![]() A user is an instance of subject that resolves to a principal. That is why we have a graphical User Interface and not a Graphical Principal Interface. User is more specific than subject or principal in that it usually refers to an interactive operator. When applications make requests for system-level functions the principal may the signer of a signed executable code module but even in that case the user driving the request is still the subject. But principals can be associated with many types of subject that are not people. In other contexts your user ID or state-issued identification is your principal. When you present your credit card you are the subject and the account number is the principal. The interesting thing is that subject implies object. ![]() As noted above, this need not be limited to IT security and so is a very broad classification. In a security context, a subject is anything that can make a request. In this sense the use has been around since before computers were invented. In a sentence the subject is the actor and the object is the thing acted on. Subject/Object inherits from the same terms as used in grammar. However, when you need to make the distinction between the broad class of things that are principals and the subset of these that are interactive operators driving transactions in a non-deterministic fashion, "user" is the right word. The distinction is blurring over time because the words "user" or "user ID" are commonly interchanged with "account". User - A subset of principal usually referring to a human operator.They may represent human users, automation, applications, connections, etc. When we get to the level of implementation details, principals are the unique keys we use in access control lists. Principal - A subset of subject that is represented by an account, role or other unique identifier.When someone knocks on your door the visitor is the subject requesting access and your home is the object access is requested of. ![]() When you log onto an application you are the subject and the application is the object. These are generic terms used to denote the thing requesting access and the thing the request is made against. Subject - In a security context, a subject is any entity that requests access to an object.It is the hypothetical source of/evidence for its existence is provided by: Sanskrit kapati "two handfuls " Greek kaptein "to swallow, gulp down," kope "oar, handle " Latin capax "able to hold much, broad," capistrum "halter," capere "to grasp, lay hold be large enough for comprehend " Lettish kampiu "seize " Old Irish cacht "servant-girl," literally "captive " Welsh caeth "captive, slave " Gothic haban "have, hold " Old English hæft "handle," habban "to have, hold.These are hierarchical in the way that genus, species and individual are hierarchical. It forms all or part of: accept anticipate anticipation behave behoof behoove cable cacciatore caitiff capable capacious capacity capias capiche capstan caption captious captivate captive captor capture case (n.2) "receptacle " catch catchpoll cater chase (n.1) "a hunt " chase (v.) "to run after, hunt " chasse chasseur conceive cop (v.) "to seize, catch " copper (n.2) "policeman " deceive emancipate except forceps gaffe haft have hawk (n.) heave heavy heft incapacity inception incipient intercept intussusception manciple municipal occupy participation perceive precept prince purchase receive recipe recover recuperate sashay susceptible. Proto-Indo-European root meaning "to grasp."
0 Comments
Leave a Reply. |