List Info

Thread: History and definition of the term 'principal'?
History and definition of the term 'principal'?
user name
 2006-04-26 16:33:43 
Hi,

is anyone aware of a general and precise definition of the
term 
'principal' (as a noun) in the context of security?


I need to solve a dispute. Someone claims, that
'principal' is an
established 'concept' introduced by Roger Needhams, but
could not give
any citation. Someone else confirms this and claims, that
'principal'
is indeed a 'well-introduced' concept, but also can't
cite any source
or give any definition.


I have read through Needhams papers
(Needham-Schroeder-Protocol,
BAN-Logic), but just saw that he used the term 'principal'
without any
definition, just as a normal word of plain language. Since I
am not a
native english speaker it is not a simple task to precisely
understand
whether the word is used as a special technical term or just
as a word
of common language.

Unfortunately, Needham died some years ago, and I couldn't
ask him
anymore. I have asked his co-authors, and they said that
they are not
aware that he ever had invented or defined this term.
Instead, the
directed me to 


Jack B. Dennis, Earl C. Van Horn: Programming Semantics for
Multiprogrammed Computations, Communications of the ACM,
Vol. 9,
No. 3, March 1966, pp 143-155, where the term was used for
the
first time in context of computers. Interestingly, they took
that
legal term to describe the one who is liable to pay the
costs of
computation jobs, which were expensive at this time (thus
probably the
term 'account'):


  "We generalize this notion by defining the term
_principal_ to mean
  an individual or group of individuals to whom charges are
made for
  the expenditure of system resources. In particular a
principal is
  charged for resources consumed by computations running on
his
  behalf."



Then, Jerome H. Saltzer and Michael D. Schroeder used the
term in
"`The Protection of Information in Computer
Systems"', October 1974, 
as an abstraction for accountability:

  "A principal is, by definition, the entity
accountable for the
  activities of a virtual processor."


This is, where I lost the historical track of the term.
Needham and
Schroeder used the term in their paper about the
Needham-Schroeder-protocol, but without any definition or
introducing
it. 

Many books about security don't even mention the term. 

There are other books (e.g. Menezes, van Oorschot, Vanstone,
Handbook
of Applied Cryptography, or Ross Anderson, Security
Engineering),
which explain the term, but in most cases only in one simple
sentence,
without any precise definition. Nobody cites any source for
the term,
nobody makes further use of the term, and all those
explanations I
found differ heavily from each other, some are even
contradictive.

Some say a principal is someone who participates in a
cryptographical
protocol. Others say, it is a human, a computer, or a
network device.
Some say, a principal is someone who has a name and is known
and
introduced to a security system. At least one says it is a
synonym for
'party', but gives three different definitions within one
book. Wikipedia doesn't know the term in context of
security.

The only precise definition I found is in a law dictionary
where it is
defined as a legal term.

Since nobody cites anything, everyone defines on his own
taste, nobody
actually makes use of it, I assume that this term does not
have a
precise meaning. Seems to be just a common word of the
english
language without any particular meaning or importance in
network
security. Still difficult for a non-native english speaker.



Can anyone give me some hints? Maybe about how 'principal'
is related
to Roger Needham? Or whether there is a precise and general
definition?

Who, btw, would have the authority to generally define terms
in
security science?


regards
Hadmut


















------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
History and definition of the term 'principal'?
user name
 2006-04-26 19:20:38 
Hadmut Danisch wrote:

> is anyone aware of a general and precise definition of
the term 
> 'principal' (as a noun) in the context of security?

Its use in security does not AFAICT differ from its use in
other contexts, notably law and finance.

I don't see why it is necessary to look beyond an ordinary
dictionary.
See definition 5 here:
   htt
p://www.yourdictionary.com/ahd/p/p0563200.html

>   "We generalize this notion by defining the term
_principal_ to mean
>   an individual or group of individuals to whom charges
are made for
>   the expenditure of system resources. In particular a
principal is
>   charged for resources consumed by computations
running on his
>   behalf."

That is an application or a corollary of the dictionary
definition.
Ditto for the other examples mentioned.

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
History and definition of the term 'principal'?
user name
 2006-04-26 19:18:40 
I like the definition in Kaufman-Perlman-Speciner:

"A completely generic term used by the security
community to include  
both people and computer systems.  Coined because it is more
 
dignified than 'thingy' and because 'object' and
'entity' (which also  
means thingy) were already overused."

--Sean




Sean W. Smith, Ph.D.  swscs.dartmouth.edu 
www.cs.dartmouth.edu/~sws/
Department of Computer Science, Dartmouth College, Hanover
NH USA




------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
History and definition of the term 'principal'?
user name
 2006-04-26 19:33:10 
Hi,


On Wed, Apr 26, 2006 at 03:18:40PM -0400, Sean W. Smith
wrote:
> I like the definition in Kaufman-Perlman-Speciner:
> 
> "A completely generic term used by the security
community to include  
> both people and computer systems.  Coined because it is
more  
> dignified than 'thingy' and because 'object' and
'entity' (which also  
> means thingy) were already overused."


Many thanks for the hint. 

Are there different editions of Kaufman-Perlman-Speciner ?

My edition of 1995 has two entries for principal in the
index:

- Page 129: "A principal is anything or anyone
participating 
  in cryptographically protected communication."

- Page 266: "each user and each resource that will be
using 
  Kerberos."



Which edition is yours?

regards
Hadmut

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
History and definition of the term 'principal'?
user name
 2006-04-26 22:13:49 
On Wed, 26 Apr 2006 18:33:43 +0200, Hadmut Danisch
<hadmutdanisch.de>
wrote:

> 
> I need to solve a dispute. Someone claims, that
'principal' is an
> established 'concept' introduced by Roger Needhams,
but could not give
> any citation. Someone else confirms this and claims,
that 'principal'
> is indeed a 'well-introduced' concept, but also
can't cite any source
> or give any definition.
> 
There were a number of things that Roger deserves at least
some credit for
that he never claimed (such as one-way hashing of
passwords), at least in
part because they were developed at the Eagle Pub.  Whether
it was modesty
on his part, the fact that these things were group efforts,
or the fine
IPA they serve there I don't know...


		--Steven M. Bellovin, http://www.cs.columbi
a.edu/~smb

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
History and definition of the term 'principal'?
user name
 2006-04-27 02:00:08 
> Are there different editions of
Kaufman-Perlman-Speciner ?
>

I got that definition from the glossary in the 2nd edition. 
 I'm  
pretty sure it was in the glossary in the first edition as
well, but  
I can't seem to find my copy anymore!



------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
History and definition of the term 'principal'?
user name
 2006-04-29 18:15:55 
* Hadmut Danisch:

> The only precise definition I found is in a law
dictionary where it is
> defined as a legal term.

The OED might also be helpful:

  B. [...] 2. a. A chief actor or doer; the chief person
engaged in
  some transaction or function, esp. in relation to one
employed by or
  acting for him (deputy, agent, etc.); the person for whom
and by
  whose authority another acts.
  [...] 1962 H.O. Beecheno Introd. Business Stud. xiii. 117
Whereas an
  agent is not normally allowed to relend his principal's
money at
  interest .. a bank is allowed to do this.  1976 Times 22
  Par. (Baltic Exchange Suppl.) p. i/9 The Baltic is unusual
in being
  open both to middle men and principals.

I think this is a strong indication that the term is used in
one of
its original meanings.  It also explained why nobody thinks
it's
necessary to define it properly.

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
[1-7]

about | contact  Other archives ( Real Estate discussion Medical topics )