From IDESG Wiki
Jump to: navigation, search

Status: Proposed
This concept has been submitted as a new entry to the Glossary. It has not yet been validated or reviewed.


A continuing identification of a user recognized as have User Private Information stored within a computer system.


This is defined for IDESG as the subject that is able to control User Private Information in a User Object. The user is expected to have continued real-world existence from one interchange to another.

Value and Context for Use in IDESG

This is a less formal definition of the subject or principal that initiates an interchange through a User Agent.

Formal Definition

  1. In USABILITY statements, refers to an individual human being. This does not include machines, algorithms, or other non-human agents or actors. Equivalents and related terms may include: user-centric, user-centered, human-centered, end user, individual user, user-friendly.
  2. In SECURITY statements, may refer either to an individual natural person, or to an entity such as a company or agency: Various security requirements may confer opportunities, rights or remedies on a party or account which is served by a cybersecurity function, whether that account relates to a single human or to an organization.

Source materials used

Potential problems

  • There are two uses of the term, one includes only natural human users, the other includes any Digital Entity with a continuing identifier that initiates an interchange.
  • The number of types of legal person have been broadened over the years in a variety of legal jurisdictions from rivers to cartoon characters. The prudent designer should be aware of this trend.
  • There are two views of the user in a Digital Entity, one example of the terms used to describe these two views are: the principal identifier is associated with the permissions granted to the current computer process, the User Object is the collection of data accessible to the Digital Entity. Other terms can be used in other documents to describe these two concepts.


Same term, different concept?

  • Add list item

Different term, same concept?

  • Principal: a more formal IDESG term for a natural or legal person whose identity has been authenticated within a running computer system.
  • Subject: is a term in common use in standards documents as it explicitly includes natural as well as pseudonyms and other entities. It most closely aligns with definition 2 above.
  • PII principal ISO 29100: natural person to whom the personally identifiable information (PII) relates. (Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym “data subject” can also be used instead of the term “PII principal”). It most closely aligns with definition 1 above.