From afd29f28d87eb6bd3cedef73babb07d392e97bb5 Mon Sep 17 00:00:00 2001
From: Tom Kralidis <tomkralidis@gmail.com>
Date: Fri, 5 Jul 2024 05:38:38 -0400
Subject: [PATCH] docs: add section on security (#1712)

---
 docs/source/index.rst    |  1 +
 docs/source/security.rst | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 docs/source/security.rst

diff --git a/docs/source/index.rst b/docs/source/index.rst
index d4c958c..49191a7 100644
--- a/docs/source/index.rst
+++ b/docs/source/index.rst
@@ -40,6 +40,7 @@ reference documentation on all aspects of the project.
    data-publishing/index
    transactions
    admin-api
+   security
    plugins
    html-templating
    crs
diff --git a/docs/source/security.rst b/docs/source/security.rst
new file mode 100644
index 0000000..706ae6d
--- /dev/null
+++ b/docs/source/security.rst
@@ -0,0 +1,17 @@
+.. _security:
+
+Security
+========
+
+There exist use cases which require authentication and authorization against an API at various granularities
+(collections, processes, etc.), restricting access to a given user, group or role.  Implementing security
+can be as simple as HTTP basic authentication, or as complex as fine-grained access control against a specific
+collection item.
+
+By design, pygeoapi does not have built-in support for access control.  It is up to the user to secure pygeoapi
+as required.
+
+The following projects provide security frameworks atop pygeoapi:
+
+* `fastgeoapi <https://github.com/geobeyond/fastgeoapi>`_
+* `pygeoapi-auth <https://github.com/cartologic/pygeoapi-auth>`_