1 files changed, 10 insertions, 8 deletions

diff --git a/docs/narr/security.rst b/docs/narr/security.rst
index fd291a9db..10e9df78d 100644
--- a/docs/narr/security.rst
+++ b/docs/narr/security.rst
@@ -69,7 +69,7 @@ A simple security policy might look like the following:
     from pyramid.security import Allowed, Denied
 
     class SessionSecurityPolicy:
-        def identify(self, request):
+        def authenticated_identity(self, request):
             """ Return app-specific user object. """
             userid = request.session.get('userid')
             if userid is None:
@@ -78,14 +78,14 @@ A simple security policy might look like the following:
 
         def authenticated_userid(self, request):
             """ Return a string ID for the user. """
-            identity = self.identify(request)
+            identity = self.authenticated_identity(request)
             if identity is None:
                 return None
             return string(identity.id)
 
         def permits(self, request, context, permission):
             """ Allow access to everything if signed in. """
-            identity = self.identify(request)
+            identity = self.authenticated_identity(request)
             if identity is not None:
                 return Allowed('User is signed in.')
             else:
@@ -144,7 +144,7 @@ For example, our above security policy can leverage these helpers like so:
         def __init__(self):
             self.helper = SessionAuthenticationHelper()
 
-        def identify(self, request):
+        def authenticated_identity(self, request):
             """ Return app-specific user object. """
             userid = self.helper.authenticated_userid(request)
             if userid is None:
@@ -153,14 +153,14 @@ For example, our above security policy can leverage these helpers like so:
 
         def authenticated_userid(self, request):
             """ Return a string ID for the user. """
-            identity = self.identify(request)
+            identity = self.authenticated_identity(request)
             if identity is None:
                 return None
             return str(identity.id)
 
         def permits(self, request, context, permission):
             """ Allow access to everything if signed in. """
-            identity = self.identify(request)
+            identity = self.authenticated_identity(request)
             if identity is not None:
                 return Allowed('User is signed in.')
             else:
@@ -249,7 +249,7 @@ might look like so:
 
     class SecurityPolicy:
         def permits(self, request, context, permission):
-            identity = self.identify(request)
+            identity = self.authenticated_identity(request)
 
             if identity is None:
                 return Denied('User is not signed in.')
@@ -697,7 +697,7 @@ A "secret" is required by various components of Pyramid.  For example, the
 helper below might be used for a security policy and uses a secret value
 ``seekrit``::
 
-  helper = AuthTktCookieHelper('seekrit', hashalg='sha512')
+  helper = AuthTktCookieHelper('seekrit')
 
 A :term:`session factory` also requires a secret::
 
@@ -719,6 +719,8 @@ has the possibility of providing a chosen plaintext.
    single: preventing cross-site request forgery attacks
    single: cross-site request forgery attacks, prevention
 
+.. _csrf_protection:
+
 Preventing Cross-Site Request Forgery Attacks
 ---------------------------------------------