diff --git a/aiohttp_security/__init__.py b/aiohttp_security/__init__.py
index 5e1acd1..27b7367 100644
--- a/aiohttp_security/__init__.py
+++ b/aiohttp_security/__init__.py
@@ -1,10 +1,13 @@
 from .abc import AbstractIdentityPolicy, AbstractAuthorizationPolicy
 from .api import remember, forget, setup, authorized_userid, permits
+from .cookies_identity import CookiesIdentityPolicy
+from .session_identity import SessionIdentityPolicy
 
 
 __version__ = '0.1.0'
 
 
 __all__ = ('AbstractIdentityPolicy', 'AbstractAuthorizationPolicy',
+           'CookiesIdentityPolicy', 'SessionIdentityPolicy',
            'remember', 'forget', 'authorized_userid',
            'permits', 'setup')
diff --git a/demo/db_auth.py b/demo/db_auth.py
index c917fd9..0eb1925 100644
--- a/demo/db_auth.py
+++ b/demo/db_auth.py
@@ -7,12 +7,12 @@ from . import db
 
 
 class DBAuthorizationPolicy(AbstractAuthorizationPolicy):
-    def __init__(self, db_pool):
-        self.db_pool = db_pool
+    def __init__(self, dbengine):
+        self.dbengine = dbengine
 
     @asyncio.coroutine
     def authorized_user_id(self, identity):
-        with (yield from self.db_pool) as conn:
+        with (yield from self.dbengine) as conn:
             where = [db.users.c.login == identity,
                      not db.users.c.disabled]
             query = db.users.count().where(sa.and_(*where))
@@ -24,7 +24,7 @@ class DBAuthorizationPolicy(AbstractAuthorizationPolicy):
 
     @asyncio.coroutine
     def permits(self, identity, permission, context=None):
-        with (yield from self.db_pool) as conn:
+        with (yield from self.dbengine) as conn:
             where = [db.users.c.login == identity,
                      not db.users.c.disabled]
         record = self.data.get(identity)
diff --git a/demo/main.py b/demo/main.py
new file mode 100644
index 0000000..eb7ba96
--- /dev/null
+++ b/demo/main.py
@@ -0,0 +1,46 @@
+import asyncio
+
+from aiohttp import web
+from aiohttp_session import setup as setup_session
+from aiohttp_session.redis_storage import RedisStorage
+from aiohttp_security import setup as setup_security
+from aiohttp_security import SessionIdentityPolicy
+from aiopg.sa import create_engine
+from aioredis import create_pool
+
+
+from demo.db_auth import DBAuthorizationPolicy
+
+
+@asyncio.coroutine
+def init(loop):
+    redis_pool = yield from create_pool(('localhost', 6379))
+    dbengine = yield from create_engine(user='aiohttp_security',
+                                        password='aiohttp_security',
+                                        database='aiohttp_security',
+                                        host='127.0.0.1')
+    app = web.Application(loop=loop)
+    setup_session(app, RedisStorage(redis_pool))
+    setup_security(app,
+                   SessionIdentityPolicy(),
+                   DBAuthorizationPolicy(dbengine))
+
+    app.add_route()
+
+    handler = app.make_handler()
+    srv = yield from loop.create_server(handler, '127.0.0.1', 8080)
+    print("Server started at http://127.0.0.1:8080")
+    return srv, handler
+
+
+@asyncio.coroutine
+def finalize(loop, srv, handler):
+    pass
+
+
+loop = asyncio.get_event_loop()
+srv, handler = loop.run_until_complete(init(loop))
+try:
+    loop.run_forever()
+except KeyboardInterrupt:
+    loop.run_until_complete((finalize(loop)))
diff --git a/docs/example.rst b/docs/example.rst
index eb88231..9a29c8d 100644
--- a/docs/example.rst
+++ b/docs/example.rst
@@ -43,7 +43,7 @@ How to Make a Simple Server With Authorization
     def init(loop):
         # set up identity and auth
         auth_policy = DictionaryAuthorizationPolicy({'me': ('view_user',),
-                                                     'you': ('view_user', 
+                                                     'you': ('view_user',
                                                              'edit_user',)})
         identity_policy = CookieIdentityPolicy()
         auth = authorization_middleware(auth_policy, identity_policy)
diff --git a/docs/usage.rst b/docs/usage.rst
index 62d9ccf..471e879 100644
--- a/docs/usage.rst
+++ b/docs/usage.rst
@@ -8,17 +8,28 @@
 .. currentmodule:: aiohttp_security
 .. highlight:: python
 
-The library is build on top of two policies: :term:`authentication`
-and :term:`authorization` and public API.
 
-API is policy agnostic, all client code should not call policy code
-directly but use API only.
+First of all, what is *aiohttp_security* about?
+
+It is a set of public API functions and standard for implementation details.
+
+API is implementation agnostic, all client code should not call policy
+code (see below) directly but use API only.
 
 Via API application can remember/forget user in local session
 (:func:`remember`/:func:`forget`), retrieve :term:`userid`
 (:func:`authorized_userid`) and check :term:`permission` for
 remembered user (:func:`permits`).
 
+The library internals are built on top of two policies:
+:term:`authentication` and :term:`authorization`. There are abstract
+base classes for both concepts as well as several implementations
+shipped with the library. End user is free to build own implemetations
+if needed.
+
+Public API
+==========
+
 
 Authentication
 ==============