java - What is the meaning of Subject vs. User vs. Principal in a Security Context? -

-

in context of security frameworks, few terms commonly occur subject, user , principal, of have not been able find clear definition , difference between them.

so, these terms mean, , why these distinctions of subject , principal needed?

these hierarchical in way genus, species , individual hierarchical.

  • subject - in security context, subject entity requests access object. these generic terms used denote thing requesting access , thing request made against. when log onto application subject , application object. when knocks on door visitor subject requesting access , home object access requested of.
  • principal - subset of subject represented account, role or other unique identifier. when level of implementation details, principals unique keys use in access control lists. may represent human users, automation, applications, connections, etc.
  • user - subset of principal referring human operator. distinction blurring on time because words "user" or "user id" commonly interchanged "account". however, when need make distinction between broad class of things principals , subset of these interactive operators driving transactions in non-deterministic fashion, "user" right word.

subject/object inherits same terms used in grammar. in sentence subject actor , object thing acted on. in sense use has been around since before computers invented. in security context, subject can make request. noted above, need not limited security , broad classification. interesting thing subject implies object. without object, there no subject.

principals subjects resolve to. when present credit card subject , account number principal. in other contexts user id or state-issued identification principal. principals can associated many types of subject not people. when applications make requests system-level functions principal may signer of signed executable code module in case user driving request still subject.

user more specific subject or principal in refers interactive operator. why have graphical user interface , not graphical principal interface. user instance of subject resolves principal. single user may resolve number of principals principal expected resolve single user (assuming people observe requirement not share ids). in example above, signer of executable code module not user, is valid principal. interactive operator trying module loaded user.

as noted in comments, authoritative sources not agree on these terms. searched nist, sans, ieee, mitre , several "quasi-authoritative" sources such security exam guides while preparing response. no single source found @ least quasi-authoritative covered 3 terms , differed in usage. take on how terms should used practical standpoint, when poring on manual in middle of night, definitions tend whatever vendor or writer are. though responses here provide enough insight navigate waters , parse security document using these terms.


Comments

Post a Comment

Popular posts from this blog

python - Scipy curvefit RuntimeError:Optimal parameters not found: Number of calls to function has reached maxfev = 1000 -

-
Image
i want make logharitmic fit. keep getting runtime error: optimal parameters not found: number of calls function has reached maxfev = 1000 i use following script. can tell me go wrong? use spyder still beginner. import math import matplotlib mpl scipy.optimize import curve_fit import numpy np #data f1=[735.0,696.0,690.0,683.0,680.0,678.0,679.0,675.0,671.0,669.0,668.0,664.0,664.0] t1=[1,90000.0,178200.0,421200.0,505800.0,592200.0,768600.0,1036800.0,1371600.0,1630800.0,1715400.0,2345400.0,2409012.0] f1n=np.array(f1) t1n=np.array(t1) plt.plot(t1,f1,'ro',label="original data") # curvefit def func(t,a,b): return a+b*np.log(t) t=np.linspace(0,3600*24*28,13) popt, pcov = curve_fit(func, t, f1n, maxfev=1000) plt.plot(t, func(t, *popt), label="fitted curve") plt.legend(loc='upper left') plt.show() your original data t1 , f1 . therefore curve_fit should given t1 second argument, not t . popt, pcov = curve_fit(func,
Read more

c# - How to add a new treeview at the selected node? -

-
i have treeview 4 levels; parent, child, grandchild, great-grandchild. selectednode @ grandchild level. what i'm trying create new "treeview" @ grandchild - no, dont wnat create new node "selectednode" (grandchild). should somelike this: parent child grandchild (new treeview) parent grandchild great-grandchild child great-grandchild child grandchild grandchild it similar parent table mother , father went off , had new childern different spouse other spouse of there existing children. private sub populaterootlevel() ' query find first round of parent populatenodes(dt, jcatreeview.nodes) end sub private sub populatenodes(byval dt datatable, byval nodes treenodecollection) each dr datarow in dt.rows dim tn new treenode() tn.text = dr("title").tostring()
Read more

java - netbeans "Please wait - classpath scanning in progress..." -

-
when try compile netbeans projects message/error : "please wait - classpath scanning in progress..." and nothing happens , have have wait enternity conmpile "hello world"... now first thing have moved new office building, laptop same. it's secure enviroment lot of "security", can't connect anywhere almost. have changed user dir in netbeans.conf save data in c:\program files\user any ideas how fix this? alrady tried reinstalling netbeans, changing save location between standart , newone... just ideas find problem look @ cpu - netbeans busy (100% on 1 core) or blocking (95% idle)? standard, ant or maven build? libraries , use absolute or relative paths? start simple "hello world" project (no dependencies), add 1 lib (log4j or similiar), located in project folder , - if works - move lib other locations (choose locations similiar libs on real classpath) there chance, don't have access rights folders/shares conta
Read more