Principal

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

An entity represented as a running process in a computer system.

Context

Principals are distinct from Users or Subjects in that it only exists as a running process within a digital computer. It will often have a link to a user, but not always

Problems

Usages of the terms related to the subject of an interchange are not consistent, even within a single document, so caution is advised.

Solutions

Crispin Cowan defined a principal in the context of a “security principal”? A principal is any active entity in system with access privileges that are in any way distinct from some other component it talks to. Corollary: a principal is defined by its domain of access (the set of things it has access to). Domains of access can, and often do, overlap, but that they are different is what makes a security principal distinct. Peer identities that are at the same level, but distinct identities, are distinct security principals, such as separate apps in iOS, Android, and the Windows App Store. Conversely, processes on the Windows desktop all run as the same identity and have no protection from one another, and thus are all a single security principal.[1]

References

  1. Alternate terms for the Principal are Consumer, User, and Subject which terms have different connotations.
  2. In the ISO glossary a PII Principal is what the GDPR calls a data Subject. The ISO terminology is NOT observed in this wiki.
    1. https://www.leviathansecurity.com/blog/the-calculus-of-threat-modelinglink title