I've worked with back end webservices for 10 years or so but I'm struggling to understand the concept of allowing a singular account to be monitored. What does this actually mean? An account in all of the systems I've dealt with is basically the collective understanding of a bunch of database queries. How does one allow an account to be monitored in any way which is less frightening than providing an IP address from a log?