Hi Arjan,
I like “caller” better.
However: So far (<Java EE 8) “principal” was for me the authenticated user or caller. The questions is whether the “principal” is an already established term or whether it is just my perception.
> On 18.06.2015, at 23:28, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> Hi,
> Another concept for which there are different terms in use is what we often call using simple language the "logged-in user", and with some more formal language sometimes the "authenticated/authentication identity".
> Next to the logged-in/authentication user/identity, there's another variant; the run-as user/identity.
> In Java EE there's one extra step even. Various API methods return a single principal from the user/identity called the "user principal" or the "caller principal".
> To put these terms somewhat in context, consider the following sentence from the JASPIC spec, B.1:
> "When the authentication identity is provided to the container as a bag of principals in a Subject, the container needs some way to recognize which of the principals in the subject should be returned as the caller or user Principal."
> Now it's this last term that's specifically problematic in Java EE "caller or user principal". https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-2 shows that various APIs in Java EE use either "caller" or "principal" now.
> For this issue I'd like to ask you again to vote for a term, or propose a new term. Again, it's a non-binding vote of course and to establish a working term. As the previous vote ran for a long time, I'd like to set this vote to *2 weeks*.
> The list of terms is currently the following:
> 1. user (principal)
> 2. caller (principal)
> 3. ???
> Pedro already expressed a preference for "caller" in the issue, which is my preference as well (but consistency is my top concern).
> So we now have
> 2 out of 14 voted:
> Pedro Igor: caller
> Arjan Tijms: caller
> Kind regards,
> Arjan Tijms