from either the ~id_token~ or the ~SAMLResponse~.
 *** Exchange an SXSO User Identity for a SecureX user tokens
 
 We would like that a team, which is integrated with SXSO can retrieve tokens from IROH-Auth.