A principal in Computer Science is an entity that can be authenticated by a computer system or network. Authentication is the process of validating and confirming the identity of such an entity.
Principals, in addition to being able to be authenticated, are typically capable of being assigned rights and privileges over resources in the network. Together, the ability to authenticate a principal and to grant rights and privileges to it allow the entity represented by the principal to access resources on the network.
The two most common types of principals are users (representing physical persons or functional accounts used for representing a computational entity) and computers, which correspond to physical or virtual systems connected to the network. Some systems allow for other types of principals such as those representing services (without an associated user account).
Typically a principal has an associated identifier (such as a security identifier) that allows for the principal to be referenced for purposes of identification or assignment of properties and permissions.
This concept is also referred as security principal in the Java or Microsoft literature[1].