Subject
Status: Proposed
This concept has been submitted as a new entry to the Glossary. It has not yet been validated or reviewed.
Description
A continuing identification of a user recognized as having User Private Information stored within a computer system. In this usage a pseudonym can be a subject. In that case the user is some real-world person with access to credentials that allow consent and maintenance of the User Object.
Rationale
This is defined in the General Data Protection Regulation as the subject that is able to control User Private Information in a User Object. The subject is expected to have continued real-world existence from one interchange to another.
Value and Context for Use in IDESG
This is a less formal definition of the subject or principal that initiates an interchange through a User Agent.
Formal Definition
An individual natural person, or an entity such as a company or agency: Various security requirements may confer opportunities, rights or remedies on a party or account which is served by a cybersecurity function, whether that account relates to an individual human or to an organization.
Source materials used
- While the General Data Protection Regulation does not define data subject, the term is used extensively throughout the document to refer to a person (natural or not) that is the subject of the information stored by a Data Controller.
Potential problems
- There are two uses of the term, one includes only natural human users, the other includes any Digital Entity with a continuing identifier that initiates an interchange.
- The number of types of legal person have been broadened over the years in a variety of legal jurisdictions from rivers to cartoon characters. The prudent designer should be aware of this trend.
- There are two views of the subject in a Digital Entity, one example of the terms used to describe these two views are: the principal identifier is associated with the permissions granted to the current computer process, the User Object is the collection of data accessible to the Digital Entity. Other terms can be used in other documents to describe these two concepts.
Disambiguation
Same term, different concept?
- Add list item
Different term, same concept?
- Principal: a more formal IDESG term for a subject whose identity has been authenticated (by one or more credentials) within a running computer system.
- User: is a term in common use in IDESG documents. Where it is used in security statements, it appears to have the same meaning as subject.
- PII principal ISO 29100: natural person to whom the personally identifiable information (PII) relates. (Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym “data subject” can also be used instead of the term “PII principal”).
- Pseudonym: an identifier that can be treated as a subject, but not necessarily as a natural or legal real-world person.
- Identifier: an attribute that can be added to the User Object of a subject.