Questions about security

Dear jitsi-team and community, thank you so much for the great work!
This is amazing and huge!

I have two questions related to security:

  1. Which API call, what authentication/authorization method is used to communicate from a backend to jitsi-meet?
  2. How does jitsi-meet ensure that none of the users can elevate his permissions to a moderator?

Again, thanks!