Methods and apparatus for implementing common authentication and security policies across applications served over a data transmission network, such as the internet, http or https, are disclosed. The common authentication and security policies are implemented without mandating specific changes to be applied to the applications themselves. An authentication process can be dynamically performed based on different needed security levels. Applications can be graphical (e.g., web) or voice in nature and can use any applicable and available security method.