See https://community.rockrms.com/developer/videos/70 (from the beta launch at CITRT 2014) Block Security OrderEntity Parent AuthorityBlock Security ActionsEntity Type Security (Admin UI)Custom Action VerbsPersonActionIdentifier The RSVP system uses our newer 'non-security' type identification token generator (called PersonActionIdentifier) which identifies a person for only one particular action. In this case, the person token that's generated is bound to the 'RSVP' actionIdKey IdKey is a way to not expose the ID number (and not have something as long and complex as a Guid in the URL). Starting with Rock v14 Obsidian blocks, the IdKey can/should be used instead of IDs -- especially in public facing blocks. Developing with security in mind Never use HiddenField for Ids or Guids without revalidating them upon postback.