Bearer tokens are evaluated using access token validators. The HttpRequest.AccessToken attribute supplies the validation result to the policy request, and the TokenOwner attribute provides the user identity associated with the token. Policies use this authentication information to affect the processing of requests and responses.