[Next] [Up] [Previous] [Contents]
Next: 4.1.16 What are credentials? Up: 4.1 General Previous: 4.1.14 Is it completely

4.1.15 What is "Principal", and what is meant by "Principal authentication"?

Linda Gricius (March, 1998):

Principal authentication is the process of proving your identity to the security enforcing components of the system so that they can grant access to information and services based on who you are. This applies to both human users of the system as well as to applications.

A user or application that can authenticate itself is known as a principal. A principal has a name that uniquely identifies it.

For human users, the process of authenticating to the system is informally known as "logging on". In a typical system, an application is provided to collect information proving the user's identity. This application is often referred to as the "user sponsor". In order to successfully authenticate to the system, it is important that a principal can provide some proof that it is who it claims to be. Proof of authentication is usually achieved by demonstrating knowledge or possession of a "secret" known only to the "real principal", such as a password or cryptographic key.

It is important that a successfully authenticated principal can be given some unforgeable evidence that it has recently authenticated, in order to prevent the principal from having to continually re-authenticate itself to different parts of the system. The unforgeable evidence that is returned to authenticated principals is known as the principal's credentials.


[Next] [Up] [Previous] [Contents]
Next: 4.1.16 What are credentials? Up: 4.1 General Previous: 4.1.14 Is it completely