diff --git a/docs/images/zrok_frontends_v0.3.drawio b/docs/images/zrok_frontends_v0.3.drawio
index 8260edc2..562270a3 100755
--- a/docs/images/zrok_frontends_v0.3.drawio
+++ b/docs/images/zrok_frontends_v0.3.drawio
@@ -1 +1 @@
-<mxfile host="Electron" modified="2022-11-15T19:45:03.494Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/20.3.0 Chrome/104.0.5112.114 Electron/20.1.3 Safari/537.36" etag="GOWuD4ZSxbSDjRamzUUK" version="20.3.0" type="device"><diagram id="oqxypaCZoQuY0yNYre-9" name="Page-1">7Vxtc9o4EP41fLmZMtjyC3wsJE2vl3YyTW+uuS83ClawLsKisnjLr69sS/hFDtgMOA6QYSbSWlpbu89q1w82HTCarm4YnPlfqYdIx+x5qw646pim0QN98S+SrBOJYw8SwYRhTw5KBff4BamZUjrHHgpzAzmlhONZXjimQYDGPCeDjNFlftgTJfmzzuAEaYL7MSS69B/scT+R9u1eKv+M8MSXZ7Z78sAUqrFSEPrQo8uMCFx3wIhRypPWdDVCJLKdMksy79MrRzfXxVDAq0zoLz6Mfjm3o7/Cu/BfOL9f4OH/H6SWBSRzud4/ujjovjD63MVUXjhfK2MwOg88FCk0OmC49DFH9zM4jo4uhfuFzOdTIg/rF6jOhhhHq4xIXvANolPE2VoMkUfNvpyyVmZPusvUE4YCip/xgiVlUDp/stGcGkg0pI1q2Ato9tJshALvY4Q70RsTGIZ4LGwRcsi4Ls5YKzVtT/SEydj6Z9Tp2qr7IEfGnatVduTVWvY8GPob/6AV5hkdovegJol2qiHqKAWvOi2kczZGW0zjyOCEbIL4bsghLxd3OgQyPrZLXKxkDBHI8SIfrWV+l2e4o1isbIMwAJwcwkzDzqtI1i1nZcOroMg28lAVG11eUWIYTVEMw82y90empSHzjuEF5EgIPzEaCFi2LpyB+9bxbDcVz3uE4r57wP4hbFUMYadVIWybr6CqbggD4HYHZm/zVwho1+06VqMx7WjovA4WWATzFMkTZoEqCoxZ1PTRCk5oIJAwQwyLa0Asld4pkbk74p/wCqmKLOqHSdPcCrIau4Fb2HrNkt3A3IKbg+8Gfd3eMx9NEYNiqkPE6YePTLQmUeuUXGFZg5a5YvAO0pllWy1LZ+pkra1Pmy1JBxXzWb9V+cwZ5IMRgAJcquYztxjV/YKiI6cvw9yNRrVTcvgYiRIgyo0ucr64recQB/G+acR9QuAsxPHoZISPiXcL13TOlR7VO0SQ22bOhsqE2RDvOw1ujEaFW9CcUb9HMT30KcMvkS2JNFvR0OESTwkM0GcEvYJoSD0Vi5zOZIugJy6bj5RzOpUdJm3QK3WWx+jshwrHXpzYCBlRQiP/BmJbj1JlhMfYbPZQfIQhR9F2YYuVjUTfSPviEw1nfESDkDOIYy8jGPIlCsv9vx2ou1Gxy++mfSy/6zd4KK1A/sN6OlQoEMvnGJLvaMxhMImjLLOvl6VJyaXB1G9UmOaJxNnBx56HgnLX1YNH7GjErhco8Xd0OZDgSRDlIBTExVJlF4K9XGj067lQakttWV8dJGJhgahkhlFGDY+y8eq3td/+vr09DYQcHhCrgvcyHnUOio8q2g4Lj1+3P59HI+d++M18GYLZd2y/fFUM3CVhNJEw1nk3N5E/Sp2u12IBnKJT3RK24f7cUkSpLfQqcjZ/JOKm7wKIM0sR5Ruczr9oyMgQCdJxFeiCLFmQ4Q520AXq26zMrCPQBcb7/ArLUNnotdv8qnyB4RQUFYmHI/MFZgX26r3xBcB9a8Jgs4QLYXCw+m+D1BYTBsrNF8Jge1jUrAZrunBXNVhBXQPp3tTLQcME1mkg5PCAWBW8l/GoW5Ln98dHFW1NwEPnHi8ppLkU8gYUQvkl67TiKXMI20PhkjaEMfQHVM6OZ64BiLNLG+7utHEAEsFtF4uweUp9F4sggdMSFsF08zeutrEniwDMvCLLaZhF0J/i2l6stJFFcAqcTgtohAqM4KUGrFkD9ivj4s2KPqCTchcaoSQsLvWgwIpONQ4GjnsaCDk8IM6tHgQ6I3lJIc2lkLbQCEAnG8+ORtiEwiVtCGPo9OLZ0Qg1AHF2aaPeS3rNPovgHotGqPrugqo3WkIj2IMCjbDvywuOVaARjvfywjMGN3/Oez8+ToP7L97i5ubuy0PJm/HHAJ15PO6qAIidKNz2hFS1J2LeCnOW+s0FRZYUGaeqmLPsgqIiB7Y35kQ3/aWHZHj6cxng+jc=</diagram></mxfile>
\ No newline at end of file
+<mxfile host="Electron" modified="2022-11-16T17:17:30.495Z" agent="5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/20.3.0 Chrome/104.0.5112.114 Electron/20.1.3 Safari/537.36" etag="q8HG4eKwCLBa5n6kjszd" version="20.3.0" type="device"><diagram id="oqxypaCZoQuY0yNYre-9" name="Page-1">7Vxbc9soFP41ftmZeix0sx9rJ023m3YyTXe22ZcdYhGLDRYqwrf8+kUS6IZiy17bUWxnMhM4QkfifN/hwAGlY46myxsGQ/8r9RDpgJ637JhXHQAMqw/En1iykhLg2KlkwrAnZbngHr8gKexJ6Qx7KCo15JQSjsOycEyDAI15SQYZo4tysydKyk8N4QRpgvsxJLr0L+xxP5X27V4u/4zwxJdPtnvywhSqtlIQ+dCji4LIvO6YI0YpT0vT5QiR2HjKLOl9n165mr0XQwFvckN//mH0y7kd/RHdRX/D2f0cD//9ILXMIZnJ/v7WxUH3hdHnLqbyxflKGYPRWeChWKHRMYcLH3N0H8JxfHUh8Bcyn0+JvKy/oHoaYhwtCyL5wjeIThFnK9FEXgV9ectKmT2tLnIkDEUUv4CCJWVQgj/JNOcGEgVpoy3sZWr20myEAu9jzDtRGxMYRXgsbBFxyLguLlgrN21P1ITJ2OpnXOnaqvogWyaVq2Wx5dVK1jwY+Rk+aIl5QYeoPaibRDnXEFeUgldBi+iMjdEa0zjSOSGbIL6Zcsgr+Z1OgQLGdg3ESsYQgRzPy95ah7t8wh3FomcZw0zTKTEMGHZZRdpveVfRvSqKbKNM1WycU4pSw2iKEhpm3d6dmZbGzDuG55AjIfzEaCBo2Tp3Nt239mf7WP68gyvuOgbs7sJWQxd2WuXCNniFVdu6sGm63QHoZT8Vh3bdrmMd1acdjZ3XwRwLZ54i+cAiUcUEI4yLPlrCCQ0EE0LEsHgHxHLpnRKBzR7/hJdIzcjiepQWwVqSbTEauJWhF9SMBmANb/Y+GvR1e4c+miIGxa0OEY8fPjJRmsSlU4LCsgYtg2LwDsKZZVstC2fqYa2dnx53SjpoGM/6rYpnzqDsjKZZoUvTeOZWvbpfUXTg8GWAzWxUIyWHj7EoJaIc6GLwxbKeQxwk46aR1AmBYYST1mkLHxPvFq7ojCs9qrYPJ7dByYbKhEUX7ztHHBiNBkvQklG/xz499CnDL7EtiTRb1dDRAk8JDNBnBL2KaEg95YuchrJE0BOXxUfKOZ3KCpM26NWC5TEa/lDu2EsCGyEjSmiMbyCG9ThUxnxMzGYPxa8w5CgeLmzRs5GoG3ld/MbNGR/RIOIM4gRlBCO+QFE9/uuJupkVm3AH9qFw1xd4KJ+B/IP1cKhYILrPMSTf0ZjDYJJ4WWFcrwuTMpcGc9yoMM0TSaKDjz0PBfXQbUePBGjErucoxTt+HUjwJIhjEAqSyVJjCM2dIDT620EoteW23F4dJKJjgZjJDOOIGh1k4NWXtd/+vL09DYbsnxDLCnoFRJ298qOJtv3S49ftz+fRyLkffgMvQzP8ju2XryoDdwkYxwgYqzLMx4gftaDrc7EATtGpDgnreH9uIaLWFvosMpw9ErHouxDizEJE7QAHGiQS3tvSzXTfeu2WdeGydttbKM6Y2uK1m4L5snZb7xZbBuYtIdwUmBuoO8bIq0dmA5jWaTBk/4RYVtArIOrWpGh350cTbcegh54GuoSQ44WQN1jN1b+ynuE55eXcele4hA1hDP2swNml/LYgxNmFDXdz2ChsDEvkGmz/dgqbv72um20Gb9j/VccT09vUXvC+93+zA8ObNoAlcVqyAQzc8sLVNnbcADZBWZHlHHcDGOgHatZPVtqYRXCMshFbkEbQD8dc5oD/dw7Yb8yLN5v0mXpS7pJGqHGLy3xQcEVPNQ4GjnsaDNk/Ic5tPmjqGclLCDleCGlLGsHUk41nl0bIXOESNoQx9PTi2aURtiDE2YWN7b6X2jWNsFsWwT1UGqHpMXI132hJGsEeVNIIu54jd6xKGuFw58ifsXnz+6z34+M0uP/izW9u7r481HykfAjSgTfLXa07m/LOPqe11OfvKllSzTg15ZxlVxRVc2A7c05U84/u0+b5vy4wr/8D</diagram></mxfile>
\ No newline at end of file
diff --git a/docs/images/zrok_frontends_v0.3.png b/docs/images/zrok_frontends_v0.3.png
index 2d2c7391..1e681175 100755
Binary files a/docs/images/zrok_frontends_v0.3.png and b/docs/images/zrok_frontends_v0.3.png differ
diff --git a/docs/v0.3_public_private_sharing.md b/docs/v0.3_public_private_sharing.md
index a851b956..cccaa72f 100644
--- a/docs/v0.3_public_private_sharing.md
+++ b/docs/v0.3_public_private_sharing.md
@@ -14,3 +14,18 @@ The `*.in.zrok.io` frontend is a "public" frontend, available to all `zrok` user
 
 The other two "private" frontends are configured with an `environment_id` and no `name` label (the lack of a `name` label signifies that these are "private" frontends). The ephemeral environment is allocated when a `zrok` frontend request is made without an account on behalf of a private share.
 
+## Share Modes
+
+_Note: In `v0.3`, the `tunnel` and `untunnel` concepts get renamed to `share` and `unshare`._
+
+### Public Sharing
+
+In `v0.2`, `zrok` only offered a "public" sharing mode. The public sharing mode will allow any configured `frontend` instances to send traffic to any `backend`. The policy and permission model was very simple and flat. A `v0.2` deployment considers any available `frontend` instance to be allowed to send traffic to configured services. The frontends are controlled by identity within the underlying Ziti network.
+
+In `v0.3`, `zrok` will offer both a "public" and a "private" sharing mode. When `v0.3` configures the policies for a service, a publicly-shared service will have policies created that allow whichever selected public `frontend` instances to access the shared `backend`. A `v0.3` deployment will have a collection of multi-tenant, high-capacity `frontend` instances available to be selected from. The `zrok` CLI will default to selecting the `public` `frontend` instances.
+
+### Private Sharing
+
+`v0.3` introduces a "private" sharing mode. When provisioning a service for private sharing, `zrok` will not create any policies for the service, until a request for a frontend binding is created for the service (through the `zrok serve` command).
+
+The `v0.3` `zrok` service will support both identified users (the `zrok` user has a provisioned `environment`), as well as ephemeral users (the `zrok` controller will create an "ephemeral environment" for these users).
