README.md: first draft of Supervisor additions

Signed-off-by: Margo Crawford <margaretc@vmware.com>
2020-12-17 15:36:33 -05:00 · 2020-12-17 15:36:33 -05:00 · 157d041b6a
commit 157d041b6a
parent 152838e998
1 changed files with 14 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -23,11 +23,22 @@ with IDPs, and distribution-specific integration strategies.

 ### Architecture

-Pinniped offers credential exchange to enable a user to exchange an external IDP
-credential for a short-lived, cluster-specific credential. Pinniped supports various
-IDP types and implements different integration strategies for various Kubernetes
+The Pinniped Supervisor component offers identity federation to enable a user to
+access multiple clusters with a single daily login to their external IDP. The
+Pinniped Supervisor supports various external [IDP
+types](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.19#k8s-api-idp-supervisor-pinniped-dev-v1alpha1).
+
+The Pinniped Concierge component offers credential exchange to enable a user to
+exchange an external credential for a short-lived, cluster-specific
+credential. Pinniped supports various [authentication
+methods](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.19#authenticationconciergepinnipeddevv1alpha1)
+and implements different integration strategies for various Kubernetes
 distributions to make authentication possible.

+The Pinniped Concierge can be configured to hook into the Pinniped Supervisor's
+federated credentials, or it can authenticate users directly via external IDP
+credentials.
+
 To learn more, see [architecture](https://pinniped.dev/docs/architecture/).

 <img src="site/content/docs/img/pinniped_architecture.svg" alt="Pinniped Architecture Sketch" width="300px"/>