Hi,
Another concept for which there are different terms in use is what we often
call using simple language the "logged-in user", and with some more formal
language sometimes the "authenticated/authentication identity".
Next to the logged-in/authentication user/identity, there's another
variant; the run-as user/identity.
In Java EE there's one extra step even. Various API methods return a single
principal from the user/identity called the "user principal" or the "caller
principal".
To put these terms somewhat in context, consider the following sentence
from the JASPIC spec, B.1:
"When the authentication identity is provided to the container as a bag of
principals in a Subject, the container needs some way to recognize which of
the principals in the subject should be returned as the caller or user
Principal."
Now it's this last term that's specifically problematic in Java EE "caller
or user principal".
https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-2
shows that various APIs in Java EE use either "caller" or "principal" now.
For this issue I'd like to ask you again to vote for a term, or propose a
new term. Again, it's a non-binding vote of course and to establish a
working term. As the previous vote ran for a long time, I'd like to set
this vote to *2 weeks*.
The list of terms is currently the following:
1. user (principal)
2. caller (principal)
3. ???
Pedro already expressed a preference for "caller" in the issue, which is my
preference as well (but consistency is my top concern).
So we now have
2 out of 14 voted:
Pedro Igor: caller
Arjan Tijms: caller
Kind regards,
Arjan Tijms