=== How Does Security Work? {project_name} is a separate server that you manage on your network. Applications are configured to point to and be secured by this server. {project_name} uses open protocol standards like link:http://openid.net/connect[Open ID Connect] or link:http://saml.xml.org/saml-specifications[SAML 2.0] to secure your applications. Browser applications redirect a user's browser from the application to the {project_name} authentication server where they enter their credentials. This is important because users are completely isolated from applications and applications never see a user's credentials. Applications instead are given an identity token or assertion that is cryptographically signed. These tokens can have identity information like username, address, email, and other profile data. They can also hold permission data so that applications can make authorization decisions. These tokens can also be used to make secure invocations on REST-based services.