This document is simple, clear, and concise. As the scope is limited to defining a new relation type, leaning on RFC8288 for security considerations is appropriate. I do not believe any further analysis is needed.