Just what it says!
End users should only have to authenticate (log in) once to access multiple protected resources.
