From b8e80ffa3a1175c9d03f564cf4eba59c59dc36ce Mon Sep 17 00:00:00 2001
From: Eric Chiang <eric.chiang.m@gmail.com>
Date: Tue, 9 Aug 2016 12:40:01 -0700
Subject: [PATCH] *: add README

---
 README.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 00000000..c6b13d71
--- /dev/null
+++ b/README.md
@@ -0,0 +1,22 @@
+# dex - A federated OpenID Connect provider
+
+dex is an OAuth2 server that presents clients with a low overhead framework for
+identifying users while leveraging existing identity services such as Google
+Accounts, FreeIPA, GitHub, etc, for actual authentication. dex sits between your
+applications and an identity service, providing a backend agnostic flavor of
+OAuth2 called [OpenID Connect](https://openid.net/connect/), a spec will allows
+dex to support:
+
+* Short-lived, signed tokens with predefined fields (such as email) issued on
+behalf of users.
+* Well known discovery of OAuth2 endpoints.
+* OAuth2 mechanisms such as refresh tokens and revocation for long term access.
+* Automatic signing key rotation.
+
+Any system which can query dex can cryptographically verify a users identity
+based on these tokens, allowing authentication events to be passed between
+backend services.
+
+One such application that consumes OpenID Connect tokens is the [Kubernetes](
+http://kubernetes.io/) API server, allowing dex to provide identity for any
+Kubernetes clusters.