* Do we allow the API to be accessed anonymously only after the data is already open or do we want a protected service. If yes, how can we secure it?
* there are multiple levels of access restriction, some on protocol level (such as CORS), some on content level (such as AUTH requirements)
* generally it should be considered if the API should provide CRUD functionality or be read only
* What are the use cases? What queries do we want?
* Password or token based authentication?
* What shape type should we give an entity without real geometry? I would give it "Point" just out of simplicity
* Is it really necessary for each project that we will give valid geojson? e.g. actor has geometry. Should we include more json schemas?

To discuss:

Discussion for 27.11

Discussion outcome: