Principal

Principal is a generalization of "User". The term is fairly standard in the security literature:

"The entity in a computer system to which authorizations are granted; thus the unit of accountability in a computer system." (1)

Principals include users with varying level if authentication, non-user authenticated entities (e.g. certificate authentication), and Groups. A user may be authenticated in various ways, and each means of authentication could define a different principal. For example, a user identified by name is a different from a user identified with digest authentication. These different principals might have different Roles or Permissions.

(1): Jerome H. Saltzer, and Michael D. Schroeder. The Protection of Information in Computer Systems. (invited tutorial paper) Proceedings of the IEEE 63, 9 (September 1975) pages 1278-1308. http://web.mit.edu/Saltzer/www/publications/protection/index.html

zigg (Mar 21, 2002 12:06 pm; Comment #1) Editor Remark Requested: Given that at any given time, we may be presented with multiple principals to determine permissions, is there a concept of a "primary principal"?
This would be useful, for instance, if we were keeping an audit log of actions performed in an application, and said log was to display the names of the actual user performing the action. We would need to somehow determine which of the principals we'd been given was the user in order to display his name.