Subject

IAM

In the IAM literature, the term subject is used with inconsistent definitions. For instance, (Benantar, 2006) defines it as a running process, a program in execution. On the other hand, (NIST IR 7316, 2006 and Bertino and Takahashi, 2010) use it to designate the external active agent on behalf of whom the process is running.

Here, we use Benantar’s definition: the term subject designates a running process and the term entity designates the active agent on behalf of whom the process is running.

A subject is the term used to identify a running process, a program in execution. Each subject assumes the identity and the privileges of a single principal. A principal may launch several processes within a single login session and thus will be associated with multiple subjects, each of which inherits the identity of the login session. Figure 1.2 illustrates the relationships between a user, a principal, and a subject.

Subject: An active entity, generally in the form of a person, process, or device that causes information to flow among objects (see below) or changes the system state [NCSC88].

Subjects are the parties, typically individuals, whose identity attributes are digitally recorded and used for transactions and other purposes.

• Benantar, 2006, p. 9

• Bertino and Takahashi, 2010, p. 25

• NIST IR 7316, 2006, p. 3

• Laube-Rosenpflanzer et al., 2019, p. 17

• Entity (Dictionary Entry)

• Identity

• Identity Attribute (Dictionary Entry)

• Object (Dictionary Entry)

• Operation

• Principal (Dictionary Entry)

• https://open-measure.atlassian.net/wiki/spaces/STAK/pages/81101371

• User