本文介绍了Principal的概念及其在系统安全中的角色。Principal是指能够自我验证身份的用户或应用程序,并通过提供唯一标识进行区分。Principal认证过程包括证明身份,通常通过密码或加密密钥等秘密信息实现。认证成功后,Principal将获得不可伪造的凭证,以便于系统内不同组件之间的后续交互。
What is "Principal", and what is meant by "Principal authentication"?
Linda Gricius (March, 1998):
Principal authentication is the process of proving your identity to the security enforcing components of the system so that they can grant access to information and services based on who you are. This applies to both human users of the system as well as to applications.
A user or application that can authenticate itself is known as a principal. A principal has a name that uniquely identifies it.
For human users, the process of authenticating to the system is informally known as "logging on". In a typical system, an application is provided to collect information proving the user's identity. This application is often referred to as the "user sponsor". In order to successfully authenticate to the system, it is important that a principal can provide some proof that it is who it claims to be. Proof of authentication is usually achieved by demonstrating knowledge or possession of a "secret" known only to the "real principal", such as a password or cryptographic key.
It is important that a successfully authenticated principal can be given some unforgeable evidence that it has recently authenticated, in order to prevent the principal from having to continually re-authenticate itself to different parts of the system. The unforgeable evidence that is returned to authenticated principals is known as the principal's credentials.
扫一扫
2107
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
