use the app for a period of time ◦ Can be controlled by refresh token and authentication session expiry ◦ Those expiry can’t be very long • But if users keep using the app, the authentication should be kept alive ◦ Be able to do SSO to other webs/apps ◦ Authentication session needs to be extended Requirements