- From: Henry Story <henry.story@bblfish.net>
- Date: Tue, 20 Nov 2012 01:44:58 +0100
- To: Olivier Berger <olivier.berger@it-sudparis.eu>
- Cc: public-webid <public-webid@w3.org>
- Message-Id: <B2F5143D-0585-42F4-B1B6-72877A42161B@bblfish.net>
In Java there is the Principal class http://docs.oracle.com/javase/1.4.2/docs/api/java/security/Principal.html [[ This interface represents the abstract notion of a principal, which can be used to represent any entity, such as an individual, a corporation, and a login id. ]] You can see the subclasses there are JMXPrincipal, and X500Principal There is the Subject class http://docs.oracle.com/javase/1.4.2/docs/api/javax/security/auth/Subject.html [[ Subject represents a grouping of related information for a single entity, such as a person. Such information includes the Subject's identities as well as its security-related attributes (passwords and cryptographic keys, for example). ]] Next: http://tools.ietf.org/html/rfc3744#section-2 [[ A principal is a network resource that represents a distinct human or computational actor that initiates access to network resources. Users and groups are represented as principals in many implementations; other types of principals are also possible. A URI of any scheme MAY be used to identify a principal resource. However, servers implementing this specification MUST expose principal resources at an http(s) URL, which is a privileged scheme that points to resources that have additional properties, as described in Section 4. So, a principal resource can have multiple URIs, one of which has to be an http(s) scheme URL. Although an implementation SHOULD support PROPFIND and MAY support PROPPATCH to access and modify information about a principal, it is not required to do so. A principal resource may be a group, where a group is a principal that represents a set of other principals, called the members of the group. If a person or computational agent matches a principal resource that is a member of a group, they also match the group. Membership in a group is recursive, so if a principal is a member of group GRPA, and GRPA is a member of group GRPB, then the principal is also a member of GRPB. ]] Note: - a Principal is a "network resource" that represents an actor. - "a uri of any scheme may be used to identify a principal resource". a network resource is NOT a subject. It _represents_ a subject - which is different. That is why I have 2 functions: 1. a function that goes from a string to a URI referent ( usually a network resource I will add) 2. a function from that uri referent to the subject. In the above a Principal is a network resource. I have shifted it to be a type of identifier... I don't think the use is very clear anywhere. One could call the one the Principal String, the other the Principal. Essentially the point is that these things don't denote the Agent directly, only indirectly. On 19 Nov 2012, at 21:55, Olivier Berger <olivier.berger@it-sudparis.eu> wrote: > Hi. > > Henry Story <henry.story@bblfish.net> writes: > >> >> I have defined Principal much more carefully here >> http://www.w3.org/2005/Incubator/webid/wiki/Identity_Interoperability#logical_relationships_of_principals >> > > Maybe it's just my poor knowledge of the english language... but could > you point me to a reference definition of "Principal" that would apply > here, for instance in http://en.wiktionary.org/wiki/principal ? > > Just for the sake of clarity, I guess we should prefer common language > terms as much as possible... > > Or maybe it's just me ? > > Kind regards, > -- > Olivier BERGER > http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 > Ingenieur Recherche - Dept INF > Institut Mines-Telecom, Telecom SudParis, Evry (France) Social Web Architect http://bblfish.net/
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Tuesday, 20 November 2012 00:45:41 UTC