diff --git a/docs/spec/draft/verification_summary.md b/docs/spec/draft/verification_summary.md
index c8922f07d..03539b061 100644
--- a/docs/spec/draft/verification_summary.md
+++ b/docs/spec/draft/verification_summary.md
@@ -155,6 +155,13 @@ of the other top-level fields, such as `subject`, see [Statement]._
 `resourceUri` _string ([ResourceURI]), required_
 
 > URI that identifies the resource associated with the artifact being verified.
+>
+> The `resourceUri` SHOULD be set to the URI from which the producer expects the
+> consumer to fetch the artifact for verification. This enables the consumer to
+> easily determine the expected value when [verifying](#how-to-verify). If the
+> `resourceUri` is set to some other value, the producer MUST communicate the
+> expected value, or how to determine the expected value, to consumers through
+> an out-of-band channel.
 
 <a id="policy"></a>
 `policy` _object ([ResourceDescriptor]), required_