diff --git a/website/content/docs/concepts/domain-model/scopes.mdx b/website/content/docs/concepts/domain-model/scopes.mdx
index 16d46d214a..fba104f5d5 100644
--- a/website/content/docs/concepts/domain-model/scopes.mdx
+++ b/website/content/docs/concepts/domain-model/scopes.mdx
@@ -8,15 +8,69 @@ description: |-
 
 # Scopes
 
-A scope is a permission boundary modeled as a container.
-A Scope can contain Scopes forming a tree.
-A Scope can own zero to many
-Groups,
-Roles,
-Policies,
-Targets,
-Host Catalogs
-and Credential Stores.
-Scope is abstract.
-Organization and Project are concrete Scopes.
-All resources owned by a Scope are deleted when the Scope is deleted.
+A scope is a [permission][] boundary modeled as a container.
+There are three types of scopes in Boundary.
+A single [global][] scope which is the outermost container.
+[Organizations][] which are contained by the global scope.
+And [projects][] which are contained by organizations.
+Each scope is itself a resource.
+
+## Global
+
+The global scope is the outermost scope.
+There is always a single global scope
+and it cannot be deleted.
+The global scope can directly contain:
+[users][], [groups][], [authentication methods][], and [organizations][].
+
+## Organizations
+
+An organization is a scope directly contained by the global scope.
+There can be multiple organizations within the global scope.
+An organization can directly contain:
+[users][], [groups][], [authentication methods][], and [projects][].
+
+## Projects
+
+A project is a scope directly contained by an organization scope.
+There can be multiple projects within an organization.
+A project can directly contain:
+[roles][], [targets][], and [host catalogs][]
+
+## Attributes
+
+A scope has the following configurable attributes:
+
+- `name` - (optional)
+  If set, the `name` must be unique within the scope's parent scope.
+
+- `description` - (optional)
+
+## Referenced By
+
+- [Authentication Method][]
+- [Group][]
+- [Host Catalog][]
+- [Role][]
+- [Target][]
+- [User][]
+
+[authentication method]: /docs/concepts/domain-model/auth-methods
+[authentication methods]: /docs/concepts/domain-model/auth-methods
+[global]: /docs/concepts/domain-model/scopes#global
+[group]: /docs/concepts/domain-model/groups
+[groups]: /docs/concepts/domain-model/groups
+[host catalog]: /docs/concepts/domain-model/host-catalogs
+[host catalogs]: /docs/concepts/domain-model/host-catalogs
+[organization]: /docs/concepts/domain-model/scopes#organizations
+[organizations]: /docs/concepts/domain-model/scopes#organizations
+[permission]: /docs/concepts/security/permissions
+[permissions]: /docs/concepts/security/permissions
+[project]: /docs/concepts/domain-model/scopes#projects
+[projects]: /docs/concepts/domain-model/scopes#projects
+[role]: /docs/concepts/domain-model/roles
+[roles]: /docs/concepts/domain-model/roles
+[target]: /docs/concepts/domain-model/targets
+[targets]: /docs/concepts/domain-model/targets
+[user]: /docs/concepts/domain-model/users
+[users]: /docs/concepts/domain-model/users