1.Authenticate a user to verify their identity
2.Perform access control for a user
3.Use a Session API in any environment, even without web or EJB containers.
4.React to events during authentication, access control, or during a session's lifetime
5.Enable Single Sign On (SSO) functionality
6.Enable 'Remember Me' services for user association without login
7.Aggregate 1 or more data sources of user security data and present this all as a single composite user 'view'.