27

What do you call an entity seeking to be authenticated? Is there a single word or short phrase for it? What would you name a variable that represented the party asking to be authenticated?

Improve this question
6
  • 7
    Isn't that just the user or the client? Requester or candidate might also work.
    – Arminius
    Commented Mar 17, 2017 at 15:58
  • 2
    @Arminius, servers seek to be authenticated too... as do peers. "Subject" is a generic term, though it's generally meaningless and not useful except for the most abstract conversations.
    – atk
    Commented Mar 18, 2017 at 0:52
  • 4
    ⁣"⁣A⁣l⁣i⁣c⁣e⁣"⁣
    – geometrian
    Commented Mar 19, 2017 at 19:09
  • @imallett Nice try Mallory.
    – Aron
    Commented Mar 20, 2017 at 7:18
  • 1
    @imallett I'd find "Alice" as a variable name more than confusing.
    – Arminius
    Commented Mar 20, 2017 at 10:01

6 Answers 6

Reset to default
15

While Arminius covered the domain of 802.1X, I'd like to add my answer from the perspective of authorization standards/frameworks.

OAuth 2.0

Several key terms are defined in section 1.1 of RFC 6749:

  resource owner
      An entity capable of granting access to a protected resource.
      When the resource owner is a person, it is referred to as an end-user.

  resource server
      The server hosting the protected resources, capable of accepting
      and responding to protected resource requests using access tokens.

  client
      An application making protected resource requests on behalf of the
      resource owner and with its authorization.  The term "client" does
      not imply any particular implementation characteristics (e.g.,
      whether the application executes on a server, a desktop, or other devices).

Here the specification differentiates between the client (application requesting authentication) and the end-user, or more generically, resource owner.

SAML 2.0

Relevant terms are defined in the SAML 2.0 glossary:

End User A natural person who makes use of resources for application purposes (as opposed to system management purposes; see Administrator, User).

Principal A system entity whose identity can be authenticated.

Requester, SAML Requester A system entity that utilizes the SAML protocol to request services from another system entity (a SAML authority, a responder). The term “client” for this notion is not used because many system entities simultaneously or serially act as both clients and servers. In cases where the SOAP binding for SAML is being used, the SAML requester is architecturally distinct from the initial SOAP sender.

User A natural person who makes use of a system and its resources for any purpose

Improve this answer
3
  • According to that definition, a client already has authorization, so that's not the right word for an entity whose authorization is in limbo pending an identity check. Authorization in general assumes authentication has already completed, so it's no surprise that they don't help with pre-authentication verbiage.
    – Ben Voigt
    Commented Mar 20, 2017 at 0:04
  • 1
    For SAML 2.0, I'd actually suggest Principal — Requester could refer to the application performing the request, not necessarily the entity being authenticated. Though, more technically, SAML does not prescribe a method for authentication — that is left entirely up to the Identity Provider.
    – Bob
    Commented Mar 20, 2017 at 2:35
  • @Bob Great suggestion, I've added it to my answer. Though technically both of them are referred to as "a system entity" whereas users are referred to as "a natural person", but I see your point.
    – rink.attendant.6
    Commented Mar 20, 2017 at 13:45
48

In IEEE 802.1X terminology that would be the supplicant:

   Authenticator
         An Authenticator is an entity that requires authentication from
         the Supplicant.  The Authenticator may be connected to the
         Supplicant at the other end of a point-to-point LAN segment or
         802.11 wireless link.

   Supplicant
         A Supplicant is an entity that is being authenticated by an
         Authenticator.  The Supplicant may be connected to the
         Authenticator at one end of a point-to-point LAN segment or
         802.11 wireless link.

(Source)

In other contexts the entity being authenticated is often simply referred to as a client or user as that's in most cases unambiguous.

Improve this answer
4
  • 16
    +1 because I've always wondered why the Linux package for Wi-Fi is called wpa_supplicant
    – rink.attendant.6
    Commented Mar 17, 2017 at 19:23
  • 6
    "A person who makes a humble or earnest plea to another, esp. to a person in power or authority; a petitioner, a suppliant." - OED
    – hobbs
    Commented Mar 18, 2017 at 4:10
  • @hobbs unusual-words.livejournal.com/54256.html
    – gcampbell
    Commented Mar 18, 2017 at 11:02
  • Supplicant. I wanted to coin a new word, "authenticant", but I resisted the temptation. Supplicant isn't a word I come across often. It means the right thing, though. The word "supplicant" reminds me of reading about the ancient Greeks and women stroking the beards of kings. I don't think I can use "supplicant" in the office with a straight face. :-)
    – ahoffer
    Commented Mar 20, 2017 at 14:32
5

Various words can be used depending on the context. Here are some I've come across -

  1. Human user logging into a machine or service (either CLI or web-based) = User or End User
  2. Machine user account needing to be authenticated - Client (in a client server model) or Peer (in a peer to peer model)
  3. As stated by Arminius, this can further be abstracted to Requester or Customer, depending on where it is being used.

From your question, it appears that this is for code. In such a case, I would suggest keeping things simple - pick a name based on one of the above contexts and comment your code to make it clear on what the variable represents :-)

Improve this answer
1

Keep it easily audible to the mainstream :

"User" (Normal) in a general when describing a person (human)

or

"System User" when describing a system, a process or a program which has less interactions abilities like not having access to login dialog.

Improve this answer
1

Authentication determines identity. So why not name that entity/variable identity?

Improve this answer
1
  • 3
    That doesn't answer the question.
    – Arminius
    Commented Mar 18, 2017 at 20:44
1

To expand on @Bob's comment, another, somewhat formal/academic word would be a principal. The concept is notably covered in Russ Anderson's Security Engineering book.

A principal is an entity that participates in a security system. This entity can be a subject, a person, a role, or a piece of equipment such as a PC, smartcard, or card reader terminal. A principal can also be a communications channel (which might be a port number, or a crypto key, depending on the circumstance). A principal can also be a compound of other principals; examples are a group (Alice or Bob), a conjunction (Alice and Bob acting together), a compound role (Alice acting as Bob’s manager) and a delegation (Bob acting for Alice in her absence)

If you were specifically referring to the human, you could use subject:

By a subject I will mean a physical person (human, ET, ...), in any role including that of an operator, principal or victim. By a person, I will mean either a physical person or a legal person such as a company or government.

Both quotes are from Chapter 1: https://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c01.pdf

Improve this answer
1
  • Good contribution. Thanks. In this system I'm working on, the user authenticates to an LDAP. If that is successful, the system pull down the user's roles from the LDA,P and creates a principal for each one. The collection of principals is then associated with the subject that represents the user. Subject might be a good choice.
    – ahoffer
    Commented Mar 20, 2017 at 14:25

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .