Creating the core authentication policy