On Wed, Apr 26, 2006 at 06:33:43PM +0200, Hadmut Danisch wrote:

> Some say a principal is someone who participates in a cryptographical
> protocol.

The way I see it, the common English sense is "direct participant, not
a third party".

During TGS requests the Kerberos KDC is a *principal* in the TGS
transaction. Soon after, the acquired ticket and session key are used
to communicate with the intended service and the KDC is then a third
party and not a *principal*.

So with Kerberos the word hasW its narrower "named security entity"
technical meaning. With X.509 one tends to talk of "subjects", "issuers",
"registration authorities", "certification authorities", ... and the word
"principal" is less common.

> Can anyone give me some hints? Maybe about how 'principal' is related
> to Roger Needham? Or whether there is a precise and general
> definition?

Seems to be mostly a matter of perspective, on the wire single-sign-on
systems authenticate principals, while in the OS or application server
ACLs authorize subjects. Oddly enough the difference in terminology
better reflects the power balance between the royal "issuer" and petty
"subject" in X.509. Wild guess, perhaps more seriously this dates back
to X.509 as a supporting technology for X.500 ACLs.

In the context of Kerberos, I think of principals as living in an external
global (or at least potentially larger) namespace, while subjects or users
in ACLs are often local system specific entities. This means that one
often needs a mapping from principals (global naming) to subjects/users
(local naming). So principal != account.


 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to