Hi, is anyone aware of a general and precise definition of the term 'principal' (as a noun) in the context of security?
I need to solve a dispute. Someone claims, that 'principal' is an established 'concept' introduced by Roger Needhams, but could not give any citation. Someone else confirms this and claims, that 'principal' is indeed a 'well-introduced' concept, but also can't cite any source or give any definition. I have read through Needhams papers (Needham-Schroeder-Protocol, BAN-Logic), but just saw that he used the term 'principal' without any definition, just as a normal word of plain language. Since I am not a native english speaker it is not a simple task to precisely understand whether the word is used as a special technical term or just as a word of common language. Unfortunately, Needham died some years ago, and I couldn't ask him anymore. I have asked his co-authors, and they said that they are not aware that he ever had invented or defined this term. Instead, the directed me to Jack B. Dennis, Earl C. Van Horn: Programming Semantics for Multiprogrammed Computations, Communications of the ACM, Vol. 9, No. 3, March 1966, pp 143-155, where the term was used for the first time in context of computers. Interestingly, they took that legal term to describe the one who is liable to pay the costs of computation jobs, which were expensive at this time (thus probably the term 'account'): "We generalize this notion by defining the term _principal_ to mean an individual or group of individuals to whom charges are made for the expenditure of system resources. In particular a principal is charged for resources consumed by computations running on his behalf." Then, Jerome H. Saltzer and Michael D. Schroeder used the term in "`The Protection of Information in Computer Systems"', October 1974, as an abstraction for accountability: "A principal is, by definition, the entity accountable for the activities of a virtual processor." This is, where I lost the historical track of the term. Needham and Schroeder used the term in their paper about the Needham-Schroeder-protocol, but without any definition or introducing it. Many books about security don't even mention the term. There are other books (e.g. Menezes, van Oorschot, Vanstone, Handbook of Applied Cryptography, or Ross Anderson, Security Engineering), which explain the term, but in most cases only in one simple sentence, without any precise definition. Nobody cites any source for the term, nobody makes further use of the term, and all those explanations I found differ heavily from each other, some are even contradictive. Some say a principal is someone who participates in a cryptographical protocol. Others say, it is a human, a computer, or a network device. Some say, a principal is someone who has a name and is known and introduced to a security system. At least one says it is a synonym for 'party', but gives three different definitions within one book. Wikipedia doesn't know the term in context of security. The only precise definition I found is in a law dictionary where it is defined as a legal term. Since nobody cites anything, everyone defines on his own taste, nobody actually makes use of it, I assume that this term does not have a precise meaning. Seems to be just a common word of the english language without any particular meaning or importance in network security. Still difficult for a non-native english speaker. Can anyone give me some hints? Maybe about how 'principal' is related to Roger Needham? Or whether there is a precise and general definition? Who, btw, would have the authority to generally define terms in security science? regards Hadmut --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]