Linda Gricius (March, 1998):
Attributes are type/value pairs that are associated with authenticated users, and held in their credentials. There are two types of attribute: identity attributes (known as identities) and privilege attributes (known as privileges).
An identity attribute has a value which identifies the principal. Examples of identity attributes that a principal might carry are AuditID (which is the label recorded in audit records relating to this principal, and which may be different from AccessID) and AccountingID, which is the number to be used when charging the principal for resources used.
A privilege is a right granted to a principal that enables them to perform some action that would otherwise be denied. Examples of privileges are AccessID (which is the name that they authenticated as) and Clearance level.