docs: add section on security (#1712)

2024-07-05 05:38:38 -04:00
parent 11b9480204
commit afd29f28d8
2 changed files with 18 additions and 0 deletions
@@ -40,6 +40,7 @@ reference documentation on all aspects of the project.
   data-publishing/index
   transactions
   admin-api
+   security
   plugins
   html-templating
   crs
@@ -0,0 +1,17 @@
+.. _security:
+
+Security
+========
+
+There exist use cases which require authentication and authorization against an API at various granularities
+(collections, processes, etc.), restricting access to a given user, group or role.  Implementing security
+can be as simple as HTTP basic authentication, or as complex as fine-grained access control against a specific
+collection item.
+
+By design, pygeoapi does not have built-in support for access control.  It is up to the user to secure pygeoapi
+as required.
+
+The following projects provide security frameworks atop pygeoapi:
+
+* `fastgeoapi <https://github.com/geobeyond/fastgeoapi>`_
+* `pygeoapi-auth <https://github.com/cartologic/pygeoapi-auth>`_