1. A method for auditing access of one or more resources by a client, the method comprising:
receiving at a single sign-on server from the client a request to access one or more of the resources;
assigning with the single sign-on server a session identifier to a user of the client requesting to access one or more of the resources, the session identifier associated with a user identifier for the user of the client;
recording the session identifier and user identifier with the single sign-on server in a sign-on repository maintained by the single sign-on server;
providing the user identifier and session identifier to the client from the single sign-on server;
redirecting the client from the single sign-on server to a server of a plurality of servers other than the single sign-on server;
providing the user identifier and session identifier to one or more applications managing the one or more resources requested by the client, the one or more applications executed by the server other than the single sign-on server and wherein each of the plurality of servers further executes a logging agent and wherein each logging agent records in a central log data repository a record of each access of the one or more resources managed by the one or more applications of the server executing the logging agent, wherein the central log data repository is separate from the sign-on repository;
accessing the one or more resources requested by the client with the one or more applications based on the request;
logging a record of said accessing of the one or more resources requested by the client in the central log data repository with the logging agent of the server executing the one or more applications managing the one or more resources requested by the client, wherein the record includes the user identifier and the session identifier;
reading with an auditor system a plurality of records of said accessing of the one or more resources from the central log repository;
correlating with the auditor system two or more of the plurality of records of said accessing of the one or more resources based on the user identifier and session identifier of each of the plurality of records;
determining with the auditor system, based on the correlated two or more records and a set of rules defining prohibited activity, whether a prohibited activity is being performed by a user with more than one active session, wherein the set of rules defining prohibited activity is maintained by the auditor system and defines patterns of actions related to malicious activity and wherein determining whether a prohibited activity is being performed comprises comparing the correlated two or more records to the set of rules.
2. The method of claim 1, wherein assigning the session identifier to the user of the client further comprises:
determining based on the session identifier and user identifier recorded in the sign-on repository whether a session identifier has already been assigned to the user of the client; and
responsive to determining a session identifier has already been assigned to the user of the client, invalidating a previous session identifier associated with the user identifier for the user of the client and assigning a new session identifier to the user.
3. The method of claim 2, wherein accessing the one or more resources requested by the client further comprises determining whether the user of the client is authorized to access the one or more resources requested by the client in a manner requested based on the user identifier and validity of the session identifier.
4. The method of claim 2, wherein providing the user identifier and session identifier to the one or more applications managing the one or more resources comprises:
generating a redirection request with the single sign-on server, the redirection request including the session identifier and an indication of a location of the resource; and
sending the redirection request from the single sign-on server to the client.
5. The method of claim 1, wherein each record further includes a timestamp indicating a time said accessing the one or more resources is performed.
6. The method of claim 5, wherein each record further includes an indication of a type of access requested to be performed on the one or more resources by the client.
7. The method of claim 6, wherein each record further includes an indication of the one or more resources requested by the client.
8. The method of claim 7, wherein each record further includes an indication of a result of said accessing of the one or more resources requested by the client.
9. The method of claim 8, further comprising:
responsive to determining that a prohibited activity is being performed, taking corrective action with the auditor system.
10. The method of claim 1, further comprising authenticating the user of the client prior to assigning the sign-on identifier to the user of the client.
11. A system comprising:
a central log data repository;
a sign-on repository separate from the central log data repository;
a client;
a single sign-on server communicatively coupled with the client and the sign-on repository and adapted to receive from the client a request to access one or more resources, assign a session identifier to a user of the client requesting to access one or more of the resources, the session identifier associated with a user identifier for the user of the client, record the session identifier and the user identifier in the sign-on repository, and provide the user identifier and session identifier to one or more applications managing the one or more resources requested by the client;
a plurality of servers communicatively coupled with the client and the central log data repository and wherein each of the plurality of servers executes a logging agent and one or more applications managing one or more resources, wherein each logging agent records in the central log data repository accesses of the one or more resources managed by the one or more applications of the server executing the logging agent, and wherein the one or more applications of at least one server of the plurality of servers access the one or more resources requested by the client based on the request and the logging agent of the at least one server logs a record of each access of the one or more resources in the central log data repository, each record including the user identifier and the session identifier; and
an auditor system communicatively coupled with the central log data repository and each of the logging agents and adapted to read a plurality of records of said accessing of the one or more resources from the central log data repository, correlate two or more of the plurality of records of said access of the one or more resources, determine, based on the correlated two or more records and a set of rules defining prohibited activity, whether a prohibited activity is being performed by a user with more than one active session, wherein the set of rules defining prohibited activity is maintained by the auditor system and defines patterns of actions related to malicious activity and wherein determining whether a prohibited activity is being performed comprises comparing the correlated two or more records to the set of rules.
12. The system of claim 11, wherein the one or more applications further determine whether the user of the client is authorized to access the one or more resources requested by the client in a manner requested based on the user identifier and the session identifier.
13. The system of claim 11, wherein the auditor system responsive to determining that a prohibited activity is being performed, is further adapted to take corrective action.
14. The system of claim 13, wherein the auditor system is further adapted to configure each of the logging agents.
15. The system of claim 14, wherein configuring each of the logging agents comprises configuring a format of the record and an event to be logged.
16. The system of claim 11, wherein the single sign-on server is further adapted to determine, based on contents of the sign-on repository, whether a session identifier has already been assigned to the user of the client, and responsive to determining a session identifier has already been assigned to the user of the client, invalidate a previous session identifier associated with the user identifier for the user of the client and assigning a new session identifier to the user.
17. The system of claim 11, wherein the single sign-on server is further adapted to provide the user identifier and session identifier to the one or more applications managing the one or more resources by generating a redirection request, the redirection request including the session identifier and an indication of a location of the resource and send the redirection request to the client.
18. The system of claim 11, wherein each record further includes a timestamp indicating a time said accessing the one or more resources is performed.
19. The system of claim 11, wherein each record further includes an indication of a type of access requested to be performed on the one or more resources by the client.
20. The system of claim 11, wherein each record further includes an indication of the one or more resources requested by the client.
21. The system of claim 11, wherein each record further includes an indication of a result of said accessing of the one or more resources requested by the client.
22. A machine-readable memory device having stored thereon a series of instructions which, when executed by a processor, cause the processor to audit access of one or more resources by a client by:
receiving at a single sign-on server from the client a request to access one or more of the resources;
assigning with the single sign-on server a session identifier to a user of the client requesting to access one or more of the resources, the session identifier associated with a user identifier for the user of the client;
recording the session identifier and user identifier with the single sign-on server in a sign-on repository maintained by the single sign-on server;
providing the user identifier and session identifier to the client from the single sign-on server;
redirecting the client from the single sign-on server to a server of a plurality of servers other than the single sign-on server;
providing the user identifier and session identifier to one or more applications managing the one or more resources requested by the client, the one or more applications executed by the server other than the single sign-on server and wherein each of the plurality of servers further executes a logging agent and wherein each logging agent records in a central log data repository a record of each access of the one or more resources managed by the one or more applications of the server executing the logging agent, wherein the central log data repository is separate from the sign-on repository;
accessing the one or more resources requested by the client with the one or more applications based on the request;
logging a record of said accessing of the one or more resources requested by the client in the central log data repository with the logging agent of the server executing the one or more applications managing the one or more resources requested by the client, wherein the record includes the user identifier and the session identifier;
reading with an auditor system a plurality of records of said accessing of the one or more resources from the central log repository;
correlating with the auditor system two or more of the plurality of records of said accessing of the one or more resources based on the user identifier and session identifier of each of the plurality of records;
determining with the auditor system, based on the correlated two or more records and a set of rules defining prohibited activity, whether a prohibited activity is being performed by a user with more than one active session, wherein the set of rules defining prohibited activity is maintained by the auditor system and defines patterns of actions related to malicious activity and wherein determining whether a prohibited activity is being performed comprises comparing the correlated two or more records to the set of rules.
23. The machine-readable memory device of claim 22, wherein accessing the one or more resources requested by the client further comprises determining whether the user of the client is authorized to access the one or more resources requested by the client in a manner requested based on the user identifier and validity of the session identifier.
24. The machine-readable memory device of claim 22, wherein assigning the session identifier to the user of the client further comprises:
determining based on the session identifier and user identifier recorded in the sign-on repository whether a session identifier has already been assigned to the user of the client; and
responsive to determining a session identifier has already been assigned to the user of the client, invalidating a previous session identifier associated with the user identifier for the user of the client and assigning a new session identifier to the user.
25. The machine-readable memory device of claim 24, wherein providing the user identifier and session identifier to the one or more applications managing the one or more resources comprises:
generating a redirection request with the single sign-on server, the redirection request including the session identifier and an indication of a location of the resource; and
sending the redirection request from the single sign-on server to the client.
26. The machine-readable memory device of claim 22, wherein each record further includes a timestamp indicating a time said accessing the one or more resources is performed.
27. The machine-readable memory device of claim 26, wherein each record further includes an indication of a type of access requested to be performed on the one or more resources by the client.
28. The machine-readable memory device of claim 27, wherein each record further includes an indication of the one or more resources requested by the client.
29. The machine-readable memory device of claim 28, wherein each record further includes an indication of a result of said accessing of the one or more resources requested by the client.
30. The machine-readable memory device of claim 29, further comprising:
responsive to determining that a prohibited activity is being performed, taking corrective action with the auditor system.
31. The machine-readable memory device of claim 22, further comprising authenticating the user of the client prior to assigning the sign-on identifier to the user of the client.
The claims below are in addition to those above.
All refrences to claim(s) which appear below refer to the numbering after this setence.
1. A method of providing assembly instructions, comprising:
presenting by a computer output device figure data of a component to be assembled onto an object;
presenting by said computer output device an instruction for the assembly of said component onto said object;
capturing by an imager an image of said component assembled on said object;
evaluating by a processor a compliance with said instruction of said image of said component assembled on said object; and
presenting by said computer output device a result of said evaluation.
2. The method as in claim 1, wherein said computer output device is at least one of a list comprising a computer screen, a video screen and a speaker.
3. The method as in claim 1, comprising
presenting a series of instructions for assembling said object,
capturing a series of images of said assembly of said object while said assembly is in progress, and
presenting, while said assembly is in progress, a discrepancy between a first of said series of instructions and figure data of said object captured in a first image of said series of images.
4. The method as in claim 1, wherein said presenting said result of said evaluation comprises presenting an indication of a discrepancy between said instruction and said image of said component assembled on said object.
5. The method as in claim 1, comprising modifying by said processor a level of tolerance for a discrepancy between said instruction and said image of said component assembled on said object.
6. A method of presenting by an output device, instructions for assembly of an object, comprising:
presenting with said output device figure data of a plurality of components;
presenting with said output device a first instruction, said first instruction for an assembly of a first of said components onto an object;
capturing by an imager an image of said object, said image including said first of said components assembled on said object;
determining by a processor a compliance with said first instruction of said object captured in said image;
presenting with said output device a second instruction, said second instruction for assembly of a second of said components onto said object;
wherein a parameter of said second instruction is modified based on a parameter of said compliance, and
wherein said parameter of said second instruction is selected from the group consisting of a complexity of said second instruction and a period of time for assembling said second of said components onto said object; and
wherein said parameter of said compliance is selected from the group consisting of a period of time required to assemble said first of said components on said object, a complexity of said first instruction and a level of tolerance of a said compliance with said first instruction.
7. The method as in claim 6, wherein said output device is at least one of a group consisting: computer screen, video screen and speaker.
8. The method as in claim 6, comprising presenting figure data about the object to be assembled.
9. The method as in claim 6, wherein said components comprise blocks.
10. A system for providing assembly instructions, comprising:
a computer output device adapted to present figure data of a component to be assembled onto an object and instruction for the assembly of said component onto said object;
an imager adapted to capture an image of said component assembled on said object; and
a processor adapted to evaluate a compliance with said instruction of said image of said component assembled on said object;
wherein said output device is further adapted to present a result of said evaluation.
11. The system as in claim 10, wherein said computer output device is at least one of a group consisting: a computer screen, a video screen and a speaker.
12. The system according to claim 10 further comprising a data storage unit.
13. The system as in claim 10, wherein said processor is adapted to adjust a level of tolerance for a discrepancy between said instruction and said image of said component assembled on said object.