en Principal (computer security)

A principal in computer security is an entity that can be authenticated by a computer system or network. It is referred to as a security principal in Java and Microsoft literature.^[1]

Principals can be individual people, computers, services, computational entities such as processes and threads, or any group of such things.^[1] They need to be identified and authenticated before they can be assigned rights and privileges over resources in the network. A principal typically has an associated identifier (such as a security identifier) that allows it to be referenced for identification or assignment of properties and permissions.

A principal often becomes synonymous with the credentials used to act as that principal, such as a password or (for service principals) an access token or other secrets.^[2]

References

^ ^a ^b "What Are Security Principals?", docs.microsoft.com, 19 April 2017.
^ Ami Hollander (2024-01-20). "Workshop: Security Principals".

External links

RFC 2744 - Generic Security Service API Version 2.
RFC 5397 - WebDAV Current Principal Extension.
RFC 4121 - The Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2.

This computer science article is a stub. You can help Wikipedia by expanding it.

[docsmsft-1] "What Are Security Principals?", docs.microsoft.com, 19 April 2017.

[2] Ami Hollander (2024-01-20). "Workshop: Security Principals".

[1]

[2]