[WG-P3] [WG-IDAssurance] What to call a Relying Party in terms of aTrust Framework

John Bradley ve7jtb at ve7jtb.com
Thu Mar 10 17:37:12 EST 2011


Principal in SAML refers to the entity who gets authenticated. 

The <saml:Subject> contains an identifier for the Principal.

In the SSO case that is the user and data subject.

However SAML assertions are also used other places where it is used by something that may Data Processor to gain access to something like a OAuth resource or WS-* service in that case the <saml:Issuer> may also be the Subject/Principal.

I think the Subject/Principal terminology is accurate for the scope of the assertion, however I think people are referring to higher level entities.

In SAML the Data Processor, Data Subject and the Data Controller could all be Principals in a given assertion depending on the flow.

The common case us the Data Subject/User is the Principal.  Though I am willing to bet people will point out that at a application level the user and Data Subject may be different as well:)

I just want people to understand the terms may have different uses in different scopes.

John B.
On 2011-03-10, at 4:46 PM, Patrick Curry wrote:

> John,
> 
> I like your thinking.  When is a Data Subject not a Principal and when is that important, or is it more complicated than that?
> Patrick
>  
> Patrick Curry
> Director
> Clarion Identity Ltd
> M:   +44 786 024 9074
> T:   +44 1980 620606
> patrick.curry at clarionidentity.com
> Disclaimer
> Internet communications are not secure and therefore Clarion Identity Limited, Rock House, SP3 4JY does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of Clarion Identity Limited unless otherwise specifically stated. If this message is received by anyone other than the addressee, please notify the sender and then delete the message and any attachments from your computer.
> 
> 
> 
> 
> On 10 Mar 2011, at 18:28, Mark Lizar wrote:
> 
> Yes, I see the limits of the term principle..
> 
> Personally, I like Master Controller, but it suffers from the same  
> sort of limitations.   I think in a privacy perspective Master  
> Controller may be incredibly useful as a technical term but that is  
> just my opinion.
> 
> In reality even data subject has semantical issues as a term and maybe  
> even a blurring of terminological meaning  at an attribute level.   
> The  significant difference is that Data Subject, Data Controller, and  
> Data Processor are entrenched legally and therefore have some  
> recognised authority.
> 
> Either way, it seems, terms need to find a way to be mapped by  
> something like an agreed standard.
> 
> - Mark
> 
> On 10 Mar 2011, at 17:19, John Bradley wrote:
> 
>> Principal is used in the protocol domain to refer to entity that the  
>> assertion is about.
>> In many cases it is the same as Data Subject but as assertions can  
>> be used for many things that is not always true.
>> 
>> John B.
>> On 2011-03-10, at 11:41 AM, Rainer Hörbe wrote:
>> 
>>> 
>>> Am 10.03.2011 um 12:26 schrieb Mark Lizar:
>>> 
>>>> In Data Protection, there are Roles: Controller, Processor and  
>>>> Principle.
>>> 
>>> I am only familiar with the terminology from the European DPD:  
>>> Controller, Processor, Requester and Data subject. In which domain  
>>> is Principle defined, and how does it map?
>>> 
>>> - Rainer
>>> _______________________________________________
>>> WG-P3 mailing list
>>> WG-P3 at kantarainitiative.org
>>> http://kantarainitiative.org/mailman/listinfo/wg-p3
>> 
> 
> _______________________________________________
> WG-IDAssurance mailing list
> WG-IDAssurance at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-idassurance
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110310/ebb338af/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-p3/attachments/20110310/ebb338af/attachment.bin 


More information about the WG-P3 mailing list