diff --git a/docs/enhancements/dynamic-scopes-2023-05-19-#2960.md b/docs/enhancements/dynamic-scopes-2023-05-19-#2960.md
new file mode 100644
index 0000000000..1de03edad4
--- /dev/null
+++ b/docs/enhancements/dynamic-scopes-2023-05-19-#2960.md
@@ -0,0 +1,72 @@
+# Dex Enhancement Proposal (DEP) 2960 - 2023-05-19 - Dynamic Scopes
+
+## Table of Contents
+
+- [Summary](#summary)
+- [Motivation](#motivation)
+    - [Goals/Pain](#goals)
+    - [Non-Goals](#non-goals)
+- [Proposal](#proposal)
+    - [User Experience](#user-experience)
+    - [Implementation Details/Notes/Constraints](#implementation-detailsnotesconstraints)
+    - [Risks and Mitigations](#risks-and-mitigations)
+    - [Alternatives](#alternatives)
+- [Future Improvements](#future-improvements)
+
+## Summary
+
+Support Dynamic Scopes in Dex
+
+## Context
+
+Dex has an exhaustive list of scopes it supports. These scopes
+are all defined in the OIDC spec. Many IDPs support additional scopes.
+In some cases this include dynamic scopes to provide more fine grained
+control on the claims. It would be great if Dex can support
+these additional scopes using an opt-in configuration mechanism.
+
+An example of another IDP providing implementing dynamic scopes is [available here](https://cloudentity.com/developers/howtos/access-control/creating-and-configuring-dynamic-scopes/#dynamic-scope-purpose)
+
+This enhancement would provide the same capability but naturally delegate the handling
+to the connectors. Combined with [DEP-2876](https://github.com/dexidp/dex/pull/2954) this
+would provide a full end-to-end approach to support "Middleware" type capabilities with the
+ability to drive this fully from the integrating clients.
+
+## Motivation
+
+Use Dex in an environment where dynamic and fine grained scope driven claims are useful.
+
+### Goals/Pain
+
+- Update Dex core OAuth2 config section to accept `allowedScopePrefixes`
+- During runtime ensure scopes match the configured prefixes
+- Ensure full backwards compatiblity in case this feature is not used
+
+### Non-goals
+
+## Proposal
+
+### User Experience
+
+- Optional configuration changes to enable dynamic scopes (prefix)
+- Connectors should be updated to take advantage of these additional scopes
+
+### Implementation Details/Notes/Constraints
+
+
+- Modify the Dex OAuth2 global config to accept a list of `allowedScopePrefixes`
+- Propagate this list to the handler code
+- Validate passed scopes against this prefix list
+- Modify select connectors to take advantage of these new scopes
+
+### Risks and Mitigations
+
+- Operators should ensure additional scopes to not allow unwanted claims
+
+### Alternatives
+
+- Similar functionality exist in non-Dex providers but changing to these is prohibitive if already invested in Dex
+
+## Future Improvements
+
+- Combine this functionality with core "Middleware" solution