diff --git a/auth/auth.go b/auth/auth.go
new file mode 100644
index 00000000..109019c4
--- /dev/null
+++ b/auth/auth.go
@@ -0,0 +1,40 @@
+// Package auth provides authentication and authorization capability
+package auth
+
+import (
+	"time"
+)
+
+// Auth providers authentication and authorization
+type Auth interface {
+	// Generate a new auth token
+	Generate(string) (*Token, error)
+	// Revoke an authorization token
+	Revoke(*Token) error
+	// Grant access to a resource
+	Grant(*Token, *Service) error
+	// Verify a token can access a resource
+	Verify(*Token, *Service) error
+}
+
+// Service is some thing to provide access to
+type Service struct {
+	// Name of the resource
+	Name string
+	// Endpoint is the specific endpoint 
+	Endpoint string
+}
+
+// Token providers by an auth provider
+type Token struct {
+	// Unique token id
+	Id string `json: "id"`
+	// Time of token creation
+	Created time.Time `json:"created"`
+	// Time of token expiry
+	Expiry time.Time `json:"expiry"`
+	// Roles associated with the token
+	Roles []string `json:"roles"`
+	// Any other associated metadata
+	Metadata map[string]string `json:"metadata"`
+}