RE: [security-services] Glossary issue with the term "Principal"

[Hal Lockhart <hal.lockhart@oracle.com>]

Yes, but the definition of a system entity is:

"System Entity, Entity [link]	An active element of a computer/network system. For example, an automated process or set of processes, a subsystem, a person or group of persons that incorporates a distinct set of functionality. [RFC2828] [SAMLAgree]"

SO SAML's definition includes users etc.

Hal

> -----Original Message-----
> From: Rainer Hoerbe [mailto:rainer@hoerbe.at]
> Sent: Thursday, August 14, 2014 4:36 AM
> To: OASIS SSTC
> Subject: [security-services] Glossary issue with the term "Principal"
> 
> As I do not yet have a privilege to create issues in JIRA, I am sending
> this issue to the list.
> 
> SAML Glossay 2.0 defines the term Principal as "A system entity whose
> identity can be authenticated. [X.811]". Other definitions, however,
> contradict this in other definitions by using "principal" implicitly
> for non-system entities (aka. users), as in Account, Affiliation, IDP,
> Persistent Pseudonym, etc.
> In addition this is not a correct citation of X.811, which says "An
> entity whose identity can be authenticated."
> 
> I suggest to fix this in 2.1 by clarifying the definition, e.g. with
> this wording:
> "An entity whose identity can be authenticated and which can be the
> subject of a SAML assertion"
> 
> My rationale to raise this issue was, that an "UnknownPrincipal"
> exception should have revealed without using a debugger that the cause
> was a metadata misconfiguration, not a problem with the user's login
> account.
> 
> - Rainer
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>