What is the meaning and difference between subject, user and principal?

Question

In the context of security frameworks, a few terms commonly occur subject, user and principal, of which I have not been ab

Answer 1

As T.Rob explained, Subject is any entity that requests access to an object. Starting from that point I've found a comment on javax.security.auth.Subject code that i've found VERY useful and easy to understand:

"Subjects may potentially have multiple identities. Each identity is represented as a Principal within the Subject. Principals simply bind names to a Subject. For example, a Subject that happens to be a person, Alice, might have two Principals: one which binds "Alice Bar", the name on her driver license, to the Subject, and another which binds, "999-99-9999", the number on her student identification card, to the Subject. Both Principals refer to the same Subject even though each has a different name."

Hope it helps.