History and definition of the term 'principal'?

[Hadmut Danisch]

Hi,

is anyone aware of a general and precise definition of the term 
'principal' (as a noun) in the context of security?


I need to solve a dispute. Someone claims, that 'principal' is an
established 'concept' introduced by Roger Needhams, but could not give
any citation. Someone else confirms this and claims, that 'principal'
is indeed a 'well-introduced' concept, but also can't cite any source
or give any definition.


I have read through Needhams papers (Needham-Schroeder-Protocol,
BAN-Logic), but just saw that he used the term 'principal' without any
definition, just as a normal word of plain language. Since I am not a
native english speaker it is not a simple task to precisely understand
whether the word is used as a special technical term or just as a word
of common language.

Unfortunately, Needham died some years ago, and I couldn't ask him
anymore. I have asked his co-authors, and they said that they are not
aware that he ever had invented or defined this term. Instead, the
directed me to 


Jack B. Dennis, Earl C. Van Horn: Programming Semantics for
Multiprogrammed Computations, Communications of the ACM, Vol. 9,
No. 3, March 1966, pp 143-155, where the term was used for the
first time in context of computers. Interestingly, they took that
legal term to describe the one who is liable to pay the costs of
computation jobs, which were expensive at this time (thus probably the
term 'account'):


  "We generalize this notion by defining the term _principal_ to mean
  an individual or group of individuals to whom charges are made for
  the expenditure of system resources. In particular a principal is
  charged for resources consumed by computations running on his
  behalf."



Then, Jerome H. Saltzer and Michael D. Schroeder used the term in
"`The Protection of Information in Computer Systems"', October 1974, 
as an abstraction for accountability:

  "A principal is, by definition, the entity accountable for the
  activities of a virtual processor."


This is, where I lost the historical track of the term. Needham and
Schroeder used the term in their paper about the
Needham-Schroeder-protocol, but without any definition or introducing
it. 

Many books about security don't even mention the term. 

There are other books (e.g. Menezes, van Oorschot, Vanstone, Handbook
of Applied Cryptography, or Ross Anderson, Security Engineering),
which explain the term, but in most cases only in one simple sentence,
without any precise definition. Nobody cites any source for the term,
nobody makes further use of the term, and all those explanations I
found differ heavily from each other, some are even contradictive.

Some say a principal is someone who participates in a cryptographical
protocol. Others say, it is a human, a computer, or a network device.
Some say, a principal is someone who has a name and is known and
introduced to a security system. At least one says it is a synonym for
'party', but gives three different definitions within one
book. Wikipedia doesn't know the term in context of security.

The only precise definition I found is in a law dictionary where it is
defined as a legal term.

Since nobody cites anything, everyone defines on his own taste, nobody
actually makes use of it, I assume that this term does not have a
precise meaning. Seems to be just a common word of the english
language without any particular meaning or importance in network
security. Still difficult for a non-native english speaker.



Can anyone give me some hints? Maybe about how 'principal' is related
to Roger Needham? Or whether there is a precise and general
definition?

Who, btw, would have the authority to generally define terms in
security science?


regards
Hadmut


















---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com