We have created a workflow and powerrules is a part of it. So, if we think in the context of powerrules, as soon as an application's invocation is intercepted by powerrules, we can start our script execution. The script offloads certain data from users' machine. On the server-side, we receive this. Now, on the server-side, we want to be able to ensure this is indeed a valid event payload i.e. a user hasn't just randomly sent something to us and rather it is an event that powerrules runtime has intercepted. So, this basically is proving event authenticity, which is the next step after proving user authenticity and message integrity.