At this point, you've created a security server, a security context, rules, user directories, and policies. Now you're ready to put them together with an application to see how User Security is implemented at runtime. ColdFusion provides a tag, CFAUTHENTICATE, and two related functions, IsAuthenticated() and IsAuthorized(), to bind security contexts and policies to actual applications.